0% found this document useful (0 votes)

31 views453 pages

User Manual6615

The User Manual for the SURPASS hiD 6615 R1.0 provides essential safety notices, installation guidelines, and operational instructions for qualified personnel. It includes a comprehensive table of contents detailing various configuration modes, system connections, and network management features. The document is an initial release and spans a total of 454 pages.

Uploaded by

Juan Pablo García Flores

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

31 views453 pages

User Manual6615

Uploaded by

Juan Pablo García Flores

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 453

User Manual

SURPASS hiD 6615 R1.0

UMN : CLI

DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Important Notice on Product Safety

Elevated voltages are inevitably present at specific points in this electrical equipment. Some of the
parts may also have elevated operating temperatures.

Non-observance of these conditions and the safety instructions can result in personal injury or in
property damage.

Therefore, only trained and qualified personnel may install and maintain the system.

The system complies with the standard EN 60950-1 / IEC 60950-1. All equipment connected has to
comply with the applicable safety standards.

The same text in German:

Wichtiger Hinweis zur Produktsicherheit

In elektrischen Anlagen stehen zwangsläufig bestimmte Teile der Geräte unter Spannung. Einige
Teile können auch eine hohe Betriebstemperatur aufweisen.

Eine Nichtbeachtung dieser Situation und der Warnungshinweise kann zu Körperverletzungen und
Sachschäden führen.

Deshalb wird vorausgesetzt, dass nur geschultes und qualifiziertes Personal die Anlagen installiert
und wartet.

Das System entspricht den Anforderungen der EN 60950-1 / IEC 60950-1. Angeschlossene Geräte
müssen die zutreffenden Sicherheitsbestimmungen erfüllen.

Trademarks:

All designations used in this document can be trademarks, the use of which by third parties for their
own purposes could violate the rights of their owners.

Copyright (C) Siemens AG 2005.

Issued by the Communications Group
Hofmannstraße 51
D-81359 München

Technical modifications possible.

Technical specifications and features are binding only insofar as
they are specifically and expressly agreed upon in a written contract.

2 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Reason for Update

Summary: Initial Release

Details:

Chapter/Section Reason for Update

All Initial Release

Issue History
Issue Date of Reason for Update

Number Issue

1 2005-10-21 Initial Release

3 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

This document consists of a total of 454 pages. All pages are Issue 1.

Contents
1. Preface ............................................................................................................................................ 24

1.1. Document Organization................................................................................................................... 24

1.2. Document Convention ..................................................................................................................... 25

1.3. Document Notation.......................................................................................................................... 25

2. Product Introduction ........................................................................................................................ 27

2.1. Features .......................................................................................................................................... 28

3. Using Command.............................................................................................................................. 32

3.1. Command Mode .............................................................................................................................. 32

3.1.1. Privilege Exec View Mode ............................................................................................................... 33

3.1.2. Privilege Exec Enable Mode............................................................................................................ 33

3.1.3. Global Configuration Mode .............................................................................................................. 34

3.1.4. Rule Configuration Mode................................................................................................................. 35

3.1.5. DHCP Configuration Mode .............................................................................................................. 36

3.1.6. DHCP Option-82 Configuration Mode ............................................................................................. 37

3.1.7. Rmon Configuration Mode............................................................................................................... 37

3.1.8. PIM Configuration Mode.................................................................................................................. 38

3.1.9. VRRP Configuration Mode .............................................................................................................. 38

3.1.10. Bridge Configuration Mode .............................................................................................................. 39

3.1.11. Interface Configuration Mode .......................................................................................................... 40

3.1.12. Router Configuration Mode ............................................................................................................. 40

3.1.13. Route-Map Configuration Mode....................................................................................................... 41

3.2. Useful Tips....................................................................................................................................... 42

3.2.1. Listing Available Command ............................................................................................................. 42

3.2.2. Calling Command History................................................................................................................ 44

3.2.3. Using Abbreviation........................................................................................................................... 45

3.2.4. Using Privilege Exec Enable Mode Command ................................................................................ 45

3.2.5. Moving to the Other Mode ............................................................................................................... 45

4. System Connection and IP Address ................................................................................................ 47

4.1. System Connection ......................................................................................................................... 47

4.1.1. System Login................................................................................................................................... 47

4.1.2. Changing Login Password............................................................................................................... 49

4.1.3. Configuring password for Privilege Exec Enable Mode ................................................................... 50

4.1.4. Configuring Auto-logout Function .................................................................................................... 52

4 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.1.5. Managing the user’s account ...........................................................................................................53

4.1.5.1. Adding the user’s account................................................................................................................54

4.1.5.2. Configuring the user’s right ..............................................................................................................54

4.1.5.3. Sample Configuration ......................................................................................................................58

4.1.6. Limiting the number of users............................................................................................................59

4.1.7. Telnet Access ...................................................................................................................................60

4.1.8. Disconnecting Telnet Access............................................................................................................60

4.1.9. System Rebooting............................................................................................................................61

4.1.9.1. Passive System Rebooting ..............................................................................................................61

4.1.9.2. Auto System Rebooting ...................................................................................................................62

4.1.10. System Logout .................................................................................................................................63

4.2. Assigning IP Address .......................................................................................................................64

4.2.1. Enabling Interface ............................................................................................................................64

4.2.1.1. On Interface Configuration Mode .....................................................................................................65

4.2.1.2. On Interface Configuration Mode .....................................................................................................65

4.2.2. Assigning IP Address to Network Interface ......................................................................................66

4.2.3. Configuring Static Route and Default Gateway................................................................................66

4.2.4. Checking Interface Status ................................................................................................................68

4.2.5. Sample Configuration ......................................................................................................................68

4.3. SSH .................................................................................................................................................69

4.3.1. Operating SSH Server .....................................................................................................................69

4.3.1.1. Enabling SSH Server .......................................................................................................................70

4.3.1.2. Viewing On-line Clients ....................................................................................................................70

4.3.1.3. Disconnecting Clients ......................................................................................................................70

4.3.1.4. Checking Connection History of Client.............................................................................................71

4.3.2. Using Client .....................................................................................................................................71

4.3.2.1. Login to SSH Server ........................................................................................................................71

4.3.2.2. File Copy..........................................................................................................................................72

4.3.2.3. Configuring