Scribd
Upload
59 views441 pages

GPON Product Operation Manual: Version V1.2 Release Date: 20220422

Uploaded by

WOLCK Liwen Lei
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
59 views441 pages

GPON Product Operation Manual: Version V1.2 Release Date: 20220422

Uploaded by

WOLCK Liwen Lei
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 441

GPON OLT Product Operation Manual V1.

GPON Product Operation Manual

Version:V1.2

Release Date : 20220422


GPON OLT Product Operation Manual V1.2

Content

Chapter 1 Access OLT .......................................................................................1


1.1 CLI ............................................................................................................. 1
1.1.1 Command Syntax .......................................................................2
1.1.2 Help of Command Line .............................................................. 3
1.1.3 Display history Command of Command Line ............................ 4
1.2 Manage Users ........................................................................................... 4
1.2.1 System Default User .................................................................. 5
1.2.2 Add User ..................................................................................... 5
1.2.3 Change Password ...................................................................... 6
1.2.4 Modify User's Privilege Level ..................................................... 7
1.2.5 Delete User .................................................................................7
1.2.6 Display Users ............................................................................. 8
1.2.7 Display Users ............................................................................. 8
1.2.8 Kick off Online Telnet Users ....................................................... 8
1.3 Remote Authentication Configure ............................................................. 9
1.3.1 Enable RADIUS/TACACS+ ........................................................9
1.3.2 Display Authentication Method ...................................................9
1.3.3 TACACS+ Remote Server Configuration ...................................9
1.3.4 Dsiplay TACACS+ Information .................................................10
Chapter 2 System Management ......................................................................11
2.1 System Maintenance ............................................................................... 11
2.1.1 Display System Status Information .......................................... 11
2.1.2 Configure the System Clock .....................................................11
2.1.3 Configure System Host Name ................................................. 12
GPON OLT Product Operation Manual V1.2
2.1.4 Trace Route Command ............................................................ 12
2.1.5 Port Loopback Test Command .................................................13
2.1.6 Line Detection VCT Command ................................................ 14
2.1.7 Management IP Address Configuration ...................................15
2.1.8 Telnet User Limit for Login Privileged User View .................... 16
2.1.9 CPU-CAR Command ............................................................... 17
2.2 Configuration Management .....................................................................17
2.2.1 Save Configurations ................................................................. 17
2.2.2 Erase Configurations ................................................................18
2.2.3 Execute save Configuration ..................................................... 18
2.2.4 Show save Configurations ....................................................... 18
2.2.5 Show Running Configurations ................................................. 19
2.3 Load Files and Upgrade Programs Online ..............................................19
2.3.1 Upload and Download Files by TFTP ...................................... 19
2.3.2 Upload and Download Files by FTP ........................................ 20
2.3.3 Download Files by Xmodem .................................................... 22
2.4 Reboot OLT ............................................................................................. 22
Chapter 3 Port Configuration .......................................................................... 24
3.1 Ethernet Port Configuration Overview .................................................... 24
3.2 Configure Ethernet Port .......................................................................... 24
3.2.1 Enter Interface Configuration Mode .........................................24
3.2.2 Enter Interface Range Mode ....................................................24
3.2.3 Basic Port Configuration .......................................................... 25
3.2.4 Link Type of Ethernet Ports ......................................................26
3.2.5 Configure Default VLAN ...........................................................27
3.2.6 Add Port to a Vlan .................................................................... 27
3.2.7 Dsiplay Port Information ...........................................................28
GPON OLT Product Operation Manual V1.2
3.2.8 Display and Clear Port Statistics ............................................. 29
Chapter 4 Port Mirroring ..................................................................................30
4.1 Port Mirroring Overview .......................................................................... 30
4.2 Configure Port Mirroring ..........................................................................30
4.2.1 Configure Port Mirroring ...........................................................30
4.2.2 Configure the Mirror Destination Port ...................................... 31
4.2.3 Configure the Mirror Source Port .............................................31
4.2.4 Display Port Mirroring ...............................................................32
Chapter 5 Link Aggregation .............................................................................33
5.1 Link Aggregation Overview ..................................................................... 33
5.1.1 Introduction to LACP ................................................................ 34
5.1.2 Operation Key (O-Key) .............................................................34
5.1.3 Static Aggregation Group ......................................................... 35
5.1.4 Dynamic LACP Aggregation Group ......................................... 36
5.2 Redundancy of Interconnected Device ................................................... 39
5.3 Load-balancing Policy ............................................................................. 39
5.4 Configure Link Aggregation .....................................................................39
5.4.1 Link AggregationConfiguration List .......................................... 39
5.4.2 Configure a Static Aggregation Group .....................................40
5.4.3 Configure Dynamic LACP ........................................................ 41
5.4.4 Display and Maintain LACP ..................................................... 42
Chapter 6 Port Isolation ...................................................................................44
6.1 PortIsolation Overview ............................................................................ 44
6.2 Configure Port Isolation ...........................................................................44
6.2.1 Add/remove Isolated Ports .......................................................44
6.2.2 Display Port Isolation Configuration .........................................45
Chapter 7 Storm-Control ................................................................................. 46
GPON OLT Product Operation Manual V1.2
7.1 Storm-Control Overview ..........................................................................46
7.2 Configure Storm-Control ......................................................................... 46
7.2.1 Configure Storm-Control .......................................................... 46
7.2.2 Storm-Control Monitor and Maintenance .................................47
Chapter 8 VLAN .............................................................................................. 48
8.1 VLAN Overview ....................................................................................... 48
8.1.1 VLAN Principles ....................................................................... 49
8.2 Configure 802.1Q VLAN ......................................................................... 51
8.2.1 802.1Q VLAN Configuration List ..............................................51
8.2.2 Create and Modify VLAN ......................................................... 51
8.2.3 Delete Port Members from a VLAN ......................................... 52
8.2.4 Delete VLAN .............................................................................53
8.2.1 Configure Interface Default VLAN ID .......................................53
8.2.2 Configure Interface VLAN Mode ..............................................54
8.2.3 VLAN Attributes Based on Hybrid Interface ............................ 55
8.2.4 VLAN Attributes Based on Trunk Interface .............................. 56
8.2.5 Configure Port Priority ..............................................................57
8.2.6 Configure Ingress Filtering .......................................................57
8.2.7 Configure Types of Interface Acceptable-frame ...................... 58
8.2.8 Display VLANconfiguration ...................................................... 59
8.3 Configure MAC-Based VLAN ..................................................................59
8.3.1 MAC-Based VLAN Overview ................................................... 59
8.3.2 ConfigureMAC-Based VLAN ....................................................60
8.4 Configure Protocol-Based VLAN ............................................................ 60
8.4.1 Protocol-Based VLAN Overview ..............................................60
8.4.2 ConfigureProtocol-Based VLAN .............................................. 61
8.5 Configure IP-subnet VLAN ......................................................................62
GPON OLT Product Operation Manual V1.2
8.5.1 IP-subnet VLAN Overview ....................................................... 62
8.5.2 ConfigureIP-subnet VLAN ........................................................62
Chapter 9 QinQ ............................................................................................... 64
9.1 QinQ Overview ........................................................................................ 64
9.1.1 Understanding QinQ .................................................................64
9.1.2 Implementations of QinQ ......................................................... 65
9.1.3 Modification of TPID Value of QinQ Frames ............................66
9.2 Configure QinQ ....................................................................................... 67
9.2.1 QinQ Configuration Task List ................................................... 68
9.2.1 Configure BASIC QinQ ............................................................ 68
9.2.2 Configure Flexible QinQ ...........................................................68
9.2.3 Display QinQ configuration ...................................................... 69
Chapter 10 MAC Address Table ......................................................................70
10.1 MAC Address Table Overview ...............................................................70
10.2 Configure MAC Address Table .............................................................. 70
10.2.1 MAC Address Table Configuration Task List ..........................71
10.2.2 Configure the Aging Time .......................................................71
10.2.3 Add MAC Address Table by Manual ...................................... 71
10.2.4 Display MAC Address Table ...................................................72
10.2.5 Enable/Disable MAC Learning ...............................................73
10.2.6 Quantity Limitation on MAC Address Learning Table ............74
Chapter 11 STP ............................................................................................... 75
11.1 STP Overview ........................................................................................75
11.1.1 Protocol Packets of Spanning-Tree ....................................... 75
11.1.2 Basic Concepts in Spanning-Tree ..........................................75
11.1.3 Spanning-Tree Interface States ............................................. 77
11.2 How Spanning-Tree Works ................................................................... 79
GPON OLT Product Operation Manual V1.2
11.3 Implement RSTP on Ethernet GPON ....................................................83
11.4 Configure RSTP .................................................................................... 84
11.4.1 RSTP Configuration Task List ................................................ 84
11.4.2 Enable RSTP and Configure the Working Mode ................... 85
11.4.3 Configure STP Bridge Priority ................................................ 85
11.4.4 Configure Time Parameter ..................................................... 86
11.4.5 Configure STP Path Cost ....................................................... 87
11.4.6 Configure STP Port Priority .................................................... 87
11.4.7 Configure STP Mcheck ...........................................................88
11.4.8 Configure STP Point-to-Point Mode .......................................88
11.4.9 Configure STP Portfast ...........................................................89
11.4.10 Configure STP Transit Limit ................................................. 89
11.4.11 RSTP Monitor and Maintenance .......................................... 89
Chapter 12 MSTP ............................................................................................91
12.1 MSTP Overview .................................................................................... 91
12.2 Configure MSTP ....................................................................................91
12.2.1 Enable MSTP and Configure the Working Mode .................. 91
12.2.2 Configure MSTP Timer Parameter Values ............................ 92
12.2.3 Configure MSTP Identifier ......................................................93
12.2.4 Configure MSTP Bridge Priority .............................................93
12.2.5 ConfiConfigure Root Port Protection ..................................... 94
12.2.6 Configure Digest Snooping Port ............................................ 94
12.2.7 Configure Port mCheck Function ...........................................95
12.2.8 Configure MSTP Instance Is Enabled ................................... 96
12.2.9 Display and Maintain MSTP ...................................................96
Chapter 13 Remote-loop-detect ......................................................................97
13.1 Remote-loop-detect Overview .............................................................. 97
GPON OLT Product Operation Manual V1.2
13.2 Configure Remote-loop-detect ..............................................................97
13.2.1 Enable Remote-loop-detect ................................................... 97
13.2.2 Configure the Processing Policy ............................................98
13.2.3 Configure the Interval Timer ...................................................98
13.2.4 Configure the Recovery Timer ............................................... 99
13.2.5 Display Remote-loop-detect Configuration ............................99
Chapter 14 ACL ............................................................................................. 100
14.1 ACL Overview ......................................................................................100
14.1.1 ACL Overview .......................................................................100
14.2 ACL Configuration ............................................................................... 101
14.2.1 ACL Configuration List ......................................................... 101
14.2.2 Configure Match Order .........................................................101
14.2.3 Configure Time Range ......................................................... 103
14.2.4 Configure Basic ACL ............................................................ 105
14.2.5 Configure Extended ACL ..................................................... 107
14.2.1 Configure Layer 2 ACL ......................................................... 110
14.2.2 Activate ACL ......................................................................... 112
14.2.3 Display and Debugging ACL ................................................ 113
Chapter 15 QOS ............................................................................................ 115
15.1 QOS Overview .....................................................................................115
15.1.1 Traffic .................................................................................... 116
15.1.2 Traffic Classification ..............................................................116
15.1.3 Priority ...................................................................................116
15.1.4 Access Control List ............................................................... 119
15.1.5 Packet Filtration ....................................................................120
15.1.6 Flow Monitor ......................................................................... 120
15.1.7 Interface Speed Limitation ................................................... 120
GPON OLT Product Operation Manual V1.2
15.1.8 Redirection ........................................................................... 121
15.1.9 Priority Mark ......................................................................... 121
15.1.10 Choose Interface Outputting Queue for Packet ................ 121
15.1.11 Queue Scheduler ................................................................121
15.1.12 Cos-map Relationship of Hardware Priority Queue and
Priority of IEEE802.1p Protocol ...................................................... 123
15.1.13 Flow Mirror ..........................................................................123
15.1.14 Statistics Based on Flow ....................................................123
15.1.15 Copy Packet to CPU .......................................................... 123
15.2 Configure QOS ....................................................................................124
15.2.1 QoS Configuration List ......................................................... 124
15.2.2 Configure Flow Monitor ........................................................125
15.2.3 ConfigureTwo Rate Three Color Marker ..............................125
15.2.4 Configure Interface Line Rate ..............................................126
15.2.5 Configure Packet Redirection .............................................. 126
15.2.6 Configure Traffic Copy to CPU .............................................126
15.2.7 Configure Traffic Priority .......................................................127
15.2.8 Configure Queue-Scheduler ................................................ 127
15.2.9 Configure Cos-map Relationship of Hardware Priority Queue
and Priority of IEEE802.1p Protocol ............................................... 128
15.2.10 Configure Mapping Relationship between DSCP and 8
Priority in IEEE 802.1p .................................................................... 129
15.2.11 Configure Flow Statistic ......................................................131
15.2.12 Configure Flow Mirror .........................................................131
15.2.13 Display and Maintain QoS ................................................. 132
Chapter 16 SSH ............................................................................................ 134
16.1 SSH Overview ..................................................................................... 134
16.2 Configure SSH Server .........................................................................134
GPON OLT Product Operation Manual V1.2
16.3 Log in GPON from SSH Client ............................................................135
Chapter 17 SNMP ......................................................................................... 136
17.1 SNMP Overview .................................................................................. 136
17.2 Configure SNMP-Agent .......................................................................137
17.2.1 SNMP-Agent Configuration List ...........................................137
17.2.2 Configure the Basic Parameters ..........................................137
17.2.3 Configure the Community Name ......................................... 139
17.2.4 Configure the Views ............................................................. 139
17.2.5 Configure the Group .............................................................140
17.2.6 Configure the User ............................................................... 141
17.2.7 Display SNMP-Agent Configuration .................................... 141
Chapter 18 Info-center .................................................................................. 143
18.1 Info-center Overview ........................................................................... 143
18.2 Configure Info-center .......................................................................... 143
18.2.1 Info-center Configuration List ...............................................143
18.2.2 Enabling/Disabling the Info-center for the Equipment .........144
18.2.3 Configure the Function of Display the Sequence Number in
Info-center Outputs ..........................................................................145
18.2.4 Configure the Time Stamp Type in Info-center Outputs ......146
18.2.5 Configure the Function of Outputting Info-center Information to
Terminals ..........................................................................................146
18.2.6 Configure the Function of Outputting Info-center Information to
the History Buffer .............................................................................148
18.2.7 Configure the Function of Outputting Info-center Information to
the Flash Storage ............................................................................ 149
18.2.8 Configure the Function of Outputting Info-center Information to
the Log Host .................................................................................... 151
18.2.9 Configure the Function of Outputting Info-center Information to
GPON OLT Product Operation Manual V1.2
the SNMP Agent .............................................................................. 153
18.2.10 Configure the Module Debugging Function .......................154
Chapter 19 L3 Base Function ....................................................................... 156
19.1 L3 Base Function Overview ................................................................ 156
19.2 Configure L3 Base Function ............................................................... 156
19.2.1 L3 Base Function Configuration List ....................................156
19.2.2 Planning VLANs and Creating L3 Interfaces .......................157
19.2.3 Configure the Forwarding Mode .......................................... 157
19.2.4 Creating VLAN Interfaces for Common VLANs .................. 158
19.2.5 Creating SuperVLAN Interfaces and Adding VLANs to the
SuperVLAN ......................................................................................159
19.2.6 Configure IP Addresses for VLAN or SuperVLAN Interfaces160
19.2.7 Configure an IP Address Range for VLAN or SuperVLAN
Interfaces ......................................................................................... 161
19.2.8 Configure the ARP Proxy ..................................................... 162
19.2.9 Display VLAN and SuperVLAN Interface Information .........163
19.2.10 Configure URPF ................................................................. 164
19.2.11 Disabling the Function of Sending ICMP Packets with an
Unreachable Destination Host on Interfaces .................................. 164
Chapter 20 ARP .............................................................................................166
20.1 ARP Overview ..................................................................................... 166
20.2 Configure ARP .....................................................................................166
20.2.1 ARP Configuration List ......................................................... 166
20.2.2 Add/Delete ARP ....................................................................167
20.2.3 Bind dynamic Arp to Static ................................................... 167
20.2.4 Display ARP Entry ................................................................ 167
20.2.5 Configure ARP Aging-time ................................................... 167
Chapter 21 ARP Spoofing and Flood ............................................................169
GPON OLT Product Operation Manual V1.2
21.1 ARP Spoofing and Flood Attack Overview ..........................................169
21.1.1 ARP against ARP Flood ....................................................... 171
21.2 Configure ARP Anti-Spoofing .............................................................. 172
21.2.1 ARP Anti-Spoofing Configuration List .................................. 172
21.2.2 Configure Anti-Spoofing ....................................................... 172
21.2.3 Configure ARP Packet Source MAC Address Consistency
Check ...............................................................................................173
21.2.4 Configure Anti-Gateway-Spoofing ....................................... 173
21.3 Configure against ARP Flood ..............................................................173
21.3.1 ARP against ARP Flood Configuration List ..........................173
21.3.2 Configure against ARP Flood ...............................................174
21.3.3 Display and Maintain Against ARP Flood ............................ 174
Chapter 22 DHCP-Relay ...............................................................................175
22.1 DHCP-Relay Overview ........................................................................175
22.2 Configure DHCP-Relay ....................................................................... 176
22.2.1 DHCP-Relay Configuration List ........................................... 176
22.2.2 Configure DHCP Server Group ........................................... 177
22.2.3 Configure DHCP Relay to Support Option60 ...................... 177
22.2.4 Enable the DHCP Relay Function ....................................... 178
22.2.5 Configure DHCP Option82 ...................................................179
Chapter 23 DHCP Snooping ......................................................................... 182
23.1 DHCP Snooping Overview ..................................................................182
23.2 Configure DHCP Snooping ................................................................. 183
23.2.1 DHCP Snooping Configuration List ..................................... 183
23.2.2 Enable DHCP Snooping .......................................................183
23.2.3 Configure DHCP Snooping Trust port ................................. 184
23.2.4 Configure Max Clients Number ............................................184
GPON OLT Product Operation Manual V1.2
23.2.5 Configure Link-Down Operation .......................................... 185
23.2.6 Configure IP-Source-Guard ................................................. 186
23.2.7 DHCP Snooping Display and Maintenance .........................187
Chapter 24 DHCP-Server ............................................................................. 188
24.1 DHCP-Server Overview ...................................................................... 188
24.2 Configure DHCP-Server ......................................................................188
24.2.1 DHCP-Server Configuration List ..........................................188
24.2.2 Configure IP Pool ................................................................. 189
24.2.3 Configure IP Pool Gateway ..................................................189
24.2.4 Configure IP Pool Range ..................................................... 190
24.2.5 Enable/Disable IP Address .................................................. 190
24.2.6 Configure IP Pool Lease ...................................................... 190
24.2.7 Configure the DNS Server Address of DHCP Server ......... 191
24.2.8 Configure the DHCP Server to Assign WINS Server
Addresses ........................................................................................191
24.2.9 Display IP Pool Configuration .............................................. 192
24.2.10 Configure Dhcp-client Bind ................................................ 192
Chapter 25 IGMP Snooping .......................................................................... 194
25.1 IGMP Snooping Overview ...................................................................194
25.2 IGMP Snooping Configuration ............................................................ 194
25.2.1 IGMP Snooping Configuration List ...................................... 194
25.2.2 Enable IGMP Snooping ........................................................195
25.2.3 Configure IGMP Snooping Timer .........................................196
25.2.4 Configure IGMP-snooping Fast-leave ................................. 196
25.2.5 Configure Number of Multicast Group Allowed Learning ....197
25.2.6 Configure IGMP Snooping Querier ......................................197
25.2.7 Configure IGMP Snooping Multicast Learning Strategy ..... 199
GPON OLT Product Operation Manual V1.2
25.2.8 Configure IGMP Snooping Router-Port ............................... 199
25.2.9 Configure IGMP Snooping Port Multicast VLAN ................. 200
25.2.10 Configure Host Port Record MAC Functions .................... 200
25.2.11 Configure Port of Dropped Query Packets ........................ 201
25.2.12 Configure Port of Discarded Report Packets .................... 201
25.2.13 Configure Multicast Preview .............................................. 202
25.2.14 Configure Profile of Black and White List .......................... 202
25.2.15 Display and Maintenance of IGMP Snooping ....................203
Chapter 26 MLD Snooping ............................................................................205
26.1 MLD Snooping Overview .................................................................... 205
26.2 MLD Snooping .....................................................................................205
26.2.1 MLD Snooping Configuration List ........................................ 205
26.2.2 Start MLD Snooping .............................................................206
26.2.3 Configure MLD Snooping Timer .......................................... 206
26.2.4 Configure Fast-leave Port .................................................... 206
26.2.5 Maximum Number of Learning Multicast Configuration Port207
26.2.6 Configure MLD Snooping Multicast Learning Strategies .... 208
26.2.7 Configure MLD-Snooping querier ........................................ 209
26.2.8 Configure Routing Port .........................................................210
26.2.9 Multicast VLAN Port Configuration ...................................... 210
26.2.10 Display and Maintenance of MLD Snooping ..................... 211
Chapter 27 Static Multicast Table ................................................................. 212
27.1 Static Multicast Table Overview .......................................................... 212
27.2 Configure Static Multicast Table ..........................................................212
27.2.1 Static Multicast GroupConfiguration List ............................. 212
27.2.2 Create a Static Multicast Group ...........................................212
27.2.3 Add a Port to the Multicast Group ........................................213
GPON OLT Product Operation Manual V1.2
27.2.4 Create a Static Multicast Group based on Group IP ...........213
27.2.5 Display and Maintenance of Static Multicast Table ............. 214
Chapter 28 IGMP ...........................................................................................215
28.1 IGMP Overview ................................................................................... 215
28.2 Configure IGMP .................................................................................. 215
28.2.1 IGMP Configuration List ....................................................... 216
28.2.2 Enable Multicast Routing Protocol .......................................216
28.2.3 Enable IGMP Protocol ..........................................................217
28.2.4 Configure IGMP Version ...................................................... 217
28.2.5 Configure IGMP General Query Interval ............................. 218
28.2.6 Configure Last-Member-Query-Interval ...............................219
28.2.7 Configure Robustness Variable of IGMP Querier ................219
28.2.8 Configure the Maximum Number of the Multicast Group Added
to the Interface .................................................................................220
28.2.9 Configure IGMP Maximum Query Response Time ............. 221
28.2.10 Configure Multicast Group Filter Function .........................222
28.2.11 Establish Static IP Multicast Table ..................................... 222
28.2.12 Configure Static Multicast Group ....................................... 223
28.2.13 Configure IGMP Proxy ....................................................... 224
28.2.14 Configure IGMP SSM Mapping ......................................... 225
28.2.15 Configure SSM-Mapping static group address mapping rule225
28.2.16 IGMP Display and Maintenance ........................................ 226
Chapter 29 PIM ............................................................................................. 227
29.1 PIM Overview ...................................................................................... 227
29.1.1 Principles of PIM-DM ........................................................... 227
29.1.2 Principles of PIM-SM ............................................................230
29.1.3 Principles of PIM-SSM ......................................................... 231
29.2 Configure PIM ..................................................................................... 232
GPON OLT Product Operation Manual V1.2
29.2.1 PIM Configuration List ..........................................................232
29.2.2 Basic PIM Configuration ...................................................... 232
29.2.3 Advanced PIM Configuration ............................................... 232
Chapter 30 SNTP .......................................................................................... 236
30.1 SNTP Overview ...................................................................................236
30.1.1 SNTP Operation Mechanism ............................................... 236
30.2 Configure SNTP Client ........................................................................237
30.2.1 SNTP Client Configuration List ............................................ 237
30.2.2 Enable SNTP Client ............................................................. 237
30.2.3 Modifying SNTP Client Operating Mode ..............................238
30.2.4 Configure SNTP Sever Address .......................................... 238
30.2.5 Modifying Broadcast Transfer Delay ....................................238
30.2.6 Configure Multicast TTL ....................................................... 239
30.2.7 Configure Interval Polling .....................................................239
30.2.8 Configure Overtime Retransmist ......................................... 239
30.2.9 Configure Valid Servers ....................................................... 240
30.2.10 Configure MD5 Authentication ........................................... 240
30.2.11 Display and Maintain SNTP Client .....................................241
Chapter 31 802.1X ........................................................................................ 242
31.1 802.1X Overview .................................................................................242
31.1.1 Architecture of 802.1X ..........................................................242
31.1.2 Rule of 802.1x ...................................................................... 244
31.2 Configure AAA .....................................................................................246
31.2.1 Configure RADIUS Server ................................................... 247
31.2.2 Configure Local User ........................................................... 247
31.2.3 Configure Domain ................................................................ 248
31.2.4 Configure RADIUS Features ................................................248
GPON OLT Product Operation Manual V1.2
31.3 Configure 802.1X ................................................................................ 250
31.3.1 Configure EAP ......................................................................250
31.3.2 Enable 802.1x ...................................................................... 251
31.3.3 Configure 802.1x Parameters for a Port ..............................251
31.3.4 Configure Re-Authentication ................................................252
31.3.5 Configure Watch Feature ..................................................... 252
31.3.6 Configure User Features ......................................................253
Chapter 32 LLDP ...........................................................................................254
32.1 LLDP Overview ................................................................................... 254
32.1.1 LLDP Fundamentals ............................................................ 254
32.1.2 LLDP Timer ...........................................................................254
32.2 Configure LLDP ...................................................................................255
32.2.1 LLDP Configuration List ....................................................... 255
32.2.2 Enable LLDP ........................................................................ 255
32.2.3 ConfigureLLDP Hello-Time .................................................. 255
32.2.4 ConfigureLLDP Hold-Time ................................................... 256
32.2.5 ConfigureLLDP Packet Transferring and Receiving Mode on
Port ...................................................................................................256
32.2.6 Configure LLDP Management Address ............................... 257
32.2.7 LLDP Display and Debugging ..............................................257
Chapter 33 PPPoE Plus ................................................................................258
33.1 PPPoE Plus Overview .........................................................................258
33.2 ConfigurePPPoE Plus ......................................................................... 258
33.2.1 PPPoE PlusConfiguration List ............................................. 258
33.2.2 Enable PPPoE Plus ............................................................. 258
33.2.3 ConfigureOption Content ..................................................... 259
33.2.4 PPPoE Plus Monitor and Maintenance ............................... 260
GPON OLT Product Operation Manual V1.2
Chapter 34 CFM ............................................................................................ 261
34.1 CFM Overview .....................................................................................261
34.1.1 CFM Concepts ..................................................................... 261
34.1.2 CFM Main Function ..............................................................262
34.2 Configure CFM .................................................................................... 263
34.2.1 CFM Configuration List ........................................................ 264
34.2.2 Maintain Field Configuration ................................................ 264
34.2.3 Configuration and Maintenance Level Domain Name ........ 264
34.2.4 Configure Maintain Set .........................................................265
34.2.5 Configure Name and Associated VLAN to Maintain Set ..... 266
34.2.6 Configure MEPs ................................................................... 266
34.2.7 Configure Remote Maintenance Endpoint .......................... 267
34.2.8 Configure MIPs .....................................................................268
34.2.9 Configure Continuity Detection ............................................ 268
34.2.10 Configure Loopback ........................................................... 269
34.2.11 ConfigureLink Tracking .......................................................270
34.2.12 Display and Maintenance of CFM ..................................... 270
Chapter 35 EFM ............................................................................................ 272
35.1 EFM Overview .....................................................................................272
35.1.1 EFM Main Function .............................................................. 272
35.1.2 EFM Protocol Packets ..........................................................274
35.2 Configure EFM .................................................................................... 274
35.2.1 EFM Configuration List .........................................................274
35.2.2 EFM Basic Configuration ..................................................... 275
35.2.3 Configure EFM Timer Parameter .........................................276
35.2.4 Configure Remote Failure Indication ................................... 277
35.2.5 Configure Link Monitoring Capabilities ................................ 277
GPON OLT Product Operation Manual V1.2
35.2.6 Enabling Remote Loopback .................................................279
35.2.7 Rejecting Remote Loopback Requests Initiated by Remote279
35.2.8 Initiating a Remote Loopback Request ................................280
35.2.9 Starting Remote Access Function MIB Variable ..................280
35.2.10 MIB Variable Access Requests Initiated by Remote ......... 281
35.2.11 Display and Maintenance of EFM ...................................... 282
Chapter 36 ERRP ..........................................................................................283
36.1 ERRP Overview .................................................................................. 283
36.1.1 Concept Introduction ............................................................ 283
36.1.2 Protocol Message .................................................................287
36.1.3 Operate Principle ..................................................................289
36.1.4 Multi-loop Intersection Processing .......................................293
36.2 Configure ERRP ..................................................................................293
36.2.1 ERRP Configuration List ...................................................... 293
36.2.2 Enable/Disable ERRP .......................................................... 294
36.2.3 Configure Time Parameter ...................................................294
36.2.4 Configure Domain ................................................................ 295
36.2.5 Configure Work Mode .......................................................... 295
36.2.6 Configure Control VLAN ...................................................... 296
36.2.7 Configure the Ring ............................................................... 297
36.2.8 Enable/Disable ERRP Ring ................................................. 298
36.2.9 Configure the Query Solicit Function ...................................298
36.2.10 Configure the Topology Discovery Function ......................299
36.2.11 Display and Maintenance of ERRP ................................... 300
Chapter 37 ERPS .......................................................................................... 301
37.1 ERPS Overview .................................................................................. 301
37.1.1 ERPS Basic Conception ...................................................... 301
GPON OLT Product Operation Manual V1.2
37.1.2 ERPS Ring Protection Mechanism ......................................304
37.2 Configure ERPS .................................................................................. 306
37.2.1 ERPS Configuration List ...................................................... 306
37.2.2 Enable/Disable ERPS .......................................................... 306
37.2.3 Configure ERPS Instance .................................................... 307
37.2.4 Configure Connectivity Detection of ERRP Link ................. 308
37.2.5 Configure ERPS Related Timers ......................................... 308
37.2.6 ERPS Display and Maintenance ..........................................309
Chapter 38 FlexLink ...................................................................................... 310
38.1 FlexLink Overview ...............................................................................310
38.1.1 Basic Concept of Flex Links .................................................310
38.1.2 Operating Mechanism of Flex Link ...................................... 311
38.2 Configure FlexLinks ............................................................................ 314
38.2.1 FlexLinks Configuration List .................................................314
38.2.2 Configure FlexLinks group ................................................... 315
38.2.3 Configure FlexLinks Preemption Mode ............................... 315
38.2.4 Configure FlexLinks Preemption Delay ............................... 316
38.2.5 Configure FlexLinks MMU ....................................................317
38.2.6 FLexLinks Monitor and Maintenance ...................................317
Chapter 39 Monitorlink .................................................................................. 318
39.1 Monitorlink Overview ...........................................................................318
39.1.1 Monitor Link Group ...............................................................318
39.1.2 Monitor Link Mechanism ...................................................... 320
39.2 Configure Monitor Link ........................................................................ 322
39.2.1 MonitorLink Configuration List ............................................. 322
39.2.2 Configure MonitorLink Group ...............................................322
39.2.3 MonitorLink Monitor and Maintenance ................................ 323
GPON OLT Product Operation Manual V1.2
Chapter 40 L3 Base Function Configuration ................................................ 324
40.1 L3 Base Function Overview ................................................................ 324
40.2 ConfigureL3 Base Function ................................................................ 324
40.2.1 L3 Base Function Configuration List ....................................324
40.2.2 Planning VLANs and Creating L3 Interfaces .......................325
40.2.3 Configure the Forwarding Mode .......................................... 325
40.2.4 Creating VLAN Interfaces for Common VLANs .................. 326
40.2.5 Creating SuperVLAN Interfaces and Adding VLANs to the
SuperVLAN ......................................................................................327
40.2.6 Configure IP Addresses for VLAN or SuperVLAN Interfaces328
40.2.7 Configure an IP Address Range for VLAN or SuperVLAN
Interfaces ......................................................................................... 329
40.2.8 Configure the ARP Proxy ..................................................... 330
40.2.9 Display VLAN and SuperVLAN Interface Information .........331
40.2.10 Configure URPF ................................................................. 332
40.2.11 Disabling the Function of Sending ICMP Packets with an
Unreachable Destination Host on Interfaces .................................. 333
Chapter 41 Static Route Configuration ......................................................... 334
41.1 Static Route Overview .........................................................................334
41.2 Configure Static Route ........................................................................ 334
41.2.1 Static Route Configuration List ............................................ 334
41.2.2 Adding/Deleting a Static Route ............................................ 334
41.2.3 Display Routing Entries ........................................................335
Chapter 42 RIP ..............................................................................................337
42.1 RIP Overview ...................................................................................... 337
42.2 Configure RIP ......................................................................................339
42.2.1 RIP Configuration List .......................................................... 339
42.2.2 Enabling RIP ........................................................................ 340
GPON OLT Product Operation Manual V1.2
42.2.3 Specifying the IP Network Segment to Run RIP ................. 340
42.2.4 Configurethe Passive interface ............................................341
42.2.5 Specifying the RIP Version for an Interface .........................341
42.2.6 Configure Default Metric Value ............................................ 343
42.2.7 Enabling the Route Aggregation Function ...........................343
42.2.8 Configure RIP Packet Authentication .................................. 344
42.2.9 Configure Split Horizon ........................................................ 344
42.2.10 Setting an Additional Routing Metric ..................................345
42.2.11 Defining a Prefix List .......................................................... 346
42.2.12 Configure Route Redistribution ..........................................347
42.2.13 Configure Route Filtering ................................................... 348
42.2.14 Display RIP Configuration ..................................................349
Chapter 43 OSPF .......................................................................................... 351
43.1 OSPF Overview .................................................................................. 351
43.2 Configure OSPF .................................................................................. 353
43.2.1 OSPF Configuration List ...................................................... 353
43.2.2 Enable OSPF ....................................................................... 353
43.2.3 Configure OSPF Parameter .................................................353
43.2.4 Configure OSPF Interface ....................................................354
43.2.5 Configure OSPF Area .......................................................... 359
Chapter 44 BGP ............................................................................................ 363
44.1 BGP Overview .....................................................................................363
44.2 Configure BGP .................................................................................... 366
44.2.1 BGP Configuration List .........................................................366
44.2.2 Enable BGP ..........................................................................366
44.2.3 Configure BGP Peers ...........................................................367
44.2.4 Configure BGP Parameters ................................................. 369
GPON OLT Product Operation Manual V1.2
44.2.5 Monitoring and Maintain BGP ..............................................371
Chapter 45 BFD .............................................................................................372
45.1 BFD Overview ..................................................................................... 372
45.2 Configure BFD .....................................................................................372
45.2.1 BFD Configuration List ......................................................... 372
45.2.2 Enable BFD .......................................................................... 372
45.2.3 Configure BFD Parameters and Mode ................................ 373
45.2.4 Display and Maintain BFD Configurations ...........................375
Chapter 46 VRRP ..........................................................................................376
46.1 VRRP Overview .................................................................................. 376
46.2 Configure VRRP ..................................................................................377
46.2.1 VRRP Configuration List ...................................................... 377
46.2.2 Enable VRRP ....................................................................... 377
46.2.3 Configure VRRP Parameters ...............................................378
46.2.4 Displays and Maintain VRRP Configurations ...................... 381
Chapter 47 DLF-Control ................................................................................382
47.1 DLF-Control Overview .........................................................................382
47.2 Configure DLF-Control ........................................................................ 382
47.2.1 DLF-Control Configuration List ............................................ 382
47.2.2 Configure DLF-forward unicast ............................................382
47.2.1 Configure DLF-forward multicast ......................................... 383
47.2.2 Displays and Maintain DLF-forward Configurations ............383
Chapter 48 SLF-Control ................................................................................ 384
48.1 SLF-Control Overview .........................................................................384
48.2 Configure SLF-Control ........................................................................ 384
48.2.1 SLF-Control Configuration List ............................................ 384
48.2.2 Configure SLF-forward unicast ............................................ 384
GPON OLT Product Operation Manual V1.2
48.2.3 Displays and Maintain SLF-forward Configurations ............385
Chapter 49 BPDU-Discard ............................................................................ 386
49.1 BPDU-Discard Overview .....................................................................386
49.2 Configure BPDU-Discard .................................................................... 386
49.2.1 BPDU-Discard Configuration List ........................................ 386
49.2.2 Configure BPDU-Discard ..................................................... 386
49.2.3 Displays and Maintain BPDU-Discard Configurations ........ 387
Chapter 50 BPDU-Tunnel ............................................................................. 388
50.1 BPDU-Tunnel Overview ...................................................................... 388
50.2 Configure BPDU-Tunnel ..................................................................... 389
50.2.1 BPDU-tunnel Configuration List ...........................................389
50.2.2 Configure BPDU-Tunnel Packet .......................................... 389
50.2.3 Configure BPDU-Tunnel Destination MAC ..........................389
50.2.4 Displays and Maintain BPDU-Tunnel Configuration ........... 390
Chapter 51 Local-Switch ............................................................................... 391
51.1 Local-Switch Overview ........................................................................391
51.2 Configure Local-Switch ....................................................................... 391
51.2.1 Local-switch Configuration List ............................................ 391
51.2.2 Enable local-switch .............................................................. 391
51.2.3 Displays and Maintain Local-switch Configurations ............392
Chapter 52 Port&CPU Utilization Alarm ........................................................393
52.1 Port&CPU Utilization Alarm Overview .................................................393
52.2 Configure Port&CPU Utilization Alarm ................................................ 393
52.2.1 Port & CPU Utilization Alarm Configuration List ..................393
52.2.2 Configure Port Utilization Alarm ...........................................394
52.2.3 Configure CPU Utilization Alarm ..........................................394
52.2.4 Display and Debugging Device Utilization Alarm ................ 395
GPON OLT Product Operation Manual V1.2
Chapter 53 Configure ONT Discovery .......................................................... 396
53.1 ONT Discovery Overview ....................................................................396
53.2 Configure ONT Discovery ................................................................... 396
53.2.1 Comfigure ONT Discovery ................................................... 396
53.2.2 Configure ONT Silent ........................................................... 397
Chapter 54 Configure ONT Profile ................................................................398
54.1 ONT Profile Overview ......................................................................... 398
54.2 Configure Alarm Profile ....................................................................... 398
54.3 Configure DBA Profile ......................................................................... 399
54.4 Configure Downstream Profile ............................................................ 399
54.5 Configure Line Profile ..........................................................................400
54.6 Configure Multicast Profile .................................................................. 402
54.7 Configure Rule Profile ......................................................................... 402
54.8 Configure Specific Profile ....................................................................404
54.9 Configure Upstream Profile .................................................................406
54.10 Configure VLAN Profile ..................................................................... 407
Chapter 55 ONT System Management ........................................................ 408
55.1 ONT System Management Overview ................................................. 408
55.2 Configure ONT System Management .................................................408
55.2.1 ONT Reboot ......................................................................... 408
55.2.2 ONT Upgrade ....................................................................... 408
55.2.3 ONT Activation ..................................................................... 409
55.2.4 ONT Auto-configuration ........................................................410
55.2.5 ONT Configuration Reset .....................................................410
55.3 ONT Log Management ........................................................................410
Chapter 56 Display ONT Information ............................................................412
56.1 Display ONT Information .....................................................................412
GPON OLT Product Operation Manual V1.2
56.1.1 Display ONT Optical Power ................................................. 412
56.1.2 Display ONT Traffic Statistics .............................................. 412
56.1.3 Display ONT Port Status ...................................................... 412
56.1.4 Display ONT Multicast ..........................................................413
56.1.5 Display ONT details ..............................................................413
56.1.6 Display ONT Profile ..............................................................413
56.1.7 Display ONT Description ......................................................414
56.1.8 Display ONT Upgrade Status ...............................................414
56.1.9 Display ONT Version ............................................................414
56.1.10 Display ONT MAC .............................................................. 414
56.1.11 Display ONT Capability ...................................................... 414
56.1.12 Display ONT PoE Feature ................................................. 415
56.1.13 Display Rogue ONT Detection ...........................................415
GPON OLT Operation Manual V1.1

Chapter 1 Access OLT

1.1 CLI

You can access GPON in the following ways:

1.Perform local configuration through the Console port, the serial port baud rate is 115200, set

as shown in the figure below:

2、Local or remote configuration by Telnet/SSH;

1
GPON OLT Operation Manual V1.1

3、Provide FTP, TFTP, Xmodem services to facilitate users to upload and download files.

1.1.1 Command Syntax

The login verification of the system console of this OLT is mainly used to verify the identity of

the operating user. The matching identification of the name and password to allow or deny the

user's login.

Step 1: When entering the command line interface, the following login prompt appears:

Login:

Please enter the login user name, press Enter, and then enter the password:

*****

After entering the correct login password, you can enter the normal user view:

GPON>

There are two different permissions, one for administrator permissions and the other for

ordinary user permissions.

Ordinary users can only view and have no right to modify, but the administrator can manage

and configure the GPON.

If you log in as a system administrator, you will enter the privileged user view:

GPON>enable

Step 2:After typing the complete command, press Enter

E.g:

!The user does not need to enter parameters

[GPON]quit

2
GPON OLT Operation Manual V1.1

"quit" is a command without parameters. After typing this command, press Enter to execute the

command.

!Need to enter parameters

[GPON]vlan 100

The command keyword is vlan and the parameter value is 100.

1.1.2 Help of Command Line

There is a built-in syntax help in the command line interface. In any command mode, type "?"

or use the help command to get all the commands in the command mode and their brief

descriptions.

E.g:

1.Type "?" directly in the privileged user view

<GPON>?

----------------------------------------------

Commands of system mode:

-----------------------------------------------

clear clear erps-ring's statistics

cls clear screen

display display running system information

2.Type "?" immediately after the keyword

[GPON]interf?

interface

3
GPON OLT Operation Manual V1.1

3.Type a space after the command line string and add "?"

[GPON]stp ?

forward-time config delaytime

hello-time config hellotime

max-age config max agingtime

priority config priority

<enter> The command end.

4.Parameter range or format

[GPON]stp forward-time ?

INTEGER<4-30> delaytime: <4-30>(second)

5.Prompt for the end of the command line

[GPON] stp ?

<enter> The command end.

1.1.3 Display history Command of Command Line

Command line interface provides the function similar to that of DosKey. The commands

entered by users can be automatically saved by the command line interface and you can

invoke and execute them at any time later. History command buffer is defaulted as 100. That is,

the command line interface can store 100 history commands for each user, you can type "up

arrow" or "Ctrl+P", and access the next command can type "down arrow" or "Ctrl+N".

1.2 Manage Users

4
GPON OLT Operation Manual V1.1

The system provides two user permissions:

-Admin administrator

-Normal user

The normal users can only be in the user's mode after logging in the GPON so they can only

check the basic information about operation and statistics; administrator can enter each

configuration mode to check and manage the system.

1.2.1 System Default User

There is an internal username with password called Super-administrator. It processes the

superior priority in the GPON to manage both the users and the GPON.

The username of Super-administrator is admin and its initial password is admin. It is suggested

modifying the password after the initial-logging in. This username and its administrator

privilege cannot be deleted and modified.

1.2.2 Add User

Operation Command Remarks

Enter super user view enable

Enter global configuration mode system-view

terminal user username [ privilege level ]


Add Account
{ password encryption-type password }

display terminal user display terminal user

username:the username of the newly added user,The length is 1 to 32 characters, must be

characters, and cannot contain'/',':','*','?','\\','<','>','|','"'

5
GPON OLT Operation Manual V1.1

privilege:User authority, the value range is 0~15. 0~1 means normal user; 2~15 means

administrator

encryption-type:The value is 0 or 7, 0 means that the password is set in plain text, and 7

means that the password is set in cipher text

password:Login password, the length is 1-16 characters.

Example:

!Create the administrator user “test”, the password is test, and the privilege level is 15

[GPON]username test privilege 15 password 0 test

Notice:

Username is not case sensitive, password is case sensitive;

Only the system administrator admin user can delete user accounts, other users cannot delete

users;

The system administrator admin can modify the password of himself or other users, and other

administrator users can only modify their own passwords;

1.2.3 Change Password

Operation Command Remarks

Enter super user view enable

Enter global configuration mode system-view

Change password terminal user change-password

Example:

!Change the password of user “test” to 1234

6
GPON OLT Operation Manual V1.1

[GPON] terminal user change-password

please input you login password : ********

please input username :test

Please input user new password :****

Please input user comfirm password :****

change user test password success.

1.2.4 Modify User's Privilege Level

Operation Command Remarks

Enter super user view enable

Enter global configuration mode system-view

Modify user Privilege Level terminal user username [ privilege level ]

{ password encryption-type password }

Example:

!Modify the privilege of the existed user “test” to 1, and the password totest

[GPON] terminal user test privilege 1 password 0 test

1.2.5 Delete User

Operation Command Remarks

Enter super user view enable

Enter global configuration mode system-view

Delete user undo terminal user username

Example:

7
GPON OLT Operation Manual V1.1

!Delete user “test”

[GPON]undo terminal username test

1.2.6 Display Users

Operation Command Remarks

Display terminal user display terminal user [ username ]

【Example】

!Display the information of user ”test”

[GPON]display terminal user test

1.2.7 Display Users

Operation Command Remarks

Display user display login-users

【Example】

!Display the information of user ”test”

[GPON]display login-users

1.2.8 Kick off Online Telnet Users

Operation Command Remarks

Enter super user view enable

Kick off online telnet users remote-stop username

【Example】

!Kick off online telnet users “test”

8
GPON OLT Operation Manual V1.1

<GPON>remote-stop test

1.3 Remote Authentication Configure

User accounts can be stored in the local database of the GPON or in RADIUS/TACACS+

server,The system uses the local database by default.

Notice:

The admin user only supports the authentication method of the local database.

1.3.1 Enable RADIUS/TACACS+

Operation Command Remarks

Enter global configuration mode system-view

Enable Radius/Tacacs user-auth { local | { radius radiusname The default is

{ pap | chap } [ local ] } } | { tacacs+ local

[ author ] [ account ] [ local ] } authentication

1.3.2 Display Authentication Method

Operation Command Remarks

Display authentication method display user-auth

1.3.3 TACACS+ Remote Server Configuration

Operation Command Remarks

Enter global configuration mode system-view

9
GPON OLT Operation Manual V1.1

Configure Tacacs+Remote Server tacacs+ { priamary | secondary } server

ipaddress [ key keyvalue ] [ port portnum ]

[ timeout timevalue ]

1.3.4 Dsiplay TACACS+ Information

Operation Command Remarks

Dsiplay TACACS+ information display tacacs+

10
GPON OLT Operation Manual V1.1

Chapter 2 System Management

2.1 System Maintenance

2.1.1 Display System Status Information

Operation Command Remarks

Display version information display version

Display user information display local-user

Display logged-in user information display login-users

Display system memory information display memory

Display system clock display time

Display system CPU utilization display cpu-info

【Example】

!Display system version

[GPON]display version

2.1.2 Configure the System Clock

Operation Command Remarks

Enter super user view enable

Set system clock time HH:MM:SS YYYY/MM/DD

Enter global configuration mode system-view

11
GPON OLT Operation Manual V1.1

Set clock timezone time zonename hour minute

display system time display time

【Example】

!Set the system clock to 8:30: 0 on October 1, 2020

<GPON>time 08:30:0 2020/10/01

2.1.3 Configure System Host Name

Operation Command Remarks

Enter super user view enable

Enter global system-view

configuration mode

Configure the host sysname sysname

name

Delete the host name undo sysname

【Example】

!Set the host name to GPON-ABCD

[GPON]sysname GPON-ABCD

[GPON-ABCD]

2.1.4 Trace Route Command

Support tracert command and check network connection. The tracert command can be

executed in any view:

12
GPON OLT Operation Manual V1.1

Operation Command Remarks

Tracert test tracert [ -u | -c ] [ -p udpport | -f first_ttl | -h

maximum_hops | -w time_out ] target_name

【Parameter Description】

-u: Send udp message;

-c: Send echo message of icmp;

-p udpport:The destination port , the value range is 1-65535, the default port is 62929;

-f first_ttl:The initial ttl value, the value range is 1-255, the default value is 1;

-h maximum_hops:The maximum ttl value, the value range is 1-255, the default value is 30;

-w time_out:The timeout period for waiting for a response, the value range is 10-60 seconds,

and the default value is 10 seconds;

target_name:Destination host or router address

【Example】

!Trace the route that can reach 192.168.1.2

<GPON>tracert 192.168.1.2

2.1.5 Port Loopback Test Command

The system supports port loopback test function, used to test the internal and external

connectivity of the port:


Operation Command Remarks

Enter global configuration mode system-view

Loopback test on all ports loopback { internal | external }

13
GPON OLT Operation Manual V1.1

Enter interface view interface { { ethernet

interface-num } | interface-name }

Lloopback test on a single port loopback { internal | external }

2.1.6 Line Detection VCT Command

VCT is used to detect network cable normal (NORMAL), open circuit (OPEN), short circuit

(SHORT), impedance mismatch (IMPEDANCE MISMATCH) and other error conditions.

The normal connection of the network cable is NORMAL, the disconnection of the network

cable is OPEN, and the short circuit of the network cable is SHORT. Impedance mismatch

(IMPEDANCE MISMATCH) generally occurs when two network cables with different

impedances are connected together. If an error is found, the location of the error can be

detected. The longest detection distance of VCT is 181 meters for 100M ports and 175 meters

for Gigabit ports:


Operation Command Remarks

Enter global configuration system-view

mode

Perform VCT detection on all vct run

ports

Enter interface view interface { { ethernet

interface-num } | interface-name }

Perform VCT detection on a vct run

single port

14
GPON OLT Operation Manual V1.1

【Example】

!VCT test on Ethernet port 1

[GPON-ethernet-0/1]vct run

Notice:

VCT detection is only for Cat 5 Ethernet ports and does not support VCT detection on optical

fiber ports.

2.1.7 Management IP Address Configuration

You can restrict the host IP address or a certain network segment that log in to the GPON's

web, telnet, snmp agent, and other IP addresses other than the matching configuration cannot

manage the Olt.


Operation Command Remarks

Enter global configuration system-view

mode

Configure management IP login-acl { web | snmp | telnet }

address restrictions ip-address wildcard

Remove management IP undo login-acl { all | { web | snmp |

address restrictions telnet { all | ip-address wildcard }}}

Display management IP display login-acl

address restriction

configuration information

【Example】

15
GPON OLT Operation Manual V1.1

!The configuration only allows addresses in the network segment 192.168.0.0/255.255.0.0 to

access the Olt through telnet

[GPON] login-acl telnet 192.168.0.1 0.0.255.255

[GPON]undo login-acl telnet 0.0.0.0 255.255.255.255

!Display the configuration of the management ip address restriction:

[GPON]display login-acl

2.1.8 Telnet User Limit for Login Privileged User View

Operation Command Remarks

Enter global configuration system-view

mode

Configure the number of telnet-server limit limit-num

Telnet users

Remove the limit on the undo telnet-server limit

number of users logging in to

Telnet

Display Telnet user limit display telnet-server

configuration information

【Example】

!Configure to allow only two Telnet users to enter privileged user view at the same time

[GPON] telnet-server limit 2

16
GPON OLT Operation Manual V1.1

2.1.9 CPU-CAR Command

CPU-CAR is mainly used to set the rate at which the CPU receives packets to limit the number

of packets sent to the CPU per second.


Operation Command Remarks

Enter global configuration system-view

mode

Configure CPU-CAR cpu-car target_rate

Restore the default undo cpu-car

CPU-CAR Value

Display CPU-CAR display cpu-car

【Example】

!Set the rate of cpu receives packets to 100pps

[GPON]cpu-car 100

2.2 Configuration Management

2.2.1 Save Configurations

After modified the configurations, you should same them so that these configurations can take

effect next time it restarts. Use the following commands to save configurations.
Operation Command Remarks

Enter super user view enable

Save configurations save current-config

17
GPON OLT Operation Manual V1.1

2.2.2 Erase Configurations

If you need to reset to factory default, you can use the following commands to erase all

configurations. After erased, the device will reboot automatically.


Operation Command Remarks

Enter super user view enable

Erase configuration clear save-config

2.2.3 Execute save Configuration

Operation Command Remarks

Enter super user view enable

Execute save update current-config

configuration

2.2.4 Show save Configurations

Use the following command to display the configurations you have saved.
Operation Command Remarks

Show configuration display save-config [ module-list ]

【Example】

!Display all contents of the configuration file

<GPON>display save-config

!Display the contents of GARP and OAM modules in the configuration file

<GPON>display save-config garp oam

18
GPON OLT Operation Manual V1.1

2.2.5 Show Running Configurations

Operation Command Remarks

Show running display current-config [ module-list ] [ perlines

configurations num ]

【Example】

!Display all configuration information

<GPON>display current-config

!Display configuration information for vlan

<GPON>display current-config vlan

2.3 Load Files and Upgrade Programs Online

2.3.1 Upload and Download Files by TFTP

Operation Command Remarks

Enter super user view enable

upload files upload { configuration | info-center } configuration is the system save


configuration file.
tftp tftpserver-ip filename
info-center is the system log file

download file load { configuration | host | bootrom | configuration is the system save
configuration file.
cpld-image | http { private-key |
application is the device upgrade
server-certificate } | ont-image } tftp host program.

tftpserver-ip filename whole-bootrom is the bootrom


program for the device

19
GPON OLT Operation Manual V1.1

tftpserver-ip is the IP address of the TFTP server, and filename is the name of the file to be

uploaded. Before entering the command, open the TFTP server and set the destination path

for the file upload.

【Example】

!Upload the configuration file by TFTP and name the configuration file config.txt

<GPON>upload configuration tftp 192.168.1.100 config.txt

After the upload is successful, the file config.txt in the computer with the IP address of

192.168.1.100 saves the current configuration.

!Download the configuration file config.txt by TFTP,

<GPON>load configuration tftp 192.168.1.100 config.txt

After downloading successfully and restarting the system, the system will use the new

configuration file config.txt

!Upload the log file by TFTP and name the log file log.txt

<GPON>upload info-center tftp 192.168.1.100 log.txt

!Download the upgrade file host.bin by TFTP

<GPON>load host tftp 192.168.1.100 host.bin

After downloading successfully and restarting the system, host.bin will run.

!Download the bootrom program boot.bin by TFTP

<GPON>load bootrom tftp 192.168.1.100 boot.bin

2.3.2 Upload and Download Files by FTP

Operation Command Remarks

20
GPON OLT Operation Manual V1.1

Enter super user enable

view

upload files upload { configuration | info-center } ftp

ftpserver-ip filename usename password

download file load { configuration | host | bootrom |

cpld-image | http { private-key |

server-certificate } | ont-image } ftp

ftpserver-ip filename usename password

ftpserver-ip is the IP address of the FTP server, and filename is the name of the file to be

uploaded. username and userpassword are the username and password set in the FTP

server. Before entering the command, you should open the FTP server, and set the user

name, password, and the destination path of the file upload.

【Example】

!Upload the configuration file by FTP and name the configuration file config.txt

<GPON>upload configuration ftp 192.168.1.100 config.txt admin 123

!Download configuration files by FTP

<GPON>load configuration ftp 192.168.1.100 config.txt admin 123

!Download the upgrade file host.bin by ftp

<GPON>load host ftp 192.168.1.100 host.bin admin 123

!Upload the log file by FTP and name the log file log.txt

<GPON>upload info-center ftp 192.168.1.100 log.txt admin 123

!Download the bootrom program boot.bin by FTP

21
GPON OLT Operation Manual V1.1

<GPON>load bootrom ftp 192.168.1.100 boot.bin admin 123

2.3.3 Download Files by Xmodem

Operation Command Remarks

Enter super user view enable

download file load { configuration | host | bootrom } xmodem

After entering the command, select "Transfer" ->"Send File" in the HyperTerminal menu, and

enter the full path and file name of the file in the "File Name" column of the "Send File" dialog

box that pops up, and the "Protocol" drop-down Select Xmodem in the list, and then click the

[Send] button.

【Example】

!Download the host program by Xmodem

<GPON>load application xmodem

2.4 Reboot OLT

Operation Command Remarks

Enter super user view enable

Restart the GPON reboot

immediately

Enter system view system-view

Auto restart at specified time auto-reboot { in { minutes min |

hours hour } | at { YYYY/MM/DD

22
GPON OLT Operation Manual V1.1

hh:mm:ss | hh:mm:ss daily |

hh:mm:ssweekday weekly } }

Cancel scheduled automatic undo auto-reboot

restart

【Example】

!Set to restart at 03:30:30 on May 15, 2020

[GPON]auto-reboot at 03:30:30 2020/05/15

!Set to restart at 03:30:30 every Monday morning

[GPON]auto-reboot at 03:30:30 mon weekly

23
GPON OLT Operation Manual V1.1

Chapter 3 Port Configuration

3.1 Ethernet Port Configuration Overview

The gigabit port of the OLT supports 10/100/1000Base-T. The port can work in half-duplex and

full-duplex modes. It can negotiate with other network equipment to determine the working

mode and rate, and automatically select the most suitable working mode and rate. Simplified

system configuration and management. The 10G optical port supports 1000M, 10000Mbps

full-duplex speed mode. The PON port has a fixed rate and does not support rate configuration

3.2 Configure Ethernet Port

3.2.1 Enter Interface Configuration Mode


Operation Command Remarks

Enter global
system-view
configuration mode

Enter interface interface { { ethernet interface-num } |


configuration mode.
interface-name }

3.2.2 Enter Interface Range Mode

Operation Command Remarks


Enter global mode
system-view

Enter interface range interface range { { ethernet

24
GPON OLT Operation Manual V1.1

mode.
interface-list } | interface-name }

【Example】

!Enter interface range configuration mode, this range includes Ethernet 1~3

[GPON]interface range ethernet 0/0/1 to e 0/0/3

[GPON-port-range]

3.2.3 Basic Port Configuration

Operation Command Remarks


Enter global mode
system-view
Enter interface mode
interface { { ethernet interface-num } |

interface-name }

Disable specific port shutdown

Enable specific port undo shutdown

Configure speed of a port speed { 10 | 100 | 1000 | 10000 | auto }

Configure default duplex of a port undo speed

Configure duplex of a port duplex { full | half }

Configure priority of a port priority priority-num

Configure default priority of a port undo priority

Configure port description description description-list

Delete port description undo description

Enable ingress filtering ingress filtering

25
GPON OLT Operation Manual V1.1

Disable ingress filtering undo ingress filtering

Enable ingress acceptable-frame ingress acceptable-frame { all | tagged }

Disable ingress acceptable-frame undo ingress acceptable-frame

Enable Ethernet port flow control flow-control

Disable Ethernet port flow control undo flow-control

Display port flow control function display flow-control interface [ ethernet

interface-num ]

3.2.4 Link Type of Ethernet Ports

An Ethernet port can operate in one of the three link types:

Access: An access port only belongs to one VLAN, normally used to connect user device.

Trunk: A trunk port can belong to more than one VLAN. It can receive/send packets from/to

multiple VLANs and is generally used to connect another GPON. The packet sent from this

port can be with or without the tag label.

Hybrid: A hybrid port can belong to multiple VLANs, can receive, or send packets for multiple

VLANs, used to connect either user or network devices. It allows packets of multiple VLANs to

be sent with or without the tag label

Operation Command Remarks


Enter global mode
system-view

interface { { ethernet interface-num } |


Enter interface mode
interface-name }

26
GPON OLT Operation Manual V1.1

Set port link type port mode { trunk | hybrid | access }

Configure default link type undo port mode The default

port type is

Hybrid

【Example】

!Set Ethernet port 1 as a trunk port

[GPON-ethernet-0/0/1]port mode trunk

3.2.5 Configure Default VLAN

Operation Command Remarks


Enter global mode
system-view

interface { { ethernet interface-num } |


Enter interface mode.
interface-name }

Set port default vlan id port default vlan vlan-id

Restore port default vlan id undo port default vlan

【Example】

!Set the default VLAN ID of Ethernet 0/1 to 5

[GPON-ethernet-0/0/1] port default vlan 5

3.2.6 Add Port to a Vlan

Operation Command Remarks


Enter global mode
system-view

27
GPON OLT Operation Manual V1.1

Enter interface mode


interface { { ethernet interface-num } |

interface-name }
Configure the port mode as access
port mode access

Add the Access port to the specified port default vlan vlan-id

vlan

Configure the port mode as Hybrid port mode hybrid


Add Hybrid port to specific VLAN
port hybrid tagged vlan { all | vlan-list }
and keep the packet VID
Add Hybrid port to specific VLAN
port hybrid untagged vlan { all | vlan-list }
and strip the packet VID
Delete Hybrid port from specific
undo port hybrid vlan { all | vlan-list }
VLAN

Configure the port mode as Trunk port mode trunk


Add Trunk port to specific VLAN
port trunk allowed vlan { all | vlan-list }
Delete Trunk port from specific
undo port trunk allowed vlan { all |
VLAN
vlan-list }

3.2.7 Dsiplay Port Information

Operation Command Remarks

Display port information display interface [ ethernet

interface-num } ]

Display summary information of all display interface brief

ports

28
GPON OLT Operation Manual V1.1

Display port sfp information display interface sfp [ ethernet

interface-num } ]

3.2.8 Display and Clear Port Statistics

Operation Command Remarks

Display port statistics display statistics interface [ ethernet

interface-num } ]

Display all port statistics display statistics interface brief

Display real-time sending and display utilization interface

receiving rates and band utilization

Enter global mode system-view

Clear port statistics clear interface [ ethernet interface-num } ]

Enter interface mode interface { { ethernet interface-num } |

interface-name }

Clear port statistics clear interface

29
GPON OLT Operation Manual V1.1

Chapter 4 Port Mirroring

4.1 Port Mirroring Overview

Mirroring refers to the process of copying packets that meet the specified rules to a destination

port. Generally, a destination port is connected to a data detect device, which users can use to

analyze the mirrored packets for monitoring and troubleshooting the network.

4.2 Configure Port Mirroring

4.2.1 Configure Port Mirroring

The source port is specified and whether the packets to be mirrored are ingress or egress is

specified: ingress: only mirrors the packets received via the port; egress: only mirrors the

packets sent by the port; both: mirrors the packets received and sent by the port at the same

time.

30
GPON OLT Operation Manual V1.1

The destination port is specified.

4.2.2 Configure the Mirror Destination Port

Operation Command Remarks

Enter global mode system-view

Configure destination port (so called mirror group group-id

monitor port) destination-interface ethernet

interface-num

Delete destination monitor port undo mirror group { all | group-id

destination-interface ethernet

interface-num }

4.2.3 Configure the Mirror Source Port

Operation Command Remarks

Enter global mode system-view

Configure source port mirror group group-id source-interface

{ ethernet | cpu } interface-list { both |

egress | ingress }

Delete source monitor undo mirror group { all | group-id

port source-interface { cpu | interface-list } }

【Example】

!Configure Ethernet ports 1 and 2 as mirror source ports

31
GPON OLT Operation Manual V1.1

[GPON] mirror group 1 source-interface ethernet 0/0/1 to ethernet 0/0/2 both

4.2.4 Display Port Mirroring

Operation Command Remarks

Display port mirroring display mirror group { all | group-id }

【Example】

!Display port mirroring

<GPON>display mirror group all

32
GPON OLT Operation Manual V1.1

Chapter 5 Link Aggregation

5.1 Link Aggregation Overview

Link aggregation means aggregating several ports together to form an aggregation group, so

as to implement outgoing/incoming load sharing among the member ports in the group and to

enhance the connection reliability.

Depending on different aggregation modes, aggregation groups fall into two types: static LACP

and dynamic LACP. Depending on whether or not load sharing is implemented, aggregation

groups can be load-sharing or non-load-sharing aggregation groups.

For the member ports in an aggregation group, their basic configuration must be the same.

The basic configuration includes STP, QoS, VLAN, port attributes, and other associated

settings.

 STP configuration, including STP status (enabled or disabled), link attribute (point-to-point

33
GPON OLT Operation Manual V1.1

or not), STP priority, maximum transmission speed, loop prevention status.

 QoS configuration, including traffic limiting, priority marking, default 802.1p priority, traffic

monitor, traffic redirection, traffic statistics, and so on.

 VLAN configuration, including permitted VLANs, and default VLAN ID, tag vlan list for

hybrid port and allowed vlan list for trunk port.

Port attribute configuration, including port rate, duplex mode, and link type (Trunk, Hybrid or

Access). The ports for a static aggregation group must have the same rate and link type, and

the ports for a dynamic aggregation group must have the same rate, duplex mode (full duplex)

and link type.

5.1.1 Introduction to LACP

The purpose of link aggregation control protocol (LACP) is to implement dynamic link

aggregation and disaggregation. This protocol is based on IEEE802.3ad and uses LACPDUs

(link aggregation control protocol data units) to interact with its peer.

After LACP is enabled on a port, LACP notifies the following information of the port to its peer

by sending LACPDUs: priority and MAC address of this system, priority, number and operation

key (it is so called O-Key) of the port. Upon receiving the information, the peer compares the

information with the information of other ports on the peer device to determine the ports that

can be aggregated with the receiving port. In this way, the two parties can reach an agreement

in adding/removing the port to/from a dynamic aggregation group.

5.1.2 Operation Key (O-Key)

34
GPON OLT Operation Manual V1.1

An operation key of an aggregation port is a configuration combination generated by system

depending on the configurations of the port (rate, duplex mode, other basic configuration, and

administrative key) when the port is aggregated.

1) The ports in the same aggregation group must have the same operation key (O-Key) and

administrative key (A-Key).

2) The administrative key (A-Key) and operation key (O-Key) of an LACP-enable aggregation

port is equal to its aggregation group ID+1.

3) The administrative key (A-Key) and operation key (O-Key) of an LACP-enable aggregation

port cannot be modified.

4) The operation key (O-Key) which is contained in LACPDU of an LACP-enable aggregation

port is the same as its peer.

5.1.3 Static Aggregation Group

1) Introduction to Static Aggregation

A static aggregation group is manually created. All its member ports are manually added and

can be manually removed. Each static aggregation group must contain at least one port. When

a static aggregation group contains only one port, you cannot remove the whole aggregation

group unless you remove the port.

LACP is disabled on the member ports of static aggregation groups, and enabling LACP on

such a port will not take effect.

2) Port status of Static Aggregation Group

A port in a static aggregation group is only in one state: on, which means the port in a static

35
GPON OLT Operation Manual V1.1

aggregation group must transceive packets. There can be at most 8 ports in a static

aggregation group.

5.1.4 Dynamic LACP Aggregation Group

1) Introduction to Dynamic LACP Aggregation Group

A dynamic LACP aggregation group is also manually created. All its member ports are

manually added and can be manually removed. Each dynamic aggregation group must

contain at least one port. When a dynamic aggregation group contains only one port, you

cannot remove the whole aggregation group unless you remove the port.

LACP is enabled on the member ports of dynamic aggregation groups, and disabling LACP on

such a port will not take effect.

2) Mode of Dynamic Aggregation Group

The mode of dynamic aggregation group can be active or passive. It is manually set by users.

The dynamic aggregation group in active mode will actively send LACPDUs; group in passive

mode will only response LACPDUs passively. When interconnecting with another device, static

mode can only interconnect with static mode; active mode can interconnect with both active

and passive mode, but passive mode can only interconnect with active mode. The default

mode is ACTIVE.

3) Port Status of Dynamic Aggregation Group

A port in a dynamic aggregation group can be in one of the three states: bundle (bndl), standby,

and no-bundle (no-bndl). In dynamic aggregation group, only bundled ports can transceive

LACP protocol packets; others cannot.

36
GPON OLT Operation Manual V1.1

Note:

In an aggregation group, the bundled port with the minimum port number serves

as the master port of the group, and other bundled ports serve as member ports of

the group.

No-bundled ports are the ports which fail to form link aggregation with other ports

in the dynamic aggregation.

There is a limit on the number of bundled ports in an aggregation group. Therefore, if the

number of the member ports that can be set as bundled ports in an aggregation group exceeds

the maximum number supported by the device, the system will negotiate with its peer end, to

determine the states of the member ports according to the port IDs of the preferred device (that

is, the device with smaller system ID). The following is the negotiation procedure:

1) Compare device IDs (system priority + system MAC address) between the two parties.

First compare the two system priorities, then the two system MAC addresses if the system

priorities are equal. The device with smaller device ID will be considered as the preferred one.

2) Compare port IDs (port priority + port number) on the preferred device. The comparison

between two port IDs is as follows: First compare the two port priorities, then the two port

numbers if the two port priorities are equal; the port with the smallest port ID is the bundled port

and the left ports are standby ports.

4) Configure System Priority

LACP determines the bundled and standby states of the dynamic aggregation group members

according to the priority of the port ID on the end with the preferred device ID.

37
GPON OLT Operation Manual V1.1

The device ID consists of system priority and system MAC address, that is, device ID = system

priority + system MAC address.

When two device IDs are compared, the system priorities are compared first, and the system

MAC addresses are compared when the system priorities are the same. The device with

smaller device ID will be considered as the preferred one.

Note:

Changing the system priority of a device may change the preferred device

between the two parties, and may further change the states (bundled or standby)

of the member ports of dynamic aggregation groups.

5) Configure Port Priority

LACP determines the bundled and standby states of the dynamic aggregation group members

according to the port IDs on the device with the preferred device ID. When the number of

members in an aggregation group exceeds the number of bundled ports supported by the

device in each group, LACP determines the bundled and standby states of the ports according

to the port IDs. The ports with superior port IDs will be set to bundled state and the ports with

inferior port IDs will be set to standby state.

The port ID consists of port priority and port number, that is, port ID = port priority + port

number. When two port IDs are compared, the port priorities are compared first, and the port

numbers are compared if the port priorities are the same. The port with smaller port ID is

considered as the preferred one.

38
GPON OLT Operation Manual V1.1

5.2 Redundancy of Interconnected Device

LACP provides link redundancy mechanism to guarantee the redundancy conformity of the two

interconnected devices and user can configure the redundant link which is realized by system

and port priority. The steps are as following:

Step 1 Selection reference. The two devices know the LACP sys-id and system MAC

address of each other through LACPDUs exchanges. The system priorities are compared first,

and the system MAC addresses are compared when the system priorities are the same. The

device with smaller device ID will be considered as the preferred one.

Step 2 Redundant link. The port priorities are compared first, and the port numbers are

compared if the port priorities are the same. The port with smaller port ID is considered as the

preferred one.

5.3 Load-balancing Policy

Load-balancing policy is specific physical link selection strategy when sending packets, which

can be source MAC, destination MAC, source and destination MAC, source IP, destination IP,

and source and destination IP. The default strategy is source MAC.

5.4 Configure Link Aggregation

5.4.1 Link AggregationConfiguration List

Configuration Task Description Detailed


Configuration

39
GPON OLT Operation Manual V1.1

Configure a Static Aggregation Group Required 5.4.2

Configure a Dynamic LACP Aggregation Group Required 5.4.3

Display and Maintain Link Aggregation Configuration Optional 5.4.4

5.4.2 Configure a Static Aggregation Group

You can create a static aggregation group, or remove an existing static aggregation group

(before that, all the member ports in the group are removed).

You can manually add/remove a port to/from a static aggregation group, and a port can only be

manually added/removed to/from a static aggregation group.

Perform the configuration in global configuration mode.


Operation Command Remarks
Enter global configuration mode system-view

Create a static aggregation group channel-group channel-group-number channel-group-


number ranges
from 0 to 51.

Configure load-balancing policy channel-group load-balance { dst-ip |


dst-mac | src-dst-ip | src-dst-mac | src-ip |
src-mac }

Enter interface configuration mode Interface ethernet interface-num

Enter interface range configuration interface range ethernet interface-list


mode

Add a port to the aggregation group channel-group channel-group-number mode


on

40
GPON OLT Operation Manual V1.1

Delete a port from an aggregation undo channel-group channel-group-number


group

Back to global configuration mode quit

Delete a static aggregation group undo channel-group channel-group-number

5.4.3 Configure Dynamic LACP

You can manually add/remove a port to/from a dynamic aggregation group, and a port can only

be manually added/removed to/from a dynamic aggregation group.


Operation Command Remarks
Enter global configuration mode system-view

Create a dynamic aggregation channel-group channel-group-number channel-group-n


group umber ranges
from 0 to 51

Configure load-balancing policy channel-group load-balance { dst-ip | Src-mac by


dst-mac | src-dst-ip | src-dst-mac | src-ip | default
src-mac }

Configure system priority lacp system-priority priority 32768 by default

Enter interface configuration mode Interface thernet interface-num

Enter interface range configuration interface range ethernet interface-list


mode

Add a port to the aggregation group channel-group channel-group-number


mode { active | passive }

Configure port priority lacp port-priority priority 128 by default

Delete a port from an aggregation undo channel-group channel-group-number


group

41
GPON OLT Operation Manual V1.1

Back to global configuration mode quit

Delete a dynamic aggregation group undo channel-group channel-group-number

5.4.4 Display and Maintain LACP

After the above configuration, execute the display command in any mode to display the

running status after the link aggregation configuration and verify your configuration.
Operation Command Remarks

Display system LACP ID display lacp sys-id System LACP-ID

consists of 16-bit

system priority

and 48-bit

system MAC.

Display port member info of the display lacp internal

aggregation group [ channel-group-number ]

Display neighbor port info of the display lacp neighbor

aggregation group [ channel-group-number ]

Display packet statistics of the display statistics channel-group

aggregation group [ channel-group-id ]

Display packet statistics of the display statistics dynamic channel-group

aggregation group by dynamic

Display utilization statistics of the display utilization channel-group

aggregation group

42
GPON OLT Operation Manual V1.1

Clear packet statistics of the clear channel-group [ channel-group-id ]

aggregation group

43
GPON OLT Operation Manual V1.1

Chapter 6 Port Isolation

6.1 PortIsolation Overview

To implement Layer 2 isolation, you can add different ports to different VLANs. However, this

will waste the limited VLAN resource. With port isolation, the ports can be isolated within the

same VLAN. Thus, you need only to add the ports to the isolation group to implement Layer 2

isolation. This provides you with more secure and flexible networking schemes.

On the current device:


 Currently, only one isolation group is supported on a device, which is created
automatically by the system as isolation group. The user cannot remove the isolation group or
create other isolation groups.
 The number of the ports an isolation group can contain is total port number-1. Because
isolated ports are downlink ports. There should be at least one uplink port.
Note:

When a port in an aggregation group is configured as the member of isolation group, the other

ports of the aggregation group will not be downlink ports.

6.2 Configure Port Isolation

6.2.1 Add/remove Isolated Ports

Add a port to port-isolation group. The isolated port members cannot communicate with each
other, but can only communicate with un-isolated port.

44
GPON OLT Operation Manual V1.1

Operation Command Remarks


Enter global configuration mode system-view
Enter interface range configuration
interface range interface-list
mode
port-isolation uplink { ethernet | gpon }
Configure port isolation
interface-num
undo port-isolation [ uplink { ethernet |
Delete uplink port
gpon } interface-num ]

6.2.2 Display Port Isolation Configuration

Operation Command Remarks

Display
display port-isolation [ ethernet
Display isolate-port configuration isolate-port
interface-list ]
configuration

45
GPON OLT Operation Manual V1.1

Chapter 7 Storm-Control

7.1 Storm-Control Overview

When there is loop or malicious attacker in the network, there will be plenty of packets, which

occupy the bandwidth and even affect the network. Storm-control will avoid too much packets

appear in the network. Restrict the speed rate of port receiving broadcast/multicast/unknown

unicast packets and unknown unicast packets received by all ports. By default, Broadcast

storm control is Enable; Multicast storm control is Disable; Unicast storm control is Disable.

7.2 Configure Storm-Control

7.2.1 Configure Storm-Control

Operation Command Remarks

Enter global configuration mode system-view

interface [ range ] { { ethernet interface-list } |


Enter interface configuration mode
interface-name }

Configure storm-controltype and storm-control { broadcast | multicast |


rate
unicast } { disable | pps target-rate}}

Delete port storm undo storm-control { broadcast | multicast

| unicast }

46
GPON OLT Operation Manual V1.1

7.2.2 Storm-Control Monitor and Maintenance

Operation Command Remarks

Display Storm-control display storm-control interface [ ethernet

interface-list ] ]

47
GPON OLT Operation Manual V1.1

Chapter 8 VLAN

8.1 VLAN Overview

Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into

segments to implement the virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which

was intended to standardize VLAN implementation solutions.

Through VLAN technology, network managers can logically divide the physical LAN into

different broadcast domains. Every VLAN contains a group of workstations with the same

demands. The workstations of a VLAN do not have to belong to the same physical LAN

segment.

With VLAN technology, the broadcast and unicast traffic within a VLAN will not be forwarded to

other VLANs, therefore, it is very helpful in controlling network traffic, saving device investment,

simplifying network management and improving security.

48
GPON OLT Operation Manual V1.1

A VLAN can span across multiple GPONes, or even routers. This enables hosts in a VLAN to

be dispersed in a looser way. That is, hosts in a VLAN can belong to different physical network

segment.

Compared with the traditional Ethernet, VLAN enjoys the following advantages.

1) Broadcasts are confined to VLANs. This decreases bandwidth utilization and improves

network performance.

2) Network security is improved. VLANs cannot communicate with each other directly. That is,

a host in a VLAN cannot access resources in another VLAN directly, unless routers or Layer 3

GPONes are used.

3) Network configuration workload for the host is reduced. VLAN can be used to group specific

hosts. When the physical position of a host changes within the range of the VLAN, you need

not change its network configuration.

8.1.1 VLAN Principles

VLAN tags in the packets are necessary for the GPON to identify packets of different VLANs.

The GPON works at Layer 2 (Layer 3 GPONes are not discussed in this chapter) and it can

identify the data link layer encapsulation of the packet only, so you can add the VLAN tag field

into only the data link layer encapsulation if necessary.

In 1999, IEEE issues the IEEE 802.1Q protocol to standardize VLAN implementation, defining

the structure of VLAN-tagged packets.

IEEE 802.1Q protocol defines that a 4-byte VLAN tag is encapsulated after the destination

MAC address and source MAC address to display the information about VLAN.

49
GPON OLT Operation Manual V1.1

As shown in Figure 1-2, a VLAN tag contains four fields, including TPID (Tag Protocol

Identifier), priority, CFI (Canonical Format Indicator), and VID (VLAN ID).

TPID is a 16-bit field, indicating that this data frame is VLAN-tagged. By default, it is 0x8100.

Priority is a 3-bit field, referring to 802.1p priority. Refer to section “QoS & QoS profile” for

details.

CFI is a 1-bit field, indicating whether the MAC address is encapsulated in the standard format

in different transmission media. This field is not described in detail in this chapter.

VID (VLAN ID) is a 12-bit field, indicating the ID of the VLAN to which this packet belongs. It is

in the range of 0 to 4,095. Generally, 0 and 4,095 is not used, so the field is in the range of 1 to

4,094.

VLAN ID identifies the VLAN to which a packet belongs. When the GPON receives an

un-VLAN-tagged packet, it will encapsulate a VLAN tag with the default VLAN ID of the

inbound port for the packet, and the packet will be assigned to the default VLAN of the inbound

port for transmission. For the details about setting the default VLAN of a port, refer to section

“02-Port Configuration”

50
GPON OLT Operation Manual V1.1

8.2 Configure 802.1Q VLAN

8.2.1 802.1Q VLAN Configuration List


Configuration Task Description Detailed
Configuration

Create and Modify VLAN Required 8.2.2

Delete Port Members from a VLAN Optional 8.2.3

Delete VLAN Optional 8.2.4

Configure Interface Default vlan ID Optional 8.2.5

Configure Interface VLAN Mode Optional 8.2.6

VLAN Attributes Based on Hybrid Interface Optional 8.2.7

VLAN Attributes Based on Trunk Interface Optional 8.2.8

Configure Port Priority Optional 8.2.9

Configure Ingress Filtering Optional 8.2.10

Configure Types of Interface acceptable-frame Optional 8.2.11

Display VLANconfiguration Optional 8.2.12

8.2.2 Create and Modify VLAN

GPON supports 4094 VLANs.

Perform following commands in privilege mode.

51
GPON OLT Operation Manual V1.1

Operation Command Remarks


Enter global configuration mode system-view
Create a vlan and enter vlan
vlan vlan-list
configuration mode

Add port member to a vlan port ethenet interface-num

Configure vlan description By default, vlan


description vlan-name description is
empty.

Display the related information


display vlan { vlan-id | brief }
about VLAN

Note:If the VLAN to be created exists, enter the VLAN mode directly. Otherwise, create the

VLAN first, and then enter the VLAN mode.

Vlan-id allowed to configure is in the range of 1 to 4094. Vlan-list can be in the form of discrete

number, a sequence number, or the combination of discrete and sequence number, discrete

number of which is separate by comma, and sequence number of which is separate by

subtraction sign, such as: 2, 5, 8, 10-20.

8.2.3 Delete Port Members from a VLAN

Perform following commands in privilege mode.


Operation Command Remarks
Enter global configuration mode system-view
Create a vlan and enter vlan
vlan vlan-list
configuration mode

Delete port member from VLAN undo port { all | ethernet interface-num }

Display the related information display vlan { vlan-id | brief }

52
GPON OLT Operation Manual V1.1

about VLAN

8.2.4 Delete VLAN

Perform following commands in privilege mode.


Operation Command Remarks
Enter global configuration mode system-view

Delete VLAN undo vlan { vlan-list | all }

Display the related information


display vlan { vlan-id | brief }
about VLAN

8.2.1 Configure Interface Default VLAN ID

Perform following commands in privilege mode.


Operation Command Remarks
Enter global configuration mode system-view

Enter Interface configuration mode interface ethernet interface-num

Configure interface pvid port default vlan vlan-id

Configure interface default pvid undo port default vlan Vlan1 by default

Display interface detailed


display interface ethernet interface-num
configurations

53
GPON OLT Operation Manual V1.1

display interface brief ethernet


Display interface brief configurations
[ interface-num ]

8.2.2 Configure Interface VLAN Mode

Interface VLAN mode can be divided into three types according to the different process modes

the interface performs on tag label:

Access: the interface only belongs to one vlan, and it usually is used to connect the terminal

device.

Trunk: the interface can be able to receive and forward multiple vlans. When the packet is

forwarded, the default vlan packet will not carry the tag whereas the other vlan will carry the

tag, and the tag is applied to the GPON interface.

Hybrid: the interface can be able to receive and forward multiple vlans, and it allows multiple

vlans to carry the tag or not carry the tag.


Interface VLAN mode Processing on receiving Processing on forwarding message
message
Untag Tag
If the VLAN ID carried in a packet is the
If the VLAN ID VLAN ID that the port allows to pass
Access
through, the VLAN tag will be striped and
Receive it of the packet is
the packet will be forwarded.
and add a a VLAN that the 1. If the VLAN ID carried in the packet
is the UNTAG VLAN ID the port allows to
tag of pvid to port allows to
pass through, the VLAN tag will be striped
Hybrid it. pass through, and the packet will be forwarded.

the packet will 2. If the VLAN ID carried in the packet


is the TAG VLAN ID the port allows to

54
GPON OLT Operation Manual V1.1

pass through, the VLAN tag will remain


be accepted.
and the packet will be forwarded.
Otherwise, the
Trunk When the VLAN ID carried in a packet is
packet will be the VLAN ID that the port allows to pass
through::
discarded.
1. If the VLAN ID is not consistent with
the port PVID, VLAN tag will be remained
and the packet will be forwarded.

2. If the VLAN ID is consistent with the


port PVID, VLAN tag will be stripped and
the packet will be forwarded.

Configure interface vlan mode


Operation Command Remarks
Enter global configuration mode system-view

Enter Interface configuration mode interface ethernet interface-num

Hybrid by
Configure interface vlan mode port mode { access | hybrid | trunk }
default.

8.2.3 VLAN Attributes Based on Hybrid Interface


Operation Command Remarks
Enter global configuration mode system-view

Enter Interface configuration mode interface ethernet interface-num

Configure interface vlan mode port mode hybrid

55
GPON OLT Operation Manual V1.1

“tagged” means

that the vlan

packet carries

Allow the specified vlan to pass port hybrid { tagged | untagged } vlan tag;
{ vlan-list | all }
through this hybrid port “untagged”

means that the

vlan packet does

not carry tag;

Does not allow the specified vlan to


undo port hybrid vlan vlan-list
pass this hybrid port

8.2.4 VLAN Attributes Based on Trunk Interface


Operation Command Remarks
Enter global configuration mode system-view

Enter Interface configuration mode interface ethernet interface-num

Configure interface vlan mode port mode trunk

Allow the specified vlan to pass


port trunk allowed vlan { vlan-list | all }
through this trunk port

56
GPON OLT Operation Manual V1.1

Do not allow the specified vlan to undo port trunk allowed vlan { vlan-list |
all }
pass through this trunk port

8.2.5 Configure Port Priority

If GPON receives a untagged packet, system will add a vlan tag to the packet in which the vid

value in the tag is the PVID value and the priority value is the port priority value.
Operation Command Remarks
Enter global configuration mode system-view

Enter Interface configuration mode interface ethernet interface-num

Configure port priority priority value

Restore default priority undo priority 0 by default

Display the port detailed


display interface ethernet interface-num
configurations

display interface brief ethernet


Display the port brief configurations
[ interface-num ]

8.2.6 Configure Ingress Filtering

By default, interface will check whether the receiving packet belongs to the vlan, if it does, the

57
GPON OLT Operation Manual V1.1

interface will perform the forward processing. Otherwise, it will discard the packet. This

process is called ingress filtering. GPON will enable this function by default and this function is

allowed to be disabled.
Operation Command Remarks
Enter global configuration mode system-view

Enter Interface configuration mode interface ethernet interface-num

Enabled by
Configure ingress filtering [ undo ] ingress filtering
default

Display the configuration information displayress [ interface interface-num ]

8.2.7 Configure Types of Interface Acceptable-frame

By default, regardless of any type of packet (tag or untag) received by the GPON, it is allowed

to change the port to receive only tag packets.


Operation Command Remarks
Enter global configuration mode system-view

Enter Interface configuration mode interface ethernet interface-num

“all” means it can

receive the tag


Configure interface priority ingress acceptable-frame { all | tagged }
packets and

untag packets;

58
GPON OLT Operation Manual V1.1

“tagged” means

it can only

receive the tag

packets.

Display the configuration information display ingress [ interface interface-num ]

8.2.8 Display VLANconfiguration


Operation Command Remarks

Display VLANconfiguration by vlanid display vlan [ vlan-id ]

Display VLAN configuration by brief display vlan brief

Display VLAN configuration by display vlan interface [ ethernet


interface
interface-num ]

8.3 Configure MAC-Based VLAN

8.3.1 MAC-Based VLAN Overview

As noted earlier, a single port in the campus network has multiple services, and each service

belongs to different VLANs. So the flexible configuration of VLAN under the GPON port to

identify different services has become a key issue of the campus network management.

In order to solve the above-mentioned problems, the MAC-based VLAN is proposed. MAC

(Media Access Control) address is burnt on a Network Interface Card (NIC), also known as the

hardware address. It’s composed of 48 bits long (6 bytes), 16 hex digits.

59
GPON OLT Operation Manual V1.1

MAC-based VLAN is another way to distinguish VLAN that tag of VLAN is added to packet

according to the source MAC address. This is often in combination with security technologies

(such as 802.1X) to achieve the purpose of the terminal’s safety and flexible access.

8.3.2 ConfigureMAC-Based VLAN

Users should bind the terminal MAC address with VLAN via the command line, and the device

will generate a corresponding MAC VLAN table.

The implementation of this approach is simple, only involved in access equipment. But in this

way, it is necessary to manually configure the MAC VLAN of the terminal on terminal

accessable ports. It was a big project.


Operation Command Remarks
Enter global configuration mode system-view

mac-vlan mac-address mac-address vlan


Configure static vlan-mac table
[ priority ]

undo mac-vlan [ mac-address


Delete vlan-mac table
mac-address ]

Display vlan-mac table display vlan-mac-table [ mac-address ]

8.4 Configure Protocol-Based VLAN

8.4.1 Protocol-Based VLAN Overview

Protocol-based VLAN: the packet distributes different VLAN ID according to the receiving

60
GPON OLT Operation Manual V1.1

protocol types and encapsulation formats. “Protocol types + encapsulation formats” is also

called model agreement. One protocol vlan can be able to bind multiple model agreements.

Different model agreements can be distinguished by the vlan-protocol table index. Agreement

profile is referenced to the port, and then you can modify the packet vlan according to the

model agreements.

Untagged packet processing (no vlan tag):

1. If the packet protocol types and encapsulation formats are conform to the model

agreements, it will be tagged with the protocol vlan-id.

2. If the packet protocol types and encapsulation formats are not conforming to the model

agreements, it will be tagged with the port default VLAN ID.

Tagged packet processing (has vlan tag):

1. If the packet protocol types and encapsulation formats are conform to the model

agreements, the outer vlan information will be modified to be the protocol vlan-id.

2. If the packet protocol types and encapsulation formats are not conform to the model

agreements, the processing mode will be the same as the port-based vlan.

This feature is mainly applied to bind the service type with VLAN, providing convenient

management and maintenance.

There are two types’ configuration modes of protocol-based VLAN. Please choose the suitable

one according to the equipment type.

8.4.2 ConfigureProtocol-Based VLAN


Operation Command Remarks
Enter global configuration mode system-view

61
GPON OLT Operation Manual V1.1

protocol-vlan profile index frame-type


Configure protocol profile
eth-type

undo protocol-vlan profile [ index ]


Delete protocol profile

interface ethernet interface-num


Enter Interface configuration mode

protocol-vlan profile index vlan vlan-id


Bind protocol-vlan profile
[ priority priority ]

undo protocol-vlan profile [ index ]


Undo bind protocol-vlan profile

display protocol-vlan profile [ index ]


Display protocol-vlan profile

display protocol-vlan interface [ ethernet


Display protocol-vlan profile bind
interface-num ]

8.5 Configure IP-subnet VLAN

8.5.1 IP-subnet VLAN Overview

IP subnet-based vlan is divided according to packet source IP address and subnet mask. After

device received packets from the interface, it will confirm the packets belonging to which VLAN

and then automatically divide these packets to specified VLAN.

8.5.2 ConfigureIP-subnet VLAN

62
GPON OLT Operation Manual V1.1

Operation Command Remarks


Enter global configuration mode system-view

ip-subnet-vlan ipv4 ip-address mask mask


Configure ip-subnet-vlan table
vlan vlanid [ priority priority ]

undo ip-subnet-vlan [ ipv4 ip-address mask


Delete ip-subnet-vlan table
mask ]

Enable the IP subnet-based VLAN ip-subnet-vlan precede

Disable the IP subnet-based VLAN undo ip-subnet-vlan precede

display ip-subnet-vlan [ ipv4 ip-address


Display ip-subnet-vlan table
mask mask ]

63
GPON OLT Operation Manual V1.1

Chapter 9 QinQ

9.1 QinQ Overview

9.1.1 Understanding QinQ

In the VLAN tag field defined in IEEE 802.1Q, only 12 bits are used for VLAN IDs, so a GPON

can support a maximum of 4,094 VLANs. In actual applications, however, a large number of

VLANs are required to isolate users, especially in metropolitan area networks (MANs), and

4,094 VLANs are far from satisfying such requirements. shows the structure of 802.1Q-tagged

and double-tagged Ethernet frames. The QinQ feature enables a device to support up to 4,094

x 4,094 VLANs to satisfy the requirement for the amount of VLANs in the MAN.

The port QinQ feature is a flexible, easy-to-implement Layer 2 VPN technique, which enables

the access point to encapsulate an outer VLAN tag in Ethernet frames from customer networks

(private networks), so that the Ethernet frames will travel across the service provider’s

backbone network (public network) with double VLAN tags. The inner VLAN tag is the

customer network VLAN tag while the outer one is the VLAN tag assigned by the service

64
GPON OLT Operation Manual V1.1

provider to the customer. In the public network, frames are forwarded based on the outer

VLAN tag only, with the source MAC address learned as a MAC address table entry for the

VLAN indicated by the outer tag, while the customer network VLAN tag is transmitted as part of

the data in the frames.

9.1.2 Implementations of QinQ

There are two types of QinQ implementations: basic QinQ and Flexible QinQ.

1) Basic QinQ

Basic QinQ is implemented through VLAN VPN.

With the VLAN VPN feature enabled on a port, when a frame arrives at the port, the GPON will

tag it with the port’s default VLAN tag, regardless of whether the frame is tagged or untagged.

65
GPON OLT Operation Manual V1.1

If the received frame is already tagged, this frame becomes a double-tagged frame; if it is an

untagged frame, it is tagged with the port’s default VLAN tag.

2) Flexible QinQ

Flexible QinQ is a more flexible, VLAN-based implementation of QinQ. If Flexible QinQ on port

is enabled, Flexible QinQ can:


 For ingress packet, different outer vlan tag can be added according to different inner
VLAN ID
 For ingress packet, new VLAN tag can take the place of some specific VLAN Tag
 For ingress packet, some VLAN can be transparent transmit.

For QinQ-enabled port, there are different handlings for different port type:

Uplink port: The Tag judgment on uplink port is based on the consistency between packet VID

and configured global outer-tpid.

Custom port: The Tag judgment on customer port is based on the consistency between

packet VID and inner-tpid. The default inner-tpid is 0x8100

9.1.3 Modification of TPID Value of QinQ Frames

A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of the tag.

The value of this field, as defined in IEEE 802.1Q, is 0x8100. The device can identify whether

there is corresponded VLAN Tag according to TPID. If configured TPID is the same as the

corresponded field, packet is regarded as with VLAN Tag.

The systems of different vendors may set the TPID of the outer VLAN tag of QinQ frames to

different values. For compatibility with these systems, the S3750-48 series GPONes allow you

to modify the TPID value so that the QinQ frames, when sent to the public network, carry the

66
GPON OLT Operation Manual V1.1

TPID value identical to the value of a particular vendor to allow interoperability with the devices

of that vendor.

The TPID in an Ethernet frame has the same position with the protocol type field in a frame

without a VLAN tag. To avoid problems in packet forwarding and handling in the network, you

cannot set the TPID value to any of the values in the table below.

Protocol type Value

ARP 0x0806

PUP 0x0200

RARP 0x8035

IP 0x0800

IPv6 0x86DD

PPPoE 0x8863/0x8864

MPLS 0x8847/0x8848

IPX/SPX 0x8137

IS-IS 0x8000

LACP 0x8809

802.1x 0x888E

GnLink 0x0765

GSTP 0X5524

9.2 Configure QinQ

67
GPON OLT Operation Manual V1.1

9.2.1 QinQ Configuration Task List

Configuration Task Description Detailed


Configuration

Configure BASIC QinQ Required 9.2.2

Configure Flexible QinQ Required 9.2.3

Display QinQ configuration Optional 9.2.4

9.2.1 Configure BASIC QinQ

Perform following commands in privilege mode.


Operation Command Remarks
Enter global configuration mode system-view

Enter interface configuration mode interface ethernet interface-num

Enable basic QinQ qinq

Disable basic QinQ undo qinq

9.2.2 Configure Flexible QinQ

Perform following commands in privilege mode.


Operation Command Remarks
Enter global configuration mode system-view
Enter interface configuration mode interface ethernet interface-num

Modify outer TPID qinq { inner-tpid | outer-tpid } tpid-value

Add different outer VLAN Tag for flexible-vlan insert start-vlan-id end-vlan-id
different inner VID service-vlan-idpriority

68
GPON OLT Operation Manual V1.1

flexible-vlan swap start-vlan-id end-vlan-id


Configure vlan-swap
target-vlan-idpriority
Configure packet belonged to
flexible-vlan pass-through start-vlan-id
specified vlan range need not to add
end-vlan-id
double VLAN Tag

9.2.3 Display QinQ configuration

Operation Command Remarks

Display qinq configuration display flexible-vlan interface [ ethernet

interface-list ]

69
GPON OLT Operation Manual V1.1

Chapter 10 MAC Address Table

10.1 MAC Address Table Overview

The system maintains a MAC address table for forwarding packets. The entries in this table

contain the device MAC addresses, VLAN IDs, and GPON port numbers. When a packet

enters the GPON, the GPON looks up the MAC address table based on the destination MAC

address of the packet and the VLAN ID of the packet. If the packet is found, the GPON sends

the packets to the specified ports. Otherwise, GPON will broadcast the packets in this VLAN.

The system can be able to learn MAC address table. If the source MAC address of a received

packet does not exist in the MAC address table, the system will add the source MAC address,

VLAN ID, and port number of the received packet as a new entry to the MAC address table.

You can manually configure MAC address entries. The administrator can configure the MAC

address table based on the actual network condition, that is, the administrator can add or

modify static entries, permanent entries, blackhole entries, dynamic entries.

System provides MAC address aging function. If a device does not send any packets for a

certain period of time, the system deletes the MAC address entries associated with the device.

MAC address aging only takes effect on the learned MAC address or the MAC address entries

which can be aged (the dynamic MAC address entries).

10.2 Configure MAC Address Table

70
GPON OLT Operation Manual V1.1

10.2.1 MAC Address Table Configuration Task List

Configuration Task Description Detailed


Configuration
Configure the Aging Time Optional 10.2.2
Add MAC Address Table by Manual Optional 10.2.3
Display MAC Address Table Optional 10.2.4
Enable/Disable MAC Learning Optional 10.2.5
Quantity Limitation on MAC Address Learning Table Optional 10.2.6

10.2.2 Configure the Aging Time

Operation Command Remarks


Enter global configuration mode system-view
disable means
Configure the aging time of MAC mac-address-table age-time { agetime |
mac address will
address
disable } not be aged
Configure the default aging time of
undo mac-address-table age-time 300s by default
MAC address
Display the aging time of MAC
display mac-address-table age-time
address
Display the aging time of MAC
display mac-address-table age-time
address

10.2.3 Add MAC Address Table by Manual

Operation Command Remarks


Enter global configuration mode system-view

mac-address-table { static | permanent |


Configure the static | permanent |
dynamic } mac-address interface ethernet
dynamicmac-address

interface-num vlan vlan-id

71
GPON OLT Operation Manual V1.1

Configure the mac-address-table blackhole mac-address


blackholemac-address
vlan vlan-id

undo mac-address-table [ dynamic |


Delete the static | permanent |
permanent | static ] mac-address interface
dynamicmac-address

ethernet interface-num vlan vlan-id

undo mac-address-table [ blackhole |

Delete the blackholemac-address dynamic | permanent | static ] mac-address

vlan vlan-id

undo mac-address-table [ static |


Delete the static | permanent |
permanent | dynamic ] interface ethernet
dynamicmac-address by port

interface-num

Delete the blackholemac-address by undo mac-address-table [ blackhole |


port
dynamic | permanent | static ] vlan vlan-id

Delete all mac-address undo mac-address-table

10.2.4 Display MAC Address Table

Operation Command Remarks

Display all MAC address display mac-address-table

Display CPU MAC address display mac-address-table cpu

display mac-address-table mac-address


Display MAC address by mac
[ vlan vlan-id ]

Display MAC address by type display mac-address-table { static |

72
GPON OLT Operation Manual V1.1

dynamic | permanent | blackhole } [ vlan

vlan-id ]

display mac-address-table { static |

dynamic | permanent | blackhole }

Display MAC address by port interface ethernet interface-num [ vlan

vlan-id ]

Display MAC address by vlan display mac-address-table vlan vlan-id

10.2.5 Enable/Disable MAC Learning

You can configure whether the device learns MAC addresses dynamically or not.

If MAC address learning is disabled under global configuration mode, all ports cannot learn

MAC address; If you want to disable mac address learning on some ports, just enable MAC

address learning under global configuration mode and disable MAC address learning on the

port will be OK.


Operation Command Remarks
Enter global configuration mode system-view

Enable global mac learning mac-address-table learning

Disable global mac learning undo mac-address-table learning

interface { { ethernet interface-num } |


Enter interface configuration mode
interface-name }

Enable mac learning mac-address-table learning

73
GPON OLT Operation Manual V1.1

Disable mac learning undo mac-address-table learning

display mac-address learning [ interface


Display mac learning
ethernet [ interface-num ] ]

10.2.6 Quantity Limitation on MAC Address Learning Table

Under port configuration mode, you can configure the maximum number of learned MAC

addresses on a port. By default, the number of MAC addresses learning table are unlimited.
Operation Command Remarks
Enter global configuration mode system-view

Enter vlan configuration mode vlan vlan-id

mac-address-table max-mac-count
Configure max-mac-count
max-mac-count
Configure the default
undo mac-address-table max-mac-count
max-mac-count

interface { { ethernet interface-num } |


Enter interface configuration mode
interface-name }

mac-address-table max-mac-count
Configure max-mac-count
max-mac-count
Configure the default
undo mac-address-table max-mac-count
max-mac-count

display mac-address max-mac-count

Display the max-mac-count { interface ethernet [ interface-num ] | vlan

vlan-id }

74
GPON OLT Operation Manual V1.1

Chapter 11 STP

11.1 STP Overview

Spanning Tree Protocol (STP) is applied in loop network to block some undesirable redundant

paths with certain algorithms and prune the network into a loop-free tree, thereby avoiding the

proliferation and infinite cycling of the packet in the loop network.

11.1.1 Protocol Packets of Spanning-Tree

STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its

protocol packets.

STP identifies the network topology by transmitting BPDUs between STP-compliant network

devices. BPDUs contain sufficient information for the network devices to complete the

spanning tree calculation.

In STP, BPDUs come in two types:

Configuration BPDUs, used for calculating spanning trees and Maintain the spanning tree

topology.

Topology change notification (TCN) BPDUs, used for notifying concerned devices of network

topology changes, if any.

11.1.2 Basic Concepts in Spanning-Tree

75
GPON OLT Operation Manual V1.1

Root Bridge

A tree network must have a root; hence the concept of “root bridge” has been introduced in

STP.

There is one and only one root bridge in the entire network, and the root bridge can change

alone with changes of the network topology. Therefore, the root bridge is not fixed.

Upon network convergence, the root bridge generates and sends out configuration BPDUs at

a certain interval, and other devices just forward the BPDUs. This mechanism ensures

topological stability.

Root Port

On a non-root bridge device, the root port is the port nearest to the root bridge. The root port is

responsible for communication with the root bridge. A non-root-bridge device has one and only

one root port. The root bridge has no root port.

Designated Bridge

For a device, Designated Bridge is the device directly connected with this device and

responsible for forwarding BPDUs; For a LAN, Designated Bridge is the device responsible for

forwarding BPDUs to this LAN segment.

Designated Port

For a device, Designated Port is the port through which the designated bridge forwards

BPDUs to this device; For a LAN, Designated Port is the port through which the designated

bridge forwards BPDUs to this LAN segment.

Path cost

Path cost is a reference value used for link selection in STP. By calculating the path cost, STP

76
GPON OLT Operation Manual V1.1

selects relatively “robust” links and blocks redundant links, and finally prunes the network into

loop-free tree structure.

11.1.3 Spanning-Tree Interface States

Each Layer 2 interface on a GPON using spanning tree exists in one of these states:

Disabled

The interface is not participating in spanning tree because of a shutdown port, no link on the

port, or no spanning-tree instance running on the port.

Blocking

The interface does not participate in frame forwarding.

Listening

The first transitional state after the blocking state when the spanning tree determines that the

interface should participate in frame forwarding.

Learning

The interface prepares to participate in frame forwarding.

Forwarding

The interface forwards frames.

An interface moves through these states:

• From initialization to blocking

• From blocking to listening or to disabled

• From listening to learning or to disabled

• From learning to forwarding or to disabled

77
GPON OLT Operation Manual V1.1

• From forwarding to disabled

When you power up the GPON, spanning tree is enabled by default, and every interface in the

GPON, VLAN, or network goes through the blocking state and the transitory states of listening

and learning. Spanning tree stabilizes each interface at the forwarding or blocking state.

When the spanning-tree algorithm places a Layer 2 interface in the forwarding state, this

process occurs:

1)The interface is in the listening state while spanning tree waits for protocol information to

transition the interface to the blocking state.

2)While spanning tree waits the forward-delay timer to expire, it moves the interface to the

learning state and resets the forward-delay timer.

3)In the learning state, the interface continues to block frame forwarding as the GPON learns

end-station location information for the forwarding database.

4)When the forward-delay timer expires, spanning tree moves the interface to the forwarding

state, where both learning and frame forwarding are enabled.

78
GPON OLT Operation Manual V1.1

11.2 How Spanning-Tree Works

Spanning-Tree identifies the network topology by transmitting configuration BPDUs between

network devices. Configuration BPDUs contain sufficient information for network devices to

complete the spanning tree calculation. Important fields in a configuration BPDU include:

Root bridge ID: consisting of root bridge priority and MAC address.

Root path cost: the cost of the shortest path to the root bridge.

Designated bridge ID: designated bridge priority plus MAC address.

Designated port ID: designated port priority plus port name.

Message age: age of the configuration BPDU while it propagates in the network.

Max age: maximum age of the configuration BPDU maintained in the device.

Hello time: configuration BPDU interval.

Forward delay: forward delay of the port.

1) Specific calculation process of the STP algorithm

 Initial state

Upon initialization of a device, each port generates a BPDU with itself as the root bridge, in

which the root path cost is 0, designated bridge ID is the device ID, and the designated port is

the local port.

 Selection of the optimum configuration BPDU

Each device sends out its configuration BPDU and receives configuration BPDUs from other

devices.

The process of selecting the optimum configuration BPDU is as follows:

79
GPON OLT Operation Manual V1.1

Step Description

1 Upon receiving a configuration BPDU on a port, the device performs the following processing:

If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by

the port, the device will discard the received configuration BPDU without doing any processing on the

configuration BPDU of this port.

If the received configuration BPDU has a higher priority than that of the configuration BPDU generated

by the port, the device will replace the content of the configuration BPDU generated by the port with the

content of the received configuration BPDU.

2 The device compares the configuration BPDUs of all the ports and chooses the optimum configuration

BPDU.

 Selection of the root bridge

At network initialization, each STP-compliant device on the network assumes itself to be the

root bridge, with the root bridge ID being its own device ID. By exchanging configuration

BPDUs, the devices compare one another’s root bridge ID. The device with the smallest root

bridge ID is elected as the root bridge.

 Selection of the root port and designated ports

The process of selecting the root port and designated ports is as follows:

Selection of the root port and designated ports

Step Description

1 A non-root-ridge device regards the port on which it received the optimum configuration BPDU as the

root port.

80
GPON OLT Operation Manual V1.1

2 Based on the configuration BPDU and the path cost of the root port, the device calculates a designated

port configuration BPDU for each of the rest ports.

 The root bridge ID is replaced with that of the configuration BPDU of the root port.

 The root path cost is replaced with that of the configuration BPDU of the root port plus the path

cost corresponding to the root port.

 The designated bridge ID is replaced with the ID of this device.

 The designated port ID is replaced with the ID of this port.

3 The device compares the calculated configuration BPDU with the configuration BPDU on the port of

which the port role is to be defined, and does different things according to the comparison result:

 If the calculated configuration BPDU is superior, the device will consider this port as the

designated port, and the configuration BPDU on the port will be replaced with the calculated

configuration BPDU, which will be sent out periodically.

 If the configuration BPDU on the port is superior, the device will block this port without

updating its configuration BPDU, so that the port will only receive BPDUs, but not send any, and will

not forward data.

Once the root bridge, the root port on each non-root bridge and designated ports have been

unsuccessfully elected, the entire tree-shaped topology has been constructed.

2) The BPDU forwarding mechanism in spanning-tree

Upon network initiation, every GPON regards itself as the root bridge, generates configuration

BPDUs with itself as the root, and sends the configuration BPDUs at a regular interval of hello

time.

 If it is the root port that received the configuration BPDU and the received configuration

81
GPON OLT Operation Manual V1.1

BPDU is superior to the configuration BPDU of the port, the device will increase message

age carried in the configuration BPDU by a certain rule and start a timer to time the

configuration BPDU while it sends out this configuration BPDU through the designated

port.

 If the configuration BPDU received on the designated port has a lower priority than the

configuration BPDU of the local port, the port will immediately send out its better

configuration BPDU in response.

 If a path becomes faulty, the root port on this path will no longer receive new configuration

BPDUs and the old configuration BPDUs will be discarded due to timeout. In this case, the

device will generate a configuration BPDU with itself as the root and sends out the BPDU.

This triggers a new spanning tree calculation process so that a new path is established to

restore the network connectivity.

However, the newly calculated configuration BPDU will not be propagated throughout the

network immediately, so the old root ports and designated ports that have not detected the

topology change continue forwarding data along the old path. If the new root port and

designated port begin to forward data as soon as they are elected, a temporary loop may

occur.

3) STP timers

STP calculations need three important timing parameters: forward delay, hello time, and max

age.

 Forward delay is the delay time for device state transition. A path failure will cause

re-calculation of the spanning tree, and the spanning tree structure will change

82
GPON OLT Operation Manual V1.1

accordingly. However, the new configuration BPDU as the calculation result cannot be

propagated throughout the network immediately. If the newly elected root port and

designated ports start to forward data right away, a temporary loop is likely to occur. For

this reason, as a mechanism for state transition in STP, a newly elected root port or

designated port requires twice the forward delay time before transitioning to the

forwarding state, when the new configuration BPDU has been propagated throughout the

network.

 Hello time is the time interval at which a device sends hello packets to the

surrounding devices to ensure that the paths are fault-free.

 Max age is a parameter used to determine whether a configuration BPDU held by the

device has expired. A configuration BPDU beyond the max age will be discarded.

11.3 Implement RSTP on Ethernet GPON

The Ethernet GPON implements the Rapid Spanning Tree Protocol (RSTP), i.e., the

enhancement of STP. The Forward Delay for the root ports and designated ports to enter

forwarding state is greatly reduced in certain conditions, thereby shortening the time period for

stabilizing the network topology.

To achieve the rapid transition of the root port state, the following requirement should be met:

The old root port on this GPON has stopped data forwarding and the designated port in the

upstream has begun forwarding data.

The conditions for rapid state transition of the designated port are:

83
GPON OLT Operation Manual V1.1

 The port is an Edge port that does not connect with any GPON directly or

indirectly. If the designated port is an edge port, it can GPON to forwarding

state directly without immediately forwarding data.

 The port is connected with the point-to-point link, that is, it is the master port

in aggregation ports or full duplex port. It is feasible to configure a

point-to-point connection. However, errors may occur and therefore this

configuration is not recommended. If the designated port is connected with

the point-to-point link, it can enter the forwarding state right after handshaking

with the downstream GPON and receiving the response.

The GPON that uses RSTP is compatible with the one using STP. Both protocol packets can

be identified by the GPON running RSTP and used in spanning tree calculation.

11.4 Configure RSTP

11.4.1 RSTP Configuration Task List

Configuration Task Description Detailed


Configuration
Enable STP and Configure the working mode Required 11.4.2
Configure STP bridge priority Optional 11.4.3
Configure Time Parameter Optional 11.4.4
Configure STP Path Cost Optional 11.4.5
Configure STP Port Priority Optional 11.4.6
Configure STP mcheck Optional 11.4.7
Configure STP point-to-point mode Optional 11.4.8
Configure STP portfast Optional 11.4.9

84
GPON OLT Operation Manual V1.1

Configure STP transit limit Optional 11.4.10


RSTP Monitor and Maintenance Optional 11.4.11

11.4.2 Enable RSTP and Configure the Working Mode

After enabling STP globally, all ports will be defaulted to join the STP topology calculating by

default. If some port is not allowed to take part in the STP calculation, administrator can use

undo stp command in interface configuration mode to disable STP on this port.
Operation Command Remarks
Enter global configuration mode system-view

Enable STP globally stp

Select STP mode stp mode rstp

Enter interface configuration mode interface ethernet interface-num

Enable/disable STP on port [ undo ] stp

Note:

When enable STP globally, the system is working under RSTP mode.

11.4.3 Configure STP Bridge Priority

The priority of bridge determines this GPON can be root or not. If this GPON is needed to be

the root, the priority can be configured inferior.

By default, the GPON bridge priority is 32768.


Operation Command Remarks
Enter global configuration mode system-view

Configure STP priority stp priority bridge-priority

85
GPON OLT Operation Manual V1.1

11.4.4 Configure Time Parameter

There are three time parameters: Forward Delay, Hello Time and Max Age.

User can configure these three parameters for RSTP calculation.


Operation Command Remarks
Enter global configuration mode system-view
Configure Hello-packet sending
stp hello-time seconds
interval

Configure STP forward-delay stp forward-time seconds

Configure STP max-age stp max-age seconds

Note:

Too long Hello Time may cause link failure thought by network bridge for losing packets of the

link to restart accounting STP; too smaller Hello Time may cause network bridge frequently to

send configuration packet to strengthen the load of network and CPU. Hello Time ranges from

1 to 10 seconds. It is suggested to use the default time of 2 seconds. Hello Time ≤ Forward

Delay-2.

If Forward Delay is configured too small, temporary redundancy will be caused; if Forward

Delay is configured too large, network will not be restored linking for a long time. Forward

Delay ranges from 4 to 30 seconds. The default forward delay time, 15 seconds is suggested

to use. Forward Delay≥Hello Time + 2.

Max Age is used to configure the longest aging interval of STP. Lose packet when over-timing.

The STP will be frequently accounts and take crowded network to be link fault, if the value is

too small. If the value is too large, the link fault cannot be known timely. Max Age is determined

by diameter of network, and the default time of 20 seconds is suggested. 2*(Hello Time + 1) ≤

86
GPON OLT Operation Manual V1.1

Max Age ≤ 2*(ForwardDelay – 1) When enable STP globally, the system is working under

RSTP mode.

11.4.5 Configure STP Path Cost

Configure interface STP path cost and choose the path with the smallest path cost to be the

effective path.

The path cost is related to the link speed rate. The larger the speed rate is, the less the cost is.

STP can auto-detect the link speed rate of current interface and converse it to be the cost.

Configure port path cost will make STP re-calculating. The value of the path cost is 1-65535. It

is suggested using the default vaule, which makes the STP to calculate the current port cost by

itself. By default, the path cost is determined by the current port speed.

When the port is 10M, the default cost is 200,000; when the port is 100M, the default cost is

20,000; 1000M, 2,000.


Operation Command Remarks
Enter global configuration mode system-view

Enter interface configuration mode interface ethernet interface-num

Configure STP path cost stp cost path-cost

11.4.6 Configure STP Port Priority

Specify specified port in STP by Configure port priority. Generally, the smaller the value is, the

superior the priority is, and the port will be more possible to be included in STP. If the priorities

are the same, the port number is considered.

The smaller the value is, the superior the priority is, and the port is easier to be the root

87
GPON OLT Operation Manual V1.1

interface. Change the port priority may cause the re-calculating of the STP. The port priority

ranges from 0 to 255. The default port priority is 128.


Operation Command Remarks
Enter global configuration mode system-view

Enter interface configuration mode interface ethernet interface-num

Configure STP port priority stp port-priority port-priority

11.4.7 Configure STP Mcheck

GPON working under RSTP mode can be connected to GPON with STP. But when the

neighbor is working under RSTP, the two connected ports are still work under STP mode.

Mcheck is for force port sending RSTP packet to make sure the two neighbor ports can be

working under RSTP. If yes, the working mode will turn to be RSTP.
Operation Command Remarks
Enter global configuration mode system-view

Enter interface configuration mode interface ethernet interface-num

Configure STP mcheck stp mcheck

11.4.8 Configure STP Point-to-Point Mode

In rstp, the requirement of interface quickly in transmission status is that the interface must be

point to point link not media sharing link. It can be specified interface link mode manually and

can also judge it by network bridge.


Operation Command Remarks
Enter global configuration mode system-view

88
GPON OLT Operation Manual V1.1

Enter interface configuration mode interface ethernet interface-num

Configure GPON auto-check the


stp point-to-point auto
point-to-point
Configure STP point-to-point mode
stp point-to-point forcetrue
forcetrue
Configure STP point-to-point mode
stp point-to-point forcefalse
forcefalse

11.4.9 Configure STP Portfast

Edge port is the port connecting to the host which can be in transmission status in very short

time after linkup, but once the port receiving STP packet, it will shift to be non-edge port.
Operation Command Remarks
Enter global configuration mode system-view

Enter interface configuration mode interface ethernet interface-num

Configure STP portfast stp portfast

11.4.10 Configure STP Transit Limit

Restrict STP occupying bandwidth by restricting the speed of sending BPDU packet. The

speed is determined by the number of BPDU sent in each hello time.

By default, port will send 3 BPDU packets in every Hello time interval.
Operation Command Remarks
Enter global configuration mode system-view

Enter interface configuration mode interface ethernet interface-num

Configure STP transit limit stp transit-limit transit-limit

11.4.11 RSTP Monitor and Maintenance

89
GPON OLT Operation Manual V1.1

After finishing above configuration, user can check the configurations by command below.
Operation Command Remarks
display stp interface [ brief [ ethernet
Display STP interface
interface-num ] ]

90
GPON OLT Operation Manual V1.1

Chapter 12 MSTP

12.1 MSTP Overview

The multiple spanning tree protocol (MSTP) overcomes the shortcomings of STP and RSTP. In

addition to support for rapid network convergence, it also allows data flows of different VLANs

to be forwarded along their own paths, thus providing a better load sharing mechanism for

redundant links. For description about VLANs, refer to VLAN.

12.2 Configure MSTP

12.2.1 Enable MSTP and Configure the Working Mode

After the tree starts to give birth to a global default for all ports will participate in the spanning
tree topology is calculated, if an administrator wants some of the port does not participate in
the calculation of the production tree, or go to the specified port configuration mode, use the
undo stp to disable the port Spanning Tree function.
Operation Command Remarks

Enter global configuration mode system-view

Choice STP mode stp mode mstp

Enable STP stp

Enter port configuration mode interface ethernet interface-num

Enable(disable) port STP [ undo ] stp

91
GPON OLT Operation Manual V1.1

12.2.2 Configure MSTP Timer Parameter Values

MSTP timers include: forwarding delay, contracting cycle hello time, maximum aging time, and
the maximum hops. Users can configure these three parameters on the GPON for MSTP
spanning tree.
Operation Command Remarks

Enter global configuration mode system-view

Configure bridge forward delay stp mst forward-time forward-time

Configure bridge hello time stp mst hello-time hello-time

Configure bridge max aging time stp mst max-age max-age

Configure bridge max hops stp mst max-hops max-hops

Notes:

 The Hello Time value is too long will lead to packet loss due to leaving the bridge that links

the link failure, began to re-calculate the spanning tree; too short can cause the bridge Hello

Time value configured to send messages frequently to increase the network and CPU burden.

Hello Time value range is 1 to 10 seconds, recommended default value of 2 seconds. Hello

Time must be less than equal to the Forward Delay 2.

 If the Forward Delay configuration is too small, may introduce temporary redundant paths;

if the Forward Delay configuration is too large, the network may not be a long time to restore

connectivity. Forward Delay value range is 4 to 30 seconds, it is recommended to use the

default value of 15 seconds. Forward Delay time must be greater than equal to the Hello Time

+ 2.

 Max Age is used to set the MSTP protocol packet aging longest interval, if the timeout, it

92
GPON OLT Operation Manual V1.1

discards the packet. If this value is too small, spanning tree will be more frequent, there may

be network congestion mistaken link failure; If this value is too large, is not conducive to timely

detection of link failures. Max Age of the range is 6 to 40 seconds. Max Age time value and the

exchange of the network diameter. Recommended default value of 20 seconds. Max Age time

must be greater than equal to 2 * (Hello Time + 1), less than or equal 2 * (Forward Delay-1).

12.2.3 Configure MSTP Identifier

MSTP configuration identifiers include: MSTP configuration name, MSTP revision level, and
the MSTP instance and VLAN mapping, MSTP will have the same configuration identifier and
the bridge connected to each other logically be treated as a virtual bridge.
Operation Command Remarks

Enter global configuration mode system-view

Configure MSTP identifier name stp mst name name

Configure MSTP identifiers revision stp mst revision revision-level

Configure MSTP instance

configuration and VLAN identifier stp mst instance instance-num vlan vlan-list

mapping

12.2.4 Configure MSTP Bridge Priority

In MSTP, the bridge priority is based on the parameters of MSTI, the bridge priority together
with port priority and port path cost determines the topology of each spanning tree instance,
constitute the basis for link load balancing.
GPON bridge priority determines the size of this GPON is able to be selected as the spanning
tree root bridge. By Configure the bridge priority of the smaller, you can specify a GPON to

93
GPON OLT Operation Manual V1.1

become the spanning tree root bridge purposes.


By default, the GPON bridge priority is 32768.
Operation Command Remarks

Enter global configuration mode system-view

stp mst instance instance-num priority


Configure MSTP instance priority
priority

12.2.5 ConfiConfigure Root Port Protection

As the maintenance of configuration errors or malicious network attacks, network valid root
bridge may receive a higher priority configuration information, so the root bridge will lose the
current status of the root bridge, causing changes in network topology errors .Assuming the
original traffic is forwarded through the high-speed links, this is not legally change will lead to
the original high-speed links are to low-speed traffic links, resulting in network congestion.
Root protection function to prevent this from happening.
Root-protection function of the port, the port can only be kept for a specified port. Once this
port received a high priority on the configuration information, status of the ports will be set to
the Discarding state, not forwarding packets (equivalent to the link connected to this port is
disconnected).When a long enough period of time does not receive better configuration
message, the port will revert to the original state.
In MSTP, this function works for all instances.
Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

Configure the root port protection stp mst root-guard

12.2.6 Configure Digest Snooping Port

94
GPON OLT Operation Manual V1.1

When a GPON port uses a proprietary spanning tree with Cisco and other GPON is connected,
these manufacturers' GPONes configured with the proprietary spanning tree protocol, even if
the same MST region configuration, the GPON can’t be achieved between the MSTP domain
interoperability. Digest snooping feature such a situation. With the use of proprietary spanning
tree protocol of the manufacturer's GPONes connected to the port on the digest snooping
feature, when receiving the manufacturer's GPONes over to send a BPDU, the GPON that is
from the same packet in an MST region, while the configuration summary record; when BPDU
packets sent to these manufacturer's GPONes, the GPON configuration summary to
supplement it. This GPON is realized and the manufacturer's GPONes in the MSTP region
exchange.
Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

Configure digest snooping port stp mst config-digest-snooping

12.2.7 Configure Port mCheck Function

In order to flexibly control MSTP, you can open the DISABLE INSTANCE features, disable

instance STP mode operating results with the implementation of no spanning-tree similar to

the instance of the VLAN mapping of all connections on port forwarding state.
Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

Configuration port mcheck function stp mcheck

Note:

mcheck function is a prerequisite for the port must send BPDU packets, so only works on the

95
GPON OLT Operation Manual V1.1

specified port.

12.2.8 Configure MSTP Instance Is Enabled

In order to flexibly control MSTP, you can open the DISABLE INSTANCE features, disable

instance STP mode operating results with the implementation of no spanning-tree similar to

the instance of the VLAN mapping of all connections on port forwarding state.
Operation Command Remarks

Enter global configuration mode system-view

Disable MSTP instance stp mst disable instance instance-number

undo stp mst disable instance


Enable MSTP instances
instance-number

12.2.9 Display and Maintain MSTP

After completing the above configuration, can use the following command to view configuration.

RSTP.
Operation Command Remarks

MSTP configuration information


display stp mst config-id
display identifier

Display spanning tree instance and display stp mst instance

port configuration information [ brief [ instance-list ] ]

96
GPON OLT Operation Manual V1.1

Chapter 13 Remote-loop-detect

13.1 Remote-loop-detect Overview

The device is connected with the client. If there is a loop in the client network, which will affect

the entire network. Remote-loop-detect is to solve this problem. After the Remote-loop-detectis

enabled on the GPON port, the GPON periodically sends a detection message. If the client

network has a loop, the GPON receives the detection message from the GPON. In this case,

the GPON considers that the client network exists loop, and the port connected to the client

port according to the treatment strategy placed discarding or shutdown.

Some people may ask, the spanning tree can also be remote loop detection, why need

Remote-loop-detect? This is because if the client network also has equipment to open

spanning tree, the client network topology change easily affects the network of the room. The

general networking is to connect the client port which does not open the spanning tree, with

remote-loop-detect alternative.

13.2 Configure Remote-loop-detect

13.2.1 Enable Remote-loop-detect

Operation Command Remarks

Enter the global configuration mode. system-view

97
GPON OLT Operation Manual V1.1

stp remote-loop-detect interface [ ethernet


Enable remote-loop-detect
[ interface-list ] ]

undo stp remote-loop-detect interface


Disable remote-loop-detect
[ ethernet [ interface-list ] ]

Enter the interface configuration interface { { ethernet interface-num } |

mode. interface-name }

Enable remote-loop-detect stp remote-loop-detect

Disable remote-loop-detect undo stp remote-loop-detect

13.2.2 Configure the Processing Policy

When Remote-loop-detectdetects the existence of loop, there are two ways: one is discarding

the port, the other is the port shutdown, and then periodically restores the port; the default use

discarding.
Operation Command Remarks

Enter the global configuration mode. system-view

stp remote-loop-detect action { shutdown Discarding by


Configure the processing policy
default
| discarding }

13.2.3 Configure the Interval Timer

Operation Command Remarks

98
GPON OLT Operation Manual V1.1

Enter the global configuration mode. system-view

stp remote-loop-detect interval-time


Configure the processing policy 5s by default
interval-time

13.2.4 Configure the Recovery Timer

When Remote-loop-detectdetects that a loop exists and the shutdown command is used, the

shutdown port periodically recovers the corresponding port. The default recovery period is 20

seconds and can be modified as needed. If it is configured as 60s, it means that it will not be

automatically restored. User needs to manually run the shutdown / no shutdown command on

the port. The port can re-linkup.


Operation Command Remarks

Enter the global configuration mode system-view

Configure the shutdown processing


stp remote-loop-detect action shutdown
policy

Configure the recovery time of the stp remote-loop-detect recover-time

port recover-time

13.2.5 Display Remote-loop-detect Configuration

Operation Command Remarks

Displayremote-loop-detectConfigura display stp remote-loop-detect interface

tion [ ethernet [ interface-list ] ]

99
GPON OLT Operation Manual V1.1

Chapter 14 ACL

14.1 ACL Overview

14.1.1 ACL Overview

As network scale and network traffic are increasingly growing, network security and bandwidth

allocation become more and more critical to network management. Packet filtering can be

used to efficiently prevent illegal users from accessing networks and to control network traffic

and save network resources. Access control lists (ACL) are often used to filter packets with

configured matching rules.

ACLs are sets of rules (or sets of permit or deny statements) that decide what packets can

pass and what should be rejected based on matching criteria such as source MAC address,

destination MAC address, source IP address, destination IP address, and port number.

When an ACL is assigned to a piece of hardware and referenced by a QoS policy for traffic

classification, the GPON does not take action according to the traffic behavior definition on a

packet that does not match the ACL.

ACL according to application identified by ACL numbers, fall into three categories,

Basic ACL: Source IP address

Extended ACL: Source IP address, destination IP address, protocol carried on IP, and other

Layer 3 or Layer 4 protocol header information

100
GPON OLT Operation Manual V1.1

Layer 2 ACL: Layer 2 protocol header fields such as source MAC address, destination MAC

address, 802.1p priority, and link layer protocol type.

14.2 ACL Configuration

14.2.1 ACL Configuration List

Configuration Task Description Detailed


Configuration

Configure Match Order Optional 14.2.2

Configure Time Range Optional 14.2.3

Configure Basic ACL Required 14.2.4

Configure Extended ACL Required 14.2.5

Configure Layer 2 ACL Required 14.2.6

Activate ACL Required 14.2.7

Display and Debugging ACL Optional 14.2.8

14.2.2 Configure Match Order

An ACL consists of multiple rules, each of which specifies different matching criteria. These

criteria may have overlapping or conflicting parts. This is where the order in which a packet is

matched against the rules comes to rescue.

Two match orders are available for ACLs:

101
GPON OLT Operation Manual V1.1

config: where packets are compared against ACL rules in the order in which they are

configured.

auto: where depth-first match is performed. The term depth-first match has different meanings

for different types of ACLs. Depth-first match for a basic ACL

For example, now Configure 2 types of ACL as below:

[GPON]acl 2000 deny any

Config ACL subitem successfully.

[GPON]acl 2000 permit 1.1.1.1 0

Config ACL subitem successfully.

1) If it is the configuration mode, sub-item 0 is the first command. You can see as below

configuration:

[GPON]display acl config 1

Standard IP Access List 1, match-order is config, 2 rule:

0 deny any

1 permit 1.1.1.1 0.0.0.0

2) If it is the auto mode, sub-item 0 is the longest ACL match rule. You can see as below

configuration:

[GPON]display acl config 1

Standard IP Access List 1, match-order is auto, 2 rule:

0 permit 1.1.1.1 0.0.0.0

1 deny any

102
GPON OLT Operation Manual V1.1

Notes, ACL must enable. GPONes must obey “first enable then active. Please refer to Chapter

1.6 for detailed configuration.

14.2.3 Configure Time Range

There are two kinds of configuration: configure absolute time range and periodic time range.

Configure absolute is in the form of year, month, date, hour and minute. Configure periodic

time range is in the form of day of week, hour and minute.


Operation Command Remarks

Enter global configuration mode system-view

new build time range and enter time


time-range name
range mode

absolute start HH:MM:SS YYYY/MM/DD


Configure absolute start
[ end HH:MM:SS YYYY/MM/DD ]

periodic days-of-the-weekhh:mm:ss to
Configure periodic start
[ day-of-the-week ] hh:mm:ss

Note:

Periodic time range created using the time-range time-name start-time to end-time days

command. A time range thus created recurs periodically on the day or days of the week.

Absolute time range created using the time-range time-name {from time1 date1 [ to time2

date2 ] | to time2 date2 } command. Unlike a periodic time range, a time range thus created

does not recur. For example, to create an absolute time range that is active between January 1,

2004 00:00 and December 31, 2004 23:59, you may use the time-range test from 00:00

103
GPON OLT Operation Manual V1.1

01/01/2004 to 23:59 12/31/2004 command.

Compound time range created using the time-range time-name start-time to end-time days

{ from time1 date1 [ to time2 date2 ] | to time2 date2 } command. A time range thus created

recurs on the day or days of the week only within the specified period. For example, to create a

time range that is active from 12:00 to 14:00 on Wednesdays between January 1, 2004 00:00

and December 31, 2004 23:59, you may use the time-range test 12:00 to 14:00 Wednesday

from 00:00 01/01/2004 to 23:59 12/31/2004 command.

You may create individual time ranges identified with the same name. They are regarded as

one time range whose active period is the result of ORing periodic ones, ORing absolute ones,

and ANDing periodic and absolute ones.

With no start time specified, the time range is from the earliest time that the system can

express (that is, 00:00 01/01/1970) to the end time. With no end time specified, the time range

is from the time the configuration takes effect to the latest time that the system can express

(that is, 24:00 12/31/2100).

Up to 256 time ranges can be defined.

Configuration Examples
Create an absolute time range from 16:00, Jan 3, 2009 to 16:00, Jan 5, 2009

<GPON>system-view

[GPON]time-range b

Config time range successfully.

[GPON-timerange-b]absolute start 16:00:00 2009/1/3 end 16:00:00 2009/1/5

Config absolute range successfully .

104
GPON OLT Operation Manual V1.1

[GPON-timerange-b]display time-range name b

Current time is: 02:46:43 2009/01/31 Saturday


time-range: b ( Inactive )

absolute: start 16:00:00 2009/01/03 end 16:00:00 2009/01/05


Create a periodic time range that is active from 8:00 to 18:00 every working day.

<GPON>system-view

[GPON]time-range b

Config time range successfully.


[GPON-timerange-b]periodic weekdays 8:00:00 to 18:00:00
Config periodic range successfully .
[GPON-timerange-b]display time-range name b
Current time is: 02:47:56 2009/01/31 Saturday

time-range: b ( Inactive )

periodic: weekdays 08:00 to 18:00

14.2.4 Configure Basic ACL

GPON support ACL as below:

1)Basic ACL

2)Extended ACL

3)Layer 2 AC

Basic ACLs filter packets based on source IP address. They are numbered in the range 1 to 99.

At most 99 ACL with number mark and at most 1000 ACL with name mark. At most 128 rules

for each ACL at the same time. If you want to reference a time range to a rule, define it with the

105
GPON OLT Operation Manual V1.1

time-range command first.

Follow these steps to configure a basic ACL.


Operation Command Remarks

Enter global configuration mode system-view

Bydefault ,syste
Define sub-item match rule acl num match-order { config | auto }
m is config
acl num { permit | deny } { source-IPv4/v6

Define basic ACL source-wildcard | any | ipv6any }


[ time-range name ]
Configure basic ACL based on name identification
Operation Command Remarks

Enter global configuration mode system-view

by
acl standard name match-order { config |
Define sub-item match rule default,system is
auto }
config

Define basic ACL and enter


acl standard name
configuration mode
{ permit | deny } { source-IPv4/v6 source-

Configure ACL rule wildcard | any | ipv6any } [ time-range


name ]
Configure Examples
!Define a basic ACL with number mark to deny packet with source IP 10.0.0.1
<GPON>system-view
[GPON]acl 1 deny 10.0.0.1 0
!Define a basic ACL with name mark to deny packet with source IP 10.0.0.2
<GPON>system-view

106
GPON OLT Operation Manual V1.1

[GPON]acl standard stdacl

[GPON-std-nacl-stdacl]deny 10.0.0.2 0

14.2.5 Configure Extended ACL

GPON can define at most 100 extended ACL with the number ID (the number is in the range of

100 to 199), at most 1000 extended ACL with the name ID. It can define 128 sub-rules for an

ACL (this rule can suit both ACL with name ID and number ID).

Follow these steps to configure a extended ACL.


Operation Command Remarks

Enter global configuration mode system-view -

by

Define sub-item match rule acl num match-order { config | auto } default ,system

is config
acl num { permit | deny } [ protocol ]
[ established ] { source-IPv4/v6
source-wildcard | any | ipv6any } [ port

Define extended ACL [ portmask ] ] { dest- IPv4/v6 dest-wildcard | required


any | ipv6any } [ port [ portmask ] ]
{ [ precedence precedence ] [ tos tos ] |
[ dscp dscp ] } [ time-range name ]
Configure extended ACL based on name identification
Operation Command Remarks

Enter global configuration mode system-view


acl extended name match-order { config |
Define subitem match rule
auto }

by

107
GPON OLT Operation Manual V1.1

default ,system

is config

Define extended ACL and enter


acl extended name
configuration mode
{ permit | deny } [ protocol ] [ established ]
{ source-IPv4/v6 source-wildcard | any |
ipv6any } [ port [ portmask ] ] { dest-IPv4/v6

Configure ACL rule dest-wildcard | any | ipv6any } [ port


[ portmask ] ] { [ precedence precedence ]
[ tos tos ] | [ dscp dscp ] } [ time-range
name ]
Detailed parameters of extended ACL as below Table:

Parameters Function Remark

A number in the range of 1

to 255.

Represented by name,
protocol IP protocol type carried
you can select GRE,

ICMP, IGMP, IPinIP,

OSPF, TCP, UDP

source-IPv4/v6 used to

determine the packet's


source-IPv4/v6 ACL rules specified the source address
source IP address. Dotted
information
decimal notation;

source-wildcard sour-wildcard of 0 means

108
GPON OLT Operation Manual V1.1

that the host address

any any source address.

dest-IPv4/v6 used to

determine the packet


dest-IPv4/v6
destination address, in

The purpose of ACL rules specified dotted decimal notation;

address information dest-wildcard is 0, the host

address;
dest-wildcard | any
Any is any destination

address.

port TCP / UDP port number ——

IP precedence values
precedence priority precedence message
​ ​ range from 0 to 7

ToS priority ranges from 0


tos tos priority packets
to 15

DSCP priority Rule applies only to

dscp Level ranges from 0 to 63 non-first fragment packet

fragment fragmentation information effective

name Create a time range ——

Configuration Examples

!Create extended ACL based on digital identification to deny the FTP packets with source

109
GPON OLT Operation Manual V1.1

address 10.0.0.1 .
<GPON>system-view

[GPON]acl 100 deny tcp 10.0.0.1 0 ftp any

!Create extended ACL based on name identification to deny the FTP packets with source

address 10.0.0.1.
<GPON>system-view
[GPON]acl extended extacl

[GPON-ext-nacl-extacl] deny tcp 10.0.0.2 0 ftp any

14.2.1 Configure Layer 2 ACL

GPON can define at most 100 layer 2 ACL with the number ID (the number is in the range of

200 to 299), at most 1000 layer 2 ACL with the name ID. It can define 128 sub-rules for an ACL

(this rule can suit both ACL with name ID and number ID). Layer 2 ACL only classifies data

packet according to the source MAC address, source VLAN ID, layer protocol type, layer

packet received and retransmission interface and destination MAC address of layer 2 frame

head of data packet and analyze the matching data packet.

Follow these steps to configure a Layer 2 ACL.


Operation Command Remarks

Enter global configuration mode system-view

by

Define sub-item match rule acl num match-order { config | auto } default ,system

is config

Define Layer 2 ACL acl num { permit | deny } [ protocol ] [ cos

110
GPON OLT Operation Manual V1.1

vlan-pri ] ingress { { [ source-vlan-id ]


[ source-mac-addr source-mac-wildcard ]
[ interface interface-num ] } | any } egress
{ { [ dest-mac-addr dest-mac-wildcard ]
[ interface interface-num | cpu ] } | any }
[ time-range name ]
Configure Layer 2 ACL based on name identification
Operation Command Remarks

Enter global configuration mode system-view

By default ,
Define sub-item match rule acl link name match-order { config | auto }
system is config

Define Layer 2 ACL and enter


acl link name
configuration mode
{ permit | deny } [ protocol ] [ cos vlan-pri ]
ingress { { [ source-vlan-id ]
[ source-mac-addr source-mac-wildcard ]

Configure ACL rule [ interface interface- num ] } | any } egress


{ { [ dest-mac-addr dest-mac-wildcard ]
[ interface interface-num | cpu ] } | any }
[ time-range name ]
Configuration Examples

!Create Layer 2 ACL based on digital identification to deny the MAC with ARP address

00:00:00:00:00:01.
<GPON>system-view

[GPON]acl 200 deny arp ingress 00:00:00:00:00:01 0 egress any

!Create Layer 2 ACL based on name identification to deny the MAC with ARP address

00:00:00:00:00:02.

111
GPON OLT Operation Manual V1.1

<GPON>system-view
[GPON]acl link lnkacl
[GPON-link-nacl-lnkacl] deny arp ingress 00:00:00:00:00:02 0 egress any

14.2.2 Activate ACL

GPON obey the rule of “First enable then active”


Operation Command Remarks

Enter global configuration mode system-view

access-group [ ip-group name | num ]

Active ACL [ subitem num ] [ link-group name | num ]

[ subitem num ]

Configuration Examples
GPONes only permit with source IP address 1.1.1.1

!Before configuration

[GPON]display acl config 1

Standard IP Access List 2, match-order is config, 2 rule:

0 deny any

1 permit 1.1.1.1 0.0.0.0

!Configuration steps

[GPON]access-group ip-group 1 subitem 1

Activate ACL successfully .

[GPON]access-group ip-group 1 subitem 0

Activate ACL successfully .

112
GPON OLT Operation Manual V1.1

!Before configuration

[GPON]display acl config 1

Standard IP Access List 1, match-order is auto, 2 rule:

0 permit 1.1.1.1 0.0.0.0

1 deny any

!Configuration steps

[GPON]access-group ip-group 1

Activate ACL successfully .

Active ACL Binding

IP+MAC+Port binds through ACL binding active.

!Configuration request

MAC is 00:00:00:00:00:01, IP address of 1.1.1.1,the user can only enter from e0/0/1 mouth.

!Configuration steps

[GPON]acl 1 permit 1.1.1.1 0

[GPON]acl 200 permit ingress 00:00:00:00:00:01 0 interface ethernet 0/0/1 egress any

[GPON]acl 210 deny ingress any egress any

[GPON]access-group ip-group 1 link-group 200

[GPON]access-group link-group 210

14.2.3 Display and Debugging ACL

After finishing above configuration, you can see configuration as below commands.
Operation Command Remarks

113
GPON OLT Operation Manual V1.1

Display ACL statistics display acl config statistic

Display ACL configuration display acl config { all | num | name name }

display acl runtime { all | num | name


Display ACL runtime information
name }

114
GPON OLT Operation Manual V1.1

Chapter 15 QOS

15.1 QOS Overview

In traditional IP networks, packets are treated equally. That is, the FIFO (first in first out) policy

is adopted for packet processing. Network resources required for packet forwarding is

determined by the order in which packets arrive. All the packets share the resources of the

network. Network resources available to the packets completely depend on the time they

arrive. This service policy is known as Best-effort, which delivers the packets to their

destination with the best effort, with no assurance and guarantee for delivery delay, jitter,

packet loss ratio, reliability, and so on.

With the fast development of computer networks, more and more networks are connected into

Internet. Users hope to get better services, such as dedicated bandwidth, transfer delay, jitter

voice, image, important data which enrich network service resources and always face network

congestion. Internet users bring forward higher requirements for QoS. Ethernet technology is

the widest network technology in the world recently. Now, Ethernet becomes the leading

technology in every independent LAN, and many LAN in the form of Ethernet have become a

part of internet. With the development of Ethernet technology, Ethernet connecting will

become one of main connecting for internet users. To execute end-to-end QoS solution has to

consider the service guarantee of Ethernet QoS, which needs Ethernet device applies to

115
GPON OLT Operation Manual V1.1

Ethernet technology to provide different levels of QoS guarantee for different types of service

flow, especially the service flow highly requiring delay and jitter.

15.1.1 Traffic

Traffic means all packets through GPON.

15.1.2 Traffic Classification

Traffic classification is to identify packets conforming to certain characters according to certain

rules. It is the basis and prerequisite for proving differentiated services. A traffic classification

rule can use the precedence bits in the type of service (ToS) field of the IP packet header to

identify traffic with different precedence characteristics. A traffic classification rule can also

classify traffic according to the traffic classification policy set by the network administrator, such

as the combination of source address, destination address, MAC address, IP protocol, or the

port numbers of the application. Traffic classification is generally based on the information in

the packet header and rarely based on the content of the packet.

15.1.3 Priority

1) 802.1p priority lies in Layer 2 packet headers and is applicable to occasions where the

Layer 3 packet header does not need analysis but QoS must be assured at Layer 2. As shown

in the chapter of VLAN configuration. Each host supported 802.1Q protocol forwards packets

which are from Ethernet frame source address add a 4-byte tag header.

116
GPON OLT Operation Manual V1.1

As shown in the figure above, PRI segment is 802.1p priority. It consists of 3bits whose range

from 0~7. The three bits point the frame priority. The tag including 8 formats gives the

precedence to forward the packets.


cos (decimal) cos (binary) Description
0 000 spare
1 001 background
2 010 best-effort
3 011 excellent-effort
4 100 controlled-load
5 101 video
6 110 voice
7 111 network-management

2) IP precedence, TOS precedence, and DSCP values

The TOS field in the IP header contains eight bits: the first three bits represent IP precedence;

the subsequent four bits represent a ToS value and 1 bit with currently unused defaults 0. The

four bits of TOS packets are grouped into four classes: the smallest time delay, maximum rate,

highly reliability, minimum cost. Only 1 bit can be set, if the DSCP values equal 0, that means

normal service.

IP precedence contains 8 formats.

117
GPON OLT Operation Manual V1.1

IP Precedence (decimal) IP Precedence (binary) Description


0 000 routine
1 001 priority
2 010 immediate
3 011 flash
4 100 flash-override
5 101 critical
6 110 internet
7 111 network

TOS precedence contains 5 formats.


TOS (decimal) TOS (binary) Description
0 0000 normal
1 0001 min-monetary-cost
2 0010 max-reliability
4 0100 max-throughput
8 1000 min-delay

According to RFC 2474, the ToS field is redefined as the differentiated services (DS) field,

where a DSCP value is represented by the first six bits (0 to 5) and ranges from 0 to 63. The

remaining two bits (6 and 7) are reserved.

In a network in the Diff-Serve model, traffic is grouped into the following classes, and packets

are processed according to their DSCP values

Expedited forwarding (EF) class: In this class, packets are forwarded regardless of link

share of other traffic. The class is suitable for preferential services requiring low delay, low

118
GPON OLT Operation Manual V1.1

packet loss, low jitter, and high bandwidth.

Assured forwarding (AF) class: This class is divided into four subclasses (AF 1 to AF 4),

each containing three drop priorities for more granular classification. The QoS level of the AF

class is lower than that of the EF class.

Class selector (CS) class: This class is derived from the IP ToS field and includes eight

subclasses.

Best effort (BE) class: This class is a special CS class that does not provide any assurance.

AF traffic exceeding the limit is degraded to the BE class. All IP network traffic belongs to this

class by default.
DSCP (decimal) DSCP (binary) keys
0 000000 be
46 101110 ef
10 001010 af1
18 010010 af2
26 011010 af3
34 100010 af4
8 001000 cs1
16 010000 cs2
24 011000 cs3
32 100000 cs4
40 cs5
101000
48 110000 cs6
56 111000 cs7

15.1.4 Access Control List

119
GPON OLT Operation Manual V1.1

To classify flow is to provide service distinctively which must be connected resource

distributing. To adopt which kind of flow control is related to the stage it is in and the current

load of the network. For example: monitor packet according to the promised average speed

rate when the packet is in the network and queue scheduling manage the packet before it is

out of the node.

15.1.5 Packet Filtration

Packet filtration is to filtrate service flow, such as deny, that is, deny the service flow which is

matching the traffic classification, and permit other flows to pass. System adopts complicated

flow classification to filtrate all kinds of information of service layer 2 packets to deny useless,

unreliable, and doubtable service flow to strengthen network security.

Two key points of realizing packet filtration:

Step 1: Classify ingress flows according to some regulation;

Step 2: Filtrate distinct flow by denying. Deny is default accessing control.

15.1.6 Flow Monitor

In order to serve customers better with the limited network resources, QoS can monitor service

flow of specified user in ingress interface, which can adapt to the distributed network

resources.

15.1.7 Interface Speed Limitation

120
GPON OLT Operation Manual V1.1

Interface speed limitation is the speed limit based on interface which limits the total speed rate

of interface outputting packet.

15.1.8 Redirection

User can re-specify the packet transmission interface based on the need of its own QoS

strategies.

15.1.9 Priority Mark

Ethernet GPON can provide priority mark service for specified packet, which includes: TOS,

DSCP, 802.1p. These priority marks can adapt different QoS model and can be defined in

these different models.

15.1.10 Choose Interface Outputting Queue for Packet

Ethernet GPON can choose corresponding outputting queue for specified packets.

15.1.11 Queue Scheduler

It adopts queue scheduler to solve the problem of resource contention of many packets when

network congestion. There are three queue scheduler matchings: Strict-Priority Queue (PQ),

Weighted Round Robin (WRR) and WRR with maximum delay.

1) PQ

PQ (Priority Queuing) is designed for key service application. Key service possesses an

important feature, that is, require the precedent service to reduce the response delay when

121
GPON OLT Operation Manual V1.1

network congestion. Priority queue divides all packets into 4 levels, that is, superior priority,

middle priority, normal priority and inferior priority (3, 2, 1, 0), and their priority levels reduce in

turn.

When queue scheduler, PQ precedently transmits the packets in superior priority according to

the priority level. Transmit packet in inferior priority when the superior one is empty. Put the key

service in the superior one, and non-key service (such as email)in inferior one to guarantee the

packets in superior group can be first transmitted and non-key service can be transmitted in

the spare time.

The shortage of PQ is: when there is network congestion, there are more packets in superior

group for a long time, the packets in inferior priority will wait longer.

2) WRR

WRR queue scheduler divides a port into 4 or 8 outputting queues (S2926V-O has 4 queues,

that is, 3, 2, 1, 0) and each scheduler is in turn to guarantee the service time for each queue.

WRR can configure a weighted value (that is, w3, w2, w1, w0 in turn) which means the

percentage of obtaining the resources. For example: There is a port of 100M. Configure its

WRR queue scheduler value to be 50, 30, 10, 10 (corresponding w3, w2, w1, w0 in turn) to

guarantee the inferior priority queue to gain at least 10Mbit/s bandwidth, to avoid the shortage

of PQ queue scheduler in which packets may not gain the service.

WRR possesses another advantage. The scheduler of many queues is in turn, but the time for

service is not fixed-if some queue is free, it will change to the next queue scheduler to make

full use of bandwidth resources.

122
GPON OLT Operation Manual V1.1

3) SP+ WRR

Superior priority or less priority use SP algorithm, others use WRR algorithm.

15.1.12 Cos-map Relationship of Hardware Priority Queue and


Priority of IEEE802.1p Protocol

System will map between 802.1p protocol priority of packet and hardware queue priority. For

each packet, system will map it to specified hardware queue priority according to 802.1p

protocol priority of packet.

15.1.13 Flow Mirror

Flow mirror means coping specified data packet to monitor interface to detect network and

exclude failure.

15.1.14 Statistics Based on Flow

Statistics based on flow can statistic and analyze the packets customer interested in.

15.1.15 Copy Packet to CPU

User can copy specified packet to CPU according to the need of its QoS strategies.

System realizes QoS function according to accessing control list, which includes: flow monitor,

interface speed limit, packet redirection, priority mark, queue scheduler, flow mirror, flow

statistics, and coping packet to CPU.

123
GPON OLT Operation Manual V1.1

15.2 Configure QOS

15.2.1 QoS Configuration List

Configuration Task Description Detailed


Configuration

Configure Flow Monitor Required 15.2.2

Configure Two Rate Three Color Marker Required 15.2.3

Configure Interface Line Rate Required 15.2.4

Configure Packet Redirection Required 15.2.5

Configure Traffic Copy to CPU Required 15.2.6

Configure Traffic Priority Required 15.2.7

Configure Queue-Scheduler Optional 15.2.8

Configure Cos-map Relationship of Hardware Priority Queue


Optional 15.2.9
and Priority of IEEE802.1p Protocol

Configure Mapping Relationship between DSCP and 8


Optional 15.2.10
Priority in IEEE 802.1p

Configure Flow Statistic Required 15.2.11

Configure Flow Mirror Required 15.2.12

Display and Maintain QoS Optional 15.2.13

124
GPON OLT Operation Manual V1.1

15.2.2 Configure Flow Monitor

Flow monitor is restriction to flow rate which can monitor the speed of a flow entering GPON. If

the flow is beyond specified specification, it will take actions, such as dropping packet or

reconfigure their priority.


Operation Command Remarks
Enter globally configuration mode system-view
rate-limit { input | output } { [ ip-group
{ num | name } [ subitem subitem ] ]
Configure flow rate
[ link-group { num | name } [ subitem
subitem ] ] } target-rate

15.2.3 ConfigureTwo Rate Three Color Marker

Two Rate Three Color Marker is defined in RFC 2698. There is 4 parameter for it: CIR, CBS,
PIR and PBS.
Operation Command Remarks
Enter globally configuration mode system-view
Configure Two Rate Three Color two-rate-policer mode { color-aware |
Mode color-blind }
Configure Two Rate Three Color two-rate-policer set-pre-color dscp-value
pre-color { green | red | yellow }
rate-limit input { [ ip-group { acl-number |
acl-name } [ subitem subitem ] ] [ link-group
{ acl-number | acl-name } [ subitem
Configure Two Rate Three Color subitem ] ] } target-rate two-rate-policercir
Marker cir cbs cbs pir pir pbs pbs conform-action
{ copy-to-cpu | drop | set_dscp_value dscp
| transmit exceed-action { copy-to-cpu |
drop | set_dscp_value dscp | transmit } }

125
GPON OLT Operation Manual V1.1

violate-action { copy-to-cpu | drop |


set_dscp_value dscp | transmit } }

15.2.4 Configure Interface Line Rate

Line-limit is the speed limit based on interface which restricts the total speed of packet

outputting.
Operation Command Remarks

Enter globally configuration mode system-view

Enter port configuration mode interface ethernet interface-num

Configure egress rate bandwidth egress kbps target-rate

Configure ingress rate bandwidth ingress kbps target-rate

15.2.5 Configure Packet Redirection

Packet redirection configuration is redirecting packet to be transmitted to some egress.


Operation Command Remarks

Enter globally configuration mode system-view


traffic-redirect { [ ip-group { num | name }
[ subitem subitem ] ] [ link-group { num |
Configure packet redirection
name } [ subitem subitem ] ] } { [ interface
interface-num | cpu ] }

15.2.6 Configure Traffic Copy to CPU

GPON automatically copies to CPU after Configure traffic copy to CPU.


Operation Command Remarks

126
GPON OLT Operation Manual V1.1

Enter globally configuration mode system-view


traffic-copy-to-cpu { [ ip-group { num |
Configure traffic copy to CPU
name } [ subitem subitem ] ] [ link-group
{ num | name } [ subitem subitem ] ] }

15.2.7 Configure Traffic Priority

Traffic priority configuration is the strategy of remark priority for matching packet in ACL, and

the marked priority can be filled in the domain which reflects priority in packet head.
Operation Command Remarks

Enter globally configuration mode system-view


traffic-priority { [ ip-group { num | name}
[ subitem subitem ] ] [ link-group { num |
name } [ subitem subitem ] ] } { [ dscp
Configure traffic priority
dscp-value ] [ cos { pre-value |
from-ipprec } ] [ local-precedence
pre-value ] }

15.2.8 Configure Queue-Scheduler

When network congestion, it must use queue-scheduler to solve the problem of resource

competition. System supports 3 kinds of queue-scheduler, that is SP, WRR and full SP+WRR.

By default is SP in system.
Operation Command Remarks

Enter globally configuration mode system-view

queue-scheduler group-number
Configure SP
strict-priority

127
GPON OLT Operation Manual V1.1

queue-scheduler group-number wrr

queue1-weight queue2-weight

Configure WRR queue3-weight queue4-weight

queue5-weight queue6-weight

queue7-weight queue8-weight

queue-scheduler group-number sp-wrr

queue1-weight queue2-weight

Configure SP+WRR queue3-weight queue4-weight

queue5-weight queue6-weight

queue7-weight queue8-weight

Enter port configuration mode interface ethernet interface-num

Configure queue-scheduler on
queue-scheduler group-number
interface

15.2.9 Configure Cos-map Relationship of Hardware Priority Queue


and Priority of IEEE802.1p Protocol

The cos-map relationship of hardware priority queue and priority of IEEE802.1p protocol is one

- to - one correspondence. Administrators change the cos-map relationship of hardware priority

queue and priority of IEEE802.1p protocol timely when the one-to-one correspondence

shifting.

By default, the cos-map relationship of hardware priority queue and priority of IEEE802.1p

protocol as below:

128
GPON OLT Operation Manual V1.1

802.1p hardware priority queue

0 0

1 1

2 2

3 3

4 4

5 5

6 6

7 7

Administrators also change the cos-map relationship of hardware priority queue and priority of

IEEE802.1p protocol according to the actual network.


Operation Command Remarks

Enter globally configuration mode system-view

Modify 802.1p and cos-map


queue-scheduler cos-map cos-map-group
relationship of hardware priority
queue-number 802.1p-priority
queue

Enter port configuration mode interface ethernet interface-num

Configure cos-map on interface queue-scheduler cos-map cos-map-group

15.2.10 Configure Mapping Relationship between DSCP and 8 Priority


in IEEE 802.1p

129
GPON OLT Operation Manual V1.1

The same situation as 1.2.7, by default, the relation between DSCP and 8 priority in IEEE

802.1p as below:

hardware hardware hardware


hardware
SCP priority DSCP priority DSCP priority DSCP
priority queue
queue queue queue

0 0 16 2 32 4 48 6

1 0 17 2 33 4 49 6

2 0 18 2 34 4 50 6

3 0 19 2 35 4 51 6

4 0 20 2 36 4 52 6

5 0 21 2 37 4 53 6

6 0 22 2 38 4 54 6

7 0 23 2 39 4 55 6

8 1 24 3 40 5 56 7

9 1 25 3 41 5 57 7

10 1 26 3 42 5 58 7

11 1 27 3 43 5 59 7

12 1 28 3 44 5 60 7

13 1 29 3 45 5 61 7

14 1 30 3 46 5 62 7

15 1 31 3 47 5 63 7

130
GPON OLT Operation Manual V1.1

Administrators also change the mapping relationship between DSCP and 8 priority in IEEE

802.1p according to the actual network.


Operation Command Remarks

Enter globally configuration mode system-view

save the relation between DSCP


queue-scheduler dscp-map
and 8 priority in IEEE 802.1p

Modify the relation between DSCP queue-scheduler dscp-map


dscp-map-group dscp-value queue-number
and 8 priority in IEEE 802.1p

Enter port configuration mode interface ethernet interface-num


queue-scheduler dscp-map
Configure cos-map on interface
dscp-map-group

15.2.11 Configure Flow Statistic

Flow statistic configuration is used to statistic specified service flow packet. The statistic is

accumulated value and reset to zero when re-Configure.


Operation Command Remarks

Enter globally configuration mode system-view


traffic-statistic { [ ip-group { num | name }

Configure flow staticstic [ subitem subitem ] ] [ link-group { num |


name } [ subitem subitem ] ] }
clear traffic-statistic { [ all | [ ip-group
{ num | name } [ subitem subitem ] ]
reset to Zero
[ link-group { num | name } [ subitem
subitem ] ] ] }

15.2.12 Configure Flow Mirror

131
GPON OLT Operation Manual V1.1

Flow mirror is copying the service flow which matches ACL rules to specified monitor interface

to analyze and monitor packet.


Operation Command Remarks

Enter globally configuration mode system-view


mirrored-to { [ ip-group { num | name }
[ subitem subitem ] ] [ link-group { num |
Configure flow mirror
name } [ subitem subitem ] ] } interface
interface-num

15.2.13 Display and Maintain QoS

After finishing above configuration, please use below commands to display the configuration.
Operation Command Remarks

Display all the informaion of QoS display qos-info all

Display QoS statistic display qos-info statistic

Display quue-scheduler mode and


display queue-scheduler
parameters

Display the cos-map relationship of


display queue-scheduler cos-map
hardware priority queue and priority
[ cos-map-group ]
of IEEE802.1p protocol

Display the dscp-map relationship of


display queue-scheduler dscp-map
hardware priority queue and priority
[ dscp-map-group ]

of IEEE802.1p protocol

Display all QoS port configuration display qos-interface [ interface ethernet

132
GPON OLT Operation Manual V1.1

interface-num ] all

display qos-interface [ interface ethernet


Display rate-limit parameters
interface-num ] rate-limit

Display interface line rate display bandwidth [ interface ethernet

parameters interface-num ]

Display QoS interface statistic


display qos-interface statistic
parameters

Display traffic-priority parameters display qos-info traffic-priority

Display traffic-redirect parameters display qos-info traffic-redirect

Display packet redirection display qos-info traffic-statistic

Display information of traffic copy to


display qos-info traffic-copy-to-cpu
CPU

133
GPON OLT Operation Manual V1.1

Chapter 16 SSH

16.1 SSH Overview

Secure Shell (SSH) can provide information security and powerful authentication to prevent

such assaults as IP address spoofing, plain-text password interception when users log on to

the GPON remotely through an insecure network environment.

SSH can take the place of the Telnet to provide safe management and configuration.

16.2 Configure SSH Server

A GPON, as a SSH server, can connect to multiple SSH clients. SSH clients can be both LAN

users and WAN users. XXXX GPONes can only SSH server and support SSH v2.

The following table describes SSH server configuration tasks.


Operation Command Remarks

Enterprivileged configuration mode enable

Configure the default key ssh-server key create { rsa | dss | ecdsa }

Clear configured key ssh-server key delete { rsa | dss | ecdsa }

Enter globally configuration mode system-view -

Enable SSH By default, this

ssh-server function is

disabled.

134
GPON OLT Operation Manual V1.1

Disable SSH undo ssh-server

Config SSH User limit ssh-server limit max-num

Display SSH display ssh-server

Display SSH user limit display ssh-server limit

16.3 Log in GPON from SSH Client

To successfully establish SSH connection, pay attention to following points:

1) Create the connection between SSH client and server.

2) The version of client and server should be the same.

3) SSH function in server should be enabled.

135
GPON OLT Operation Manual V1.1

Chapter 17 SNMP

17.1 SNMP Overview

SNMP (Simple Network Management Protocol) is an important network management protocol

on TCP / IP networks, implementing network management by exchanging packets on the

network. The SNMP protocol provides the possibility of centralized management of large

networks. Its goal is to ensure the management information is transmitted between any two

points. SNMP is convenient for the network administrator to retrieve information from any node

on the network, make modifications, find faults, and complete fault diagnosis, capacity

planning and report generation.

SNMP structure is divided into two parts: NMS and Agent. NMS (Network Management Station)

is a workstation that runs client programs while Agent is a server-side software running on a

network device. The NMS can forward GetRequest, GetNextRequest, and SetRequest

packets to the Agent. Upon receiving the NMS request message, the agent performs Read or

Write operations according to the packet type and generates a Response packet to return to

the NMS. On the other hand, when the device encounters an abnormal event such as hot /

cold start, the agent will forward a trap packet to NMS to report the events.

The system supports SNMP v1, SNMP v2c and SNMP v3. SNMP V1 provides a simple

authentication mechanism, does not support the administrator-to-manager communications,

and v1 Trap has no confirmation mechanism. V2c enhanced v1 management model (on

136
GPON OLT Operation Manual V1.1

security), management information structure, protocol operation, manager and communication

ability between managers to increase the creation and deletion of the table, the communication

ability between managers, reducing the storage side of the agent. V3 implements the user

authentication mechanism and packet encryption mechanism, which greatly improves the

security of the SNMP protocol.

This function cooperates with the network management software to log on to the GPON and

manage the GPON.

17.2 Configure SNMP-Agent

17.2.1 SNMP-Agent Configuration List

Configuration Task Description Detailed


Configuration

Configure the Basic Parameters Required 17.2.2

Configure the Community Name Required 17.2.3

Configure the Views Optional 17.2.4

Configure the Group Optional 17.2.5

Configure the User Optional 17.2.6

Display SNMP Configuration Optional 17.2.7

17.2.2 Configure the Basic Parameters

137
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode. system-view

[ undo ] snmp-agent enable { informs |


Enable/disable SNMP Traps/informs
traps } [ notificationtype-list ]

Configure sysContact [ undo ] snmp-agent scontact syscontact

Configure sysLocation [ undo ] snmp-agent location syslocation

Configure sysName [ undo ] snmp-agent name sysname

Configure maximum length of snmp [ undo ] snmp-agent max-packet-length

protocol packets length

[ undo ] snmp-agent host host-addr

[ version { 1 | 2c | 3 [ auth | noauth | priv ] } ]


Configure host
community-string [ udp-port port ]

[ notify-type [ notifytype-list ] ]

Configure snmp trap-source [ undo ] snmp-agent trap-source ipaddress

[ undo ] snmp-agent engineoid { local


Configure snmp-agent engineoid
engineid-string | remote ip-address

138
GPON OLT Operation Manual V1.1

[ udp-port port-number ] engineid-string }

17.2.3 Configure the Community Name

SNMP adopts the community name authentication scheme. SNMP packets that do not match

the community name will be discarded. SNMP community is named by a string, known as the

community name. Different communities can have read-only or read-write access permission.

A community with read-only access can only query system information. However, in addition to

query the system information, the community with read-write access permission can perform

the system configurations. It defaults to no community name.

Operation Command Remarks

Enter the global configuration mode. system-view

snmp-agent community community-name

Configure the community name { ro | rw } { deny | permit } [ view

view-name ]

Display the community name display snmp-agent community

undo snmp-agent community


Remove the community name
community-name

17.2.4 Configure the Views

It is used to configure the views available to access control and the subtrees that they contain.

The iso, internet, and sysview exist by default. Delete and modify the internet is not supported.

139
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode. system-view

snmp-agent view view-name oid-tree


Configure the views
{ included | excluded }

undo snmp-agent view view-name


Delete the views
[ oid-tree ]

17.2.5 Configure the Group

This configuration task can be used to configure an access control group. By default, there are

two snmpv3 groups: (1) The initial group with the security level of auth; (2) The initial group

with the security level of noauthpriv(No authentication is required and no encryption is

required).
Operation Command Remarks

Enter the global configuration mode. system-view

snmp-agent group groupname { 1 | 2c | 3

[ auth | noauth | priv ] [ context


Configure the group
context-name ] } [ read readview ] [ write

writeview ] [ notify notifyview ]

undo snmp-agent group groupname { 1 | 2c

Delete the group | 3 [ auth | noauth | priv ] [ context

context-name ] }

140
GPON OLT Operation Manual V1.1

17.2.6 Configure the User

It is used to configure the user for the local engine or for the remote engine that can be

identified. By default, the following users exist: (1)initialmd5, (2) initialsha, (3) initialnone.

The above three users are reserved for the system and cannot be used by the user. When

Configure a user, you need to ensure that the engine to which this user belongs is identifiable.

When an identifiable engine is deleted, the users it contains are also deleted.
Operation Command Remarks

Enter the global configuration mode. system-view

snmp-agent user username groupname

[ remote host [ udp-port port ] ] [ auth { md5

| sha } { authpassword { encrypt-auth

password authpassword | authpassword } |

Configure the user authkey { encrypt-authkey authkey |

authkey } } [ priv des { privpassword

{ encrypt-privpassword privpassword |

privpassword } | privkey { encrypt-privkey

privkey | privkey } } ]

undo snmp-agent user username [ remote


Delete the user
host [ udp-port port ] ]

17.2.7 Display SNMP-Agent Configuration

Operation Command Remarks

141
GPON OLT Operation Manual V1.1

display snmp community display snmp community

configuration

display snmp contact configuration display snmp contact

display snmp engineid configuration display snmp engineid { local | remote }

display snmp group configuration display snmp group

display snmp host configuration display snmp host

display snmp location configuration display snmp location

display snmpmax-packet-length display snmp max-packet-length

configuration

display snmp name configuration display snmp name

display snmp notify configuration display snmp notify

display snmp user configuration display snmp user

display snmp view configuration display snmp view

142
GPON OLT Operation Manual V1.1

Chapter 18 Info-center

18.1 Info-center Overview

As the information center of the system, the Info-center processes and outputs information in a

unified manner.

Other modules in the system send information to be outputted to the Info-center. The

Info-center determines the output format based on user configurations and outputs information

to the specified display device based on information output functions and filtering rules in user

configurations.

Info-center information producers (modules outputting information) only need to output

information to the Info-center, without concerning whether information needs to be outputted to

the console, telnet terminal, or log host (Info-center server). Information consumers (the

console, telnet terminal, history buffer, log host, and SNMP agent) can select the desired

information and discard the unwanted information based on their demands, on condition that

proper filtering rules are configured.

18.2 Configure Info-center

18.2.1 Info-center Configuration List

Configuration Task Description Detailed


Configuration

143
GPON OLT Operation Manual V1.1

Enabling/Disabling the Info-center for the equipment Required 18.2.2

Configure the function of Display the sequence number in


Optional 18.2.3
Info-center outputs

Configure the time stamp type in Info-center outputs Optional 18.2.4

Configure the function of outputting Info-center information to


Optional 18.2.5
terminals

Configure the function of outputting Info-center information to


Optional 18.2.6
the history buffer

Configure the function of outputting Info-center information to


Optional 18.2.7
the flash storage

Configure the function of outputting Info-center information to


Optional 18.2.8
the log host

Configure the function of outputting Info-center information to


Optional 18.2.9
the SNMP agent

Configure the module debugging function Optional 18.2.10

18.2.2 Enabling/Disabling the Info-center for the Equipment

In global configuration mode, enable or disable the Info-center function. When the Info-center

function is disabled, no information is outputted. By default, the info-center function is enabled

144
GPON OLT Operation Manual V1.1

on the equipment.
Operation Command Remarks

Enter the global configuration mode. system-view

Enable the log output function of the


info-center
system.

Disable the log output function of the


undo info-center
system.

Display log configurations of the


display info-center
system.

18.2.3 Configure the Function of Display the Sequence Number in


Info-center Outputs

In global configuration mode, set to or not to display the global sequence number in Info-center

outputs.
Operation Command Remarks

Enter the global configuration mode. system-view

Enable the function of Display log


info-center sequence-numbers
sequence numbers.

Disable the function of Display log


undo info-center sequence-numbers
sequence numbers.

145
GPON OLT Operation Manual V1.1

18.2.4 Configure the Time Stamp Type in Info-center Outputs

In global configuration mode, configure the time stamp type in Info-center outputs. The time

stamp type can be set to notime, uptime, or datetime.

The default value is uptime.


Operation Command Remarks

Enter the global configuration mode. system-view

Enable the function of Display the


info-center timestamps { notime | uptime |
time stamp of logs and configure the
datetime }
time display format.

Restore the default setting of


undo info-center timestamps
Display the time stamp of logs.

18.2.5 Configure the Function of Outputting Info-center Information to


Terminals

In global configuration mode, configure the information output function, information display

function, and filtering rules for outputting Info-center information to terminals. By default,

Info-center information is outputted only to the buffer and not outputted to the console or

terminal.
Operation Command Remarks

Enter the global configuration mode. system-view

146
GPON OLT Operation Manual V1.1

When

monitor-num is

set to 0, logs are

outputted to the
Enable the log output function and
info-center monitor { all | monitor-num } console. When
output logs to the specified terminal.
monitor-num is

set to 1–5, logs

are outputted to

telnet terminals.

Disable the function of outputting undo info-center monitor { all |

logs to a or all terminals. monitor-num }

Return to the privileged mode. quit

Enabled by

default,The

setting affects

only the current


Enable the function of Display
terminal monitor login of the
system information.
current terminal

and is invalid for

other terminals

or the next login

147
GPON OLT Operation Manual V1.1

of the current

terminal.

The setting

affects only the

current login of
Disable the function of Display
the current
system information to prevent
undo terminal monitor terminal and is
outputting any logs to the current
invalid for other
terminal.
terminals or the

next login of the

current terminal.

Configure the filtering rules of logs


info-center monitor { all | monitor-no }
to be outputted to terminals. Specify
{ level | none | level-list { level [ to level ] } &
the level and module whose logs are
<1-8> } [ module { xxx | … } * ]
outputted to the specified terminal.

Delete the filtering rules of logs to be

outputted to the terminals in the undo info-center monitor { all |

system and restore the default monitor-no } filter

configuration.

18.2.6 Configure the Function of Outputting Info-center Information to

148
GPON OLT Operation Manual V1.1

the History Buffer

In global configuration mode, configure the information output function and filtering rules for

outputting Info-center information to the history buffer. By default, the function is enabled.
Operation Command Remarks

Enter the global configuration mode. system-view

Enable the function of outputting Enabled by


info-center buffered
logs to the buffer. default

Disable the function of outputting


undo info-center buffered
logs to the buffer.

Configure the filtering rules of logs


info-center buffered { level | none |
to be outputted to the buffer. Specify
level-list { level [ to level ] } & < 1-8 > }
the level and module whose logs are
[ module { xxx | … } * ]
outputted to the buffer.

Delete the filtering rules of logs to be

outputted to the buffer in the system


undo info-center buffered filter
and restore the default

configuration.

18.2.7 Configure the Function of Outputting Info-center Information to


the Flash Storage

149
GPON OLT Operation Manual V1.1

In global configuration mode, configure the information output function and filtering rules for

outputting Info-center information to the flash storage. By default, Info-center information is not

saved to the flash storage. In addition, the interval of saving Info-center information to the flash

storage cannot be configured and the system saves Info-center information once every 30

minutes by default.
Operation Command Remarks

Enter the global configuration mode. system-view

Enable the function of outputting


info-center flash
logs to the flash storage.

Disable the function of outputting Disabled by


undo info-center flash
logs to the flash storage. default)

Configure the filtering rules of logs

to be outputted to the flash storage. info-center flash { level | none | level-list

Specify the level and module whose { level [ to level ] } & < 1-8 > } [ module { xxx

logs are outputted to the flash | …} * ]

storage.

Delete the filtering rules of logs to be

outputted to the flash storage in the


undo info-center flash filter
system and restore the default

configuration.

150
GPON OLT Operation Manual V1.1

18.2.8 Configure the Function of Outputting Info-center Information to


the Log Host

In global configuration mode, configure the server address, information output function,

filtering rules, info-center tool, and fixed source address for outputting Info-center information

to the log host.


Operation Command Remarks

Enter the global configuration mode. system-view

A maximum of

Configure the IP address of the log 15 server IP


info-center ip-address
host. addresses can

be configured.

Delete the IP address configured for


undo info-center ip-address
the log host.

Enable the function of outputting


info-center host { all | ip-address }
logs to the specified host.

Disable the function of outputting


undo info-center host { all | ip-address }
logs to the specified host.

151
GPON OLT Operation Manual V1.1

Configure the filtering rules of logs


info-center host { all | ip-address } { level |
to be outputted to the host. Specify
none | level-list { level [ to level ] } & <
the level and module whose logs are
1-8 > } [ module { xxx | … } * ]
outputted to the host.

Delete the filtering rules of logs to be

outputted to the host in the system undo info-center host { all | ip-address }

and restore the default filter

configuration.

Configure the info-center tool of the


info-center facility { xxx | … }
system.

Delete the configured info-center

tool name and restore the original undo info-center facility

setting (localuse7).

Configure the fixed source address

of log output. ip-address must be


info-center source ip-address
set to an interface address of the

equipment.

After the function


Disable the function of outputting
undo info-center source is disabled, logs
logs from the fixed source address.
will be externally

152
GPON OLT Operation Manual V1.1

sent through the

existing IP

interface

addresses in the

system.

18.2.9 Configure the Function of Outputting Info-center Information to


the SNMP Agent

In global configuration mode, configure the information output function and filtering rules for

outputting Info-center information to the SNMP agent.

To send Info-center information to the SNMP workstation as Trap packets, you must configure

the Trap host address. For details, see SNMP configuration.

By default, the function is disabled.


Operation Command Remarks

Enter the global configuration mode. system-view

Enable the function of outputting


info-center snmp-agent
logs to the SNMP agent.

Disable the function of outputting


undo info-center snmp-agent
logs to the SNMP agent.

Configure the filtering rules of logs info-center snmp-agent { level | none |

to be outputted to the SNMP agent. level-list { level [ to level ] } & < 1-8 > }

153
GPON OLT Operation Manual V1.1

Specify the level and module whose [ module { xxx | … } * ]

logs are outputted to the SNMP

agent.

Delete the filtering rules of logs to be

outputted to the SNMP agent in the


undo info-center snmp-agent filter
system and restore the default

configuration.

18.2.10 Configure the Module Debugging Function

In global configuration mode, enable/disable the module debugging function. By default, the

module debugging function is disabled.


Operation Command Remarks

Enter the global configuration mode. system-view

Enable the function of outputting the

debugging information about the debug { all | { xxx | … } * }

specified module to logs.

Disable the function of outputting the

debugging information about the undo debug { all | { xxx | …} * }

specified module.

Display the current configuration of


display debug
the function of outputting debugging

154
GPON OLT Operation Manual V1.1

information.

155
GPON OLT Operation Manual V1.1

Chapter 19 L3 Base Function

19.1 L3 Base Function Overview

OLT is a 10-Gigabit intelligent routing GPON olt based on the application specific integrated

circuit (ASIC) technology and supports layer 2 (L2) and layer 3 (L3) forwarding. It performs L2

forwarding when hosts in the same virtual local area network (VLAN) access each other and

L3 forwarding when hosts in different VLANs access each other.

19.2 Configure L3 Base Function

19.2.1 L3 Base Function Configuration List

Configuration Task Description Detailed


Configuration

Planning VLANs and creating L3 interfaces Required 19.2.2

Configure the forwarding mode Optional 19.2.3

Creating VLAN interfaces for common VLANs Optional 19.2.4

Creating superVLAN interfaces and adding VLANs to the


Required 19.2.5
superVLAN

Configure IP addresses for VLAN or superVLAN interfaces Required 19.2.6

156
GPON OLT Operation Manual V1.1

Configure an IP address range for VLAN or superVLAN


Required 19.2.7
interfaces

Configure the Address Resolution Protocol (ARP) proxy Optional 19.2.8

Display interface configurations Optional 19.2.9

Configure unicast reverse path forwarding (URPF) Optional 19.2.10

Disabling the function of sending Internet Control Message

Protocol (ICMP) packets with an unreachable destination Optional 19.2.11

host on interfaces

19.2.2 Planning VLANs and Creating L3 Interfaces

For details about VLAN planning, see VLAN configurations.

L3 interfaces are classified into common VLAN interfaces and superVLAN interfaces.

Common VLAN interfaces are created on VLANs and superVLAN interfaces on superVLANs

(superVLANs do not exist or contain any port).

19.2.3 Configure the Forwarding Mode

The L3 GPON supports stream forwarding and network topology-based forwarding. In stream

forwarding mode, The L3 GPON identifies the failed route or the unreachable destination host

route and sends packets to the CPU for further processing. In network topology-based

forwarding mode, The L3 GPON directly discards the packets. By default, The L3 GPON works

in stream forwarding mode.

157
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode. system-view

Set the packet forwarding mode in


ip def cpu
the system to stream forwarding.

Set the packet forwarding mode in

the system to network undo ip def cpu

topology-based forwarding.

Display the configured packet


display ip def cpu
forwarding mode.

19.2.4 Creating VLAN Interfaces for Common VLANs

A VLAN interface needs to be configured for each VLAN that performs L3 forwarding or the

VLAN needs to be added to the superVLAN.


Operation Command Remarks

Enter the global configuration mode. system-view

Create a VLAN interface with the

VLAN ID being vid and enter the interface vlan-interface vid

VLAN interface configuration mode.

Return to the global configuration


quit
mode.

158
GPON OLT Operation Manual V1.1

Delete the VLAN interface with the


undo interface vlan-interface vid
VLAN ID being vid.

19.2.5 Creating SuperVLAN Interfaces and Adding VLANs to the


SuperVLAN

SuperVLAN interfaces are used for communication between hosts in different VLANs in the

same network segment. SuperVLAN interfaces are implemented through the ARP proxy.
Operation Command Remarks

Enter the global configuration mode. system-view

Create a superVLAN interface with

the interface ID being vid and enter


interface supervlan-interface vid
the superVLAN interface

configuration mode.

Return to the global configuration


quit
mode.

Delete the superVLAN interface with


undo interface supervlan-interface vid
the interface ID being vid.

Configure sub VLANs for the


subvlan vid
superVLAN interface.

Delete the sub VLANs configured for undo subvlan vid

159
GPON OLT Operation Manual V1.1

the superVLAN interface.

19.2.6 Configure IP Addresses for VLAN or SuperVLAN Interfaces

Each VLAN or superVLAN interface can be configured with a maximum of 32 IP addresses

and the IP addresses of VLAN or superVLAN interfaces cannot be in the same network

segment. The first IP address of an interface will be automatically selected as the primary IP

address. When the primary IP address is deleted, the interface automatically selects another

IP address as the primary IP address or a configured IP address can be manually specified as

the primary IP address. For example, if the IP address of VLAN interface 1 is 10.11.0.1/16, the

IP addresses of other interfaces must not be in the 10.11.0.0/16 network segment (such as

10.11.1.1/24).
Operation Command Remarks

Enter the global configuration mode. system-view

Enter the VLAN or superVLAN interface vlan-interface vid

interface configuration mode. interface supervlan-interface vid

Configure an IP address and a mask


ip address ipaddress ipaddress mask
for the interface.

Delete all IP addresses of the


undo ip address
interface.

Delete the specified IP address of undo ip address ipaddress ipaddress mask

160
GPON OLT Operation Manual V1.1

the interface.

Configure the primary IP address for


ip address primary ipaddress
the interface.

19.2.7 Configure an IP Address Range for VLAN or SuperVLAN


Interfaces

Each VLAN or superVLAN interface can be configured with a maximum of eight IP address

ranges. After an IP address range is configured, only the ARP entries within this range can be

learnt so as to restrict user access. When a VLAN or superVLAN interface is deleted, relevant

configurations are automatically deleted.

For superVLAN interfaces, sub VLANs can be specified at the same time so that the set

address range is applicable only to these sub VLANs.


Operation Command Remarks

Enter the global configuration mode. system-view

Enter the VLAN or superVLAN interface vlan-interface vid

interface configuration mode. interface supervlan-interface vid

Configure the IP address range

supported by this interface, ranging ip address range startip endip

from startip to endip.

Delete all IP address ranges undo ip address range

161
GPON OLT Operation Manual V1.1

supported by the interface.

Delete the specified IP address


undo ip address range startip endip
ranges supported by the interface.

Configure the IP address range for


ip address range startip endip vlan vlanid
sub VLANs of the superVLAN.

Delete the IP address ranges of the undo ip address range startip endip vlan

sub VLANs of the superVLAN. vlanid

19.2.8 Configure the ARP Proxy

ARP request packets are broadcast packets and cannot pass through VLANs. If the ARP proxy

function is enabled, ARP interaction is supported between hosts in sub VLANs of the same

superVLAN. When the ARP proxy is disabled, the hosts of the sub VLANs in the superVLAN

interface cannot communicate with each other.

By default, the ARP request packets from all sub VLANs are processed in the preceding

manner. In addition, relevant commands can be used to prevent the ARP request packets from

a sub VLAN from being broadcast to other sub VLANs when they are processed by the ARP

proxy.
Operation Command Remarks

Enter the VLAN configuration mode. interface vlan-interface vlan-id

Enable the arp-proxy function for the local-arp-proxy

162
GPON OLT Operation Manual V1.1

VLAN.

Disable the arp-proxy function for


undo local-arp-proxy
the VLAN.

Enable the arp-proxy broadcast


local-arp-proxy broadcast
function for the VLAN.

Disable the arp-proxy broadcast


undo local-arp-proxy broadcast
function for the VLAN.

Display the information about the


display local-arp-proxy
ARP proxy configured in the system.

Display information about the ARP

proxy broadcast function configured display local-arp-proxy broadcast

in the system.

19.2.9 Display VLAN and SuperVLAN Interface Information

The L3 GPON integrates VLAN interface information and superVLAN interface information.

They can be viewed by running a unified display command.


Operation Command Remarks

Display information about the VLAN display ip interface [ [ vlan-interface

and superVLAN interfaces currently vlanid ] | [ supervlan-interface

configured in the system. supervlanid ] ]

163
GPON OLT Operation Manual V1.1

19.2.10 Configure URPF

URPF aims to prevent network attack behaviors based on source address spoofing. URPF

obtains the source address and ingress interface of a packet and uses the source address as

the destination address to query the routing table for the matching route. The packet is

forwarded if it meets conditions and discarded if it does not meet conditions. Two URPF modes

are supported:

Strict mode: In this mode, the source address must exist in the routing table and the egress

interface of the source address of the packet is the same as the ingress interface of the packet.

Loose mode: In this mode, the system only checks whether the source address of the packet

exists in the unicast routing table. If yes, the packet is forwarded.


Operation Command Remarks

Enter the global configuration mode. system-view

Enter the VLAN or superVLAN interface vlan-interface vid

interface configuration mode. interface supervlan-interface vid

Enable URPF for this interface and


urpf { loose | strict }
specify the URPF mode.

Disable URPF for this interface. undo urpf

Display URPF information in the


display urpf
system.

19.2.11 Disabling the Function of Sending ICMP Packets with an

164
GPON OLT Operation Manual V1.1

Unreachable Destination Host on Interfaces

To avoid attacks from address scanning software similar to ip-scan, users can disable the

function of sending ICMP packets with an unreachable host on interfaces.


Operation Command Remarks

Enter the global configuration mode. system-view

Enter the VLAN or superVLAN interface vlan-interface vid

interface configuration mode. interface supervlan-interface vid

Enable the function of this interface

for sending ICMP packets with an ip icmp unreachable

unreachable destination

Disable the function of this interface

for sending ICMP packets with an undo ip icmp unreachable

unreachable destination

Display the configuration of the

function of sending ICMP packets display ip icmp unreachable

with an unreachable destination

165
GPON OLT Operation Manual V1.1

Chapter 20 ARP

20.1 ARP Overview

Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer

address.

An IP address is the address of a host at the network layer. To send a network layer packet to a

destination host, the device must know the data link layer address (such as the MAC address)

of the destination host. To this end, the IP address must be resolved into the corresponding

data link layer address.

Unless otherwise stated, the data link layer addresses that appear in this chapter refer to the

48-bit Ethernet MAC addresses.

20.2 Configure ARP

20.2.1 ARP Configuration List

Configuration Task Description Detailed


Configuration

Add/Delete ARP Required 20.2.2

Bind dynamic arp to static Optional 20.2.3

Display ARP entry Optional 20.2.4

166
GPON OLT Operation Manual V1.1

Configure ARP aging-time Optional 20.2.5

20.2.2 Add/Delete ARP

Operation Command Remarks

Enter global configuration mode system-view

Add ARP arp ip-address mac mac-address vid vlan-id

port interface-num

Delete ARP undo arp { all | static | dynamic |

ip-address }

20.2.3 Bind dynamic Arp to Static

Operation Command Remarks

Enter global configuration mode system-view

Bind dynamic arp arp bind dynamic { ip-address | all }

20.2.4 Display ARP Entry

Operation Command Remarks

Display arp entry display arp { all | static | dynamic |

ip-address | interface { vlan-interface

vlan-id | supervlan-interface vlan-id } }

20.2.5 Configure ARP Aging-time

Operation Command Remarks

167
GPON OLT Operation Manual V1.1

Enter global configuration mode system-view

Configure ARP aging-time arp aging-time aging-time

Configure default ARP aging-time undo arp aging-time 20minutes by

default

Display arp aging-time display arp aging-time

168
GPON OLT Operation Manual V1.1

Chapter 21 ARP Spoofing and


Flood

21.1 ARP Spoofing and Flood Attack Overview

ARP provides no security mechanism and thus is prone to network attacks. An attacker can

construct and send ARP packets, thus threatening network security.

A forged ARP packet has the following characteristics:

 The sender MAC address or target MAC address in the ARP message is inconsistent with
the source MAC or destination MAC address in the Ethernet frame.

 The mapping between the sender IP address and the sender MAC address in the forged
ARP message is not the true IP-to-MAC address binding of a valid client.

ARP attacks bring many malicious effects. Network communications become unstable, users

cannot access the Internet, and serious industrial accidents may even occur. ARP attacks may

also intercept accounts and passwords of services such as games, network banks, and file

services.

ARP spoofing attacks to protection, the key is to identify and prohibit forwarding spoofed ARP

packets. From the principle of ARP spoofing, we can see, to prevent ARP spoofing attack

requires two ways, first to prevent the virus disguised as the gateway host, it will cause the

entire segment of the user can not access; followed by preventing the virus from the host

masquerade as another host, eavesdropping data or cause the same network segment can’t

169
GPON OLT Operation Manual V1.1

communicate between the individual host.

GPONes provide active defense ARP spoofing function, in practical applications, the network

hosts the first communication, the GPON will record the ARP table entries, entries in the

message of the sender IP, MAC, VID and port correspondence.

To prevent the above mentioned ARP attacks, the GPONes launches a comprehensive ARP

attack protection solution.

An access GPON is a critical point to prevent ARP attacks, as ARP attacks generally arise

from the host side. To prevent ARP attacks, the access GPONes must be able to

 Establish correct ARP entries, detect and filter out forged ARP packets, and ensure the
validity of ARP packets it forwards

 Suppress the burst impact of ARP packets.

After Configure the access GPONes properly, you do not need to deploy ARP attack

protection configuration on the gateway. This relieves the burden from the gateway.

If the access GPONes do not support ARP attack protection, or the hosts are connected to a

gateway directly, the gateway must be configured to

 Create correct ARP entries and prevent them from being modified.

 Suppress the burst impact of ARP packets or the IP packets that will trigger sending of
ARP requests.

The merits of Configure ARP attack protection on the gateway are that this gateway

configuration hardly affects the GPONes and can properly support the existing network, thus

effectively protecting user investment.

170
GPON OLT Operation Manual V1.1

21.1.1 ARP against ARP Flood

Flood attacks are based on the principle of the general flow of a large number of attack

packets in the network equipment such as routers, GPONes, and servers, leading to depletion

of network equipment, leaving the CPU down the network.

Flood attacks are based on the principle of the general flow of a large number of attack

packets in the network equipment such as routers, GPONes and servers, leading to depletion

of network equipment, leaving the CPU down the network.

ARP flood attack is aimed mainly at the impact of network device's CPU, the core CPU

resources leading to depletion. To defend this type of attack, the GPON must determine in

advance and to prohibit flood packet forwarding.

GPONes 's ARP anti-flood function to identify each ARP traffic, according to the ARP rate

setting security thresholds to determine whether the ARP flood attack, when a host's ARP

traffic exceeds a set threshold, the GPON will be considered a flood attack , immediately

pulled into the black host of the virus, banned from the host and all packet forwarding.

In order to facilitate the management of the network administrator to maintain, the GPONes,

while the automatic protection will be saved in the system log related to alarms. For disabled

users, administrators can set automatic or manual recovery.

GPONes on the entire process is as follows:

 Enable ARP anti-flood function will be broadcast ARP packets received on the CPU,

according to an ARP packet source MAC address to identify the different streams.

171
GPON OLT Operation Manual V1.1

 Set security ARP rate, if the rate exceeds the threshold, the GPON that is ARP attack.

 If you select the above command deny-all, when an ARP traffic exceeds the threshold set,

the GPON will determine the source MAC address, the MAC address to the black hole list

of addresses to ban this address to forward all subsequent messages.

 If you select the above command deny-arp, ARP traffic when more than a set threshold,

the GPON will be judged based on the source MAC address, the address against all

subsequent handling of ARP packets.

For recovery to be disabled in the user's forwarding, administrators can set up automatic or

manual recovery recovery time in two ways.

21.2 Configure ARP Anti-Spoofing

21.2.1 ARP Anti-Spoofing Configuration List

Configuration Task Description Detailed


Configuration

Configure Anti-Spoofing Required 21.2.2

Configure ARP Packet Source MAC Address Consistency


Required 21.2.3
Check

Configure Anti-Gateway-Spoofing Required 21.2.4

21.2.2 Configure Anti-Spoofing

Operation Command Remarks

172
GPON OLT Operation Manual V1.1

Enter global configuration mode system-view

Enable ARP anti-spoofing arp anti-spoofing

Configure the method of unknown arp anti-spoofing unknown { discard |

static ARP packet flood }

21.2.3 Configure ARP Packet Source MAC Address Consistency


Check

Operation Command Remarks

Enter global configuration mode system-view

Configure ARP Packet Source MAC


arp anti-spoofing valid-check
Address Consistency Check

validation operation display arp anti-spoofing

21.2.4 Configure Anti-Gateway-Spoofing

Operation Command Remarks

Enter global configuration mode system-view

Enable arp anti-spoofing arp anti-spoofing

Enable anti-gateway-spoofing arp anti-spoofing deny-disguiser

Disable anti-gateway-spoofing undo arp anti-spoofing deny-disguiser

21.3 Configure against ARP Flood

21.3.1 ARP against ARP Flood Configuration List

173
GPON OLT Operation Manual V1.1

Configuration Task Description Detailed


Configuration

Configure against ARP Flood Required 21.3.2

Display and Maintain against ARP Flood Required 21.3.3

21.3.2 Configure against ARP Flood

Operation Command Remarks

Enter global configuration mode system-view

Enable ARP flooding arp anti-flood

Configure safety trigger threshold arp anti-flood threshold threshold

arp anti-flood action { deny-arp | deny-all }


Configure approach for the attacker
threshold threshold

Configure automatically banned


arp anti-flood recover-time time
user recovery time

Banned user manual resume


arp anti-flood recover { H:H:H:H:H:H | all }
forwarding..

21.3.3 Display and Maintain Against ARP Flood

Operation Command Remarks


Display ARP anti-flood configuration
display arp anti-flood
and attackers list

174
GPON OLT Operation Manual V1.1

Chapter 22 DHCP-Relay

22.1 DHCP-Relay Overview

Since the packets are broadcasted in the process of obtaining IP addresses, DHCP is only

applicable to the situation that DHCP clients and DHCP servers are in the same network

segment, that is, you need to deploy at least one DHCP server for each network segment,

which is far from economical.

DHCP Relay is designed to address this problem. It enables DHCP clients in a subnet to

communicate with the DHCP server in another subnet so that the DHCP clients can obtain IP

addresses. In this case, the DHCP clients in multiple networks can use the same DHCP server,

which can decrease your cost and provide a centralized administration.

 Typical DHCP relay application

DHCP relays can transparently transmit broadcast packets on DHCP clients or servers to the

175
GPON OLT Operation Manual V1.1

DHCP servers or clients in other network segments.

In the process of dynamic IP address assignment through the DHCP relay, the DHCP client

and DHCP server interoperate with each other in a similar way as they do without the DHCP

relay. The following sections only describe the forwarding process of the DHCP relay.

The DHCP client broadcasts the DHCP-DISCOVER packet.

After receiving the packets, the network device providing the DHCP relay function unicasts the

packet to the designated DHCP server based on the configuration.

The DHCP server assigns IP addresses, and then broadcasts the configuration information to

the client through the DHCP relay. The sending mode is determined by the flag in the

DHCP-DISCOVER packets from the client.

22.2 Configure DHCP-Relay

22.2.1 DHCP-Relay Configuration List

Configuration Task Description Detailed


Configuration

Configure DHCP Server Group Required 22.2.2

Configure DHCP Relay to Support Option60 Optional 22.2.3

Enable the DHCP Relay Function Required 22.2.4

Configure DHCP Option82 Optional 22.2.5

176
GPON OLT Operation Manual V1.1

22.2.2 Configure DHCP Server Group

To improve reliability, you can set up multiple DHCP servers in a network. Each DHCP server

corresponds to a DHCP server group. After a VLAN or super-VLAN interface references a

DHCP server group, it forwards the DHCP packets from the client to all the servers in the

server group.

Operation Command Remarks

Enter global configuration mode system-view

dhcp-server group-id ip server-ip


Configure the DHCP server group

Enter VLAN interface configuration


dhcp-server group-id ip server-ip
mode

Configure the DHCP server group interface vlan-interface vid or interface


supervlan-interface super-vid
referenced by the interface

Configure the DHCP server group dhcp-server group-id

22.2.3 Configure DHCP Relay to Support Option60

DHCP relay supports the processing of DHCP packets with option 60 option fields.On the

VLAN interfaces or super VLAN configuration option 60 options, when the interface receives a

177
GPON OLT Operation Manual V1.1

DHCP packet from the client, if the option60 option field is included in the packet, it will be

matched with the value configured on this interface.

If a match is found, the gateway uses the gateway address in the match to relay the packet

and forwards the DHCP packet to the server address in the match.

If no match is found, relay processing is performed according to the requested IP address or

the client's IP address.

Operation Command Remarks

Enter global configuration mode system-view

Enter VLAN interface configuration interface vlan-interface vid or


interface supervlan-interface super-vid
mode

dhcp option60 { equals | starts-with }


{ ascii string | hexadecimal hexdata }
Configure option 60 of the interface gateway A.B.C.D [ dhcp-server group-id ]
[ server-reply { ascii string | hexadecimal
hexdata } ]

22.2.4 Enable the DHCP Relay Function

If the DHCP server and the DHCP client are not on the same subnet or the device is

configured as a DHCP server, you need to enable the DHCP relay function.

Sometimes, for network security considerations, network administrators do not want the DHCP

client to know the address of the DHCP server. In order to meet such requirements, a device

that enables a DHCP relay can be configured to hide the address of a real DHCP server. In

178
GPON OLT Operation Manual V1.1

this way, the DHCP client regards the device which enables the DHCP relay as a DHCP server

to hide the real DHCP server. Of course, if the device that enables the DHCP relay is also a

DHCP server, this function is no longer applicable.

Operation Command Remarks

Enter global configuration mode system-view

Enable global DHCP relay dhcp-relay

Hide the IP of the real DHCP Server dhcp-relay hide server-ip

Configure the maximum number of


dhcp max-hops hops
hops for DHCP messages

22.2.5 Configure DHCP Option82

The DHCP Option 82 function must be used together with DHCP relay or DHCP snooping.

After the DHCP message received by the GPON already has the Option 82 field, the following

three policies are supported:

drop: Drop all DHCP packets that carry the Option 82 field.

keep: Keep Option 82 and forward it.

replace: Replace the existing Option 82 in the packet with the new option82 and forward it

according to the actual situation in the local area.

179
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter global configuration mode system-view

Enable DHCP Option82 dhcp option82

Configure the DHCP option82 dhcp option82 format { normal | verbose |


henan }
format

Configure the node-identifier when


dhcp option82 format verbose

the DHCP option82 format is node-identifier { mac | hostname |


user-defined node-id }
verbose

Enter port configuration mode interface ethernet port-id

Configure the GPON to process


dhcp option82 strategy { drop | keep |

DHCP packets that carry the Option replace | append { hostname |


hostname-ip } }
82 field

Configure the circuit-id of DHCP


dhcp option82 circuit-id string id
option82

180
GPON OLT Operation Manual V1.1

Configure Remote Option for DHCP dhcp option82 remote-id string { string |
hostname }
Option82

Display DHCP option82 display dhcp option82

configuration

181
GPON OLT Operation Manual V1.1

Chapter 23 DHCP Snooping

23.1 DHCP Snooping Overview

For the sake of security, the IP addresses used by online DHCP clients need to be tracked for

the administrator to verify the corresponding relationship between the IP addresses the DHCP

clients obtained from DHCP servers and the MAC addresses of the DHCP clients. GPONes

can track DHCP client IP addresses through the DHCP snooping function, which monitors

DHCP broadcast packets.

DHCP snooping monitors the following two types of packets to retrieve the IP addresses the

DHCP clients obtain from DHCP servers and the MAC addresses of the DHCP clients:

DHCP-ACK packet

DHCP-REQUEST packet

When an unauthorized DHCP server exists in the network, a DHCP client may obtains an

illegal IP address. To ensure that the DHCP clients obtain IP addresses from valid DHCP

servers, you can specify a port to be a trust port or an untrusted port by the DHCP snooping

function:

Trusted ports can be used to connect DHCP servers or ports of other GPONes. Untrusted

ports can be used to connect DHCP clients or networks.

182
GPON OLT Operation Manual V1.1

Untrusted ports drop the DHCP-ACK and DHCP-OFFER packets received from DHCP servers.

Trusted ports forward any received DHCP packets to ensure that DHCP clients can obtain IP

addresses from valid DHCP servers.

Trusted vlan: untrusted port will not drop the DHCP-ACK and DHCP-Offer.

23.2 Configure DHCP Snooping

23.2.1 DHCP Snooping Configuration List

Configuration Task Description Detailed


Configuration

Enable DHCP Snooping Required 23.2.2

Configure DHCP Snooping Trust port Required 23.2.3

Configure Max Clients Number Optional 23.2.4

Configure Link-Down Operation Optional 23.2.5

Configure IP-Source-Guard Optional 23.2.6

DHCP Snooping Display and Maintenance Optional 23.2.7

23.2.2 Enable DHCP Snooping

Operation Command Remarks

Enter global configuration mode system-view

Enable DHCP Snooping dhcp-snooping

183
GPON OLT Operation Manual V1.1

Disable DHCP Snooping undo dhcp-snooping Disabled by

default

23.2.3 Configure DHCP Snooping Trust port

Operation Command Remarks

Enter global configuration mode system-view

Enable interface mode interface ethernet interface-num

Configer trust port dhcp-snooping trust

Delete trust port undo dhcp-snooping trust

23.2.4 Configure Max Clients Number

If the attacker exists, it will disguise as multiple users to ask DHCP Server for address to use

up the Server allocable address. As a consequence, Server has no address to allocate to the

user who needs the IP address. For this problem, network administrator can take the following

measures:

Restrict the DHCP-Client number connected to GPON port. In this case, only the clients

connected to the same port with the attacker will suffer the attack.

Restrict the DHCP-Client number in specified VLAN. In this case, only the clients in the same

VLAN with the attacker will suffer the attack.

Operation Command Remarks

Enter global configuration mode system-view

184
GPON OLT Operation Manual V1.1

interface ethernet interface-num


Enable interface mode

dhcp-snooping max-clients num


Configure max DHCP-Client number

connected to GPON port

vlan vlan-id
Enter vlan configuration mode

dhcp-snooping max-clients num


Configure max DHCP-Client number

in specified VLAN

23.2.5 Configure Link-Down Operation

When the link is down, you can perform the following actions on the dynamic entries which

Dhcp-snooping has learned:

enable fast-remove to delete Dhcp-snooping dynamic entries immediately when the port is

down.

disable fast-remove to normally age the dynamic entries according to the tenancy term instead

of deleting the Dhcp-snooping dynamic entries immediately when the port is down.

Operation Command Remarks

Enter global configuration mode system-view

Configure link-down operation of the dhcp-snooping port-down-action

185
GPON OLT Operation Manual V1.1

port fast-remove

Delete link-down operation of the undo dhcp-snooping port-down-action

port fast-remove

23.2.6 Configure IP-Source-Guard

IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious

host from impersonating a legitimate host by assuming the legitimate host's IP address. The

feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to

hosts on untrusted Layer 2 access ports. When using IP-Source-Guard, pay attention:

DHCP-Snooping has been enabled

Use this function in Trust port

After enabling IP-Source-Guard, all traffic with that IP source address is permitted from that

trusted client. Traffic from other hosts is denied. This filtering limits a host's ability to attack the

network by claiming a neighbor host's IP address. The filtering info can be source MAC, source

IP and source port number.

Operation Command Remarks


Enter global configuration mode system-view -
ip-source-guardbind { ip ip-address | mac
Configure IP-source-guard bind
mac-address | interface ethernet -
table
interface-num }
Enter interface configuration mode interface ethernet interface-num -
Enable IP-Source-Guard on Trust By default,
ip-source-guard
port ip-source-guard

186
GPON OLT Operation Manual V1.1

on port is
disabled.

23.2.7 DHCP Snooping Display and Maintenance

Operation Command Remarks


Display DHCP-Snooping clients display dhcp-snooping clients
Display DHCP-Snooping status in display dhcp-snooping interface
interface [ ethernet interface-num ]
Display DHCP-Snooping status in
display dhcp-snooping vlan
VLAN
Display IP-Source-Guard status in
display ip-source-guard
interface
Display source IP binding table of display ip-source-guard bind [ ip
IP-Source-Guard ip-address ]

187
GPON OLT Operation Manual V1.1

Chapter 24 DHCP-Server

24.1 DHCP-Server Overview

In the following cases, the DHCP server is usually used to complete the IP address allocation:

Due to the large scale of the network, manual configuration requires a lot of work and it is

difficult to centrally manage the entire network.

Since the number of hosts in the network is larger than the number of IP addresses supported

by the network, it is impossible to allocate a fixed IP address to each host. Moreover, there are

also restrictions on the number of users accessing the network(for example, service providers

of Internet access). Therefore, a large number of users must obtain their own IP address

through the DHCP.

Only a few hosts on the network need fixed IP addresses. Most hosts do not have a fixed IP

address.

24.2 Configure DHCP-Server

24.2.1 DHCP-Server Configuration List

Configuration Task Description Detailed Configuration

Configure IP pool Required 24.2.2

188
GPON OLT Operation Manual V1.1

Configure IP Pool Gateway Required 24.2.3

Configure IP Pool Range Optional 24.2.4

Enable/Disable IP Address Optional 24.2.5

Configure IP Pool Lease Optional 24.2.6

Configure the DHCP Server to Allocate the


Optional 24.2.7
DNS Server Address

Configure the DHCP Server to Assign


Optional 24.2.8
WINS server Addresses

Display IP Pool configuration Optional 24.2.9

Configure dhcp-client bind Optional 24.2.10

24.2.2 Configure IP Pool

Operation Command Remarks

Enter global configuration mode system-view

Enter IP pool configuration mode ip pool ippoolname

Delete IP Pool undo ip pool ippoolname

24.2.3 Configure IP Pool Gateway

Operation Command Remarks

189
GPON OLT Operation Manual V1.1

Enter global configuration mode system-view

Enter ip pool configuration mode ip pool ippoolname

Configure gateway gateway ip-address mask

24.2.4 Configure IP Pool Range

Operation Command Remarks

Enter global configuration mode system-view

Enter IP pool configuration mode ip pool ippoolname

Configure IP pool range section section-id from-ip to-ip

Delete IP pool range undo section section-id

24.2.5 Enable/Disable IP Address

Operation Command Remarks

Enter global configuration mode system-view

enter IP pool configuration mode ip pool ippoolname

Enable/disable IP address ip { disable | enable } ip-address

24.2.6 Configure IP Pool Lease

Operation Command Remarks

Enter global configuration mode system-view

Enter IP pool configuration mode ip pool ippoolname

Configure IP Pool Lease lease day:hour:min

190
GPON OLT Operation Manual V1.1

24.2.7 Configure the DNS Server Address of DHCP Server

Operation Command Remarks

Enter global configuration mode system-view

Enter IP pool configuration mode ip pool ippoolname

Configure the DNS server address dns { primary-ip | second-ip |

third-ip | fourth-ip } ip-address

Delete the DNS server address undo dns { primary-ip | second-ip

assigned for the DHCP client | third-ip | fourth-ip }

Configure the domain name dns suffix suffix-name

Delete the domain name undo dns suffix

24.2.8 Configure the DHCP Server to Assign WINS Server Addresses

Operation Command Remarks

Enter global configuration mode system-view

Enter IP pool configuration mode ip pool ippoolname

Configure the WINS server address wins { primary-ip | second-ip }

ip-address

Delete the WINS server address undo wins { primary-ip |

second-ip }

191
GPON OLT Operation Manual V1.1

24.2.9 Display IP Pool Configuration

Operation Command Remarks

Display IP Pool configuration display ip pool [ ippool-name

[ section-num ] ]

24.2.10 Configure Dhcp-client Bind

Some clients (FTP servers, Web servers, etc.) need fixed IP addresses, which can be

implemented by binding the MAC address of the client to the IP address. When a client with

this MAC address requests an IP address, the DHCP server searches for the corresponding IP

address based on the MAC address of the client and assigns that IP address to the client.

Operation Command Remarks

Enter global configuration mode system-view

Enable dhcp-client bind dhcp-client bind

Disable dhcp-client bind undo dhcp-client bind

Display dhcp-client bind display dhcp-client bind

Add dhcp-client dhcp-client mac-address

ip-address vlan-id username

undo dhcp-client { mac-address


Delete dhcp-client
vlan-id | all }

Display dhcp-client display dhcp-client [ ip

192
GPON OLT Operation Manual V1.1

ip-address ] | [ mac mac-address ]

193
GPON OLT Operation Manual V1.1

Chapter 25 IGMP Snooping

25.1 IGMP Snooping Overview

IGMP (Internet Group Management Protocol) is a part of IP protocol which is used to support

and manage the IP multicast between host and multicast router. IP multicast allows

transferring IP data to a host collection formed by multicast group. The relationship of multicast

group member is dynamic and host can dynamically add or exit this group to reduce network

load to the minimum to realize the effective data transmission in network.

IGMP Snooping is used to monitor IGMP packet between host and routers. It can dynamically

create, maintain, and delete multicast address table according to the adding and leaving of the

group members. At that time, multicast frame can transfer packet according to his own

multicast address table.

25.2 IGMP Snooping Configuration

25.2.1 IGMP Snooping Configuration List

Configuration Task Description Detailed Configuration

Enable IGMP Snooping Required 25.2.2

Configure IGMP Snooping Timer Optional 25.2.3

Configure Port Fast-leave Optional 25.2.4

194
GPON OLT Operation Manual V1.1

Configure Number of Multicast Group


Optional 25.2.5
Allowed Learning

Configure IGMP Snooping Querier Optional 25.2.6

Configure IGMP Snooping Multicast


Optional 25.2.7
Learning Strategy

Configure IGMP Snooping Router-Port Optional 25.2.8

Configure IGMP Snooping Port Multicast


Optional 25.2.9
VLAN

Configure Host Port Record MAC Functions Optional 25.2.10

Configure Port of Dropped Query Packets


Optional 25.2.11
or Not

Configure Port of Discarded Packets


Optional 25.2.12
Report or Not

Configure multicast preview Optional 25.2.13

Configure Profile of Black and White List Optional 25.2.14

Display and Maintenance of IGMP


Optional 25.2.15
Snooping

25.2.2 Enable IGMP Snooping

Operation Command Remarks

Enter global configuration mode system-view

195
GPON OLT Operation Manual V1.1

Enable IGMP Snooping igmp-snooping igmp-snooping is

disabled by default.

Disable IGMP Snooping undo igmp-snooping

25.2.3 Configure IGMP Snooping Timer

Operation Command Remarks

Enter global configuration mode system-view

Configure IGMP Snooping host igmp-snooping host-aging-time 300s by default

aging time seconds

Configure maximum leave time igmp-snooping 10s by default

max-response-time seconds

25.2.4 Configure IGMP-snooping Fast-leave

Under normal circumstances, IGMP-Snooping on IGMP leave message is received directly will

not remove the port from the multicast group, but to wait some time before the port from the

multicast group.

Enabling quickly delete function, IGMP-Snooping IGMP leave packet received, directly to the

port from the multicast group. When the port is only one user, can be quickly removed to save

bandwidth.

Operation Command Remarks

Enter global configuration mode system-view

196
GPON OLT Operation Manual V1.1

Enter port configuration mode interface { { ethernet

interface-num } | interface-name }

Configure IGMP-snooping fast-leave igmp-snooping fast-leave Disable by default

25.2.5 Configure Number of Multicast Group Allowed Learning

Use igmp-snooping group-limit command to configure the number of the multicast group

allowed learning.

Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface { { ethernet

interface-num } | interface-name }

Configure the number of the igmp-snooping group-limit

multicast group allowed learning number

25.2.6 Configure IGMP Snooping Querier

In an IP multicast network running IGMP, a multicast router or Layer 3 multicast GPON is

responsible for sending IGMP general queries, so that all Layer 3 multicast devices can

establish and maintain multicast forwarding entries, thus to forward multicast traffic correctly at

the network layer .This router or Layer 3 switch is called IGMP querier.

However, a Layer 2 multicast switch does not support IGMP, and therefore cannot send

general queries by default. By enabling IGMP Snooping on a Layer 2 switch in a VLAN where

multicast traffic needs to be Layer-2 switched only and no multicast routers are present, the

197
GPON OLT Operation Manual V1.1

Layer 2 switch will act as the IGMP Snooping querier to send IGMP queries, thus allowing

multicast forwarding entries to be established and maintained at the data link layer.
Operation Command Remarks

Enter global configuration mode system-view

By default, not

black and white

list in the
Configuration is not black and white
igmp-snooping { permit | deny } { group all multicast group
list in the multicast group to learn the
| vlan vlan-id } to learn the rules
rules of the default
for the learning

of all multicast

group

Enter port configuration interface ethernet interface-num

Configure the

port to learn (not

igmp-snooping { permit | deny } learn) VID of the


Configure the port multicast black
group-range multicast-mac-address start of
list
multi-count num vlan vlan-id continuous num

mac multicast

groups

Configure the port multicast black igmp-snooping { permit | deny } group By default, any
list
multicast-mac-address vlan vlan-id multicast group

198
GPON OLT Operation Manual V1.1

are not black and

white list are

added

25.2.7 Configure IGMP Snooping Multicast Learning Strategy

Configured multicast learning strategies, the administrator can control the router only to learn

the specific multicast group. If a multicast group is added to the blacklist, then the router will

not learn the multicast group; the contrary, in the white list in the router can learn multicast

group.
Operation Command Remarks

Enter global configuration mode system-view

Open the IGMP-Snooping querier igmp-snooping querier

Configure VLAN general query


igmp-snooping querier-vlan vlan-id
messages

Configured to send general query


igmp-snooping query-interval interval
message interval

Configuration is generally the

maximum query response time of igmp-snooping query-max-respond time

message

Configured to send general inquiries igmp-snooping general-query source-ip

packet source IP address ip-address

25.2.8 Configure IGMP Snooping Router-Port

199
GPON OLT Operation Manual V1.1

You can configure the router port will be automatically added to the dynamic IGMP Snooping

Multicast learn to make routing port also has a multicast packet forwarding capability.

When the GPON receives a host membership report sent packets, the port will be forwarded to

the route.
Operation Command Remarks

Enter global configuration mode system-view

Configure hybrid routing port igmp-snooping route-port forward

Configure dynamic routing port igmp-snooping router-port-age { on | off |

aging time age-time }

igmp-snooping route-port vlan vlan-id


Configure static routing port
interface { all | ethernet interface-num }

25.2.9 Configure IGMP Snooping Port Multicast VLAN

Multicast VLAN on the port function, regardless of the port receiving the IGMP messages

belong to which VLAN, the GPON will be modified as a multicast VLAN.


Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode Interface ethernet interface-num

Configure IGMP Snooping port


igmp-snooping multicast vlan vlan-id
multicast VLAN

25.2.10 Configure Host Port Record MAC Functions

200
GPON OLT Operation Manual V1.1

When this feature is enabled on the port, the GPON will record the source packet IGMP report

MAC address.
Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode Interface ethernet interface-num

Configure the host port record MAC igmp-snooping record-host

25.2.11 Configure Port of Dropped Query Packets

When this feature is enabled on a port, the GPON drops the IGMP query message. Default

port to receive all IGMP packets.


Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

Discard the query message to the


igmp-snooping drop query
configuration port

Configure the port to receive the


undo igmp-snooping drop query
query message

25.2.12 Configure Port of Discarded Report Packets

When this feature is enabled on a port, the GPON drops the IGMP report message. Default

port to receive all IGMP packets.


Operation Command Remarks

Enter global configuration mode system-view

201
GPON OLT Operation Manual V1.1

Enter port configuration mode interface ethernet interface-num

Configure the port discarded


igmp-snooping drop report
packets report

Configure the port to receive a


undo igmp-snooping drop report
report with

25.2.13 Configure Multicast Preview

Multicast IGMP Snooping provides preview feature, users can configure the multicast channel

preview, you can configure a single multicast length preview, preview interval, duration, and

reset to allow preview times.


Operation Command Remarks

Enter global configuration mode system-view

Configure Multicast preview igmp-snooping preview

igmp-snooping preview group-ip

Configure multicast channel preview ip-address vlan vlan-id interface ethernet

interface-num

Configuration when the long single igmp-snooping preview { time-once

preview, preview interval, duration time-once | time-interval time-interval |

and allows preview preview reset time-reset time-reset | permit-times

the number of preview-times }

25.2.14 Configure Profile of Black and White List

202
GPON OLT Operation Manual V1.1

IGMP Snooping provides the way black and white list feature profile, first in global

configuration mode to create a number of profile, then the port configuration mode to configure

the port reference profile list. Users can configure the IGMP Snooping profile of the type and

scope, which refers to the type of permit / deny, you can use the multicast IP address range or

MAC address to configure. IGMP Snooping profile only the port referenced to take effect, the

configuration port reference profile, the more the type of profile must be the same between that

port can only refer to the same type (permit or deny) the profile. When the port is referenced

permit the profile, the profile can only learn the definition of the corresponding multicast group;

when the port reference deny the profile, the profile can be defined in addition to learning

outside of all multicast group; when the port does not refer to any profile, in accordance with

Normally learning multicast group.


Operation Command Remarks

Enter global configuration mode system-view

Create a profile, and enter profile


igmp-snooping profile profile-id
configuration mode

Configuration profile types profile limit { permit | deny }

Configuration profile ip range ip range start-ip end-ip [ vlan vlan-id ]

Range of configuration profile mac mac range start-mac end-mac [ vlan vlan-id ]

Enter port configuration mode interface ethernet interface-num

Reference configuration profile igmp-snooping profile refer profile-list

25.2.15 Display and Maintenance of IGMP Snooping

203
GPON OLT Operation Manual V1.1

After completing the above configuration, can use the following command to view

configuration.
Operation Command Remarks

See the related configuration IGMP


display igmp-snooping
Snooping

See dynamic routing port display igmp-snooping router-dynamic

Display static router port


display igmp-snooping router-static
configuration

display igmp-snooping record-host


Display Record in host MAC
[ interface ethernet interface-num ]

Display information about multicast


display igmp-snooping preview
preview

Display the current state of multicast


display igmp-snooping preview status
channel preview

Display profile configuration display igmp-snooping profile [ interface

information ethernet interface-num ] [ profile-list ]

display multicast [ interface ethernet


Display multicast group
interface-num ]

204
GPON OLT Operation Manual V1.1

Chapter 26 MLD Snooping

26.1 MLD Snooping Overview

MLD (Multicast Listener Discovery) Internet Group Management Protocol is part of the IPv6

protocol, to support and manage hosts and multicast routers IP multicast. IP Multicast allows

the transmission of IP packets to a multicast group constitutes a set of host, multicast group

membership relationship is dynamic, host can dynamically join or leave the group, so to

minimize the network load, effective online data transfer.

MLD Snooping is used to monitor hosts and routers between the MLD messages, according to

group members join, leave, and dynamically create, maintain and delete the multicast address

table, this time, multicast frames based on their respective multicast address table be

forwarded.

26.2 MLD Snooping

26.2.1 MLD Snooping Configuration List

Configuration Task Description Detailed Configuration

Start MLD Snooping Required 26.2.2

Configure MLD Snooping Timer Optional 26.2.3

Configure Fast-leave Port Optional 26.2.4

205
GPON OLT Operation Manual V1.1

Maximum number of learning multicast


Optional 26.2.5
configuration port

Configure MLD-Snooping Multicast


Optional 26.2.6
Learning Strategies

Configure MLD-Snooping querier Optional 26.2.7

Configure Routing port Optional 26.2.8

Multicast VLAN port configuration Optional 26.2.9

Display and maintenance of MLD Snooping Optional 26.2.10

26.2.2 Start MLD Snooping

Operation Command Remarks

Enter global configuration mode system-view

Start MLD Snooping mld-snooping

26.2.3 Configure MLD Snooping Timer

Operation Command Remarks

Enter global configuration mode system-view

Configure dynamic multicast


mld-snooping host-aging-time time 300s by default
member port aging time

Configure the maximum response


mld-snooping max-response-time time 10s by default
time to leave

26.2.4 Configure Fast-leave Port

206
GPON OLT Operation Manual V1.1

Under normal circumstances, MLD-Snooping in MLD leave message is received directly will

not remove the port from the multicast group, but to wait some time before the port from the

multicast group.

Start quickly delete function, MLD-Snooping received MLD leave message, the direct port from

the multicast group. When the port is only one user, it can be quickly removed to save

bandwidth.
Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

Fast-leave configuration port mld-snooping fast-leave

26.2.5 Maximum Number of Learning Multicast Configuration Port

You can use the following command to set up each port can learn the number of multicast.
Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

By default, the

maximum

Configured port number of the learning of


mld-snooping group-limit number
largest study of multicast multicast port

number

NUM_MULTICA

207
GPON OLT Operation Manual V1.1

ST_GROUPS

Caution:

NUM_MULTICAST_GROUPS refers to the machine can learn the maximum number of

multicast, each product NUM_MULTICAST_GROUPS may be different. Although theoretically

a maximum of learning multicast port number NUM_MULTICAST_GROUPS, but also that

other ports can learn the number of multicast will be occupied. In other words, all the ports will

share this NUM_MULTICAST_GROUPS multicast group resources.

26.2.6 Configure MLD Snooping Multicast Learning Strategies

Configured multicast learning strategies, the administrator can control the router only to learn

the specific multicast group. If a multicast group is added to the blacklist, then the router will

not learn the multicast group; the contrary, in the white list in the multicast group of routers can

be learned.
Operation Command Remarks

Enter global configuration mode system-view

Configuration is not black and white


mld-snooping { permit | deny } { group all |
list in the multicast group to learn the
vlan vlan-id }
rules of the default

Enter port configuration mode interface ethernet interface-num

Configure the port multicast black mld-snooping { permit | deny }

list group-range multicast-address multi-count

208
GPON OLT Operation Manual V1.1

num vlan vlan-id

Configure the port multicast black mld-snooping { permit | deny } group


list
multicast-address vlan vlan-id

26.2.7 Configure MLD-Snooping querier

After running the MLD protocol multicast network, there will be a full-time query multicast

router or Layer 3 multicast router is responsible for sending MLD query.

However, MLD does not support Layer 2 GPON function, so no way to query device

capabilities, universal group can’t send query message. Users can configure MLD-Snooping

querier, the GPON to the second floor take the initiative in the data link layer to send general

queries, messages, in order to establish and maintain multicast forwarding entry.

Users can also configure the MLD Snooping querier sends general query messages with the

source address, the maximum response time and query cycle.


Operation Command Remarks

Enter global configuration mode system-view

On MLD-Snooping querier mld-snooping querier

Configured to send general query


mld-snooping query-interval interval
message interval

Configuration is generally the

maximum query response time of mld-snooping query-max-respond time

message

209
GPON OLT Operation Manual V1.1

26.2.8 Configure Routing Port

You can configure the router port will be automatically added to the dynamic MLD Snooping

Multicast learn to make routing port also has a multicast packet forwarding capability.

When the GPON receives a host membership report sent packets, the port will be forwarded to

the route.
Operation Command Remarks

Enter global configuration mode system-view

Hybrid routing port configuration


mld-snooping route-port forward
function

Configure dynamic routing port mld-snooping router-port-age { on | off |

aging time age-time }

mld-snooping route-port vlan vlan-id


Configure static routing port
interface { all | ethernet interface-num }

26.2.9 Multicast VLAN Port Configuration

Multicast VLAN on the port function, regardless of the port received MLD messages belong to

which VLAN, the GPON will be modified as a multicast VLAN.


Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

Multicast VLAN port configuration mld-snooping multicast vlan vlan-id

210
GPON OLT Operation Manual V1.1

26.2.10 Display and Maintenance of MLD Snooping

After completing the above configuration, can use the following command to view

configuration.
Operation Command Remarks

See related MLD Snooping


display mld-snooping
Configuration

See dynamic routing port display mld-snooping router-dynamic

View static router port configuration display mld-snooping router-static

View multicast group display mld-snooping group

211
GPON OLT Operation Manual V1.1

Chapter 27 Static Multicast Table

27.1 Static Multicast Table Overview

In addition to dynamic learning, multicast tables support manually configuration, and a

manually configured multicast table is a static multicast table. The static multicast MAC table

will not be aged and it cannot be lost after being saved.

At present, only the corresponding multicast entries of ipv4 can be static configured, and ipv6

multicast entries cannot be static configured.

27.2 Configure Static Multicast Table

27.2.1 Static Multicast GroupConfiguration List

Configuration Task Description Detailed


Configuration

Create a Static Multicast Group Required 27.2.2

Add a Port to the Multicast Group Required 27.2.3

Create a Static Multicast Group based on Group IP Optional 27.2.4

Display and Maintenance of Static MulticastTable Optional 27.2.5

27.2.2 Create a Static Multicast Group

Operation Command Remarks

212
GPON OLT Operation Manual V1.1

Enter global configuration mode system-view

Create a static multicast group multicast mac-address mac-address vlan

vlan-id

Delete a static multicast group undo multicast [ mac-address mac-address

vlan vlan-id ]

The parameter mac refers to the mac address of the multicast group. It is required to use the

multicast address format, for example: 01: 00: 5e: **: **: **, ip refers to multicast ip, for example,

224.0.1.1; vlan-id refers to VLAN ID, with the range of 1 to 4094. It must be an existed VLAN. If

the added static multicast group belongs to a VLAN that does not exist,, the multicast group

fails to be added.

27.2.3 Add a Port to the Multicast Group

Operation Command Remarks

Enter global configuration mode system-view

Add a port to a static multicast group Multicast mac-address mac-address vlan

vlan-id interface { all | ethernet interface-list }

Delte a por from static multicast undo multicast mac-address mac-address

group vlan vlan-id interface { all | ethernet

interface-list }

27.2.4 Create a Static Multicast Group based on Group IP

213
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter global configuration mode system-view

Create a static multicast group multicast ip-address ip-address vlan vlan-id

based on group IP

Delete a static multicast group undo multicast ip-address ip-address vlan

based group IP vlan-id

Add a port to a static multicast group multicast ip-address ip-address vlan vlan-id

base on group IP interface { all | ethernet interface-list }

Delte a por from static multicast undo multicast ip-address ip-address vlan

group base on group IP vlan-id interface { all | ethernet interface-list }

27.2.5 Display and Maintenance of Static Multicast Table

Operation Command Remarks

DisplayStatic MulticastTable by display multicast mac-address mac-address

MAC

DisplayStatic MulticastTable by IP display multicast ip-address ip-address

214
GPON OLT Operation Manual V1.1

Chapter 28 IGMP

28.1 IGMP Overview

IGMP (Internet Group Management Protocol) is used to manage IP multicast group member

as well as to establish and maintain the relationship between the IP host and multicast router.

Currently, there are three versions of IGMP: IGMPv1 (RFC 1112), IGMPv2 (RFC 2236) and

IGMPv3 (RFC 3376). The IGMPv2 version is widely used.

IGMPv1 defines two types of message: General Query and Group Membership Report. It

manages the multicast group members based on query mechanism and response mechanism.

IGMPv2 defines three types of message: Membership Query (including General Query and

Group-Specific Query), Group Membership Report and Group Membership-Leave. Compared

with IGMPV1, IGMPV12 added querier election mechanism and leave group mechanism.

IGMPv3 added source filter mechanism on the basis of v2, enhancing the function of query

and report. Moreover, it presents the clear requirements to accept or reject the multicast

message from some certain multicast source when the host adds certain multicast group.

All versions support ASM mode. Only IGMPv3 supports SSM mode. IGMPv1 and IGMPv2 can

be able to apply to SSM mode under the help of IGMP SSM Mapping technology.

28.2 Configure IGMP

215
GPON OLT Operation Manual V1.1

28.2.1 IGMP Configuration List

Configuration Task Description Detailed


Configuration

Enable Multicast Routing Protocol Required 28.2.2

Enable IGMP Protocol Required 28.2.3

Configure IGMP Version Optional 28.2.4

Configure IGMP General Query Interval Optional 28.2.5

Configure Last-Member-Query-Interval Optional 28.2.6

Configure Robustness Variable of IGMP Querier Optional 28.2.7

Configure the Maximum Number of the Multicast Group Optional 28.2.8

Added to the Interface

Configure IGMP Maximum Query Response Time Optional 28.2.9

Configure Multicast Group Filter Function Optional 28.2.10

Establish Static IP Multicast Table Optional 28.2.11

Configure Static Multicast Group Optional 28.2.12

Configure IGMP Proxy Optional 28.2.13

Configure IGMP SSM Mapping Optional 28.2.14

Configure SSM-Mapping static group address mapping rule Optional 28.2.15

IGMP Display and Maintenance Optional 28.2.16

28.2.2 Enable Multicast Routing Protocol

216
GPON OLT Operation Manual V1.1

You should enable multicast routing before Configure IGMP protocol. Only if you enable the

multicast protocol can relative configurations take effect.


Operation Command Remarks

Enter global configuration system-view

Enable enable multicast routing ip multicast-routing

Disable multicast routing undo ip multicast-routing

28.2.3 Enable IGMP Protocol

Enable the IGMP protocol on interface to make GPON forward multicast message. Please

perform the configurations under interface configuration mode (including VLAN interface and

SuperVlan interface).

Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode interface { vlan-interface |

supervlan-interface } vlan-id

Enable IGMP protocol ip igmp

Disable IGMP protocol undo ip igmp

28.2.4 Configure IGMP Version

Due to different versions of the IGMP protocol have different message structures and message

types, so you need to configure the same IGMP version for all the routers in the same network

segment. Otherwise, IGMP cannot be able to run normally. Please perform the configurations

217
GPON OLT Operation Manual V1.1

under interface configuration mode (including VLAN interface and SuperVlan interface).

Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode interface { vlan-interface |

supervlan-interface } vlan-id

Configure the interface to run IGMP ip igmp version { 1 | 2 | 3 } IGMPv2 by

version default

Configure defaultIGMPversion undo ip igmp version

28.2.5 Configure IGMP General Query Interval

The Ethernet GPON periodically sends the Membership Query Message to discover which

multicast groups exist on the network connected to the Ethernet GPON. This time interval is

set by the Query Interval timer. You can configure the Query Interval timer to modify the

interval at which IGMP hosts send query messages.


Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode interface { vlan-interface |

supervlan-interface } vlan-id

Configure IGMP general query ip igmp query-interval seconds 125 seconds by

interval default.

Configure default IGMP general undo ip igmp query-interval

query interval

218
GPON OLT Operation Manual V1.1

28.2.6 Configure Last-Member-Query-Interval

After receiving leave-message, GPON will forward specified group query message to know

whether there are other group members in multicast group. User can be able to modify the

interval value of specified group query message.


Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode interface { vlan-interface |

supervlan-interface } vlan-id

Configure ip igmp last-member-query-interval 1 second by

last-member-query-interval seconds default.

Configure default undo ip igmp last-member-query-interval

last-member-query-interval

28.2.7 Configure Robustness Variable of IGMP Querier

The robustness variable is a very important parameter that reflects the performance of the

IGMP protocol running on the GPON. It is mainly used to control message forwarding

frequency so as to enhance the robustness of network protocol operation. In addition, the

robustness variable coefficient is also an important parameter for calculating other variables,

such as the existence time of other inquires, group membership time, etc.
Operation Command Remarks

Enter global configuration system-view

219
GPON OLT Operation Manual V1.1

Enter VLAN-interface mode interface { vlan-interface |

supervlan-interface } vlan-id

Configure robustness variable of ip igmp robustness-variable value 2 by default.

IGMP querier

Configure default robustness undo ip igmp robustness-variable

variable of IGMP querier

28.2.8 Configure the Maximum Number of the Multicast Group Added


to the Interface

Through this function, users can easily control the number of multicast groups that an interface

can join. If the maximum number is exceeded, the GPON will not process the newly added

IGMP messages.
Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode interface { vlan-interface | supervlan-interface }

vlan-id

Configure the maximum number ip igmp limit-group limit-num By default, the

of the multicast group added to maximum

the interface number of IGMP

groups added to

an interface is

the maximum

220
GPON OLT Operation Manual V1.1

number of

multicast groups

Configurethe default maximum undo ip igmp limit-group

number of the multicast group

added to the interface

28.2.9 Configure IGMP Maximum Query Response Time

When the host receives the query from the GPON, it will start the Delay Timers for each

multicast group it joins. It uses a random number between 0 and Max Response Time as the

initial value. The Max Response Time is the maximum response time specified by the query

message (the maximum query response time for IGMP Version 1 is 10 seconds). The host

should inform GPON the member of the multicast group before the timer expired. If the GPON

does not receive any group member reports after the maximum query response time has

expired, it considers that there is no local group member and it will not send the multicast

packets it receives to the network to which it is connected.


Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode Interface { vlan-interface |

supervlan-interface } vlan-id

Configure the maximum query ip igmp query-max-response-time seconds 10 seconds by

response time of IGMP default

Configure the default maximum undo ip igmp query-max-response-time

221
GPON OLT Operation Manual V1.1

query response time of IGMP

28.2.10 Configure Multicast Group Filter Function

The GPON determines which multicast group includes the local group members that are

directly connected to the GPON by sending an IGMP query message. If you do not want to add

certain multicast groups to a host on the network segment where the interface is located, you

can configure the ACL rule on the interface. The interface filters the received IGMP report

according to the rule. The multicast group maintains the group membership.
Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode interface { vlan-interface | supervlan-interface }

vlan-id

Configure filter function of ip igmp access-group acl-number [ all | ethernet By default, hosts

multicast group interface-list ] on this interface

can join any valid

multicast group.

Delete filter function of multicast undo ip igmp access-group acl-number [ all |

group ethernet interface-list ]

28.2.11 Establish Static IP Multicast Table

Create a static IP multicast entry to realize the forwarding of multicast message. You can

create (S, G) and (*, G) entries. If a static multicast member exists (which is created through

222
GPON OLT Operation Manual V1.1

the command of ip igmp static-group), It will automatically add the static member's port to the

egress port of the corresponding static entry.


Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode Interface { vlan-interface |

supervlan-interface } vlan-id

Create static IP multicast table ip igmp create-group groups-address-list There is no static

source { * | source-address } multicast table

by default.

Delete static IP multicast table undo ip igmp create-group

groups-address-list source { * |

source-address }

28.2.12 Configure Static Multicast Group

Configure the GPON port to become a static multicast group so that the GPON can forward the

multicast packets to this port and specify the source address list at the same time. Please

perform the configurations under interface configuration mode (including VLAN interface and

SuperVlan interface). When Configure this function under the SuperVlan interface mode, you

should specify the sub-VLAN.


Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode Interface { vlan-interface |

223
GPON OLT Operation Manual V1.1

supervlan-interface } vlan-id

Add a port into static multicast group ip igmp static-group { * | groups-address }

{ all | ethernet interface-list } sourcelist { * |

sourcelist }

Delete a port from static multicast undo ip igmp static-group { all |

group groups-address { all | ethernet interface-list }

sourcelist { * | sourcelist } }

28.2.13 Configure IGMP Proxy

After enabling IGMP proxy, GPON acts as a host forwards the multicast group information via

report message. When the multicast router receives the message, it transmits the multicast

traffic to GPON and then GPON will transmit the multicast traffic to the downlink user. If a

certain multicast has no host, GPON will forward leave message to multicast routing, and then

multicast routing will stop forwarding multicast data to GPON. This function is mainly applied to

network peripheral GPONes, which effectively saves GPON resources since GPONes can

complete the multicast forwarding without enabling the multicast routing protocols.
Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode Interface { vlan-interface |

supervlan-interface } vlan-id

Enable IGMP-Proxy igmp-proxy

Disable IGMP-Proxy undo igmp-proxy

224
GPON OLT Operation Manual V1.1

28.2.14 Configure IGMP SSM Mapping

In the SSM network, some recipient hosts only run IGMPv1 or IGMPv2 due to the variety of

possible restrictions. You can configure the IGMP SSM Mapping function in router so as to

offer SSM service to those recipient hosts of IGMPv1 or IGMPv2.


Operation Command Remarks

Enter global configuration system-view

Enter VLAN-interface mode Interface { vlan-interface |

supervlan-interface } vlan-id

Enable ssm-mapping ip igmp ssm-mapping

Disable ssm-mapping undo ip igmp ssm-mapping

28.2.15 Configure SSM-Mapping static group address mapping rule

Operation Command Remarks

Enter global configuration system-view

Enter IGMP global configuration mroute igmp

mode

Configure the SSM-Mapping static ssm-mapping ipaddress mask By default, no

group address mapping rule multicast-source-ipaddress static group

address

mapping rule is

configured

225
GPON OLT Operation Manual V1.1

Delete the SSM-Mapping static undo ssm-mapping { ipaddress mask | all }

group address mapping rule

28.2.16 IGMP Display and Maintenance

Operation Command Remarks

Display IGMP interface information display ip igmp interface [ { vlan-interface

vlan-id } | { supervlan-interface vlan-id } ]

Display static configurations and the display ip igmp groups [ multicast-ip ]

IGMP multicast group information

Display IGMP proxy display igmp-proxy

Display SSM-Mapping mapping rule display ip igmp ssm-mapping

[ multicast-ip ]

226
GPON OLT Operation Manual V1.1

Chapter 29 PIM

29.1 PIM Overview

Protocol Independent Multicast-Dense Mode (PIM-DM) is a dense-mode multicast routing

protocol, which is applicable to small-sized networks. In a PIM-DM network, members of a

multicast group are densely distributed.

29.1.1 Principles of PIM-DM

The operation of PIM-DM can be understood as neighbor discovery, flooding-prune, and graft.

1) Neighbor discovery

Upon save, a PIM-DM router needs to discover neighbors by sending Hello packets. The

relationships between PIM-DM capable network nodes are maintained through exchange

of Hello packets. In PIM-DM, Hello packets are sent periodically.

2) Flooding&Prune

PIM-DM assumes that all the hosts on a network are ready to receive multicast data. A

packet is transmitted from multicast source S to multicast group G. After receiving this

multicast packet, the router performs an RPF check based on the unicast routing table

and creates an (S,G) entry if the RPF check is successful. Then the router floods the

packet to all the downstream PIM-DM nodes in the network. The router discards the

packet if the RPF check fails (the multicast packet is from an incorrect interface). In the

227
GPON OLT Operation Manual V1.1

flooding process, an (S,G) entry will be created in the PIM-DM multicast domain.

If no downstream node is a multicast group member, the router sends a Prune message to

notify the upstream node that data should not be sent to downstream nodes any more.

After receiving the Prune message, the upstream node removes the interface that sends

the multicast packet from the outbound interface list matching the (S,G) entry. Eventually,

a Shortest Path Tree (SPT) with S as the root is created. The prune process is initiated by

a leaf router.

The whole process is called the flooding&prune process. A timeout mechanism is made

available on a pruned router so that the router may initiate a flooding&prune process

again if the prune process times out. The flooding&prune mechanism of PIM-DM operates

periodically over and over again.

In the flooding&prune process, PIM-DM performs RPF check and builds a multicast

forwarding tree with the data source as the root based on the current unicast routing

tables. When a multicast packet arrives, the router first judges whether the path of the

multicast packet is correct. If the interface where the packet arrives is what specified in the

unicast route, the path is considered correct. Otherwise, the multicast packet is discarded

as a redundant packet and will not be forwarded in multicast mode. The unicast route may

be discovered by any unicast routing protocol such as RIP and OSPF instead of a specific

routing protocol.

3) Assert

As shown in the following figure, multicast routers A and B are on the same LAN segment

and they have their respective paths to multicast source S. After receiving a multicast

228
GPON OLT Operation Manual V1.1

packet from S, both of them will forward the packet on the LAN. As a result, the

downstream multicast router C will receive two identical multicast packets.

An upstream router uses the Assert mechanism to select the only forwarder. The

upstream router sends Assert messages to select the best route. If two or more paths

have the same priority and metric value, the router with the largest IP address is selected

as the upstream neighbor of the (S,G) entry and is responsible for forwarding the (S,G)

multicast packet.

Assert mechanism

4) Graft

When the pruned downstream node needs to enter the forwarding state again, it sends a

Graft message to the upstream node. Before Configure the features of IGMP, you must

enable the multicast routing function.

5) SRM

229
GPON OLT Operation Manual V1.1

To avoid repeated flooding&prune actions, the SRM is added to new protocol standards. The

router in direct connection with the multicast source sends state update packets periodically.

After receiving a state update packet, the PIM-capable router refreshes the prune state.

29.1.2 Principles of PIM-SM

The operation of Protocol Independent Multicast-Sparse Mode (PIM-SM) can be understood as

neighbor discovery, rendezvous point tree (RPT) generation, multicast source registration, and

SPT GPON. The neighbor discovery of PIM-SM is the same as that of PIM-DM.

1) RPT generation

When a host joins a multicast group (G), the leaf router which is directly connected with

the host if detecting receivers of G by sending IGMP packets, calculates an RP for G and

sends a Join message to an upper-level node of the RP for participating in the multicast

group. Every router between the leaf router and the RP will generate a (*,G) entry in its

forwarding table and therefore they will forward any packets destined for G regardless of

where the packets come from. When the RP receives a packet bound for G, the packet

will later be sent to the leaf router along the established path and then reach the host.

Finally an RPT with the RP as the root is created.

2) Multicast source registration

When multicast source S is sending a multicast packet to multicast group G, the PIM-SM router

which is directly connected with S encapsulates the multicast packet into a registration packet

and then sends it to an RP in unicast mode. If multiple PIM-SM routers exist on a network

230
GPON OLT Operation Manual V1.1

segment, the designated router (DR) sends the multicast packet.

29.1.3 Principles of PIM-SSM

PIM-Source Specific Multicast (PIM-SSM) is dependent on PIM-SM and they may coexist on a

router. Whether PIM-SSM or PIM-SM is used is subject to the multicast address in a data or

protocol packet. IANA assigns SSM an address segment (232.0.0.0 to 232.255.255.255). The

multicast groups on this address segment will not join an RPT but is processed by SSM. In

PIM-SSM, Hello packets are also transmitted periodically between routers for neighbor

discovery and DR election.

Usually IGMPv3 is deployed on the host to establish and maintain multicast group

memberships. Compared with IGMPv2, IGMPv3 is designed with the source-based filtering

function. This function allows a host to receive only the data from a specific group and even

from a specific source in this group. Based on a received IS_IN packet of IGMPv3, the

SSM-enabled router learns that a host on the network connected with the interface receiving

the IS_IN packet wants to receive (S,G) packets. This router unicasts a PIM (S,G) Join

message to the next-hop router of the multicast source hop by hop and thereby an SPT can be

established between the multicast source and the last-hop router. When the multicast source is

sending multicast data, the data reaches the receiver along the SPT.

If a host supports only IGMPv1/IGMPv2, you can configure SSM mapping on the router

connected with the host to convert the (*,G) Join messages of IGMPv1/IGMPv2 into (S,G) Join

messages.

231
GPON OLT Operation Manual V1.1

29.2 Configure PIM

29.2.1 PIM Configuration List

The operations listed in the tablemust be performed sequentially during PIM configuration. It is

recommended that PIM-DM be enabled on all the interfaces of a non-border router running in

PIM-DM domains. In contrast, PIM-SM does not need to be enabled on every interface.

Configuration Task Description Detailed


Configuration

Basic PIM Configuration Required 29.2.2

Advanced PIM Configuration Required 29.2.3

29.2.2 Basic PIM Configuration

Operation Command Remarks

Enables PIM-DM on an interface. ip pim dense-mode

Disables PIM-DM on an interface. undo ip pim dense-mode

Enables PIM-SM on an interface. ip pim sparse-mode

Disables PIM-SM on an interface. undo ip pim sparse-mode

Note:

Enable a multicast protocol before PIM-SM on an interface.

29.2.3 Advanced PIM Configuration

Operation Command Remarks

232
GPON OLT Operation Manual V1.1

Configures the transmission interval


ip pim query-interval seconds
of Hello packets.

Restores the default transmission


undo ip pim query-interval
interval.

Configures an interface as the


ip pim bsr-border
border of a BSR.

Deletes the BSR border


undo ip pim bsr-border
configuration of an interface.

Enters the PIM mode. pim

Quits the PIM mode. quit

Filters the received multicast


source-policy acl-number
packets based on the source.

Cancels source-based filtering. undo source-policy

Filters PIM neighbors. ip pim neighbor-policy acl-number

Cancels PIM neighbor filtering. undo ip pim neighbor-policy

Configures the maximum of PIM


ip pim neighbor-limit limit
neighbors for an interface.

Restores the default value. undo ip pim neighbor-limit

Configures a static RP. static-rp address

Deletes a static RP. undo static-rp

Configures a C-BSR. bsr-candidate interface-type

233
GPON OLT Operation Manual V1.1

interface-number hash-mask-length priority

Deletes a C-BSR. undo bsr-candidate

rp-candidate interface-type

Configures a C-RP. interface-number group-list acl-number

priority

rp-candidate interface-type
Deletes a C-RP.
interface-number group-list acl-number

Configures a switching threshold. spt-threshold { immediately | infinity }

Restores the default switching


undo spt-threshold
threshold.

Displays the information of PIM display ip pim interface [ vlan-interface

interfaces. vid ]

Displays the information of PIM


display ip pim neighbor
neighbors.

Displays the multicast routing tables


display ip mroute group-address [ static |
learned by PIM, including static and
dynamic ]
dynamic routing entries.

Displays dynamic and static RPs of


display ip pim rp-info group-address
PIM.

Displays the information of BSRs,


display ip pim bs
including the elected BSR and local

234
GPON OLT Operation Manual V1.1

C-BSRs.

Displays the range of SSM group


display ip pim ssm range
addresses.

Configures the range of an SSM


ssm { default | range acl }
multicast group.

Deletes the configuration of the


undo ssm { default | range acl }
range of an SSM multicast group.

Note: Be sure to enable PIM on an interface before Configure the PIM attributes of the interface.

This point must be noted when you use the commands for Configure interface attributes and will

not be given again.

Ensure that all the devices in the domain are configured with the same range of SSM multicast

group addresses. Otherwise, multicast information cannot be transmitted using the SSM model.

If members of an SSM multicast group send Join messages over IGMPv1 or IGMPv2, (*,G) Join

messages will not be triggered.

235
GPON OLT Operation Manual V1.1

Chapter 30 SNTP

30.1 SNTP Overview

The Simple Network Time Protocol Version 4 (SNTPv4), which is a subset of the Network

Time Protocol (NTP) used to synchronize computer clocks in the Internet. In common,

there is at least one server in the network, it provides reference time for clients, finally,

all clients in the network synchronized local clocks.

30.1.1 SNTP Operation Mechanism

SNTPv4 can be worked in four modes: unicast, multicast, broadcast and anycast.In unicast

mode, client actively sends a request to server, and server sends reply packet to client according

to the local time structure after receiving requirement.

In broadcast and multicast modes, server sends broadcast and multicast packets to client

periodically, and client receives packet from server passively.

In anycast mode, client actively sends request to local broadcast or multicast address, and all

servers in the network will reply to the client. Client will choose the server whose reply packet is

first received to be the server, and drops packets from others. After choosing the server, working

mode is the same as that of the unicast.

In all modes, after receiving the reply packet, client resolves this packet to obtain current

236
GPON OLT Operation Manual V1.1

standard time, and calculates network transmit delay and local time complementary, and then

adjusts current time according them.

30.2 Configure SNTP Client

30.2.1 SNTP Client Configuration List


Configuration Task Description Detailed
Configuration

Enable SNTP client Required 30.2.2

Modify SNTP client mode Optional 30.2.3

Configure SNTP sever IP address Optional 30.2.4

Modify broadcast transfer delay Optional 30.2.5

Configure multicast TTL Optional 30.2.6

Configure interval polling Optional 30.2.7

Configure overtime retransmit Optional 30.2.8

Configure valid sever list Optional 30.2.9

Configure MD5 authentication Optional 30.2.10

Display and maintain SNTP client Optional 30.2.11

30.2.2 Enable SNTP Client


Operation Command Remarks

Enter global configuration mode system-view

Enable SNTP client sntp client

237
GPON OLT Operation Manual V1.1

Disable SNTP client undo sntp client

30.2.3 Modifying SNTP Client Operating Mode

Administrators can modify SNTP operating mode according to the network------ unicast,

multicast, broadcast or anycast.

Operation Command Remarks

Enter globally configuration mode system-view

modifying SNTP client Operation sntp client mode { broadcast | unicast | Broadcast

mode multicast | anycast [ key key ] } modeby default

30.2.4 Configure SNTP Sever Address

SNTP client must configure appointed SNTP sever in the unicast way. You can also use below

Commands to configure key when connecting to SNTP server by authentication.

Operation Command Remarks

Enter globally configuration mode system-view

configure SNTP sever address sntp server IP [ key key ]

30.2.5 Modifying Broadcast Transfer Delay

When SNTP client works in the broadcast or multicast way, it needs to use broadcast transfer

delay. In the broadcast way, the local time of SNTP client equals the time receiving from sever

adds transferring time. Administrators modify the transferring time according to the actual

bandwidth in the network.

Operation Command Remarks

238
GPON OLT Operation Manual V1.1

Enter globally configuration mode system-view

configure broadcast transfer delay sntp client broadcastdelay time 3ms by default

30.2.6 Configure Multicast TTL

To restrict the pass range of multicast message, SNTP client needs configure the sending

multicast TTL when working both in the any cast and in the request way of forwarding the

multicast address.

Operation Command Remarks

Enter globally configuration system-view

Configure multicast TTL sntp client multicast ttl ttl 255 by default

30.2.7 Configure Interval Polling

Configure interval polling is necessary when SNTP client works in the uticast or any cast

way.SNTP client adjusts the local system time by each interval polling requesting to sever.

Operation Command Remarks

Enter globally configuration mode system-view

Enter port configuration mode interface ethernet device/slot/port

Configure interval polling sntp client poll-interval time 1000s by default

30.2.8 Configure Overtime Retransmist

This Command is effective in unicast and any cast operating mode. SNTP request packet is

UDP packet, overtime retransmission system is adopted because the requirement packet cannot

be guaranteed to send to the destination. Use above Commands to configure retransmit times

239
GPON OLT Operation Manual V1.1

and the interval.

Operation Command Remarks

Enter globally configuration mode system-view

configure overtime retransmit sntp client retransmit-interval time 5s by default,

By default 0,

configure overtime retransmit times sntp client retransmit times means do not
retransmit

30.2.9 Configure Valid Servers

In broadcast and multicast mode, SNTP client receives protocol packets from all servers without

distinction. When there is malice attacking server (it will not provide correct time), local time

cannot be the standard time. To solve this problem, a series of valid servers can be listed to

filtrate source address of the packet.

Operation Command Remarks

Enter globally configuration mode system-view

configure valid servers sntp client valid-server IP mask

30.2.10 Configure MD5 Authentication

To enhance the safety, MD5 authentication can be setup between SNTP sever and SNTP client

which only receives the authenticated message. MD5 authentication configures as below:

Operation Command Remarks

Enter globally configuration mode system-view

Startup MD5 authentication sntp client authenticate

240
GPON OLT Operation Manual V1.1

sntp client authentication-key key-number


Configure authentication keys
md5 value

30.2.11 Display and Maintain SNTP Client

After finishing above configuration, you can use below Commands to display SNTP client

configuration.

Operation Command Remarks

Display and maintain SNTP client display sntp client

241
GPON OLT Operation Manual V1.1

Chapter 31 802.1X

31.1 802.1X Overview

IEEE 802.1X is the accessing management protocol standard based on interface accessing

control passed in June, 2001. Traditional LAN does not provide accessing authentication. Users

access the devices and resources in LAN when connecting to the LAN, which is a security

hidden trouble. For application of motional office and CPN, device provider hopes to control and

configure user’s connecting. There is also the need for accounting.

IEEE 802.1X is a network accessing control technology based on interface which is the

accessing devices authentication and control by physical accessing level of LAN devices.

Physical accessing level here means the interface of LAN GPON devices. When getting

authentication, GPON is the in-between (agency) of client and authentication server. It obtains

user’s identity from client of accessing GPON and verifies the information through authentication

server. If the authentication passes, this user is allowed to access LAN resources or it will be

refused.

31.1.1 Architecture of 802.1X

802.1X operates in the typical client/server model and defines three entities: supplicant system,

authenticator system, and authentication server system.

Supplicant system: A system at one end of the LAN segment, which is authenticated by the

242
GPON OLT Operation Manual V1.1

authenticator system at the other end. A supplicant system is usually a user-end device and

initiates 802.1x authentication through 802.1x client software supporting the EAP over LANs

(EAPOL) protocol.

Authenticator system: A system at the other end of the LAN segment, which authenticates

the connected supplicant system. An authenticator system is usually an 802.1x-enabled

network device and provides ports (physical or logical) for supplicants to access the LAN.

Authentication server system: The system providing authentication, authorization, and

accounting services for the authenticator system. The authentication server, usually a Remote

Authentication Dial-in User Service (RADIUS) server, maintains user information like

username, password, VLAN that the user belongs to, committed access rate (CAR)

parameters, priority, and ACLs.

The above systems involve three basic concepts: PAE, controlled port, control direction.

1) PAE

Port access entity (PAE) refers to the entity that performs the 802.1x algorithm and protocol

243
GPON OLT Operation Manual V1.1

operations.

The authenticator PAE uses the authentication server to authenticate a supplicant trying to

access the LAN and controls the status of the controlled port according to the authentication

result, putting the controlled port in the authorized or unauthorized state. In authorized state,

the port allows user data to pass, enabling the supplicant(s) to access the network resources;

while in unauthorized state, the port denies all data of the supplicant(s).

The supplicant PAE responds to the authentication request of the authenticator PAE and

provides authentication information. The supplicant PAE can also send authentication

requests and logoff requests to the authenticator.

2) Controlled port and uncontrolled port

An authenticator provides ports for supplicants to access the LAN. Each of the ports can be

regarded as two logical ports: a controlled port and an uncontrolled port.

The uncontrolled port is always open in both the inbound and outbound directions to allow

EAPOL protocol frames to pass, guaranteeing that the supplicant can always send and receive

authentication frames.

The controlled port is open to allow normal traffic to pass only when it is in the authorized state.

The controlled port and uncontrolled port are two parts of the same port. Any frames arriving

at the port are visible to both of them.

3) Control direction

In the unauthorized state, the controlled port can be set to deny traffic to and from the

supplicant or just the traffic from the supplicant.

31.1.2 Rule of 802.1x

244
GPON OLT Operation Manual V1.1

The 802.1x authentication system employs the Extensible Authentication Protocol (EAP) to

exchange authentication information between the supplicant PAE, authenticator PAE, and

authentication server.

At present, the EAP relay mode supports four authentication methods: EAP-MD5, EAP-TLS

(Transport Layer Security), EAP-TTLS (Tunneled Transport Layer Security), and PEAP

(Protected Extensible Authentication Protocol).

1) When a user launches the 802.1x client software and enters the registered username and

password, the 802.1x client software generates an EAPOL-Start frame and sends it to the

authenticator to initiate an authentication process.

2) Upon receiving the EAPOL-Start frame, the authenticator responds with an

EAP-Request/Identity packet for the username of the supplicant.

3) When the supplicant receives the EAP-Request/Identity packet, it encapsulates the

username in an EAP-Response/Identity packet and sends the packet to the authenticator.

4) Upon receiving the EAP-Response/Identity packet, the authenticator relays the packet in a

RADIUS Access-Request packet to the authentication server.

5) When receiving the RADIUS Access-Request packet, the RADIUS server compares the

identify information against its user information table to obtain the corresponding password

information. Then, it encrypts the password information using a randomly generated challenge,

and sends the challenge information through a RADIUS Access-Challenge packet to the

authenticator.

6) After receiving the RADIUS Access-Challenge packet, the authenticator relays the

contained EAP-Request/MD5 Challenge packet to the supplicant.

245
GPON OLT Operation Manual V1.1

7) When receiving the EAP-Request/MD5 Challenge packet, the supplicant uses the offered

challenge to encrypt the password part (this process is not reversible), creates an

EAP-Response/MD5 Challenge packet, and then sends the packet to the authenticator.

8) After receiving the EAP-Response/MD5 Challenge packet, the authenticator relays the

packet in a RADIUS Access-Request packet to the authentication server.

9) When receiving the RADIUS Access-Request packet, the RADIUS server compares the

password information encapsulated in the packet with that generated by itself. If the two are

identical, the authentication server considers the user valid and sends to the authenticator a

RADIUS Access-Accept packet.

10) Upon receiving the RADIUS Access-Accept packet, the authenticator opens the port to

grant the access request of the supplicant. After the supplicant gets online, the authenticator

periodically sends handshake requests to the supplicant to check whether the supplicant is still

online. By default, if two consecutive handshake attempts end up with failure, the authenticator

concludes that the supplicant has gone offline and performs the necessary operations,

guaranteeing that the authenticator always knows when a supplicant goes offline.

11) The supplicant can also send an EAPOL-Logoff frame to the authenticator to go offline

unsolicitedly. In this case, the authenticator changes the status of the port from authorized to

unauthorized and sends an EAP-Failure frame to the supplicant.

31.2 Configure AAA

Finish necessary configuration of domain and RDIUS project of 802.1X authentication.

246
GPON OLT Operation Manual V1.1

31.2.1 Configure RADIUS Server

RADIUS server saves valid user’s identity. When authentication, system transfers user’s

identity to RADIUS server and transfer the validation to user .User accessing to system can

access LAN resources after authentication of RADIUS server.


Operation Command Remarks

Enter global configuration mode system-view

Enter AAA mode aaa

Enter RAIDUS configuration radius host radius-name

Configure primary auth RADIUS primary-auth-ip ip-address port

Configure primary acct RADIUS primary-acct-ip ip-address port

Configure second auth RADIUS second-auth-ip ip-address port

Configure second acct RADIUS second-acct-ip ip-address port

Configure key string of RADIUS auth-secret-key keystring

Configure key string of RADIUS acct -secret-key keystring

Configure NAS-RAIDUS address nas-ipaddress ip-address

username-format { with-domain |
Setup the username format
without-domain }

Configure accounting realtime-account

Configure the times of accouting realtime-account interval account-times

31.2.2 Configure Local User

Client need configure local user name and password.

247
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter global configuration mode system-view

Enter AAA mode aaa

local-user username name password pwd


Configure local user
[ vlan vlan-id ]

31.2.3 Configure Domain

Client need provide username and password when authentication. Username contains user’s

ISP information, domain and ISP corresponded. The main information of domain is the

RADIUS server authentication and accounting the user should be.


Operation Command Remarks

Enter global configuration mode system-view

Enter AAA mode aaa

Configure default Domain default domain-name { disable | enable }

setup Domain domain domain-name

Configure default Domain scheme scheme { local | radius [ local ] }

choice RADIUS name radius host binding radius-name

configure access limit users access-limit { enable number | disable }

active the state state { active | block }

31.2.4 Configure RADIUS Features

Configure RADIUS some compatible or special features as below:


Operation Command Remarks

248
GPON OLT Operation Manual V1.1

Enter global configuration mode system-view

Enter AAA mode aaa

Enable user re-authentication, when accounting-on { enable account-num |

it executives disable }

H3C Cams compatible under this h3c-cams { enable | disable }


feature can uprate-value /
dnrate-value to configure the
upstream bandwidth / downstream
bandwidth of the Vendor Specific
attribute name of the attribute
number.

Accounting function radius accounting

Accounting packets without


radius server-disconnect drop 1x
response need cut off users

Enable port priority radius 8021p enable This feature is


turned on, if the
user
authentication
passes, it will be
modified by the
user where the
priority of the
port.

Enable port PVID radius vlan enable This feature is


turned on, if the
user
authentication

249
GPON OLT Operation Manual V1.1

passes , it will be
modified by the
user where port
PVID is

Enable limit port of MAC address radius mac-address-number enable This feature is
numbers turned on, if the
user
authentication
passes, the user
will modify the
port about the
limiting number
of MAC address
learning.

Enable limit port bandwidth radius bandwidth-limit enable By default unit is


kbps, can be
modified through
radius
config-attribute
access-bandwidt
h unit.

31.3 Configure 802.1X

31.3.1 Configure EAP

The 802.1X authentication can be initiated by either a supplicant or the authenticator system.

A supplicant can initiate authentication by launching the 802.1x client software to send an

EAPOL-Start frame to the authenticator system, while an authenticator system can initiate

authentication by unsolicitedly sending an EAP-Request/Identity packet to an unauthenticated

250
GPON OLT Operation Manual V1.1

supplicant.
Operation Command Remarks

Enter global configuration mode system-view

set the protocol type between


dot1x { eap-finish | eap-transfer }
system and RADIUS

31.3.2 Enable 802.1x

802.1x provides a user identity authentication scheme. However, 802.1x cannot implement the

authentication scheme solely by itself. RADIUS or local authentication must be configured to

work with 802.1x

Enabling 802.1S authentication, users connected to the system can access to LAN per

passing the authentication.


Operation Command Remarks

Enter global configuration mode system-view

Enable 802.1x dot1x method { macbased | portbased }

31.3.3 Configure 802.1x Parameters for a Port

The 802.1x proxy detection function depends on the online user handshake function. Be sure

to enable handshake before enabling proxy detection and to disable proxy detection before

disabling handshake.
Operation Command Remarks

Enter global configuration mode system-view

Configure 802.1x parameters for a dot1x port-control { auto | forceauthorized

251
GPON OLT Operation Manual V1.1

port | forceunauthorized } [ interface ethernet

interface-list ]

31.3.4 Configure Re-Authentication

In EAP-FINISH way, the port supports re-authentication. After the user is authenticated, the

port can be configured to immediately re-certification, or periodic re-certification.


Operation Command Remarks

Enter global configuration mode system-view

dot1x re-authenticate [ interface ethernet


Immediately re-certification
interface-list ]

Periodic re-authentication enabled dot1x re-authentication [ interface

on a port ethernet interface-list ]

Periodic re-authentication time dot1x timeout re-authperiod time

configuration port [ interface ethernet interface-list ]

31.3.5 Configure Watch Feature

Opening function, the port without the user's circumstances, will watch regularly sends a 1x

packet, triggering the following 802.1x user authentication.


Operation Command Remarks

Enter global configuration mode system-view

dot1x daemon [ interface ethernet


Open the watch function
interface-list ]

Configuration time between sending dot1x daemontime [ interface ethernet

252
GPON OLT Operation Manual V1.1

packets Watch interface-list ]

31.3.6 Configure User Features

The operations mainly conclude of the number of users for port configuration, user and delete

users, and heartbeat detection operations.


Operation Command Remarks

Enter global configuration mode system-view

Configuration allows the maximum


dot1x max-user user-num [ interface
number of users through the
ethernet interface-list ]
authentication

dot1x user cut { username name |


Deletes the specified users online
mac-address mac-address }

dot1x detect [ interface ethernet


Open heartbeat detection
interface-list ]

Heartbeat detection time


dot1x detect interval time
configuration

253
GPON OLT Operation Manual V1.1

Chapter 32 LLDP

32.1 LLDP Overview

LLDP (Link Layer Discovery Protocol), a L2 protocol, defined by IEEE802.1AB-2005

standard has nothing to do with the manufacturer. It announces its information to other

neighbor devices in the network, receives the neighbor’s information and saves to

standard MIB of LLDP for users to check the downlink devices and connected ports for

easy network maintenance and management. Network administrator can know L2

connections by accessing.

32.1.1 LLDP Fundamentals

LLDP devices announce their own information through multicast address

01-80-c2-00-00-0e. LLDP devices will send 2 LLDP notice and the sending interval is

set by hello-time. After receiving neighbor’s advertisement, LLDP device will read the

advertisement content and save in LLDP neighbor table. LLDP neighbor table can be

aged with TTL value being aging time. If neighbor’s LLDP advertisement cannot be

received within aging time, the neighbor entry will be removed.

32.1.2 LLDP Timer

Hello-time: The time interval for sending LLDP packet.

Hold-time: LLDP aging time granularity for neighbor entry.

254
GPON OLT Operation Manual V1.1

TTL: TTL equals to hello-time ties hold-time which means aging time of neighbor entry.

32.2 Configure LLDP

32.2.1 LLDP Configuration List


Configuration Task Description Detailed
Configuration
Enable LLDP Required 32.2.2
Configure LLDP Hello-time Optional 32.2.3
Configure LLDP Hold-time Optional 32.2.4
Configure LLDP packet sending & receiving mode Optional 32.2.5
Configure LLDP managementaddress Optional 32.2.6
LLDP display and debugging Optional 32.2.7

32.2.2 Enable LLDP

Only after enabling global LLDP, all related configurations can be effective. Global and port

LLDP can be configured and saved no matter the LLDP is enabled. When global LLDP is

enabled, the configuration is effective.


Operation Command Remarks

Enter global configuration mode system-view


Enable LLDP lldp
Disabled by
Disable LLDP undo lldp
default

Enter port configuration mode interface ethernet interface-num


Enabled by
Disable interface LLDP undo lldp
default

32.2.3 ConfigureLLDP Hello-Time

255
GPON OLT Operation Manual V1.1

By default, LLDP Hello-time is 30S.


Operation Command Remarks

Enter global configuration mode system-view -


hello-time:
Configure LLDP Hello-time lldp hello-time time <5-32768>(seco
nds)
Configure default LLDP Hello-time undo lldp hello-time

32.2.4 ConfigureLLDP Hold-Time

By default, LLDP Hold-time is 4S.


Operation Command Remarks

Enter global configuration mode system-view


hold-time:
Configure LLDP Hello-time lldp hold-time time
<2-10>(seconds)
Configure default LLDP Hello-time undo lldp hold-time

32.2.5 ConfigureLLDP Packet Transferring and Receiving Mode on


Port

There are three types of mode:

Rx: receiving only.

Tx: transferring only.

Rxtx: transferring and receiving.

By default, the mode for all ports is rxtx, that is, transferring and receiving all LLDP packets.
Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

256
GPON OLT Operation Manual V1.1

Configure LLDP packet transferring


lldp { rx | rxtx | tx }
and receiving mode on port

32.2.6 Configure LLDP Management Address

Management address is the IP address of the device.LLDP devices use the vlan-interface IP

address to encapsulate the LLDP packet and send the packet to the neighbor.
Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode interface ethernet interface-num

lldp management-address { vlan-interface


Configuremanagementaddress
| supervlan-interface } vlan-id

Delete managementaddress undo lldp management-address

32.2.7 LLDP Display and Debugging

After the above configurations, you can execute the display commands in any configuration

mode to display information, so as to verify your configurations.


Operation Command Remarks
display lldp [ interface ethernet
Display LLDP status
interface-num ]

257
GPON OLT Operation Manual V1.1

Chapter 33 PPPoE Plus

33.1 PPPoE Plus Overview

The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating

Point-to-Point Protocol (PPP) frames inside Ethernet frames. It is used mainly with DSL

services where individual users connect to the DSL modem over Ethernet and in plain Metro

Ethernet networks. It was developed by UUNET, Redback Networks and RouterWare and is

available as an informational RFC 2516.

33.2 ConfigurePPPoE Plus

33.2.1 PPPoE PlusConfiguration List


Configuration Task Description Detailed
Configuration

Enable PPPoE Plus Required 33.2.2

Configure Option Content Optional 33.2.3

PPPoE Plus Monitor and Maintenance Optional 33.2.4

33.2.2 Enable PPPoE Plus

PPPoE packet will be forwarded to trust port. Trust port should be configured after enable this

function. Generally, PPPoE plus will add option content to PPPoE packet. If the received

PPPoE packet has contained option content, the handling strategy will be defined.

258
GPON OLT Operation Manual V1.1

Operation Command Remarks


Enter global configuration mode system-view
Enable PPPoE Plus pppoeplus
Disable PPPoE Plus undo pppoeplus
Enter interface configuration mode interface ethernet interface-num

Configure PPPoE trust port pppoeplus trust

Delete PPPoE trust port undo pppoeplus trust

pppoeplus strategy { drop | keep | replace


Configure option strategy
| transmit }

Configure PPPoE drop PADO/PADI pppoeplus drop { padi | pado }

Delete PPPoE drop PADO/PADI undo pppoeplus drop { padi | pado }

33.2.3 ConfigureOption Content

The option content need to be added before PPPoE packet forwarding out, the contents of this

option can be determined by a variety of ways. Option content can be specified in interface

configuration mode. If the content is not specified, it will be constructed according to

configured rules. If pppoe plus type is self-defined, the format should also be specified.
Operation Command Remarks
Enter global configuration mode system-view

pppoeplus type { huawei | standard |

self-defined { ciruit-id { string | vlan | port |

Configure PPPoE Plus type GPON-mac | hostname | client-mac } * |

remote-id { string | GPON-mac | hostname |

client-mac } * }

Configure default PPPoE Plus type undo pppoeplus type By default, type

259
GPON OLT Operation Manual V1.1

is standard

Configure format pppoeplus format { binary | ascii } Optional

By default, it is
Configure default format undo pppoeplus format
binary

pppoeplus delimiter { colon | dot | slash |


Configure delimiter
space }
By default, it is
Configure default delimiter undo pppoeplus delimiter
space
Enter interface configuration mode interface ethernet interface-num
Specify circuit ID pppoeplus circuit-id string
Delete PPPoE cid undo pppoeplus circuit-id

33.2.4 PPPoE Plus Monitor and Maintenance

After finishing above configuration, user can check the configurations by command below.
Operation Command Remarks
display pppoeplus interface [ ethernet
Display PPPoE Plus configuration
interface-list ]

260
GPON OLT Operation Manual V1.1

Chapter 34 CFM

34.1 CFM Overview

CFM (Connectivity Fault Management, the connectivity fault management protocol), defined

by the IEEE 802.1ag standard is a Layer 2 link on the VLAN-based end to end OAM

mechanism used to Carrier Ethernet fault management.

34.1.1 CFM Concepts

Concept Remark

Maintenancefieldindicates that even the fault detectionis covered through a network of

its boundary is configured onaportrangedefined by the MEPs. Maintenance ofthe

domain of "Maintain the domain name"to identify, according to network planning can

be divided into eight levels.


MD
Between different domains can bemaintained adjacent toor nested, but can’t

cross,and the nesteddomain can only bemaintainedby the high-level domain to the

lowlevel maintenancenested, that is, low-levelmaintenance ofthe domain

mustbeincluded in the domainof high-level maintenance department.

Within the maintenancedomain can be configured as neededto maintain multiple sets,


Maintenance
eachset ismaintained withinsomemaintenance to maintainthe set point.
set
Maintenanceset to "maintainthedomain name +maintenanceset name"to identify.

261
GPON OLT Operation Manual V1.1

Maintainset service on aVLAN, to maintainfocus on themaintenancepoint of sending

packets of thebandarethe VLAN tag, at thesametime Maintainfocus onthe

maintenancepoint can receive byMaintainfocus on its maintenancepointsentthe

message.

Maintenance points configured on a port, part of a maintenance set, can be divided

into MEPs and MIPs two.

(1)MEP IDin orderto maintainendpoint identity, whichdefinesthe scope

andmaintenance ofthe domain boundary.MEP has a directional, sub-UPMEP and

Maintenance DOWN MEP for the two.MEP direction that themaintenance ofdomain relative to the

point location oftheport. DOWN MEP isthe port whereto send its message, UP MEPport

whereit is not sent to themessage, butit isthe port to the device send its message.

(2)Maintenance in themaintenance ofthe domainbetweenpointswithin thedepartment,

not the mainaction issued CFMprotocol packets, but can handle andrespond to CFM

protocol packets.

34.1.2 CFM Main Function

Connectivity fault detection based on a reasonable and effective application deployment and

configuration over the network, its function is maintained in the configuration between points,

as long as the following functions:

Function Remark

Continuity It is a proactive OAM functionality is used to detect the state to maintain connectivity

detection between endpoints. Connectivity failure may be caused by equipment failure or

262
GPON OLT Operation Manual V1.1

configuration error.

It is akind ofon-demandOAM functions for thelocaldevice and remote


Loopback
authenticationbetween enddevices connected state.

Link It is akind ofon-demandOAM functions for thelocal device todeterminethe path between

tracking the remote devices, in order to achieve the positioning of link failure.

34.2 Configure CFM

CFM function in the configuration before the network should carry the following plan:

 For the maintenance of the entire network to carry out sub-domain level, determine the

level of maintenance of the domain boundary.

 Determine the maintenance of the domain name, the same domain on a different device

to maintain the same name.

 Required monitoring of VLAN, determine the set of maintenance within the maintenance

domain.

 Determine the maintenance set name, the same maintenance domain within the same set

on different devices to maintain the same name.

 That the same maintenance domain within the same set of maintenance to maintain a list

of endpoints in the different devices should remain the same.

 In the maintenance field and set the boundaries of the maintenance port on the endpoint

should be planned maintenance, non-border or port equipment maintenance can be planned

on a mid-point.

 After the completion of network planning, come line the following configuration.

263
GPON OLT Operation Manual V1.1

34.2.1 CFM Configuration List


Configuration Task Description Detailed
Configuration

Maintain Field Configuration Required 34.2.2

Configuration and maintenance level domain name Required 34.2.3

Configure to maintain set Required 34.2.4

Configure name and the associated VLAN to maintain set Required 34.2.5

Configure MEPs Required 34.2.6

Configure Remote Maintenance endpoint Required 34.2.7

Configure MIPs Optional 34.2.8

Configure continuity detection Required 34.2.9

Configure loopback Optional 34.2.10

Configure link tracking Optional 34.2.11

Display and maintenance of the CFM Optional 34.2.12

34.2.2 Maintain Field Configuration


Operation Command Remarks

Enter global configuration mode system-view

Create a maintenance domain, and

domain configuration into cfm md md-index

maintenance mode

34.2.3 Configuration and Maintenance Level Domain Name

264
GPON OLT Operation Manual V1.1

In order to distinguish between the various maintenance domain, you can specify a different

domain for each maintenance of domain names, the name by the name of the format and

content of two parts, the whole network a unique domain name is best; to display nested

relationship between the maintenance domain, must also designated to maintain the domain

level, only the level of maintenance of large domain nested level can only be a small

maintenance domain.
Operation Command Remarks

Enter global configuration mode system-view

Domain configuration into


cfm md md-index
maintenance mode

Configuration without the

maintenance of domain names, only cfm md format none level md-level

the specified field level maintenance

Equipped with the maintenance of

the domain name, and specify the cfm md format { dns-name | mac-uint |

domain name and level of string } name md-name level md-level

maintenance

34.2.4 Configure Maintain Set


Operation Command Remarks

Enter global configuration mode system-view

To maintainthe domainconfiguration cfm md md-index

265
GPON OLT Operation Manual V1.1

mode to enter

Created to maintain set, and enter

the configuration mode set to cfm ma ma-index

maintain

34.2.5 Configure Name and Associated VLAN to Maintain Set

In order to maintain the distinction between the various domains to maintain set, you can

specify a different set for each to maintain the instance name, instance name, the name by the

name of the format and content of two parts, the maintenance of set where the maintenance of

the domain name plus the instance name must ensure that all network only.
Operation Command Remarks

Enter global configuration mode system-view

To maintainthe domainconfiguration
cfm md md-index
mode to enter

Enter the configuration mode set to


cfm ma ma-index
maintain

The name of the configuration set cfm ma format { primary-vid | string |

and maintain the VLAN associated uint16 | vpn-id } name ma-name

with the main primary-vlan vlan-id

34.2.6 Configure MEPs

CFM is mainly reflected in the maintenance of a variety of endpoints operating on, the user can

program the network port on the network configuration to maintain the boundary endpoints.

266
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter global configuration mode system-view

To maintainthe domainconfiguration
cfm md md-index
mode to enter

Enter the configuration mode set to


cfm ma ma-index
maintain

cfm mep mep-id direction { up | down }


Create a maintenance endpoint, and
[ primary-vlan vlan-id ] interface ethernet
specify its associated port
port-id

Enable the state to maintain Required


cfm mep mep-id state { enable | disable }
endpoint management Default is off

CCMand configure the endpoint to Optional

send maintenance to use the cfm mep mep-id priority priority-id Default priority is

priorityLTM 0

34.2.7 Configure Remote Maintenance Endpoint

Remote maintenance end point is equivalent to the local maintenance of the end points, and in

the maintenance of concentration, in addition to the maintenance of the local endpoint, all

other maintenance endpoints should be configured in the local endpoint for the remote

maintenance.
Operation Command Remarks

Enter global configuration mode system-view

267
GPON OLT Operation Manual V1.1

To maintainthe domainconfiguration
cfm md md-index
mode to enter

Enter the configuration mode set to


cfm ma ma-index
maintain

Creating remote maintenance end

point, and specify the end of its peer cfm rmep rmep-id mep mep-id

MEPs

34.2.8 Configure MIPs

MIPs used to test the response of CFM message, the user can program the network device or

in non-border ports configured to maintain the mid-point.


Operation Command Remarks

Enter global configuration mode system-view

To maintainthe domainconfiguration
cfm md md-index
mode to enter

Enter the configuration mode set to


cfm ma ma-index
maintain

Create a maintenance intermediate


cfm mip mip-id interface ethernet port-id
point, and specify its associated port

34.2.9 Configure Continuity Detection

Continuity detection through configuration, can be made ​ ​ to maintain interoperability

between endpoint CCM packets to check the connectivity between these endpoints maintain

268
GPON OLT Operation Manual V1.1

state in order to achieve the link connectivity management.


Operation Command Remarks

Enter global configuration mode system-view

To maintainthe domainconfiguration
cfm md md-index
mode to enter

Enter the configuration mode set to


cfm ma ma-index
maintain

Configuration maintenance interval


cfm cc interval { 1 | 10 | 60 | 600 } 1s by default
endpoint to send theCCM

Enable sending MEPccm cfm mep mep-id cc { enable | disable } Default is off

Caution:

Different devices at the same maintenance domain and maintain a centralized maintenance

endpoint, the sending time interval of CCM must be the same.

34.2.10 Configure Loopback

By Configure the loopback function, you can check the source to the target MEPs MEPs or

MIPs link between the situations in order to achieve the link connectivity verification.
Operation Command Remarks

Enter global configuration mode system-view

To maintainthe domainconfiguration
cfm md md-index
mode to enter

Enter the configuration mode set to cfm ma ma-index

269
GPON OLT Operation Manual V1.1

maintain

cfm loopback mep mep-id { dst-mac

mac-address | dst-mep rmep-id } [ priority


Start loopback
pri-id | count pkt-num | length data-len |

datapkt-data ]

34.2.11 ConfigureLink Tracking

By Configure the link tracking, you can find the source to the target MEPs MEPs or

maintenance intermediate point between the path in order to achieve the positioning of link

failure.
Operation Command Remarks

Enter global configuration mode system-view

To maintainthe domainconfiguration
cfm md md-index
mode to enter

Enter the configuration mode set to


cfm ma ma-index
maintain

cfm linktrace mep mep-id { dst-mac

mac-address | dst-mep rmep-id } [ timeout


Start Tracking link
pkt-time | ttl pkt-ttl | flag { use-mpdb |

unuse-mpdb } ]

34.2.12 Display and Maintenance of CFM

After completing the above configuration, you can use the following command to display the

270
GPON OLT Operation Manual V1.1

CFM configuration.
Operation Command Remarks

The Maintenance domain


display cfm md [ md-index ]
information

The Maintenance Set Information display cfm ma

Display the end point of


display cfm mp local
maintenance information

Remote maintenance point


display cfm mp remote
information display

Display CCM statistics display cfm cc

Clear CCM statistics clear cfm cc

CCM database information display display cfm cc database

Clear CCM database information clear cfm cc database

CFM alarm information display display cfm errors

271
GPON OLT Operation Manual V1.1

Chapter 35 EFM

35.1 EFM Overview

EFM (Ethernet of First Mile) as the first mile Ethernet, defined by the IEEE 802.3ah
standard, used for the two devices point to point Ethernet link between the management and
maintenance.

35.1.1 EFM Main Function

EFM Ethernet can effectively improve the management and maintenance capabilities to

ensure the stable operation of the network, its main features include:

Function Remarks

EFM functionality built on the basis of connections, EFM connection establishment

process is achieved by the auto-discovery of EFM.

EFM EFM work in two modes: active mode and passive mode, EFM connected only by

auto-discovery the active mode of EFM entity initiated the passive mode EFM physical entity can

only wait for the end of the connection requests are in a passive mode of the two an

EFM can’t be established between the entities connected.

When the device detects a link event of an emergency, the fault will end EFM

Remote failure entity's Flag by Information OAMPDU fault information field (the type of emergency

indication event link) EFM notification to the peer entity. In this way, administrators can log

information by observing the dynamic understanding of the link state, the

272
GPON OLT Operation Manual V1.1

corresponding error in a timely manner for processing.

Event types, including emergency Link Fault, Dying Gasp and Critical Event of

three.

Link monitoring function is used in a variety of environments and found that the link

layer fault detection, EFM through interactive Event Notification OAMPDU to

monitor the link: When the end of the EFM to detect the general physical link event,
Link monitoring
the Event Notification sent to its peer OAMPDU for notification, the administrator
capabilities
can log information by observing the network to dynamically control the situation.

Event types include general link-errored-symbol-period,

errored-frame, errored-frame-period, errored-frame-seconds four.

Remote loopback is active mode EFM entity sends to the remote except OAMPDU

than all other messages, the remote receives the packet forwarding address is not

its purpose, but the road back to its original The end.
Remote loopback
Remote loopback is controlled by remote Loopback Control OAMPDU remote

loopback or remote loopback operation to cancel the function can be used to detect

the link quality and positioning of link failure.

EFM entities can interact with Variable Request / Response OAMPDU far end of the

Remote access to entity to obtain the MIB variable value.Include Ethernet MIB variable chain on the

MIB variable road all the performance parameters and error statistics. It provides a local EFM

function physical entity on the far side of the general performance and error detection

mechanisms.

Description:

273
GPON OLT Operation Manual V1.1

We said so to the EFM port functions as "EFM Entities”.

35.1.2 EFM Protocol Packets

EFM working in the data link layer, the protocol packet is called OAMPDU (OAM Protocol Data

Units, OAM protocol data unit).EFM is through regular interaction between the device

OAMPDU to report link status, enabling network administrators to effectively manage the

network.

Message type Effect

EFM entity status for the information (including local information, the

Information OAMPDU remote information and custom information) sent to the remote entity

EFM, EFM connections to maintain.

Generally used for link monitoring on local and remote connected EFM
Event Notification OAMPDU
physical link failures in the warning.

Mainly use for remote loopback control in order to control the EFM

loopback state of remote device. The packet has the information of


Loopback Control OAMPDU
enabling or disabling loopback .Enabling or disabling remote loopback

based on this information.

Variable Request / Mainly used for remoteMIBvariable values, in order to achieve the end of

Response OAMPDU the remote state prosecution.

35.2 Configure EFM

35.2.1 EFM Configuration List

274
GPON OLT Operation Manual V1.1

Configuration Task Description Detailed


Configuration

EFM Basic Configuration Required 35.2.2

Configure EFM Timer Parameter Optional 35.2.3

Configure Remote Failure Indication Optional 35.2.4

Configure Link Monitoring Capabilities Optional 35.2.5

Enabling Remote Loopback Optional 35.2.6

Rejecting Remote Loopback Requests Initiated by Remote Optional 35.2.7

Initiating a Remote Loopback Request Optional 35.2.8

Starting Remote Access Function MIB Variable Optional 35.2.9

MIB Variable Access Requests Initiated by Remote Optional 35.2.10

Display and Maintenance of EFM Optional 35.2.11

35.2.2 EFM Basic Configuration

EFM mode of operation is divided into proactive mode and passive mode, when the EFM

function enabled, the Ethernet port started to use the default mode of operation and the

establishment of its peer port connected EFM.


Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num -

By default, EFM
StartEFM efm
is off

275
GPON OLT Operation Manual V1.1

By default, EFM

EFMmode configuration efm mode { passive | active } mode to active

mode

35.2.3 Configure EFM Timer Parameter

EFM connection is established, both ends of the EFM entity will be a certain time interval to

send Information OAMPDU cycle to detect whether the connection is normal, the interval is

called the interval to send handshake packets. If one end of the connection timeout EFM entity

within an entity does not receive remote EFM sent Information OAMPDU, EFM is considered

disconnected.

EFM handshake by adjusting packet transmission interval and the connection timeout, the

connection can change the EFM detection accuracy. With Configure OAMPDU remote request

message to the response timeout, then discard the message which receiving the later

response message to the OAMPDU if the time is out.

Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num

Configurethe interval to send


efm pdu-timeout time 1s by default
handshake packetsEFM

Configure the connection


efm link-timeout time 5s by default
timeoutEFM

276
GPON OLT Operation Manual V1.1

Response timeout configuration efm remote-response-timeout time 2s by default

Caution:

Because EFM connection times out, the local entity will EFM EFM aging and physical

connection to the end of the relationship, the EFM connection is broken, so the connection

must be greater than the timeout interval to send handshake packets (Recommended for 3

times or more) , otherwise it will lead to EFM connection instability.

35.2.4 Configure Remote Failure Indication

Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num

By

efm remote-failure { link-fault | dying-gasp default,remote


Startremote failure indication
| critical-event } failure indication

is enabled

Description:

Remote failure indication function device supports a single-pass function required to detect the

local emergency link to the remote event notification, in the single-pass functions are not

supported on the device, the local emergency is detected only in the event link end of reporting

alarms and can’t notify the remote.

35.2.5 Configure Link Monitoring Capabilities

277
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num

efm link-monitor { errored-symbol-period | By default, the

Startlink monitoring capabilities errored-frame | errored-frame-period | link monitoring is

errored-frame-seconds } enabled

Configureerrored-symbol-periodeve efm link-monitor errored-symbol-period

nt detection cycle window high win-value1 low win-value2

Configureerrored-symbol-periodeve efm link-monitor errored-symbol-period

nt detection threshold threshold high th-value1 low th-value2

Configureerrored-frameevent efm link-monitor errored-frame window

detection cycle win-value

Configureerrored-frameevent efm link-monitor errored-frame threshold

detection threshold th-value

Configureerrored-frame-periodevent efm link-monitor errored-frame-period

detection cycle window win-value

Configureerrored-frame-periodevent efm link-monitor errored-frame-period

detection threshold threshold th-value

Configureerrored-frame-secondsev efm link-monitor errored-frame-seconds

ent detection cycle window win-value

Configureerrored-frame-secondsev efm link-monitor errored-frame-seconds

ent detection threshold threshold th-value

278
GPON OLT Operation Manual V1.1

Description:

 errored-symbol-period threshold event detection cycle and a 64-bit integer value, high

and low parameter values, respectively, after the value of the high and low 32-bit, that is,

the integer value = (high * (2 ^ 32)) + low.

35.2.6 Enabling Remote Loopback

By default, loopback at the far end is in the off state. It can only support the far end loopback

device starts far end loopback.

Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num

Start remote loopback efm remote-loopback

35.2.7 Rejecting Remote Loopback Requests Initiated by Remote

As the remote loopback function will be affected normal business in order to avoid this

situation, users can configure the local port of the peer sent from the Loopback Control

OAMPDU control, which refused to end the remote initiated EFM loopback request.

Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num

Reject remote loopback requests By default, the


efm remote-loopback { ignore | process }
initiated by remote remote refused

279
GPON OLT Operation Manual V1.1

to initiate a

remote loopback

request

35.2.8 Initiating a Remote Loopback Request

Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num

Initiate a remote loopback request efm remote-loopback { start | stop }

Description:

 Only when the port EFM connection has been created, and the mode of EFM proactive

mode, in order to launch on the far side of the port loopback request.

 Only the port side and far side far side loopback support feature, and in full-duplex chain

on the road to achieve the far end loopback.

 In the open far end loopback, it will cause all data traffic in off; when the exit far end

loopback, the local and remote port will be back to normal. Lead to far-side exit port

loopback reasons: use undo EFM command to close the EFM function, use the EFM

remote-loopback stop command or exit the far end loopback connected EFM over time

and so on.

35.2.9 Starting Remote Access Function MIB Variable

Operation Command Remarks

280
GPON OLT Operation Manual V1.1

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num

By default,

Startthe remote access remote access to


efm variable-retrieval
functionMIBvariable MIB variable is

enabled

35.2.10 MIB Variable Access Requests Initiated by Remote

Operation Command Remarks

Enter global configuration mode system-view

Enter port configuration mode. interface ethernet interface-num

Port for the remote display efm port port-id-list remote-mib

deviceMIBvariable value { phyadminstate | autonegadminstate }

Access to remote devices display efm remote-mib { fecability |

globalMIBvariable values fecmode }

Description:

 Only when the port EFM connection has been created, EFM working model is for the

proactive mode, the far side far side port supports MIB variable access function to the port

on the far end of the MIB variable for initiating the request.

 Currently only supports remote query capability of FEC, FEC mode, port status and port to

enable auto-negotiation enabled, the other MIB variables can later be added on demand

to achieve.

281
GPON OLT Operation Manual V1.1

35.2.11 Display and Maintenance of EFM

After completing the above configuration, you can use the following command to display the

EFM configuration.

Operation Command Remarks

display efm status interface [ ethernet


Display EFMprotocol running
interface-num ]

Display summary informationEFM display efm summary

display efm discovery interface [ ethernet


Display EFMfind information
interface-num ]

Display EFMprotocol packet display efm statistics interface [ ethernet

statistics interface-num ]

clear efm statistics interface [ ethernet


ClearEFMprotocol packet statistics
interface-num ]

282
GPON OLT Operation Manual V1.1

Chapter 36 ERRP

36.1 ERRP Overview

Ethernet Redundant Ring Protocol is a link layer protocol specifically designed for

Ethernet ring. It prevents broadcast storms caused by data loops when the Ethernet ring is

complete; when a link on the Ethernet ring is disconnected, the communication path between the

nodes on the ring network can be quickly restored. Compared with STP, ERRP has the

characteristics of fast topological convergence speed and convergence time independent of the

number of nodes on the ring network.

In order to avoid conflict between ERRP and STP in calculating port congestion / release

status, ERRP and STP are mutually exclusive on the enabled port. That is, the STP protocol

cannot be enabled by the two ports connected to the ERRP ring, and STP can be enabled by the

other ports.

36.1.1 Concept Introduction

ERRP region

The ERRP region is identified by an integer ID. A set of GPON groups configured with the

same domain ID, control VLAN and connected to each other form an ERRP domain. An ERRP

domain has the following constituent elements:

283
GPON OLT Operation Manual V1.1

 ERRP loop

 VLAN controlled by ERRP

 Master node

 Transport node

 Edge node and assistant edge node

ERRP loop

The ERRP ring is also identified by an integer ID, and an ERRP ring physically corresponds to

a ring-connected Ethernet topology. An ERRP domain consists of an ERRP ring or multiple

ERRP rings that are connected to each other. One of them is the master ring and the other ring

is a sub-ring. The master ring and the sub-ring are distinguished by the specified level at the

time of configuration. The level of the primary ring is 0 and the level of the sub-ring is 1.

The ERRP ring has two states:

Health state: All links of the ring are normal and the physical link of the ring is connected.

Fault state: The link on the ERRP ring is faulty. One or many physical links of the ring network

are down.

Node role

The node on the ERRP ring is divided into the master node and the transit node. The node role

is specified by the user. The master node is the decision-making and control node for ring

284
GPON OLT Operation Manual V1.1

protection. Each ERRP ring must specify only one master node. All nodes except the master

node are called transit nodes.

If more than one ERRP ring intersects, one of the intersecting nodes is designated as an edge

node and the other intersecting node is designated as an assistant edge node. The role of the

two nodes on the master ring is the transit node. The two nodes role of the sub-ring is the edge

node and the assistant edge node. The specific role of the sub-ring can be specified by the

user. There is no special requirement, mainly to distinguish the two nodes.

Port role

Each node of an ERRP ring has two ports connected to a ring. User can specify one of the

ports as the primary port and the other port as the secondary port. The master port of the

master node is used to send health detection message (hello message), received from the

secondary port of the main node. The master port and secondary port of the transit node are

functionally indistinguishable. To prevent the loop from causing broadcast storms, if the ERRP

ring is normal, the secondary port of the master node is blocked and all the other ports are in

the forwarding state.

If multiple ERRP rings intersect, the ports in the intersecting nodes that access both the

primary ring and the sub-ring (that is, the port of the primary ring and the sub-ring common link)

are called common ports at the same time. Only the ports that access the sub-rings are called

edge ports. Conceptually, a public port is not considered to be a port of a sub-ring, it is

regarded as part of the main ring, that is, the public link is the link of the primary ring, not the

285
GPON OLT Operation Manual V1.1

link of the sub-ring. The state change of the public link is only reported to the master node of

the primary ring. The master node of the sub-ring does not need to know.

Control VLAN

Control VLAN is relative to the data VLAN, the data VLAN is used to transmit data messages,

control VLAN is used to transmit ERRP protocol messages.

Each ERRP region has two control VLANs, called the primary control VLAN and the

sub-control VLAN. The protocol message of the primary ring is propagated in the master

control VLAN, and the protocol message of the sub-ring is propagated in the sub-control VLAN.

User need to specify the primary control VLAN. The VLAN that is one greater than the master

control VLAN ID, is used as the sub-control VLAN.

Only port (ERRP port) connecting the Ethernet of each GPON belongs to the control VLAN,

and the other ports cannot join the control VLAN. The ERRP port of the primary ring belongs to

both the primary control VLAN and the sub-control VLAN. The ERRP port of the sub-ring

belongs to the sub-control VLAN. The data VLAN can contain ERRP ports or non-ERRP ports.

The primary ring is regarded as a logical node of the sub-ring. The protocol messages of the

sub-ring are transmitted through the primary ring and processed in the primary ring as data

messages. The protocol messages of the primary ring are transmitted only within the primary

ring. Don’t enter sub-rings.

Query Solicit function

286
GPON OLT Operation Manual V1.1

ERRP is used in conjunction with IGMP Snooping, if the topology of the ERRP changes, the

forwarding state of the port will be changed. If the multicast state is not updated through the

IGMP Snooping module after the port state changes, the multicast forwarding may become

abnormal. To introduce the query solicit function. When a topology change occurs in the ERRP,

the device sends a query solicit message or a general IGMP query message to all the ports so

that the member port re-initiates an IGMP report to update the multicast entry.

36.1.2 Protocol Message

HELLO message

The hello message is initiated by the master node, and detects loop integrity of the network.

The master node periodically sends HELLO message from its primary port, and the transit

node forwards the message to the next node, which is then received by the secondary port of

the master node. Periodically send, and the sending period is Hello timer.

LINK_UP message

The LINK_UP message is initiated by the transit node, edge node, or assistant edge node that

recovers the link. It informs the master node that there is link recovery on the loop. Trigger to

send.

LINK_DOWN message

287
GPON OLT Operation Manual V1.1

The LINK_DOWN message is initiated by the transit node, edge node, or assistant edge node

that fails the link. It informs the master node that there is link failure on the loop, and the

physical loop disappears. Trigger to send.

COMMON_FLUSH_FDB message

It is initiated by the master node, and informs the transit node, the edge node and the assistant

edge node to update their respective MAC address forwarding tables. Trigger on link failure or

link recovery.

COMPLETE_FLUSH_FDB message

It is initiated by the master node, and informs the transit node, the edge node and the assistant

edge node to update their respective MAC address forwarding tables, and informs the transit

node to release the blocked state of the port temporarily blocking the data VLAN. It is sent

when the link recovery (That is, the secondary port of the master node receives Hello packets)

is complete.

EDGE_HELLO message

The EDGE_HELLO message is initiated by the edge node of the sub-ring to check the loop

integrity of the major ring in the domain.

Edge nodes send EDGE_HELLO messages periodically from the two ports connected to the

primary ring. The nodes in the primary ring process the message as data message and receive

288
GPON OLT Operation Manual V1.1

them from the assistant edge nodes on the same sub-ring. Periodically send, sending cycle is

the Edge Hello timer.

MAJOR_FAULT message

The MAJOR_FAULT message is originated by the assistant edge node and reports to the

edge node that the primary ring of the domain is faulty. When the assistant edge node of the

sun-ring cannot receive the EDGE_HELLO message from the edge node in the specified time,

the assistant edge node sends a MAJOR_FAULT message from its edge port. After the

sub-ring node receives the message, it forwards the message directly to the next node, and

finally the edge node of same sub-ring receives. Periodically send after triggering, the sending

period is Edge Hello timer.

36.1.3 Operate Principle

Health status

The master node periodically sends the hello message from its primary port, which in turn

travels through the transit nodes of the ring. If the secondary port of the master node receives

a hello message before it times out, it considers that the ERRP ring is health status. The status

of the master node reflects the health of the ring. When the ring network is in a healthy state,

the master node blocks its secondary port in order to prevent the data message from forming a

broadcast loop.

289
GPON OLT Operation Manual V1.1

Link failure

Two mechanisms are provided for detecting link failures:

(1) LINK_DOWN escalation and processing:

When an ERRP port of the transit node detects a port Link Down, the node sends a

LINK_DOWN message to the master node from the ERRP PORT in the up state that is paired

with the faulty port.

After the master node receives the LINK_DOWN message, the node state is immediately

changed for failed state. Disable the blocking state of the secondary port. The FDB table is

refreshed and a COMMON_FLUSH_FDB message is sent from the primary and secondary

ports to notify all transit nodes to refresh their respective FDB tables.

After receiving the COMMON_FLUSH_FDB message, the transit node immediately refreshes

the FDB table and starts learning the new topology.

(2) Polling mechanism:

The fault reporting mechanism is initiated by the transit node. In order to prevent the

LINK_DOWN message from losing during transmission, the master node implements the

Polling mechanism. The Polling mechanism is the mechanism that the master node of the

ERRP ring actively detects the health status of the ring network. The master node periodically

sends HELLO message from its master port, and then transmits it through the transmission

nodes.

290
GPON OLT Operation Manual V1.1

If the master node can receive the HELLO message from the secondary port in time, it

indicates that the ring network is complete and the master node will keep the secondary port

blocked. If the secondary port of the master node cannot receive HELLO message in the

specified time, it is considered that a link fault has occurred on the ring network. The fault

handling process is the same as the LINK_DOWN process mechanism.

Link recovery

There are two situations to deal with:

(1) LINK_UP escalation and processing

After the ports of the transit node that belong to the ERRP region are re-up, the master node

may find loop recovery after a certain period of time. In the time, the network may form a

temporary loop, which makes data VLAN produce a broadcast storm.

In order to prevent the generation of the temporary loop, the transit node moves to the

Preforwarding state and immediately blocks the port that has just been recovered, after it finds

the port accessing the ring network re-up. At the same time, the transmitting node that has

recovered the link sends a LINK_UP message to the master node from ERRP port that is

paired with the recovery port in the UP state. After receiving the LINK_UP message from the

transmitting node, the master node sends a COMMON_FLUSH_FDB message from the

primary port and the secondary port to notify all transit nodes to refresh the FDB table. The

291
GPON OLT Operation Manual V1.1

port recovered by the transit node only releases the blocked state after receiving the

COMPLETE_FLUSH_FDB packet sent by the master node or the Preforward timer expires.

The response of the master node to the LINK_UP message does not represent the response

processing to the ring network recovery. If multiple links on the ring network fail and then one

of the links is restored, the LINK_UP reporting mechanism and the response mechanism of the

master node are introduced to quickly refresh the FDB tables of the nodes on the ring.

(2) Ring network recovery processing:

Ring network recovery processing is initiated by the main node. The master node sends the

Hello messages periodically from the master port. After the faulty link on the ring network is

restored, the master node will receive its own test messages from the secondary port. After

receiving the HELLO message from the host, the master node first moves the state back to the

complete state, blocks the secondary port, and then sends the COMPLETE_FLUSH_FDB

message from the primary port. After receiving the COMPLETE_FLUSH_FDB message, the

transit node moves back to the Link_Up state, releases the temporarily blocked port, and

refreshes the FDB table.

If the COMPLETE_FLUSH_FDB message is lost during transmission, a backup mechanism is

adopted to recover the temporarily blocked port of the transit node. The transmission node is in

the Pre-forwarding state, if the COMPLETE_FLUSH_FDB message from the master node is

not received in the specified time, Self-release temporary blocking port, restore data

292
GPON OLT Operation Manual V1.1

communication.

36.1.4 Multi-loop Intersection Processing

Multi-ring and single-ring is almost the same, The difference between a multi-ring and a single

ring is that multiple rings are introduced the sub-ring protocol message channel state detection

mechanism in the main ring, after the channel is interrupted, the edge port of the edge node is

blocked before the secondary port of the master node of the sub-ring is released to prevent the

data loop from forming between the sub-ring. For details, see Sub-channel Protocol Channel

Status Check Mechanism on the Main Ring.

In addition, when a node on the master ring receives a COMMON-FLUSH-FDB or

COMPLETE-FLUSH-FDB message from the sub-ring, it will refresh the FDB table. The

COMPLETE-FLUSH-FDB of the sub-ring does not cause the sub ring transit node to release

the temporarily blocked port. The COMPLETE-FLUSH-FDB message of the primary ring does

not do so.

36.2 Configure ERRP

36.2.1 ERRP Configuration List

Configuration Task Description Detailed


Configuration

ERRP Configuration List Required 36.2.2

293
GPON OLT Operation Manual V1.1

Configure Time Parameter Optional 36.2.3

Configure Domain Required 36.2.4

Configure Work Mode Optional 36.2.5

Configure Control VLAN Required 36.2.6

Configure the Ring Required 36.2.7

Enable/Disable ERRP Ring Required 36.2.8

Configure the Query Solicit Function Optional 36.2.9

Configure the Topology Discovery Function Optional 36.2.10

Display and Maintenance of ERRP Optional 36.2.11

36.2.2 Enable/Disable ERRP

Operation Command Remarks

Enter the global configuration mode system-view

Enable ERRP errp

Disable ERRP undo errp

36.2.3 Configure Time Parameter

User can modify the ERRP timer parameters as requirement, but make sure that the timer

parameters are the same on all nodes. Ensure that the value of the Failed timer is not less

than 3 times the Hello timer value.

Operation Command Remarks

294
GPON OLT Operation Manual V1.1

Enter the global configuration mode system-view

Enter the global configuration mode errp hello-timer value

Configure the health message timer errp fail-timer value

Configure the information timeout


errp preup-timer value
timer

Configure the recovery delay timer errp hello-timer value

36.2.4 Configure Domain

Operation Command Remarks

Enter the global configuration mode system-view

Create and enter the domain errp domain domain-id

configuration mode

Delete domain undo errp domain [ domain-id ]

36.2.5 Configure Work Mode

In order to connect with other vendors device, user can modify the work mode in the ERRP

domain, and configure multiple ERRP domains on the same device. Each domain can be

configured with different work modes. All the nodes in the same ERRP domain must work in the

same mode.

By default, it works in standard mode. Support compatible with EIPS and RRPP.

Operation Command Remarks

Enter the global configuration mode system-view

295
GPON OLT Operation Manual V1.1

Create and enter the domain errp domain domain-id

configuration mode

Configure work mode workmode { standard | huawei |

eips-subring }

36.2.6 Configure Control VLAN

Control VLAN is relative to the data VLAN, the data VLAN is used to transmit data message,

control VLAN is used to transmit ERRP protocol message.

Each ERRP domain has two control VLANs, called the primary control VLAN and the sub-control

VLAN. The protocol messages of the primary ring are propagated in the master control VLAN,

and the protocol messages of the sub-ring are propagated in the sub-control VLANs. User needs

to specify only the primary control VLAN and a VLAN with the maximum control VLAN ID of 1 as

the sub-control VLAN.

When an ERRP port sends protocol messages, it always takes control VLAN tags, regardless of

whether the ERRP port is in trunk mode.

Operation Command Remarks

Enter the global configuration mode system-view

Create and enter the domain errp domain domain-id

configuration mode

Configure control VLAN control-vlan vlan-id

Delete control VLAN undo control-vlan

296
GPON OLT Operation Manual V1.1

36.2.7 Configure the Ring

To avoid conflict between ERRP and STP in calculating port blocking / releasing status, ERRP

and STP are mutually exclusive on the port. Before specifying an ERRP port, user must disable

STP on the port.

If a device is on multiple ERRP rings of the same ERRP domain, only one master ring can exist.

The node role of the device on other sub-rings can be only the edge node or assistant edge

node.

The ERRP field takes effect only when both the ERRP protocol and the ERRP ring enable. To

enable the ring, user must first configure the control VLAN.

ERRP ring is divided into the main ring and sub-ring. Respectively use 0,1.

Operation Command Remarks

Enter the global configuration mode system-view

Create and enter the domain errp domain domain-id

configuration mode

Configure ring and ring levels ring ring-id role master primary-port

pri-port secondary-port sec-port level level

Configure transit node ring ring-id roletransit primary-port pri-port

secondary-port sec-port level level

Configure edge node ring ring-id roleedge common-port

common-port edge-port edge-port

297
GPON OLT Operation Manual V1.1

Configure assistant-edgenode ring ring-id role assistant-edge

common-port common-port edge-port

edge-port

Delete ring undo ring [ ring-id ]

36.2.8 Enable/Disable ERRP Ring

Operation Command Remarks

Enter the global configuration mode system-view

Create and enter the domain errp domain domain-id

configuration mode

Enable/Disable ERRP Ring ring ring-id { enable | disable }

36.2.9 Configure the Query Solicit Function

This function is used to cooperate with IGMP SNOOPING. When the topology of the ERRP ring

network changes, it immediately notifies the IGMP querier to resend the IGMP general query to

update the IGMP SNOOPING multicast database in time. Currently, there is not related standard.

The query solicit message is private and the IGMP type is 0xff.

Specific implementation is as follows:

1. The default Query solicitation function is enabled on the master node, the transit node

closes Query solicitation function.

2. The master node topology change is determined by: The master node status is from Health

298
GPON OLT Operation Manual V1.1

to Fault or from Fault to Health.

3. Other nodes topology changes are determined by: The primary and secondary port status is

from forwarding to non-forwarding (block/disable) or from non-forwarding to forwarding

(block/disable).

4. When the node detects a topology change: If the node itself is the IGMP querier, it

immediately sends a General Query message to all the ports. Otherwise, immediately send a

Query Solicit message to all ports;

5. After the IGMP querier receives the Query Solicit message: Respond immediately to the

receiving port a General Query message.

Operation Command Remarks

Enter the global configuration mode system-view

Create and enter the domain errp domain domain-id

configuration mode

Enable query-solicit ring ring-id query-solicit

Disable query-solicit undo ring ring-id query-solicit

36.2.10 Configure the Topology Discovery Function

Operation Command Remarks

Enter the global configuration mode system-view

Create and enter the domain errp domain domain-id

configuration mode

299
GPON OLT Operation Manual V1.1

Enable topo-collect topo-collect

Disable topo-collect undo topo-collect

36.2.11 Display and Maintenance of ERRP

Operation Command Remarks

Display ERRP Domain display errp [ domain domain-id [ ring

ring-id ] ]

Display ERRP control-vlan display errp control-vlan [ vlan-id ]

Display ERRP topology discovery display errp topology [ domain domain-id

[ ring ring-id ] | summary [ domain

domain-id [ ring ring-id ] ]

300
GPON OLT Operation Manual V1.1

Chapter 37 ERPS

37.1 ERPS Overview

ERPS (Ethernet Ring Protection Switching) is released by ITU-T with the convergence rate of

telecommunication level. If all devices inside the ring support this agreement, it can achieve

intercommunication.

37.1.1 ERPS Basic Conception

ERPS mainly includes ERPS ring, node, port role and port status.

1.ERPS Example

EPRS instance is formed by the same instance ID, control VLAN and interconnected GPON.

2.Control VLAN

Control VLAN is the transmission VLAN of ERPS protocol, and the protocol packet will carry

corresponding VLAN tag.

3.RPL

RPL (Ring Protection Link), Link designated by mechanism that is blocked during Idle state to

301
GPON OLT Operation Manual V1.1

prevent loop on Bridged ring

4.ERPS ring

ERPS ring is EPRS basic unit. It composed by a set of the same control VLAN and the

interlinked L2 GPON equipment.

5.Node

The L2 GPON equipment added in ERPS ring are called nodes. Each node cannot be added

to more than two ports in the same ERPS ring. The nodes are divided into RPL Owner,

Neighbor, Next Neighbor, and Common.

6.Port Role

In ERPS, port roles include: RPL Owner, Neighbor, Next Neighbor, and Common:

RPL Owner: An ERPS ring has only one RPL Owner port configured by the user and it

prevents loops in the ERPS ring via blocking the RPL Owner port. The node that owns the RPL

Owner port becomes the RPL Owner node.

RPL Neighbour: An ERPS ring has only one RPL Neighbor port configured by the user and it

must be a port connected to the RPL Owner port. If the network is normal, it will block together

with the RPL Owner port to prevent loops in the ERPS ring. The node with the RPL Neighbor

port becomes the RPL Neighbor node.

302
GPON OLT Operation Manual V1.1

RPL Next Neighbour: An ERPS ring can have up to two RPL Next Neighbor ports configured

by the user. It must be the port connecting the RPL Owner node or the RPL Neighbor node. To

become the RPL Next Neighbor node, the RPL Next Neighbor port should own the node of

RPL Next Neighbor port.

Note:RPL Next Neighbour nodes are not much different from ordinary nodes. They can be

replaced by Common nodes.

Common: The common port. The ports except RPL owner, Neighbor and Neighbor port are

common ports. If the node has only the Common port, this node will become the Common

node.

7.Port Status

In the ERPS ring, the port status of the ERPS protocol is divided into three types.

Forwarding: In Forwarding status, the port forwards user traffic and receives / forwards

R-APS packets. Moreover, it forwards R-APS packets from other nodes.

Discarding: In the Discarding status, the port can only receive / forward R-APS packets and

cannot forward R-APS packets from other nodes.

Disable: port in Linkdown status.

8.Wrok Mode: ERPS operating mode

Work mode includes: revertive and non-revertive.

303
GPON OLT Operation Manual V1.1

Revertive: When the link fails, the RPL link is in the release protection state and the RPL link

is re-protected after the faulty link is restored to prevent loops.

Non-revertive: After the fault is rectified, the faulty node remains faulty (without entering

Forwarding) and the RPL link remains in the release protection state.

37.1.2 ERPS Ring Protection Mechanism

ERPS uses ETH CFM for link monitoring. When the network is normal, a blocking link is set on

the ring network to prevent the ring network from ringing. If a fault occurs in the network, a

blocked backup link is opened to ensure uninterrupted link between each node. The general

process is as follows:

As shown , when six devices are connected in a ring and the link is in the IDLE state, the loop

is removed via setting the RPL link and locking the port (RPL Owner port).

304
GPON OLT Operation Manual V1.1

When a node on the link detects a fault, it immediately blocks the faulty node and reports the

fault message (R-APS (SF)) to all the other devices in the ring. After receiving the message, all

other nodes refresh the FDB. The RPL owner port receives the fault message, and the

recovery port is in the forwarding state. The ERPS ring enters the protection state. As shown in

the Figure:

when the link of the faulty device recovers, it sends RAPS (NR) packets to other devices in

the ring to inform them that there is no local request. When the RPL owner receives the packet,

it will block the port and send the R-APS (NR, RB) message again after some time. After

receiving the packet, the other nodes will refresh the FDB entry. Later, the port of the faulty

node will be restored to the forwarding state, and the ring will revert to the IDLE state.

305
GPON OLT Operation Manual V1.1

37.2 Configure ERPS

37.2.1 ERPS Configuration List


Configuration Task Description Detailed
Configuration

Enable/Disable ERPS Required 37.2.2

Configure ERPS Instance Required 37.2.3

Configure Connectivity Detection of ERRP Link Optional 37.2.4

Configure ERPS Related Timers Optional 37.2.5

ERPS Display and Maintenance Optional 37.2.6

37.2.2 Enable/Disable ERPS


Operation Command Remarks

Enter the global configuration mode system-view

306
GPON OLT Operation Manual V1.1

Enable ERPS erps

Disable ERPS undo erps

37.2.3 Configure ERPS Instance


Operation Command Remarks

Enter the global configuration mode system-view

Configure erps instance erps instance instance-id

Configure control-vlan control-vlan vlan id

Configure work-mode work-mode { revertive | non-revertive }

Configure ring id ring ring id

Configure ring level ring level

{ port0 | port1 } ethernet interface-num


Configure ring port role
[ neighbor | next-neighbour | owner ]

Configure protected-instance protected-instance inst-list

Enable/Disable ring ring [ enable | disable ]

Note:

About Ring ID: ERPS ring ID, the last byte of the DMAC in the R-APS message is Ring Id.

From G.8032 can be learned that the ERPS ring ID can be the same, and the control VLAN

needs to be different. The reverse is also true. The ring ID of each instance can be 1 to 239,

and the control VLAN does not allow duplication.

To configure ERPS port, you must disable the spanning tree.

307
GPON OLT Operation Manual V1.1

37.2.4 Configure Connectivity Detection of ERRP Link

In ERPS, there is no HELLO packet to monitor link connectivity in real time. Instead, it uses the

CC function in ETH CFM to detect the link connectivity by sending ETH-CC messages

between the two ports. Therefore, you need to configure the CFM CC for the ports in the ERPS.

In the ERRP instance, you need to configure the MEL (MEG level, which must be consistent

with the CFM configuration).

For more information about CFM, please refer to the CFM User Manual.

Command Remarks
Operation

Enter the global configuration mode system-view

Configure erps instance erps instance instance-id

Configure MEL mel level

37.2.5 Configure ERPS Related Timers

ERPS has two timers: WTR timer and Guard timer.

WTR timer: When the RPL owner port is restored to the Forwarding state due to another

device or link failure, if the fault is restored and some ports may not have been changed from

the Down state to the Up state, it starts the WTR timer when the RPL owner port receives the

fault-free RAPS packet from a port to prevent the shock of blocking point; If the fault is

received before the timer expires, the WTR timer is disabled. If a faulty RAPS packet from

another port is received before the timer times out, the WTR timer will be disabled. If the WTR

timer does not receive any faulty RAPS packets from other ports, it will block the RPL Owner

308
GPON OLT Operation Manual V1.1

port and send RPL blocking RAPS packets after timed out. After receiving the packet, the

other ports set the forwarding state of its own port as Forwarding state.

Guard timer: After the failure recovery, the equipment involved in link failure or node failure

will send R-APS packet to the other devices and it will start the Guard Timer at the same time.

The device does not process RAPS packets until the timer times out with the purpose to

prevent the receipt of outdated faulty R-APS packets. If the device receives the faulty RAPS

packet from another port after the timer times out, the port forwarding state will turn to

Forwarding.

Operation Command Remarks

Enter the global configuration mode system-view

Configure erps instance erps instance instance-id

Configure wtr-timer wtr-timer timer value

Configure guard-timer guard-timer timer value

37.2.6 ERPS Display and Maintenance


Operation Command Remarks

Display ERPS information display erps [ instance instance id ]

Display control-vlan display erps control-vlan [ vid ]

Display the sending and receiving display erps [ instance instance id ]


statistics
packets

Display the sending and receiving


clear erps [ instance instance id ] statistics
packets

309
GPON OLT Operation Manual V1.1

Chapter 38 FlexLink

38.1 FlexLink Overview

Flex links is layer 2 links backup protocol which provides for STP option scheme. Choose

Flex links to realize link backup when the STP is not wanted in customer network. If STP

enables, flex links is disabled. Flex links consists of a pair of interfaces (can be ports or

convergent interface). One interface is transmitting data, the other is standby. The backup

interface starts transmitting data when there is default in master link. The failure interface will

be standby when it turns well and it will be transmitting data in 60 seconds when preempt

mechanism is set. Flex links interface should disable STP and Flex links interface can

configure bandwidth and delay being preempt mechanism and the superior one will be the

master interface. There must be trap alarm when master or backup link default.

Flex Link is dedicated to dual-uplink networks. It delivers the following benefits:

-Keeping one uplink connected and the other blocked when both uplinks in a dual uplink

network are healthy, thus preventing broadcast storms caused by network loops.

-Switching the traffic to the backup link within a few sub-seconds when the primary link fails,

thus ensuring the normal forwarding of traffic in the network.

-Easy to configure.

38.1.1 Basic Concept of Flex Links

310
GPON OLT Operation Manual V1.1

1. Flex Links group

A Flex link group consists of only two member ports: the master and the slave. At a time, only

one port is active for forwarding, and the other port is blocked, that is, in the standby state.

When link failure occurs on the active port due to port shutdown or presence of unidirectional

link for example, the standby port becomes active to take over while the original active port

transits to the blocked state.

2. Master port

The master port of a Flex link group is a port role specified using commands. It can be an
Ethernet port (electrical or optical), or an aggregate interface.

3. Slave port

The slave port of a Flex link group is another port role specified using commands. It can be an
Ethernet port (electrical or optical), or an aggregate interface. The link on which the slave port
resides is called the backup link.

4. MMU (MAC address-table Move Update)message

When link switch over occurs in a Flex link group, the old forwarding entries are no longer

useful for the new topology. Therefore, all devices in the network need to refresh their MAC

address forwarding entries. Flex Link notifies devices to refresh their MAC address forwarding

entries by sending MMU messages to them.

38.1.2 Operating Mechanism of Flex Link

This section uses the network shown in the below figure to describe the Flex link mechanism

as the link status transiting from normal, to faulty, and then to recovery.

311
GPON OLT Operation Manual V1.1

Link-Normal Operating

GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 of GPON A form a Flex link group, with the

former as the master port and the latter as the slave port. When both uplinks are healthy, the

master port is in the forwarding state, while the slave port is in the standby state, and the links

on which the two ports are seated respectively are called the primary link and the backup link.

In this case, data is transmitted along the link indicated by the blue line. There is no loop in the

network, hence no broadcast storms either.

Link-Faulty Handling

When the primary link on GPON A fails, the master port GigabitEthernet 0/0/1 transits to the

312
GPON OLT Operation Manual V1.1

standby state, while the slave port GigabitEthernet 0/0/2 transits to the forwarding state. A link

switch over occurs. After the link switchover, the MAC address forwarding entries kept on the

devices in the network may become incorrect, and need to be refreshed, so that traffic can be

rapidly switched to another link, thus avoiding traffic loss. Currently, one mechanism is

available for refreshing MAC address forwarding entries: MMU message-notified refreshing.

This mechanism is applicable when the upstream devices (such as GPON B, GPON C, and

GPON D in the Figure) support Flex Link and are able to recognize MMU messages.

To enable rapid link switch over, you need to enable GPON A to send MMU messages, and all

upstream devices’ ports that are on the dual uplink network to receive and process MMU

messages.

After link switchover occurs on GPON A, MMU messages are sent along the new primary link,

that is, through GigabitEthernet 0/0/2. When an upstream device receives and handles a MMU

message, transmit MAC address carried in the MMU message to the receiving port.

After that, when GPON D receives a data packet destined for Host A, Host B, Host C, GPON D

will broadcasts the packet at Layer 2; GPON C will search MAC address table after receiving it,

and forward it to GPON A from GE0/0/2; GPON A forward it to Host A, Host B, Host C. In this

way, data traffic can be forwarded correctly.

This mechanism will update MAC address without waiting for entry aged. Generally, the whole

link will be shifted in milliseconds without traffic lost.

Link-Recovery Working Modes


Flex Link supports three working modes: role preemption, non-role preemption and bandwidth

313
GPON OLT Operation Manual V1.1

preemption. Under different modes, the port state changes are different:

 If role preemption is configured, when the primary link recovers, the master port enters the

forwarding state and takes over the traffic, while the slave port enters the standby state. The

slave port transits from standby to forwarding only when the primary link fails.

 If non-role preemption is configured, when the primary link recovers, the slave port

remains in the forwarding state, while the master port remains in the standby state, so as to

keep the traffic stable.

 If bandwidth preemption is configured, when the primary link recovers, the slave port

remains in the forwarding state if it occupies more bandwidth, while the master port remains in

the standby state; the slave port transits from forwarding to standby only when master port

occupies more bandwidth.


As shown in the Figure, if role preemption is configured on the Flex link group on GPON A,
when the link of GigabitEthernet 0/0/1 on GPON A recovers, GigabitEthernet 0/0/2 is
immediately blocked and transits to the standby state, while GigabitEthernet 0/0/1 transits to
the forwarding state. If non-role preemption is configured, when the link of GigabitEthernet
0/0/1 on GPON A recovers, GigabitEthernet 0/0/1 remains in the standby state, and no link
switch over occurs, thus keeping the traffic stable.

38.2 Configure FlexLinks

38.2.1 FlexLinks Configuration List


Configuration Task Description Detailed
Configuration
Configure Flex Links group Required 38.2.2
Configure Flex Links preemption mode Optional 38.2.3

314
GPON OLT Operation Manual V1.1

Configure Flex links preemption delay Optional 38.2.4


Configure Flex links MMU Optional 38.2.5
Flex Links monitor and maintenance Optional 38.2.6

38.2.2 Configure FlexLinks group


Configure Flex Links group needs specify master and slave port. If master port is Ethernet port,
the configuration should be in interface configuration mode; if master port is channel-group
port member, the configuration should be in global configuration mode.
Operation Command Remarks
Enter global configuration mode system-view
channel-group-n
umber_1 is
channel-group channel-group-number_1
master
Configure Flex Links group backup { interface device/slot/port_2 |
port,port_2/chan
channel-group channel-group-number_2 }
nel-group-numbe
r_2 is slave port
undo channel-group
Delete Flex Links group
channel-group-number_1 backup
Enter interface configuration mode interface ethernet device/slot/port_1
port_1 is master
port,
port backup { interface device/slot/port_2 |
Configure Flex Links group port_2/channel-g
channel-group channel-group-number_2 }
roup-number_2
is slave port
Delete Flex Links group undo port backup

Note:
The STP of master port and slave port should be disabled, and cannot be ERRP port.

38.2.3 Configure FlexLinks Preemption Mode


At a time, only one port is active for forwarding, and the other port is blocked, that is, in the

315
GPON OLT Operation Manual V1.1

standby state. When link failure occurs on the active port due to port shutdown or presence of
unidirectional link for example, the standby port becomes active to take over while the original
active port transits to the blocked state.
Operation Command Remarks
Enter global configuration mode system-view -
channel-group-n
channel-group channel-group-number_1
umber_1 is
backup { interface device/slot/port_2 |
Configure Flex Links preemption master
channel-group channel-group-number_2 }
mode port,port_2/chan
preemption mode { forced | bandwidth |
nel-group-numbe
off }
r_2 is slave port
Enter interface configuration mode interface ethernet device/slot/port_1
port backup port_1 is master
{ interface device/slot/port_2 | port,
Configure Flex Links preemption
channel-group channel-group-number_2 } port_2/channel-g
mode
preemption mode { forced | bandwidth | roup-number_2
off } is slave port

38.2.4 Configure FlexLinks Preemption Delay


After Configure Flex Links preemption mode, the port will not be active status immediately.
There has to be a time delay. The default delay is 45s.
Operation Command Remarks
Enter global configuration mode system-view -
channel-group-n
channel-group channel-group-number_1 umber_1 is
Configure Flex links preemption backup { interface device/slot/port_2 | master
delay channel-group channel-group-number_2 } port,port_2/chan
preemption delay <1-60> nel-group-numbe
r_2 is slave port
Enter interface configuration mode interface ethernet device/slot/port_1 -
Configure Flex links preemption port backup { interface device/slot/port_2 | port_1 is master

316
GPON OLT Operation Manual V1.1

delay channel-group channel-group-number_2 } port,


preemption mode <1-60> port_2/channel-g
roup-number_2
is slave port

38.2.5 Configure FlexLinks MMU


MMU messages are used by a Flex link group to notify other GPON to refresh their MAC
address forwarding entries and ARP/ND entries when link switch over occurs in the Flex link
group. MMU messages are common unicast data packets, and will be dropped by a blocked
receiving port. This function is disabled by default.
Operation Command Remarks
Enter global configuration mode system-view -
port_1 is master
port,
mac-address-table move update { transmit
Configure Flex links MMU port_2/channel-g
| receive }
roup-number_2
is slave port

38.2.6 FLexLinks Monitor and Maintenance


After finishing above configuration, user can check the configurations by command below.
Operation Command Remarks
Display configured Flex Links group display interface switch backup

Display Flex Links MMU status display mac-address-table move update

317
GPON OLT Operation Manual V1.1

Chapter 39 Monitorlink

39.1 Monitorlink Overview

Monitor Link is developed to complement the Flex Link feature. By monitoring the uplink, and

synchronizing the downlink with the uplink, Monitor Link triggers the switch over between the

primary and backup links in a Flex link group, thus perfecting the link redundancy mechanism of

Flex Link.

39.1.1 Monitor Link Group


A monitor link group is a set of uplink and downlink ports. Downlink ports adapt to the state
changes of uplink ports.

318
GPON OLT Operation Manual V1.1

As shown in the figure, ports GigabitEthernet 0/0/1, GigabitEthernet 0/0/2, and GigabitEthernet

0/0/3 of GPON A form a monitor link group.

1. Uplink Port

An uplink port is a monitored port in a monitor link group. It is a port role specified using

commands. It can be an Ethernet port (electrical or optical), or an aggregate interface.

As shown in the figure, GigabitEthernet 0/0/1 of GPON A is the only uplink port of the monitor

link group configured on the device.

For a monitor link group that has multiple uplink ports, as long as at least one of its uplink ports

is in the forwarding state, the monitor link group is up. However, when all uplink ports of the

monitor link group fail, the monitor link group goes down, shutting down all the downlink ports.

319
GPON OLT Operation Manual V1.1

If no uplink port is specified in a monitor link group, the system considers the monitor link

group’s uplink ports to be faulty, and thus shuts down all the downlink ports in the monitor link

group.

2. Downlink Port

A downlink port is a monitoring port in a monitor link group. It is another port role specified

using commands. It can be an Ethernet port (electrical or optical), or an aggregate interface.

As shown in the figure, GigabitEthernet 0/0/2 and GigabitEthernet 0/0/3 of GPON A are two

downlink ports of the monitor link group configured on the device.

Note:

When a monitor link group’s uplink ports recover, only downlink ports that were blocked due to

uplink port failure will be brought up. Downlink ports manually shut down will not be brought up

automatically. The failure of a downlink port does not affect the uplink ports or other downlink

ports.

39.1.2 Monitor Link Mechanism

As shown in the below figure, to provide reliable access to the Internet for the hosts, a Flex link

group is configured on GPON A. GigabitEthernet 0/0/1 is the master port of the Flex link group,

and is in the forwarding state. GigabitEthernet 0/0/2 is the slave port.

320
GPON OLT Operation Manual V1.1

To avoid traffic interruption due to the failure of the link on which GigabitEthernet 0/0/1 of

GPON B resides, configure a monitor link group on GPON B, and specify GigabitEthernet

0/0/1 as the uplink port, and GigabitEthernet 0/0/2 as the downlink port.

When the link on which GigabitEthernet 0/0/1 of GPON B resides fails, the monitor link group

shuts down its downlink port GigabitEthernet 0/0/2, triggering a link switch over in the Flex link

group configured on GPON A.

When the link on which GigabitEthernet 0/0/1 of GPON B resides recovers, the downlink port

GigabitEthernet 0/0/2 is also brought up, triggering another link switch over in the Flex link

group if role preemption is configured in the Flex link group on GPON A.

321
GPON OLT Operation Manual V1.1

Collaboratively, Monitor Link and Flex Link deliver reliable link redundancy and fast

convergence for dual-uplink networks.

39.2 Configure Monitor Link

39.2.1 MonitorLink Configuration List


Configuration Task Description Detailed
Configuration
Configure MonitorLink Group Required 39.2.2
Monitor Link monitor and maintenance Optional 39.2.3

39.2.2 Configure MonitorLink Group

If the port is Ethernet port, configuration should be in interface configuration mode; if port is

channel-group member, configuration should be in global configuration mode.

Operation Command Remarks


Enter global configuration mode system-view
channel-group channel-group-number
Monitor Link for channel-group monitor-link-group group-ID { uplink |
downlink }
undo channel-group channel-group-number
Delete channel-group from Monitor
monitor-link-group group-ID { uplink |
Link group
downlink }

Enter interface configuration mode interface ethernet device/slot/port

port monitor-link-group group-ID { uplink


Monitor Link for port
| downlink }
undo port monitor-link-group group-ID
Delete port from Monitor Link group
{ uplink | downlink }

322
GPON OLT Operation Manual V1.1

39.2.3 MonitorLink Monitor and Maintenance

After finishing above configuration, user can check the configurations by command below.

Operation Command Remarks


Display Monitor Link group display monitor-link-group

323
GPON OLT Operation Manual V1.1

Chapter 40 L3 Base Function


Configuration

40.1 L3 Base Function Overview

The L3 GPON is a 10-Gigabit intelligent routing GPON based on the application specific

integrated circuit (ASIC) technology and supports layer 2 (L2) and layer 3 (L3) forwarding. It

performs L2 forwarding when hosts in the same virtual local area network (VLAN) access each

other and L3 forwarding when hosts in different VLANs access each other.

40.2 ConfigureL3 Base Function

40.2.1 L3 Base Function Configuration List


Configuration Task Description Detailed
Configuration

Planning VLANs and creating L3 interfaces Required 40.2.2

Configure the forwarding mode Required 40.2.3

Creating VLAN interfaces for common VLANs Required 40.2.4

Creating superVLAN interfaces and adding VLANs to the


Required 40.2.5
superVLAN

Configure IP addresses for VLAN or superVLAN interfaces Required 40.2.6

324
GPON OLT Operation Manual V1.1

Configure an IP address range for VLAN or superVLAN


Required 40.2.7
interfaces

Configure the Address Resolution Protocol (ARP) proxy Required 40.2.8

Display interface configurations Required 40.2.9

Configure unicast reverse path forwarding (URPF) Required 40.2.10

Disabling the function of sending Internet Control Message

Protocol (ICMP) packets with an unreachable destination Required 40.2.11

host on interfaces

40.2.2 Planning VLANs and Creating L3 Interfaces

For details about VLAN planning, see VLAN configurations.

L3 interfaces are classified into common VLAN interfaces and superVLAN interfaces.

Common VLAN interfaces are created on VLANs and superVLAN interfaces on superVLANs

(superVLANs do not exist or contain any port).

40.2.3 Configure the Forwarding Mode

The L3 GPON supports stream forwarding and network topology-based forwarding. In stream

forwarding mode, The L3 GPON identifies the failed route or the unreachable destination host

route and sends packets to the CPU for further processing. In network topology-based

forwarding mode, The L3 GPON directly discards the packets. By default, The L3 GPON works

in stream forwarding mode.

325
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode. system-view

Set the packet forwarding mode in


ip def cpu
the system to stream forwarding.

Set the packet forwarding mode in

the system to network undo ip def cpu

topology-based forwarding.

Display the configured packet


display ip def cpu
forwarding mode.

40.2.4 Creating VLAN Interfaces for Common VLANs

A VLAN interface needs to be configured for each VLAN that performs L3 forwarding or the

VLAN needs to be added to the superVLAN.

Operation Command Remarks

Enter the global configuration mode. system-view

Create a VLAN interface with the

VLAN ID being vid and enter the interface vlan-interface vid

VLAN interface configuration mode.

Return to the global configuration


quit
mode.

326
GPON OLT Operation Manual V1.1

Delete the VLAN interface with the


undo interface vlan-interface vid
VLAN ID being vid.

40.2.5 Creating SuperVLAN Interfaces and Adding VLANs to the


SuperVLAN

SuperVLAN interfaces are used for communication between hosts in different VLANs in the

same network segment. SuperVLAN interfaces are implemented through the ARP proxy.

Operation Command Remarks

Enter the global configuration mode. system-view

Create a superVLAN interface with

the interface ID being vid and enter


interface supervlan-interface vid
the superVLAN interface

configuration mode.

Return to the global configuration


quit
mode.

Delete the superVLAN interface with


undo interface supervlan-interface vid
the interface ID being vid.

Configure sub VLANs for the


subvlan vid
superVLAN interface.

Delete the sub VLANs configured undo subvlan vid

327
GPON OLT Operation Manual V1.1

for the superVLAN interface.

40.2.6 Configure IP Addresses for VLAN or SuperVLAN Interfaces

Each VLAN or superVLAN interface can be configured with a maximum of 32 IP addresses

and the IP addresses of VLAN or superVLAN interfaces cannot be in the same network

segment. The first IP address of an interface will be automatically selected as the primary IP

address. When the primary IP address is deleted, the interface automatically selects another

IP address as the primary IP address or a configured IP address can be manually specified as

the primary IP address. For example, if the IP address of VLAN interface 1 is 10.10.0.1/16, the

IP addresses of other interfaces must not be in the 10.10.0.0/16 network segment (such as

10.10.1.1/24).

Operation Command Remarks

Enter the global configuration mode. system-view

Enter the VLAN or superVLAN interface vlan-interface vid

interface configuration mode. interface supervlan-interface vid

Configure an IP address and a mask


ip address ipaddress ipaddress mask
for the interface.

Delete all IP addresses of the


undo ip address
interface.

Delete the specified IP address of undo ip address ipaddress ipaddress mask

328
GPON OLT Operation Manual V1.1

the interface.

Configure the primary IP address for


ip address primary ipaddress
the interface.

40.2.7 Configure an IP Address Range for VLAN or SuperVLAN


Interfaces

Each VLAN or superVLAN interface can be configured with a maximum of eight IP address

ranges. After an IP address range is configured, only the ARP entries within this range can be

learnt so as to restrict user access. When a VLAN or superVLAN interface is deleted, relevant

configurations are automatically deleted.

For superVLAN interfaces, sub VLANs can be specified at the same time so that the set

address range is applicable only to these sub VLANs.

Operation Command Remarks

Enter the global configuration mode. system-view

Enter the VLAN or superVLAN interface vlan-interface <vid>

interface configuration mode. interface supervlan-interface <vid>

Configure the IP address range

supported by this interface, ranging ip address range startip endip

from startip to endip.

Delete all IP address ranges undo ip address range

329
GPON OLT Operation Manual V1.1

supported by the interface.

Delete the specified IP address


undo ip address range startip endip
ranges supported by the interface.

Configure the IP address range for


ip address range startip endip vlan vlanid>
sub VLANs of the superVLAN.

Delete the IP address ranges of the undo ip address range startip endip vlan

sub VLANs of the superVLAN. vlanid

40.2.8 Configure the ARP Proxy

ARP request packets are broadcast packets and cannot pass through VLANs. If the ARP

proxy function is enabled, ARP interaction is supported between hosts in sub VLANs of the

same superVLAN. When the ARP proxy is disabled, the hosts of the sub VLANs in the

superVLAN interface cannot communicate with each other.

By default, the ARP request packets from all sub VLANs are processed in the preceding

manner. In addition, relevant commands can be used to prevent the ARP request packets from

a sub VLAN from being broadcast to other sub VLANs when they are processed by the ARP

proxy.

Operation Command Remarks

Enter the VLAN configuration mode. vlan vlanid

Enable the arp-proxy function for the arp-proxy

330
GPON OLT Operation Manual V1.1

VLAN.

Disable the arp-proxy function for


undo arp-proxy
the VLAN.

Enable the arp-proxy broadcast


arp-proxy broadcast
function for the VLAN.

Disable the arp-proxy broadcast


undo arp-proxy broadcast
function for the VLAN.

Display the information about the


display arp-proxy
ARP proxy configured in the system.

Display information about the ARP

proxy broadcast function configured display arp-proxy broadcast

in the system.

40.2.9 Display VLAN and SuperVLAN Interface Information

The L3 GPON integrates VLAN interface information and superVLAN interface information.

They can be viewed by running a unified display command.

Operation Command Remarks

Display information about the VLAN display ip interface [ [ vlan-interface

and superVLAN interfaces currently vlanid ] | [ supervlan-interface

configured in the system. supervlanid ] ]

331
GPON OLT Operation Manual V1.1

40.2.10 Configure URPF

URPF aims to prevent network attack behaviors based on source address spoofing. URPF

obtains the source address and ingress interface of a packet and uses the source address as

the destination address to query the routing table for the matching route. The packet is

forwarded if it meets conditions and discarded if it does not meet conditions. Two URPF

modes are supported:

Strict mode: In this mode, the source address must exist in the routing table and the egress

interface of the source address of the packet is the same as the ingress interface of the packet.

Loose mode: In this mode, the system only checks whether the source address of the packet

exists in the unicast routing table. If yes, the packet is forwarded.

Operation Command Remarks

Enter the global configuration mode. system-view

Enter the VLAN or superVLAN interface vlan-interface vid

interface configuration mode. interface supervlan-interface vid

Enable URPF for this interface and


urpf { loose | strict }
specify the URPF mode.

Disable URPF for this interface. undo urpf

Display URPF information in the


display urpf
system.

332
GPON OLT Operation Manual V1.1

40.2.11 Disabling the Function of Sending ICMP Packets with an


Unreachable Destination Host on Interfaces

To avoid attacks from address scanning software similar to ip-scan, users can disable the

function of sending ICMP packets with an unreachable host on interfaces.

Operation Command Remarks

Enter the global configuration mode. system-view

Enter the VLAN or superVLAN interface vlan-interface vid

interface configuration mode. interface supervlan-interface vid

Enable the function of this interface

for sending ICMP packets with an ip icmp unreachable

unreachable destination

Disable the function of this interface

for sending ICMP packets with an undo ip icmp unreachable

unreachable destination

Display the configuration of the

function of sending ICMP packets display ip icmp unreachable

with an unreachable destination

333
GPON OLT Operation Manual V1.1

Chapter 41 Static Route


Configuration

41.1 Static Route Overview

The GPON is an ASIC-based Gigabit intelligent GPON, in which a layer-3 forwarding and

routing table is maintained to specify the next hops of routes and relevant information. These

routes may be learned dynamically through routing protocols or added manually. A static route

is a route to an address or a network segment which is configured manually.

41.2 Configure Static Route

41.2.1 Static Route Configuration List


Configuration Task Description Detailed
Configuration

Adds a static routing entry Required 41.2.2

Deletes a static routing entry Required 41.2.2

Displays a specified routing entry Optional 41.2.3

Displays an ECMP routing entry Optional 41.2.3

41.2.2 Adding/Deleting a Static Route


Operation Command Remarks

334
GPON OLT Operation Manual V1.1

Enters the global configuration


ip route dst-ip mask gate-ip
mode.

Enters the global configuration undo ip route dst-ip mask [ gate-ip ]

mode. undo ip route static all

Notes:

gate-ip: next-hop IP address of a static route, in dotted decimal notation;

dst-ip: destination address of a static route to be added, in dotted decimal notation;

mask: mask of the destination address, in dotted decimal notation.

41.2.3 Display Routing Entries

This command displays the information relevant to the specified routing entry, such as the

next-hop address and route type. You can choose to view the routes to a specific destination

address, all static routes, and all routes. By default, all routes will be displayed.

Operation Command Remarks

display ip route [ ip-address [ mask ] | static


Enters the all commands mode.
| rip | ospf ]

display ip route ecmp [ ip-address [ mask ] |


Enters the all commands mode.
static | rip | ospf ]

Parameter description:

ip-address: destination address, in dotted decimal notation;

mask: accompany an IP address to specify a destination network segment, in dotted decimal

notation;

335
GPON OLT Operation Manual V1.1

static: to display all static routing entries;

rip: to display all RIP routing entries;

ospf: to display all OSPF routing entries

336
GPON OLT Operation Manual V1.1

Chapter 42 RIP

42.1 RIP Overview

Routing Information Protocol (RIP) is a routing protocol based on the Distance-Vector (D-V)

algorithm and has seen wide deployment. It exchanges routing information by sending route

update packets over the User Datagram Protocol (UDP) every 30 seconds. If having not

received a route update packet from the peer router within 180 seconds, the local router marks

all the routes from the peer router as unreachable. If no update packet is received from the

peer router yet in 120 seconds after a route is marked as unreachable, the local router deletes

the route from its routing table.

RIP uses Hop Count as a routing metric to measure the distance from a destination host. In a

RIP network, Hop Count is 0 if a router is directly connected with a network and 1 if a route

needs to traverse a router before reaching the destination network, and so on. To restrain the

route convergence time, RIP stipulates that Hop Count is an integer ranging from 0 to 15. The

distance is considered infinite if Hop Count is larger than or equal to 16. In this case, the

destination network or host is unreachable.

RIP has two versions: RIP-1 and RIP-2 (support for plaintext authentication).

To improve routing performance and avoid routing loops, RIP presents the concepts of Split

Horizon and Poison Reverse.

337
GPON OLT Operation Manual V1.1

Each RIP router manages a routing database, which contains all the destination reachable

routing entries on a network. These routing entries include the following information:

Destination address: IP address of a host or network;

Next-hop address: address of a next router on the route to a destination;

Outbound interface: interface from which packets are forwarded;

Metric value: cost of a route from the local router to a destination, which is an integer from 0 to

15.

Timer: time counted from the last modification of a routing entry. The timer is zeroed every

time a routing entry is modified.

The RIP startup and operation procedure is described as follows:

Upon RIP startup on a router, the router broadcasts a request packet to its neighboring routers.

After receiving the request packet, the neighboring routers (with RIP started) return a response

packet which contains the information about their respective local routing tables.

Upon receipt of the response packets, the router that sends the request packet modifies its

local routing table.

RIP broadcasts or multicasts the local routing table to its neighboring routers every 30s. The

neighboring routers maintain their local routes to select a best route and then broadcast or

multicast the modification to their respective neighboring networks, so that the routing update

will eventually take effect globally. RIP employs a timeout mechanism to process expired

338
GPON OLT Operation Manual V1.1

routes, ensuring that the routes are latest and valid. As an interior routing protocol, RIP helps

acquaint routers with the network-wide routing information because of these mechanisms.

RIP has been accepted as one of the standards which regulate the route transmission

between a router and a host. L3 GPONes forward IP packets across a LAN the same way as

routers. Therefore, RIP is also widely deployed on L3 GPONes. It is applicable to most

campus networks and regional networks with a simple structure and good continuity but not

recommended in complex large networks.

42.2 Configure RIP

42.2.1 RIP Configuration List


Configuration Task Description Detailed
Configuration

Enabling RIP Required 42.2.2

Specifying the IP network segment to run RIP Required 42.2.3

Configurethe Passive interface Required 42.2.4

Specifying the RIP version for an interface Required 42.2.5

Configure Default Metric Value Required 42.2.6

Enabling the Route Aggregation Function Required 42.2.7

Configure RIP Packet Authentication Optional 42.2.8

Configure Split Horizon Optional 42.2.9

Setting an Additional Routing Metric Optional 42.2.10

339
GPON OLT Operation Manual V1.1

Defining a Prefix List Optional 42.2.11

Configure Route Redistribution Optional 42.2.12

Configure Route Filtering Required 42.2.13

Display RIP Configuration Required 42.2.14

42.2.2 Enabling RIP


Operation Command Remarks

Enter the global configuration mode system-view

Enters the rip configuration mode. router rip

Enters the global configuration


undo router rip
mode.

42.2.3 Specifying the IP Network Segment to Run RIP

By default, an interface does not send or receive RIP packets until the IP network segment to

run RIP is specified by the administrator even if RIP is enabled on the interface.

Operation Command Remarks

Enter the global configuration mode system-view

Enters the rip configuration mode. router rip

Runs the command in RIP


network ip-address
configuration mode.

Runs the command in RIP


undo network ip-address
configuration mode.

340
GPON OLT Operation Manual V1.1

42.2.4 Configurethe Passive interface

System support to block RIP on vlan-interface, which can be implemented by passive-interface

command, after using this command, the RIP update packets will not be sent out from this

interface.

Operation Command Remarks

Enter the global configuration mode system-view

Enter RIP configuration mode router rip

passive-interface { default | vlan-interface


Configure passive-interface
vlanid | supervlan-interface vlanid}

undo key passive-interface { default |

Delete passive-interface vlan-interface vlanid | supervlan-interface

vlanid }

42.2.5 Specifying the RIP Version for an Interface

RIP has two versions: RIP-1 and RIP-2. You can specify the version of the RIP packets to be

processed by an interface.

RIP-1 packets are transmitted in broadcast mode. RIP-2 packets may be transmitted in either

broadcast or multicast mode. The multicast mode is used by default. In RIP-2, the multicast

address is 224.0.0.9.

When the multicast mode is used, non-RIP hosts on the same network will not receive RIP

broadcast packets and RIP-1 hosts will not receive or process the RIP-2 routes with a subnet

mask. A RIP-2 interface can also receive the RIP-1 broadcast packets.

341
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode system-view

Enters the rip configuration mode. router rip

Runs the command in vlan-interface


version { 1 | 2 }
configuration mode

Enter the VLAN-interface or


interface { vlan-interface |
Supervlan-interface configuration
supervlan-interface } vlan-id
mode

By default,
ip rip receive version { 1 | 2 [ bcast |
Configure RIP receive Version Version is
mcast ] }
2mcast

Configure RIP default receive


undo ip rip receive version
Version

ip rip send version { 1 | 2 [ bcast | mcast ] } By default,

Configure RIP send Version Version is

2mcast

Configure RIP default send Version undo ip rip send version

Notes:

A RIP-1 interface can send and receive RIP-1 broadcast packets. A RIP-2 broadcast interface

can receive RIP-1 packets and RIP-2 broadcast packets but not RIP-2 multicast packets. A

RIP-2 multicast interface can send and receive RIP-2 multicast packets.

342
GPON OLT Operation Manual V1.1

42.2.6 Configure Default Metric Value

This function is to set the default RIP Metric Value .


Operation Command Remarks

Enter the global configuration mode system-view

Enter RIP configuration mode router rip

Configure default metric default-metric metric

Delete default metric undo default-metric

42.2.7 Enabling the Route Aggregation Function

Route aggregation consolidates the routes on different subnets of a natural network segment

into one route with a natural mask and sends the route to another network segment. This

function minimizes both the number of entries in a routing table and the amount of information

that needs to be exchanged.

RIP-1 sends only the routes with a natural mask, that is, aggregate routes. RIP-2 supports the

subnet mask. To broadcast all the subnet routes, you should disable the route aggregation

function of RIP-2.
Operation Command Remarks

Enter the global configuration mode system-view

Enter RIP configuration mode router rip

Configure aggregation address aggregate-address ip-address/mask-length

undo aggregate-address
Delete aggregation address
ip-address/mask-length

343
GPON OLT Operation Manual V1.1

42.2.8 Configure RIP Packet Authentication

RIP-1 does not support packet authentication. A RIP-2 interface, however, can be configured

with packet authentication in plaintext or MD5.


Operation Command Remarks

Enter the global configuration mode system-view

Enter the VLAN-interface or


interface { vlan-interface |
Supervlan-interface configuration
supervlan-interface } vlan-id
mode

ip rip authentication mode md5 key-chain


Configure MD5 authentication
key-string

ip rip authentication mode text passwd


Configure text authentication
passwd

Restores RIP packet authentication. undo ip rip authentication

42.2.9 Configure Split Horizon

Split horizon is designed to prevent the routes learned on an interface from being sent through

the interface, which avoids routing loops. This function must be disabled in some special

situations to ensure correct route advertisement at the cost of advertisement efficiency. By

default, split horizon can be enabled on an interface.


Operation Command Remarks

Enter the global configuration mode system-view

Enter the VLAN-interface or interface { vlan-interface |

344
GPON OLT Operation Manual V1.1

Supervlan-interface configuration supervlan-interface } vlan-id

mode

By default,it is
Enable split-horizon function ip rip split-horizon
enabled

Enable split-horizon By default,it is


ip rip split-horizon poisoned-reverse
poisoned-reverse function disabled

Disable split-horizon function undo ip rip split-horizon

Disable split-horizon
undo ip rip split-horizon poisoned-reverse
poisoned-reverse function

42.2.10 Setting an Additional Routing Metric

The additional routing metric value is added to RIP routes on an inbound or outbound interface.

It does not change the routing metric value of routes in the routing table but adds a designated

metric value to the routes to be sent or received by an interface.


Operation Command Remarks

Enter the global configuration


system-view
mode

Enter the VLAN-interface or


interface { vlan-interface | supervlan-interface }
Supervlan-interface configuration
vlan-id
mode

Set additional routing metric value offset-list { ip-acl-name | ip-acl-number } in metric

for inbound [ { vlan-interface | supervlan-interface } vlan-id ]

345
GPON OLT Operation Manual V1.1

undo offset-list { ip-acl-name | ip-acl-number } in


Delete additional routing metric
metric [ { vlan-interface | supervlan-interface }
value for inbound
vlan-id ]

Set additional routing metric value offset-list { ip-acl-name | ip-acl-number } out metric

for outbound [ { vlan-interface | supervlan-interface } vlan-id ]

undo offset-list { ip-acl-name | ip-acl-number } out


Delete additional routing metric
metric [ { vlan-interface | supervlan-interface }
value for outbound
vlan-id ]

42.2.11 Defining a Prefix List

A prefix list is identified by a prefix list name, and may contain multiple entries, each of which

corresponds to a network prefix identified by a sequence number. The sequence number

indicates the matching sequence of a network prefix.

During prefix matching, the GPON checks the entries in ascending order of sequence numbers.

If an entry is matched, it is permitted by the current prefix list and will not be matched next time.

Note: By default, if more than one prefix list entry has been defined, at least one permit entry

should be available. The deny entries can be defined in advance so that the routes that do not

meet the condition are filtered quickly. However, if all the entries are prefixed by deny, no route

will be permitted by the address prefix list. You are advised to define an entry permit 0.0.0.0/0

after defining multiple deny entries, so that all the routes meeting the condition are permitted.

Alternatively, you can run the ip prefix-list default command to change the default configuration.

For details, see the description of this command in a command line manual.

346
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode system-view

Enter RIP configuration mode router rip

Enable sequence-number ip prefix-list sequence-number

Disable sequence-number undo ip prefix-list sequence-number

ip prefix-list list-name seq

sequence-number { deny | permit } { any |


Configure prefix-list
ip-address/mask-length [ ge min-prefix-len

[ le max-prefix-len ] }

undo ip prefix-list list-name [ seq

sequence-number { deny | permit } { any |


Delete prefix-list
ip-address/mask-length [ ge min-prefix-len

[ le max-prefix-len ] } ]

42.2.12 Configure Route Redistribution

Routes of protocols other than RIP can be imported into RIP.

In an Ethernet GPON, connected, static, and OSPF routes can be imported into RIP.
Operation Command Remarks

Enter the global configuration mode system-view

Enter RIP configuration mode router rip

redistribute { babel | bgp | connected | isis


Configure Route redistribution
| kernel | ospf | rip | static } metric metric

347
GPON OLT Operation Manual V1.1

route-map route-map

undo redistribute { babel | bgp | connected


Delete Route redistribution
| isis | kernel | ospf | rip | static }

42.2.13 Configure Route Filtering

Policies and rules can be configured to filter incoming and outgoing routes based on an

address prefix list. In addition, you can configure that only the RIP packets from a specific

neighboring Ethernet GPON can be received.


Operation Command Remarks

Enter the global configuration mode system-view

Enter RIP configuration mode router rip

distribute-list { ip-acl-name | ip-acl-number |

Set distribute-list for inbound prefix prefix-list } in [ { vlan-interface |

supervlan-interface } vlan-id ]

undo distribute-list { ip-acl-name |

ip-acl-number | prefix prefix-list } in


Delete distribute-list for inbound
[ { vlan-interface | supervlan-interface }

vlan-id ]

distribute-list { ip-acl-name | ip-acl-number |

Set distribute-list for outband prefix prefix-list } out [ { vlan-interface |

supervlan-interface } vlan-id ]

Delete distribute-list for outband undo distribute-list { ip-acl-name |

348
GPON OLT Operation Manual V1.1

ip-acl-number | prefix prefix-list } out

[ { vlan-interface | supervlan-interface }

vlan-id ]

42.2.14 Display RIP Configuration


Operation Command Remarks

Displays the RIP packet statistics


display ip rip
information.

Displays the RIP interface

configuration, such as the version display ip rip interface

and authentication information.

Displays RIP routing tables. display ip route rip

349
GPON OLT Operation Manual V1.1

Chapter 43 OSPF

43.1 OSPF Overview

Open Shortest Path First (OSPF) is an interior routing protocol, which is developed by IETF

based on the link state detection and shortest path first technologies. In an IP network, OSPF

dynamically discovers and advertise routes by collecting and transmitting the link states of

autonomous systems (ASs). It supports interface-based packet authentication for purposes of

route calculation security and employs IP multicast to send and receive packets.

Each OSPF router maintains a database that describes the topological structure of an AS. The

database is a collection of link-state advertisements (LSAs) of all the routers. Every router

always broadcasts the local state information across the entire AS. If two or more routers exist

in a multi-access network, a designated router (DR) and a backup designated router (BDR)

must be elected. The DR is responsible for broadcasting the LSAs of the network. With a DR, a

multi-address access network may require less neighbor relationships to be established

between routers. OSPF allows an AS to be divided into areas, between which routing

information is further abstracted. As a result, smaller network bandwidth will be occupied.

OSPF uses four types of routes, which are listed in order of priority as follows:

Intra-area routes

Inter-area routes

351
GPON OLT Operation Manual V1.1

Type 1 external routes

Type 2 external routes

Intra-area and inter-area routes describe the network structure of an AS, while external routes

depict how routes are distributed to destinations outside an AS. Generally, type 1 external

routes are based on the information imported by OSPF from other interior routing protocols

and comparable to OSPF routes in routing cost; type 2 external routes are based on the

information imported by OSPF from exterior routing protocols and the costs of such routes are

far greater than those of OSPF routes. Therefore, route calculation only takes the external

costs into consideration.

Based on the link state database (LSDB), each router builds a shortest path tree with itself as

the root, which presents the routes to every node in an AS. An external route emerges as a

leaf node and can also be marked by the router that broadcasts the external route so that

additional information about an AS is recorded.

All the OSPF areas are connected to the backbone area, which is identified by 0.0.0.0. OSPF

areas must be logically continuous. To achieve this end, virtual connection is introduced to the

backbone area to ensure the logical connectivity of areas even if they are physically

separated.

All the routers in an area must accept the parameter settings of the area. Therefore, the

configuration of routers in the same area must be performed in consideration of the parameter

settings of the area. A configuration error may lead to the failure of information transfer

between adjacent routers and even routing failures or routing loops.

352
GPON OLT Operation Manual V1.1

43.2 Configure OSPF

43.2.1 OSPF Configuration List


Configuration Task Description Detailed
Configuration

EnableOSPF Required 43.2.2

ConfigureOSPF Parameter Required 43.2.3

Configure OSPF Interface Required 43.2.4

Configure OSPF Area Required 43.2.5

43.2.2 Enable OSPF


Operation Command Remarks

Enter the global configuration mode system-view

Enters global configuration mode. router ospf

Enters global configuration mode. undo router ospf

43.2.3 Configure OSPF Parameter

OSPF divides an AS into different areas, based on which routers are logically classified into

different groups. Area border routers (ABRs) may belong to different areas. A network

segment belongs to only one area, that is, the homing area of an OSPF interface must be

specified. An area is identified by an area ID. Routes between areas are transmitted by ABRs.

In addition, all the routers in an area must unanimously accept the parameter settings of the

area. Therefore, the configuration of routers in the same area must be performed in

353
GPON OLT Operation Manual V1.1

consideration of the parameter settings of the area. A configuration error may lead to the

failure of information transfer between adjacent routers and even routing failures or routing

loops.

Operation Command Remarks

Enter the global configuration mode system-view

Enters global configuration mode. router ospf

Enters global configuration mode. router id router-id

Enters global configuration mode. undo router id

Runs the command in OSPF network ipaddress wildcard-mask area

configuration mode. area-id

Runs the command in OSPF undo network ipaddress wildcard-mask

configuration mode. area area-id

Configures the authentication type area area-id authentication

for an area. [ message-digest ]

Restores the authentication type of


undo area area-id authentication
an interface to no authentication.

43.2.4 Configure OSPF Interface

OSPF calculates routes based on the topological structure of the network adjacent to the local

router. Each router describes the topology of its adjacent network and transmits it to the other

routers. According to the link layer protocol, OSPF classifies networks into the following four

types:

354
GPON OLT Operation Manual V1.1

Broadcast networks: When Ethernet or FDDI is used as the link layer protocol, OSPF

considers that the network type is broadcast by default.

Non Broadcast MultiAccess (NBMA) networks: When ATM is used as the link layer protocol,

OSPF considers that the network type is NBMA by default.

Point-to-Multipoint networks: This network type will be considered as default in no case. It is

always a substitute of other network types through forcible change. An NBMA network that is

not fully meshed is often changed to a point-to-multipoint network.

Point-to-Point networks: When PPP, LAPB, or POS is used as the link layer protocol, OSPF

considers that the network type is Point-to-Point by default.

The ATM network is a typical NBMA network. A polling interval can be configured to specify

the interval of sending Hello packets before a router establishes a neighbor relationship with its

neighboring router.

On a broadcast network incapable of multi-address access, you can configure the interface

type to nonbroadcast.

If some routers are not directly reachable on an NBMA network, you can configure the

interface type to point-to-multipoint.

If a router has only one peer router on an NBMA network, you can set the interface type to

point-to-point.

The differences between an NBMA network and a point-to-multipoint network are as follows:

355
GPON OLT Operation Manual V1.1

In OSPF, an NBMA network refers to a non-broadcast multi-access network that is fully

meshed. A point-to-multipoint network may not be fully meshed.

A DR and a BDR must be elected on an NBMA network but are not involved on a

point-to-multipoint network.

NBMA is a default network type. For example, if the link layer protocol is ATM, OSPF

considers that the network type is NBMA by default no matter whether the network is fully

meshed. Point-to-multipoint is not a default network type. No link layer protocol is viewed as a

point-to-multipoint protocol. You can use this network type through a forcible change. An

NBMA network that is not fully meshed is often changed to a point-to-multipoint network.

On an NBMA network, packets are transmitted in unicast mode, which requires you to

configure neighbor relationship manually. On a point-to-multipoint network, packets are

transmitted in multicast mode.

An Ethernet GPON uses Ethernet as the link layer protocol, so OSPF regards that the network

type is broadcast. Do not change the network type of an Ethernet GPON at discretion.

Operation Command Remarks

Enter the global configuration mode system-view

Enter the VLAN-interface or


interface { vlan-interface |
Supervlan-interface configuration
supervlan-interface } vlan-id
mode

Sets the network type of an ip ospf network { broadcast |

356
GPON OLT Operation Manual V1.1

interface. non-broadcast | point-to-multipoint |

point-to-point }

Restores the network type of an


undo ip ospf network
interface to the default value.

Sets the cost of sending packets


ip ospf cost cost
through a VLAN interface.

Restores the packet sending cost of


undo ip ospf cost
a VLAN interface to the default

value.

Sets the priority of an interface in


ip ospf priority value
DR election.

Restores the default priority of an


undo ip ospf priority
interface.

Sets the interval of sending Hello


ip ospf hello-interval seconds
packets for an interface.

Restores the interval of sending

Hello packets for an interface to the undo ip ospf hello-interval

default value.

Sets the timeout time of the


ip ospf dead-interval seconds
neighboring router.

Restores the timeout time of the undo ip ospf dead-interval

357
GPON OLT Operation Manual V1.1

neighboring router to the default

value.

Sets the interval of LSA

retransmission between two ip ospf retransmit-interval seconds

adjacent routers.

Restores the interval of LSA

retransmission between two undo ip ospf retransmit-interval

adjacent routers to the default value.

Sets the time for sending a link state


ip ospf transmit-delay seconds
update packet.

Restores the time for sending a link

state update packet to the default undo ip ospf transmit-delay

value.

ip ospf authentication [ null | ipaddress |


Sets the authentication type
message-digest [ ipaddress ] ]

undo ip ospf authentication


Restores the authentication type
[ ipaddress ]

Sets a password for plaintext ip ospf authentication-key password

authentication. [ ipaddress ]

undo ip ospf authentication-key


Disables plaintext authentication.
[ ipaddress ]

358
GPON OLT Operation Manual V1.1

Sets a password for MD5 ip ospf message-digest-key key-id md5

authentication. key [ ipaddress ]

undo ip ospf message-digest-key key-id


Disables MD5 authentication.
[ ipaddress ]

43.2.5 Configure OSPF Area

A stub area is a special LSA area in which ABRs do not distribute the external routes they

have received. In stub areas, both the size of routing tables and the amount of the routing

information are drastically reduced.

Any area that meets certain conditions can be configured into a stub area. Generally, a stub

area is located at the border of an AS. It may be a non-backbone area with only one ABR or a

non-backbone area with multiple ABRs between which no virtual connection is configured.

To make a stub area reachable for other ASs, the ABR in the stub area generates a default

route (0.0.0.0) and advertises it to non-ABR routers in this area.

When Configure a stub area, note the following points:

-A backbone area cannot be a stub area and a virtual connection is not allowed in a stub

area.

-All the routers in a stub area must be configured to indicate that they are located in a stub

area.

-No ASBR is allowed in a stub area, that is, routes from outside the AS where the stub area

resides cannot be advertised within the stub area.

359
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode system-view

Enters global configuration mode. router ospf

Configures a stub area. area area-id stub [ no-summary ]

Cancels the stub area configuration. undo area area-id stub [ no-summary ]

Configures the cost of the default


area area-id default-cost cost
route to a stub area.

Cancels the cost configuration for


undo area area-id default-cost
the default route to a stub area.

Configures an NSSA area. area area-id nssa [ no-summary ]

Cancels the NSSA area


undo area area-id nssa [ no-summary ]
configuration.

Configures the cost of the default


area area-id default-cost cost
route to an NSSA area.

Cancels the cost configuration for


undo area area-id default-cost
the default route to an NSSA area.

area area-id range ip-address/mask-length


Configures route aggregation in an
[ advertise | notadvertise ] [ substitute
OSPF area.
p-address/mask-length ]

Removes route aggregation in an undo area area-id range ip-address/mask-length

OSPF area. [ substitute p-address/mask-length ]

Creates and configures a virtual area area-id virtual-link router-id [ { hello-interval

360
GPON OLT Operation Manual V1.1

connection. seconds | retransmit- interval seconds |

transmit-delay seconds | dead-interval seconds |

{ authentication-key password |

message-digest-key keyid md5 key } } * ]

Cancels a virtual connection. undo area area-id virtual-link router-id

redistribute { babel | bgp | connected | isis |


Imports routes of other protocols
kernel | rip | static } [ metric metric-value ]
into OSPF.
[ metric-type { 1 | 2 } ] [ route-map map-name ]

undo redistribute { babel | bgp | connected | isis


Disables the import of routes of
| kernel | rip | static } [ metric metric ]
other protocols into OSPF.
[ metric-type { 1 | 2 } ] [ route-map map-name ]

default-information originate [ always ] [ metric

Imports the default route to OSPF. metric-value ] [ metric-type { 1 | 2 } ] [ route-map

map-name ]

undo default-information originate [ always ]


Disables the import of the default
[ metric metric-value ] [ metric-type { 1 | 2 } ]
route.
[ route-map map-name ]

Configures a default metric value for default-metric metric-value

reception of external routes.

Cancels the default metric value undo default-metric

configuration for reception of

361
GPON OLT Operation Manual V1.1

external routes.

distribute-list { ip-acl-name | ip-acl-number } out

Configures distribute-list { babel | bgp | connected | isis | kernel | rip |

static }

undo distribute-list { ip-acl-name | ip-acl-number }

Delete distribute-list out { babel | bgp | connected | isis | kernel | rip |

static }

Enter the VLAN-interface or


interface { vlan-interface | supervlan-interface }
Supervlan-interface configuration
vlan-id
mode

Enables BFD for link state


ip ospf bfd
monitoring.

Disables BFD. undo ip ospf bfd

362
GPON OLT Operation Manual V1.1

Chapter 44 BGP

44.1 BGP Overview

Border Gateway Protocol (BGP) is a dynamic routing protocol deployed between autonomous

systems (ASs). It automatically exchanges loop-free routing information between ASs and

builds up the topological structure of ASs through exchange of network reachability information

with the AS Path attribute.

BGP normative references include RFC1105 (BGP-1), RFC1163 (BGP-2), RFC1267 (BGP-3),

RFC1771 (BGP-4), and RFC4271 (BGP-4). RFC1771 has seen the widest application and

RFC4271 is the latest issue. BGP is suitable for a distributed network and supports Classless

InterDomain Routing (CIDR). With BGP, users can customize policies. BGP-4 is becoming a

matter-of-factor standard for Internet exterior routing protocols. BGP is usually deployed

between ISPs.

BGP has the following features:

Interior routing protocols such as OSPF and RIP are designed to discover and calculate routes.

As an exterior routing protocol, BGP focuses on control of route distribution and selection of

the best route.

The AS Path attribute is added to BGP routes to eliminate the routing loop problem.

With TCP as the transport layer protocol, BGP presents better protocol reliability.

363
GPON OLT Operation Manual V1.1

Support for CIDR is a significant characteristic of BGP-4 compared with BGP-3. The CIDR

technology does not categorized IP addresses into class A, class B, and class C IP addresses.

For example, 192.168.0.0 (2555.255.0.0) is naturally an invalid class C IP address. This IP

address, however, is expressed as 192.168.0.0/16 in CIDR and becomes a valid network

address. /16 indicates that the subnet mask is composed of the first 16 bits counted from the

left of the IP address. CIDR also simplifies route aggregation, which is a process of

consolidating several different routes. With the route aggregation technology, multiple routes

are advertised as one route, which reduces the overhead of BGP tables and network

bandwidth usage.

In the case of route updates, BGP transmits only incremental routes and substantially reduces

the bandwidth used by BGP route transmission. Therefore, BGP is appropriate when a large

number of routes need to be transmitted on Internet.

In consideration of management and security, each AS expects to control its incoming and

outgoing routes. BGP-4 provides abundant routing policies for flexible route filtering and

selection. In addition, BGP-4 is easy to expand and conducive to network development.

BGP runs on a specific router as an upper-layer protocol. Upon startup of BGP, the BGP router

sends the entire BPG table to its peer for routing information exchange and then only Update

messages are exchanged between them for processing of changed routes. BGP detects the

connection between routers by sending and receiving Keepalive messages.

The router sending a BGP message is called the BGP speaker, which constantly receives or

generates new routing information and advertises it to other BGP speakers. After receiving a

364
GPON OLT Operation Manual V1.1

new route advertisement from another AS, the BGP speaker distributes the route

advertisement to all the other BGP speakers in the same AS if the route is better than the

current one or has not been received ever. If two BGP speakers are exchanging messages,

they call each other the peer.

BGP runs on a router in either of the following modes:

Internal BGP (IBGP)

External BGP (EBGP)

BGP is regarded as IBGP when deployed within an AS and as EBGP when deployed between

ASs.

BGP running is driven by messages, which are classified as follows:

Open message

Update message

Notification message

Keepalive message

An Open message is the first message to be sent after setup of a TCP connection and used to

establish a BGP peer relationship. A Notification message is sent when there is an error. A

Keepalive message is sent to detect the validity of a connection. As the most important

message in BGP, an Update message is transmitted between BGP peers for routing

information exchange. It consists of three parts at most: unreachable route, path attributes,

365
GPON OLT Operation Manual V1.1

and Network Layer Reachability Information (NLRI).

44.2 Configure BGP

44.2.1 BGP Configuration List


Configuration Task Description Detailed
Configuration

Enable BGP Required 44.2.2

ConfigureBGP peers Required 44.2.3

Configure BGP Parameters Required 44.2.4

Monitoring and Maintain BGP Required 44.2.5

44.2.2 Enable BGP


Operation Command Remarks

Enter the global configuration mode system-view

Runs the command in global


router bgp as-number
configuration mode.

Runs the command in global


undo router bgp as-number
configuration mode.

Configures the local route to be


network ip-address [ mask address-mask ]
advertised by BGP.

Cancels the local route to be undo network ip-address [ mask

advertised by BGP. address-mask ]

366
GPON OLT Operation Manual V1.1

Establishes a neighbor relationship


neighbor neighbor-name peer-group
and sets the AS number of the peer.

Cancels neighbor relationship undo neighbor neighbor-name peer-group

44.2.3 Configure BGP Peers


Operation Command Remarks

Enter the global configuration system-view

mode

Runs the command in global router bgp as-number

configuration mode.

Establishes a neighbor relationship neighbor { neighbor-address |

and sets the AS number of the neighbor-name } remote-as as-number

peer.

Deletes the established neighbor undo neighbor { neighbor-address |

relationship. neighbor-name } remote-as

Configures peer-group member neighbor neighbor-address peer-group

neighbor-name

Delete peer-group member undo neighbor neighbor-address

peer-group neighbor-name

Configures that a connection can neighbor { neighbor-address |

be established with an EBGP neighbor-name } ebgp-multihop [ ttl ]

peer on an indirectly-connected

367
GPON OLT Operation Manual V1.1

network.

Configures that a connection can undo neighbor { neighbor-address |

be established only with an EBGP neighbor-name } ebgp-multihop

peer on a directly-connected

network.

Configures the Keepalive interval neighbor { neighbor-address |

and hold timer of a BGP peer. neighbor-name } timers keepalive-interval

hold-time

Restores the Keepalive interval and undo neighbor { neighbor-address |

hold timer of a BGP peer to the neighbor-name } timers

default values.

Configures the interval a BGP peer neighbor { neighbor-address |

waits before sending a route update neighbor-name } advertisement-interval

message. seconds

Restores the interval a BGP peer undo neighbor { neighbor-address |

waits before sending a route update neighbor-name } advertisement-interval

message to the default value.

Configures that its own address is neighbor { neighbor-address |

used as the next hop during route neighbor-name } next-hop-self

advertisement.

Cancels the configuration that its undo neighbor { neighbor-address |

368
GPON OLT Operation Manual V1.1

own address is used as the next hop neighbor-name } next-hop-self

during route advertisement.

Configures an IP ACL-based route neighbor { neighbor-address |

filtering policy for the peer. neighbor-name } distribute-list { ip-acl-name

| ip-acl-number } { in | out }

Deletes an IP ACL-based route undo neighbor { neighbor-address |

filtering policy of the peer. neighbor-name } distribute-list { ip-acl-name

| ip-acl-number } { in | out }

Configures an AS Path-based route neighbor { neighbor-address |

filtering policy for the peer. neighbor-name } filter-list aspath-list-number

{ in | out }

Deletes an AS Path-based route undo neighbor { neighbor-address |

filtering policy for the peer. neighbor-name } filter-list aspath-list-number

{ in | out }

Configures an IP-Prefix list route neighbor { neighbor-address |

filtering policy for the peer. neighbor-name } prefix-list list-name { in |

out }

Deletes an IP-Prefix list route undo neighbor { neighbor-address |

filtering policy for the peer. neighbor-name } prefix-list list-name { in |

out }

44.2.4 Configure BGP Parameters

369
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode system-view

Runs the command in global router bgp as-number

configuration mode.

Runs the command in BGP timers bgp keepalive-interval hold-time

configuration mode.

Restores the default value of the undo timers bgp

timer.

Disable sending connection request neighbor { neighbor-address |

packet neighbor-name } passive

Enable sending connection request undo neighbor { neighbor-address |

packet neighbor-name } passive

Shutdown the neighbor connection neighbor { neighbor-address |

neighbor-name } shutdown

Open the neighbor connection undo neighbor { neighbor-address |

neighbor-name } shutdown

Configures a local priority. bgp default local-preference value

Restores the default local priority. undo bgp default local-preference

Compares the MED values of bgp always-compare-med

neighbors from different ASs.

Compares the MED values of undo bgp always-compare-med

neighbors from different ASs.

370
GPON OLT Operation Manual V1.1

Configures local route aggregation. aggregate-address { ip-address mask |

ip-address/mask-length } [ summary-only ]

[ as-set ]

Disables local route aggregation. undo aggregate-address { ip-address mask

| ip-address/mask-length }

Imports IGP routes into BGP. redistribute { babel | connected | isis |

kernel | ospf | rip | static } [ metric metric

[ route-map route-map ] ]

Cancels the import of IGP routes undo redistribute { babel | | connected |

into BGP. isis | kernel | ospf | rip | static }

44.2.5 Monitoring and Maintain BGP


Operation Command Remarks

Displays the detailed information of display ip bgp neighbors neighbor-address

BGP peers. [ vpn-instance instance ]

Displays the brief information of display ip bgp summary [ vpn-instance

BGP peers. instance ]

371
GPON OLT Operation Manual V1.1

Chapter 45 BFD

45.1 BFD Overview

Bidirectional Forwarding Detection (BFD) periodically checks the status of the peers of a

session and notifies a routing protocol of a fault if any immediately. Then the routing protocol

responds with a fast reroute action. Generally, the BFD interval is shorter than 1s and therefore

the convergence time of routing protocols is reduced. For this reason, BFD can help routing

protocols such as OSPF, RIP, and BGP to detect the reachability of neighbors or link failures,

which realizes fast reroute and ensures link reliability.

45.2 Configure BFD

45.2.1 BFD Configuration List


Configuration Task Description Detailed
Configuration

Enable BFD Required 45.2.2

Configure BFD Parameters and Mode Optional 45.2.3

Display and Maintain BFD Configurations Optional 45.2.4

45.2.2 Enable BFD


Operation Command Remarks

Enter the global configuration mode system-view

372
GPON OLT Operation Manual V1.1

Enable bfd function bfd enable

Disable bfd function bfd disable

Enter the VLAN-interface or


interface { vlan-interface |
Supervlan-interface configuration
supervlan-interface } vlan-id
mode

Enable bfd function ip ospf bfd

OSPF BFD is

disabled by

default.
Disable bfd function undo ip ospf bfd
Currently, only

OSPF BFD is

supported.

45.2.3 Configure BFD Parameters and Mode


Operation Command Remarks

Enter the global configuration mode system-view

Enter the VLAN-interface or


interface { vlan-interface |
Supervlan-interface configuration
supervlan-interface } vlan-id
mode

Configures the desired minimum


bfd min-transmit-interval interval
transmission interval of BFD.

Restores the desired minimum undo bfd min-transmit-interval The default value

373
GPON OLT Operation Manual V1.1

transmission interval of BFD to the is 400 ms.

default value.

Configures the minimum request


bfd min-receive-interval interval
receiving interval of BFD.

Restores the minimum request


The default value
receiving interval of BFD to the undo bfd min-receive-interval
is 400 ms.
default value.

Configures the BFD multiplier. bfd detect-multiplier value

Restores the BFD multiplier to the


undo bfd detect-multiplier
default value.

Configures whether BFD sessions


bfd demand on
can enter the demand mode.

Restores the configuration of The default value

whether BFD sessions can enter the bfd demand off is off (not

demand mode to the default value. allowed).

Configures the initial mode of BFD The default value


bfd session init-mode active
sessions. is active.

Restores the initial mode of BFD


bfd session init-mode passive
sessions to the default value.

Clears the statistics of the sent and


clear bfd session statistics
received packets in BFD sessions

374
GPON OLT Operation Manual V1.1

through an interface.

Notes:

value: desired minimum packet transmission interval of an interface. It ranges from 200 to

1000 ms and is 400 ms by default.

Packet transmission interval = max(Desired minimum transmission interval, Minimum

receiving interval) x a percentage (from 70% to 90%)

45.2.4 Display and Maintain BFD Configurations


Operation Command Remarks

Views the information of all the BFD


display bfd session [ verbose ]
sessions.

Views the BFD configuration of each


display bfd interface [ verbose ]
interface.

375
GPON OLT Operation Manual V1.1

Chapter 46 VRRP

46.1 VRRP Overview

On a TCP/IP network, routes must be configured between two devices without a physical

connection to ensure their communication. Currently, routes can be specified through dynamic

learning by means of a routing protocol (such as RIP and OSPF) or static configuration. It is

impractical to run a dynamic routing protocol on every terminal. Most client operating systems

do not support the dynamic routing and they are still under the restraint of management

overhead, convergence degree, and security even if they can be configured with a routing

protocol. Usually, static routes are configured for IP terminals by specifying one or more default

gateways. Static routing simplifies network management and reduces the communication

overhead of terminals. However, if a GPON functioning as a default gateway is damaged, the

communication in which the GPON is used as the next-hop host will inevitably be interrupted. A

terminal will not be GPONed to a new gateway even if there are multiple default gateways until

it is restarted. Virtual Router Redundancy Protocol (VRRP) can rectify the defect of static

routing.

VRRP introduces two pairs of concepts: VRRP GPON and virtual GPON, master GPON and

backup GPON. A VRRP GPON is a real GPON where VRRP runs, while a virtual GPON is a

logical GPON created by VRRP. A group of VRRP GPONes form a virtual GPON, which is

also called a backup group. The virtual GPON is represented as a logical GPON with a unique

376
GPON OLT Operation Manual V1.1

IP address and MAC address. GPONes in a VRRP group are classified into master GPONes

and backup GPONes. A VRRP group has only one master GPON and one or more backup

GPONes. VRRP selects a master GPON from the GPON group. The master GPON responds

to ARP requests and forwards IP packets, and the other GPONes are standby as a backup. If

the master GPON is faulty due to some reason, a backup GPON will become the master one

within several seconds. Such a switch over is completed very quickly without requiring you to

change the IP address or MAC address, and therefore it is transparent to terminal users.

46.2 Configure VRRP

46.2.1 VRRP Configuration List


Configuration Task Description Detailed
Configuration

Enable VRRP Required 46.2.2

Configure VRRP Parameters Optional 46.2.3

Displays and Maintain VRRP Configurations Optional 46.2.4

46.2.2 Enable VRRP

The ip vrrp vrid vip command is used to assign a virtual GPON (or a backup group) an IP

address on the local network segment. The no form of this command is used to remove the

virtual IP address of a backup group from the virtual IP address list.

Operation Command Remarks

Enter the global configuration mode system-view

377
GPON OLT Operation Manual V1.1

Enter the VLAN-interface or


interface { vlan-interface |
Supervlan-interface configuration
supervlan-interface } vlan-id
mode

Configures VRRP virtual IP address ip vrrp vrid vip

Deletes VRRP virtual IP address undo ip vrrp vrid [ vip ]

Description:

The backup group number ranges from 1 to 255. A virtual address can be an unassigned IP

address on the network segment where the backup group resides or the IP address of an

interface belonging to the backup group. A maximum of 255 backup groups can be configured.

The IP address of the GPON itself can be configured. In this case, the GPON is known as an

IP address owner. When the first IP address is assigned to a backup group, VRRP creates the

backup group. Other virtual IP addresses configured for the backup group will only be added to

the virtual IP address list of the backup group. A backup group can be configured with eight IP

addresses at most. A backup group will be deleted together with the last virtual IP address.

That is, this backup group does not exist on the interface and all configurations of the backup

group will no longer take effect.

46.2.3 Configure VRRP Parameters

The master GPON in a backup group will not be replaced unless it is faulty even if another

GPON is configured with a higher priority later. However, if the preemption mechanism is

applied, a GPON will become the master GPON if its priority is higher than that of the master

378
GPON OLT Operation Manual V1.1

GPON and the original master GPON will become a backup GPON accordingly. When

preemption is enabled, you can set the delay of preemption. Then a backup GPON becomes

master after the delay. A backup GPON will become the master GPON if it does not receive a

packet from the original master GPON. However, if a network has unstable performance, a

backup GPON may not receive a packet due to network congestion but the master GPON is

still working properly. In this situation, the backup GPON will receive a packet from the master

GPON after waiting a short time. As a result, frequent switch overs can be avoided. The delay

ranges from 0 to 255 seconds.

The master GPON sends VRRP packets within the VRRP backup group at an interval

specified by adver_interval to indicate that it is working properly. If the backup GPON does not

receive a VRRP packet from the master GPON within a period of time specified by

master_down_interval, it regards that the master GPON is faulty and changes its state to

Master.

You can modify the value of adver_interval by running a timer setting command. The value of

master_down_interval is three times that of adver_interval. An abnormal switch over may

occur in the event of extremely large traffic or variance in timer settings between GPONes. To

solve this problem, you can set adver_interval to a greater value or modify the preemption

delay. The value of adver_interval is in the unit of second.


Operation Command Remarks

Enter the global configuration mode system-view

Enter the VLAN-interface or interface { vlan-interface |

379
GPON OLT Operation Manual V1.1

Supervlan-interface configuration supervlan-interface } vlan-id

mode

The priority

ranges from 0 to

Configures VRRP priority vrrp priority vridpriority 255. A larger

value indicates a

higher priority.

Restores the VRRP priority r to the By default,it is


undo vrrp priority vrid
default value. 100

Configures VRRP preempt mode vrrp preempt vrid

undo vrrp preempt vrid By default,


Restores the preempt mode to the
preempt is
default value.
disabled

Configures VRRP preempt delay


vrrp preempt vrid [ delay delay ]
time

Restores the delay time to the By default, it is 0


undo vrrp preempt vrid
default value. second

Configures VRRP advertise interval


vrrp timer vrid adver-interval
time

Restores the advertise interval to By default, it is 1


undo vrrp timer vrid
the default value. second

380
GPON OLT Operation Manual V1.1

vrrp vrid track track-entry [ reduced priority ] By default, it is


Configures VRRP track function
disabled

Deletes VRRP track function undo vrrp vrid track vrid { all | track-entry }

Note: The priority of the IP address owner cannot be changed and is always 255.

Parameter description:

vrid: virtual group ID, in the range of 1 to 255;

vlan-id: ID of the VLAN to which a VLAN interface belongs;

supervlan-id: ID of the super VLAN to which a superVLAN interface belongs;

pri-value: priority to be reduced if the interface under monitoring is down.

46.2.4 Displays and Maintain VRRP Configurations


Operation Command Remarks

display vrrp [ vlan-interface |


Runs the command in any mode.
supervlan-interface vlan-id [ vrid ]

381
GPON OLT Operation Manual V1.1

Chapter 47 DLF-Control

47.1 DLF-Control Overview

Unknown packets are classified into unknown unicast packets and unknown multicast packets.

Unknown unicast packets are packets that cannot find the destination MAC addresses in the

MAC table.

Unknown multicast packets are packets that cannot find the destination MAC addresses of the

multicast packets in the multicast MAC table.

47.2 Configure DLF-Control

47.2.1 DLF-Control Configuration List


Configuration Task Description Detailed
Configuration

Configure DLF-forward unicast Required 47.2.2

Configure DLF-forward unicast Optional 47.2.3

Displays and Maintain DLF-forward Configurations Optional 47.2.4

47.2.2 Configure DLF-forward unicast


Operation Command Remarks

Enter the global configuration mode system-view


Enter interface configuration mode interface ethernet interface-num

382
GPON OLT Operation Manual V1.1

Enabled by
Enable dlf-forward unicast dlf-forward unicast
default.

Disable dlf-forward unicast undo dlf-forward unicast

47.2.1 Configure DLF-forward multicast


Operation Command Remarks

Enter the global configuration mode system-view

Enabled by
Enable dlf-forward multicast dlf-forward multicast
default.

Disable dlf-forward multicast undo dlf-forward multicast

47.2.2 Displays and Maintain DLF-forward Configurations


Operation Command Remarks

Displays theunicast dlf-forward display dlf-forward interface [ ethernet

control interface-num ]

Displays themulticastdlf-forward
display dlf-forward global
control

383
GPON OLT Operation Manual V1.1

Chapter 48 SLF-Control

48.1 SLF-Control Overview

Whether the GPON forwards the packet with an unknown source MAC address requires the

network administrator to plan according to the security policy. The GPON defaults to forward

the packet with an unknown source MAC address. You can disable the forwarding function of

packet with an unknown source MAC address by setting the commands. After disable this

function, if the device receives the packets, it will check whether the source mac exists in the

mac table. If it does not exist, the packets will be discarded, that is, the GPON only forwards

the packet with the source MAC address being known.

48.2 Configure SLF-Control

48.2.1 SLF-Control Configuration List


Configuration Task Description Detailed
Configuration

Configure SLF-forward unicast Required 48.2.2

Displays and Maintain SLF-forward Configurations Optional 48.2.3

48.2.2 Configure SLF-forward unicast

Generally, this function is used when the MAC address learning function is disabled or MAC

address limit function is disabled.

384
GPON OLT Operation Manual V1.1

Operation Command Remarks

Enter the global configuration mode system-view


Enter interface configuration mode interface ethernet interface-numt

Enable Slf-forward slf-forward

Disabled by
Disable Slf-forward undo slf-forward
default.

48.2.3 Displays and Maintain SLF-forward Configurations


Operation Command Remarks

display slf-forward interface [ ethernet


Displays the slf-forward control
interface-num ]

385
GPON OLT Operation Manual V1.1

Chapter 49 BPDU-Discard

49.1 BPDU-Discard Overview

The Discard-bpdu function is used to drop spanning tree message. If the device does not want

to receive BPDU message from other networks and cause the GPON spanning tree to vibrate.

This function can be opened.

This function is usually enabled on the edge port.

The Discard-BPDU function is disabled by default. Global configuration and port configuration

are mutually exclusive: globally, all ports are enabled. If you only need to enable certain

designated ports and other ports are not enabled, you need not configure them globally to

directly enter the specified port enabling function.

49.2 Configure BPDU-Discard

49.2.1 BPDU-Discard Configuration List


Configuration Task Description Detailed
Configuration

Configure BPDU-Discard Required 49.2.2

Displays and Maintain BPDU-Discard Configurations Optional 49.2.3

49.2.2 Configure BPDU-Discard


Operation Command Remarks

386
GPON OLT Operation Manual V1.1

Enter the global configuration mode system-view


Enter interface configuration mode interface ethernet interface-num

Enable BPDU-Discard bpdu-discard

Disabled by
Disable BPDU-Discard undo bpdu-discard
default.

49.2.3 Displays and Maintain BPDU-Discard Configurations


Operation Command Remarks

Displays the BPDU-Discard display bpdu-discard interface [ ethernet

configuration interface-num ]

387
GPON OLT Operation Manual V1.1

Chapter 50 BPDU-Tunnel

50.1 BPDU-Tunnel Overview

L2TP (Layer 2 Tunneling Protocol) is a Layer 2 tunneling technology, L2TP enables Layer 2

protocol packets from geographically dispersed customer networks to be transparently

transmitted over specific tunnels across a service provider network.

With L2TP, Layer 2 protocol packets from customer networks can be transparently transmitted

in the service provider network:

1. After receiving a Layer 2 protocol packet from User A network 1, PE 1 in the service provider

network encapsulates the packet, replaces its destination MAC address with a specific

multicast MAC address, and then forwards the packet in the service provider network.

388
GPON OLT Operation Manual V1.1

2. The encapsulated Layer 2 protocol packet (called bridge protocol data unit, BPDU for short)

is forwarded to PE 2 at the other end of the service provider network, which de-encapsulates

the packet, restores the original destination MAC address of the packet, and then sends the

packet to User A network 2.

50.2 Configure BPDU-Tunnel

50.2.1 BPDU-tunnel Configuration List


Configuration Task Description Detailed
Configuration

Configure BPDU-Tunnel Packet Required 50.2.2

Configure BPDU-TunnelDestination MAC Optional 50.2.3

Displays and Maintain BPDU-Tunnelconfiguration Optional 50.2.4

50.2.2 Configure BPDU-Tunnel Packet


Operation Command Remarks
Enter global configuration mode system-view

Enter interface configuration mode interface ethernet interface-num

bpdu-tunnel [ cdp | lacp | pagp | stp | udld |


Configure the L2-tunnel packet
vtp ]

50.2.3 Configure BPDU-Tunnel Destination MAC

By default, L2TP destination mac is 01:00:0c:cd:cd:d0

Operation Command Remarks


Enter global configuration mode system-view

389
GPON OLT Operation Manual V1.1

Configure the rate for up to cpu bpdu-tunnel dmac mac-address

50.2.4 Displays and Maintain BPDU-Tunnel Configuration

After finishing above configuration, user can check the configurations by command below.

Operation Command Remarks


display bpdu-tunnel interface [ ethernet
Display L2TP configuration
interface-num ]

390
GPON OLT Operation Manual V1.1

Chapter 51 Local-Switch

51.1 Local-Switch Overview

Normally, packets coming from port A are not forwarded from port A by the GPON. However, it

may require packets coming from the A port are forwarded from the A port sometimes. In this

case, you can use the local-Switch.

51.2 Configure Local-Switch

51.2.1 Local-switch Configuration List


Configuration Task Description Detailed
Configuration

Enable local-switch Required 51.2.2

Displays and Maintain local-switch Configurations Optional 51.2.3

51.2.2 Enable local-switch


Operation Command Remarks
Enter global configuration mode system-view

Enter interface configuration mode interface ethernet interface-num

Enable local-switch local-switch

undo local-switch Disabled by


Disable local-switch
default.

391
GPON OLT Operation Manual V1.1

51.2.3 Displays and Maintain Local-switch Configurations


Operation Command Remarks

display local-switch interface [ ethernet


Displays the local-switch control
interface-num ]

392
GPON OLT Operation Manual V1.1

Chapter 52 Port&CPU Utilization


Alarm

52.1 Port&CPU Utilization Alarm Overview

The device utilization alarm is used to monitor port bandwidth, CPU occupation and alarm

when congestion in order to administrator aware the running status between the network and

device.

Exceed: when port bandwidth utilization over “exceed”, it triggers congestion alarm.

Normal: when port bandwidth utilization less “exceed”, it triggers recover alarm CPU utilization

alarm also can set two trigger values, details as below:

Busy: when CPU utilization over “busy”, it triggers alarm of CPU busyness

Unbusy: when CPU utilization less “busy”, it triggers alarm of CPU idle Notes, all alarms will

show in the list of Syslog..

52.2 Configure Port&CPU Utilization Alarm

52.2.1 Port & CPU Utilization Alarm Configuration List


Configuration Task Description Detailed
Configuration

Configure Port Utilization Alarm Required 52.2.2

393
GPON OLT Operation Manual V1.1

Configure CPU Utilization Alarm Required 52.2.3

Display and Debugging Device Utilization Alarm Optional 52.2.4

52.2.2 Configure Port Utilization Alarm

Using below commands to configure port utilization. Enable port utilization in system and port

mode by default. The “exceed” value equals 850M, the “normal” value equals 600M.

Operation Command Remarks

Enter global configuration mode system-view

Enable(disable)port utilization alarm


[ undo ] alarm all-packets
with system mode

Enter port configuration interface ethernet interface-num

Enable(disable)port utilization alarm


[ undo ] alarm all-packets
with port mode
alarm all-packets threshold { exceed
Configure alarm value
thresold | normal thresold }

52.2.3 Configure CPU Utilization Alarm

Using below commands to configure CPU utilization. Enable CPU utilization by default. The

“busy” value equals 90%, the “unbusy” value equals 60%.

Operation Command Remarks

Enter global configuration mode system-view

Enable(disable) CPU utilization


[ undo ] alarm cpu
alarm

394
GPON OLT Operation Manual V1.1

alarm cpu threshold { busy thresold |


Configure congestion value
unbusy thresold }

52.2.4 Display and Debugging Device Utilization Alarm

After finishing above configuration, you can show configuration by below commands.

Operation Command Remarks

Display the enable status and alarm


display alarm cpu
value of CPU utilization alarm

Display port utilization in system


display alarm all-packets
mode

Display port utilization and value in display alarm all-packets interface


[ ethernet interface-num ]
port mode

395
GPON OLT Operation Manual V1.1

Chapter 53 Configure ONT

Discovery

53.1 ONT Discovery Overview

ONU discovery refers to a process in which a newly connected or offline ONU accesses the

PON.

53.2 Configure ONT Discovery

53.2.1 Comfigure ONT Discovery

ONT auto discovery is used to configure the ONT discovery function of GPON ports. This

feature is disabled by default.


Operation Command Remarks
Enter system view system-view
Configure the ONT ont-autofind distance min num max num
discovery distance interface gpon { all | port_num }
Enable ONT discovery ont-autofind interface gpon { all | port_num }

Configure the ONT ont-autofind interval-time time interface gpon


discovery interval { all | port_num }
Enable ONT discovery ont-autofind list-age interface gpon { all |
aging port_num }

396
GPON OLT Operation Manual V1.1

Configure ONT ont-autofind list-age time num interface gpon


discovery aging time { all | port_num }

53.2.2 Configure ONT Silent

When the ONT authentication fails, it will enter a silent state. During the silent period, the OLT

does not process the SN reported by the ONT, and this function is disabled by default.
Operation Command Remarks
Enter system view system-view
Enable authentication ont-silent auth-fail interface gpon { all |
failure ONT silence port_num }
Configure the ONT ont-silent auth-fail time num interface gpon { all
silent time for | port_num }
authentication failure
Enable the offline ONT ont-silent offline interface gpon { all | port_num }
silence function
Configure the offline ont-silent offline time num interface gpon { all |
ONT silent time port_num }

397
GPON OLT Operation Manual V1.1

Chapter 54 Configure ONT

Profile

54.1 ONT Profile Overview

ONT profile configuration can be used to uniformly configure ONTs. It is divided into eight

profiles: alarm profile, DBA profile, downstream profile, line profile, multicast profile, rule profile,

upstream profile, and specific profile.

54.2 Configure Alarm Profile

The Alarm profile is used to configure the alarm threshold for ONT transmission and reception.

After binding the alarm profile to the ONT line profile, a corresponding alarm will be generated

when the ONT transmission and reception light exceeds the range.
Operation Command Remarks
Enter system view system-view
Enter alarm profile alarm-profile { index [ name name ] | name
view name }
Configure TX power opm tx-threshold high tx_power low tx_power
alarm
Configure RX power opm rx-threshold high tx_power low tx_power
alarm
Delete optical power undo opm { tx-threshold | rx-threshold }
alarm

398
GPON OLT Operation Manual V1.1

Save alarm profile commit

Display alarm profile display alarm-profile { index | name name }

Display alarm profile display alarm-profile bound-info { all | index }


bind info

54.3 Configure DBA Profile

The DBA profile is used to configure the upstream dynamic bandwidth. According to the GPON

standard, they are TYPE1 (fixed bandwidth), TYPE2 (assured bandwidth), TYPE3 (assured

bandwidth + maximum bandwidth), TYPE4 (maximum bandwidth), and TYPE5 (mixed

bandwidth).
Operation Command Remarks
Enter system view system-view
Enter DBA profile view dba-profile { index [ name name ] | name
name }
Configure type 1 type 1 fix fixed_bw [ method sr ]

Configure type 2 type 2 assured assured_bw [ method sr ]

Configure type 3 type 3 assured assured_bw max max_bw


[ method sr ]
Configure type 4 type 4 max max_bw [ method sr ]

Configure type 5 type 5 fix fixed_bw assured assured_bw max


max_bw [ method sr ]
Save DBA configuration commit
Display DBA profile display dba-profile { index | name name }

Display DBA profile bind display dba-profile bound-info { all | index }


info

54.4 Configure Downstream Profile

399
GPON OLT Operation Manual V1.1

The Downstream profile is used to configure the ONT downstream rate limit. When referencing

this template, you need to set qos-mode to gem-car mode in the line template.
Operation Command Remarks
Enter system view system-view
Create\Enter Downstream downstream-profile { index [ name name ] |
profile name name }
Configure the downstream downstream car bandwidth bandwidth
bandwidth
Display downstream profile display downstream-profile { index | name
name }
Display downstream bind display downstream-profile bound-info
information { all | index }

54.5 Configure Line Profile

Line profile is used to configure related parameters such as ONT service flow mapping mode
and service flow processing strategy.
Operation Command Remarks
Enter system view system-view
Creat\Enter line profile line-profile { index [ name name ] | name
name }
Configure ONT model model ont_model Required

Configure tcont tcont num dba-profile { num | name name } Required

Configure gemport gem num tcont num [ encrypt | Required


priority-queue queue | downstream-profile
index | upstream-profile index | vlan-profile
index ]
Configure stream mapping mapping mode { port port-priority | Default VLAN mapping
mode port-vlan | port-vlan-priority | priority | vlan
| vlan-priority }

400
GPON OLT Operation Manual V1.1

Configure flow mapping mapping index { vlan vlan | priority pri | port Required
{ eth eth | veip | iphost } } gem index
Configure flow processing port vlan num { eth num | iphost | ont }
policies { default vlan num [ pri ] | transparent | vlan
num { trunk | q-in-q | translate } [ vlan num
[pri ] } }
Configure multicast multicast downstream { tag num [ port num
downstream policies | pri ] | untag [ port num ] | translate vlan
[ port num | pri ] }
Disable the ONT multicast multicast fast-leave disable [ port num ]
fast leave
Configure multicast group multicast group-limit num [ port num ]
limit
Configure ONT multicast multicast mode { igmp-snooping |
mode olt-control } [ port num ]
Configure multicast multicast upstream { tag num [ port num |
upstream pri ] | translate vlan [ port num | pri ] }
Enable ONT FEC\ring ont { fec | ring check }
check
DIsable port isolation ont port-switch

Configure ONT flow confrol ont flow-control [ port num ]

Configure the maximum ont mac-address-table max-mac-count


number of MAC learning num [ port num ]
on the ONT.
Shutdown ONT CATV port ont shutdown ont_id catv-port num

Configure Qos mode qos-mode { gem-car | priority-queue }

Configure ONT port rate port num egress cir cir pir pir cbs cbs pbs
limit pbs
Bind alarm\multicast profile bind { alarm-profile | multicast-profile }
{ index | name }
Save configuration commit

401
GPON OLT Operation Manual V1.1

Display line profile display line-profile { index | name name }

Display line profile bind display line-profile bound-info { all | index }


information

54.6 Configure Multicast Profile

The Multicast profile is used to configure parameters corresponding to controllable multicast.

The multicast group access control permission currently supports two modes: preview and

permit.
Operation Command Remarks
Enter system view system-view
Creat\enter multicast multicast-profile { index [ name name ] |
profile name name }
Configure multicast control multicast control index index permit
permit mode mcast-ip ip [ end_ip | bandwidth bandtidth |
port port | source-ip ip | vlan vlan ]
Configure multicast control multicast control index index preview
preview mode mcast-ip ip [ end_ip | bandwidth bandtidth |
port port | source-ip ip | vlan vlan ]
Configure multicast control multicast control index index preview
parameters mcast-ip ip [ permit-times num reset-time
num time-interval num time-once num ]
Save configuration commit

Display multicast profile display multicast-profile { index | name


name }
Display multicast profile display multicast-profile bound-info { all |
bind information index }

54.7 Configure Rule Profile

402
GPON OLT Operation Manual V1.1

The rule profile is used to configure ONTs to register, allowing ONTs that match the rules to

register and deliver the corresponding line profile configuration. Once-on discovery mode

means that after the template configuration is completed, the ONT must register within the

specified time, and the ONT is not allowed to authenticate after the timeout.

The activation process of the ONU is controlled by the OLT, and the activation process is

roughly as follows:

1. The ONU receives the working parameters through the Upstream_Overhead message;

2. The ONU adjusts its own parameters (such as transmit optical power) according to the

received working parameters;

3. The OLT finds the serial number of the new ONU through the Serial_Number Acquisition

process;

4. The OLT assigns ONU-IDs to all new ONUs;

5. The OLT measures the equalization delay of the new ONU;

6. The OLT transmits the measured equalization delay to the ONU;

7. The ONU adjusts the sending starting point of its upstream frame according to the

equalization delay;

The above activation process is accomplished by exchanging uplink and downlink flags and

PLOAM messages.
Operation Command Remarks
Enter system view system-view
Creat\enter rule profile rule-profile { index [ name name ] | name
name }
Configure LOID loid-auth loid [ checkcode-auth code ]

403
GPON OLT Operation Manual V1.1

authentication line-profile index [ once-on { aging-time time |


no-aging } ]
Configure password password-auth { string string | hex hex }
authentication line-profile index [ once-on [ aging-time time |
no-aging ]]
Configure SN sn-auth { string-hex sn | hex hex }
authentication [ password-auth { string string | hex hex } ]
line-profile index
Save configuration commit

Display rule profile display rule-profile { index | name name }


Display the number of rule display rule-profile count interface gpon
profile. { port_list | all }
Display rule profile display rule-profile registered { sn
information of the { string-hex sn | hex hex } | loid loid | interface
registered ONT. gpon { all | pon_id } }
Display rule profile display rule-profile unregistered { sn
information of the { string-hex sn | hex hex } | loid loid | interface
unregistered ONT. gpon { all | pon_id } }
Display ONT rule profile display rule-profile register-info { sn
information { string-hex sn | hex hex } | loid loid | interface
gpon { all | pon_id } }

54.8 Configure Specific Profile

The specific profile is used to configure ONT-specific configuration. When the specific template

conflicts with the configuration in the line profile, the configuration of the specific template

takes effect.
Operation Command Remarks
Enter system view system-view
Creat\enter specific profile specific-profile { index [ name name ] |

404
GPON OLT Operation Manual V1.1

name name }

Bind alarm profile or bind { alarm-profile | multicast-profile }


multicast profile { index [ name name ] | name name }
Configure ONT description description description

Configure gemport gem num tcont num [ encrypt |


priority-queue queue |
downstream-profile index |
upstream-profile index | vlan-profile
index ]
Configure dynamic IP ip-config mode dhcp vlan vlan [ pri ] host
host
Configure static IP ip-config mode static ip-address ip mask
mask gateway gateway primary-dns dns1
secondary-dns dns2 vlan vlan [ pri ]
Configure port speed ont neg-mode speed { 10 | 100 | 1000 |
auto } duplex { half | full | auto } [ port
num ]
Configure ONT ranging ont ranging-balance { increase |
balance decrease } num
Shutdown ONT CATV port ont shutdown { ont_id catv-port num |
catv-port num | port num }
Configure CATV mode ont catv-agc mode { rf-based |
optical-based } { increase | decrease }
num catv-port num
Configure PoE max power poe max-power power port num

Configure PoE priority poe priority { critical | high | low } port


num
Shutdown PoE poe shutdown port num

Configure SIP sip agent proxy-server ip


proxy-server [ outbound-proxy ip | registrar-server ip |
signal-port port ]

405
GPON OLT Operation Manual V1.1

Configure SIP digitmap sip digitmap dial-plan-id id


dial-plan-token digitmap
Configure SIP dynamic IP sip user mode dhcp vlan vlan [ pri ] host
host
Configure SIP static IP sip user mode static ip-address ip mask
mask gateway gateway primary-dns dns1
secondary-dns dns2 vlan vlan [ pri ]
Configure SIP account sip user user description description name
and password name password password telno num
Configure tcont tcont num dba-profile { num | name name }

Save configuration commit

Display specific profile display specific-profile { index | name


name }
Display specific profile display specific-profile bound-info { all |
bind information index }

54.9 Configure Upstream Profile

The Upstream profile is used to configure the upstream rate limit of the ONT. When referencing

this template, you need to set qos-mode to gem-car mode in the line profile.
Operation Command Remarks
Enter system view system-view
Creat\enter upstream upstream-profile { index [ name name ] |
profile name name }
Configure ONT upstream upstream car cir cir cbs cbs pir pir pbs pbs

Save configuration commit

Display upstream profile display upstream-profile { index | name


name }
display upstream profile display upstream-profile bound-info { all |

406
GPON OLT Operation Manual V1.1

bind information index }

54.10 Configure VLAN Profile

VLAN profile are used to configure service vlan translation rules. The VLAN profile needs to be

referenced in the line profile or specific profile.


Operation Command Remarks
Enter system view system-view
Enter\creat vlan profile vlan-profile { index [ name name ] | name
name }
Configure vlan add rules add inner-vlan vlan { pri } outer-vlan vlan
{ pri }
Configure default vlan default vlan vlan { pri }
rules
Configure vlan translate translate cvlan vlan { pri } svlan vlan { pri }
rules
Configure vlan translate translate-and-add cvlan vlan svlan vlan
and add rules outer-vlan vlan
Save configuration commit
Display VLAN profile display vlan-profile { index | name name }
Display VLAN profile bind display vlan-profile bound-info { all |
information index }

407
GPON OLT Operation Manual V1.1

Chapter 55 ONT System

Management

55.1 ONT System Management Overview

ONT system management provides ONT management operations, including common


functions such as ONT restart, upgrade, and automatic configuration.

55.2 Configure ONT System Management

55.2.1 ONT Reboot

ONT reboot is used for the OLT to remotely reboot the ONT.
Operation Command Remarks
Enter system view system-view
Reboot ONT ont reboot ont_list

55.2.2 ONT Upgrade

ONT upgrade is used to upgrade the ONT software version. There are two modes for

upgrading the ONT version: immediate and next-startup. Immediate means that after the

software version is loaded into the ONT, the ONT will automatically restart and the software

version will take effect immediately. Next-startup indicates that after the software version is

408
GPON OLT Operation Manual V1.1

loaded into the ONT, the ONT will not restart automatically. You need to manually restart the

software version to take effect.


Operation Command Remarks
Enter system view system-view
Configuring ONT ont upgrade activemode-immediate Effective immediately
upgrade { ont_id | sn { string-hex sn | hex hex } }
Configuring ONT ont upgrade activemode-immediate
Upgrade Filter { include | exclude } { equipment-id id |
software-version version }
Configuring the ONT ont upgrade activemode-immediate timer Take effect after next reboot
upgrade time { xx:xx:xx | xxxx/xx/xx | interval num }
{ ont_id | sn { string-hex sn | hex hex } }
Configuring the ONT ont upgrade activemode-next-stratup
upgrade { include | exclude } { equipment-id id |
software-version version }
Configuring the ONT ont upgrade activemode-next-startup
upgrade time timer { xx:xx:xx | xxxx/xx/xx | interval num }
{ ont_id | sn { string-hex sn | hex hex } }
Display ONT upgrade display ont upgrade-progress { image |
progress ont-configuration } { ont_id | all }

55.2.3 ONT Activation

ONT activation is used to activate the ONT. All ONT IDs are active by default. After the online

ONT is deactivated, the ONT will be forced to go offline. If the discovery function of the PON

port is enabled, you can view the deactivated ONT in the discovery list.
Operation Command Remarks
Enter system view system-view
Active ONT ont active ont_id

409
GPON OLT Operation Manual V1.1

Deactive ONT ont deactive ont_id

55.2.4 ONT Auto-configuration

When ONTs of the same type register in batches, ONT automatic configuration can be

performed. You need to enable the ONT auto-configuration function first, and then configure

the auto-configuration parameters. Different types of ONTs can deliver different line template

configurations based on the Equipment ID.


Operation Command Remarks
Enter system view system-view
Enable ONT ont auto-config
auto-configuration
Configure ONT ont auto-config { name name | num }
auto-configuration { all-ont | equipment-id id } line-profile
parameters { index | auto }

55.2.5 ONT Configuration Reset

This function is used to reset ONT WAN configuration and WIFI configuration. It is a private

protocol and needs ONT support.


Operation Command Remarks
Enter system view system-view
Reset ONT WAN ont restore-factory wan ont_id
configuration
Reset ONT WIFI ont restore-factory wifi ont_id
configuration

55.3 ONT Log Management

ONT log management is used to configure the ONT logging function. Configurable ONT log

410
GPON OLT Operation Manual V1.1

prefix and timestamp.


Operation Command Remarks
Enter system view system-view
Configure the ONT ont-logging ip
log server IP
Enable ONT logging ont-logging buffer { all | ont_id }
Enable ONT log ont-logging monitor { num | all } { all |
printing ont_id }
Configure ONT log ont-logging prefix { sn [ ont_id ] | ont _id
prefix [ sn ] }
Configure ONT log ont-logging timestamps { datetime |
timestamp notime | rfc5424 | uptime }
Display ONT log display ont-logging buffer { all | ont_id }
records
Display ONT log display ont-logging
function

411
GPON OLT Operation Manual V1.1

Chapter 56 Display ONT

Information

56.1 Display ONT Information

Viewing ONT information includes viewing optical power, port statistics, status, and

version information.

56.1.1 Display ONT Optical Power

Operation Command Remarks


Enter system view system-view
Display ONT optical display ont optical-info { ont_id | interface
power gpon { all | ont_list } }

56.1.2 Display ONT Traffic Statistics

Operation Command Remarks


Enter system view system-view
Display ONT traffic display ont statistics performance ont_id
statistics [ port num ]
Display ONT traffic display ont statistics ont_id [ gem
statistics { broadcast | multicast | unicast } | port
num | traffic ]

56.1.3 Display ONT Port Status

Operation Command Remarks

412
GPON OLT Operation Manual V1.1

Enter system view system-view


Display the voice port display ont port-status ont_id pots-port
status num
Display the CATV port display ont port-status ont_id catv-port
status num
Display Ethernet port display ont port-status ont_id port num
status

56.1.4 Display ONT Multicast

Operation Command Remarks


Enter system view system-view
Display ONT multicast display ont multicast ont_id [ port num ]

56.1.5 Display ONT details

Operation Command Remarks


Enter system view system-view
Display all ONT display ont info { ont_id | interface gpon
information { all | pon_list } | sn { string-hex sn | hex
hex } }
Display online\offline display ont info { online | offline } { ont_id |
ONT information interface gpon { all | pon_list } | sn
{ string-hex sn | hex hex } }
Display the number of display ont info count interface gpon { all
ONTs in the PON port | pon_list }
Display the ONT display ont info { active | standby }
information of the { ont_id | interface gpon { all | pon_list } | sn
active and standby { string-hex sn | hex hex } }
PON ports

56.1.6 Display ONT Profile

413
GPON OLT Operation Manual V1.1

Operation Command Remarks


Enter system view system-view
Display ONT profile display ont profile ont_id
information

56.1.7 Display ONT Description

Operation Command Remarks


Enter system view system-view
Display ONT display ont description { onu_list |
description interface gpon { all | pon_list } }

56.1.8 Display ONT Upgrade Status

Operation Command Remarks


Enter system view system-view
Display ONT upgrade display ont upgrade-progress { image |
status ont-configuration } { onu_list | all }

56.1.9 Display ONT Version

Operation Command Remarks


Enter system view system-view
Display ONT version display ont version interface gpon
{ pon_list | all }

56.1.10 Display ONT MAC

Operation Command Remarks


Enter system view system-view
Display ONT MAC display ont mac-address-table { mac |
address ont_id | interface gpon { all | pon_id } }

56.1.11 Display ONT Capability

414
GPON OLT Operation Manual V1.1

Operation Command Remarks


Enter system view system-view
Display ONT display ont capability ont_id
capability

56.1.12 Display ONT PoE Feature

Operation Command Remarks


Enter system view system-view
Display PoE power display ont poe power ont_id port num
Display PoE status display ont poe status ont_id port num

56.1.13 Display Rogue ONT Detection

Operation Command Remarks


Enter system view system-view
Display rogue ONT display ont anti-rogueont config interface
detcetion gpon { pon_list | all }

415

You might also like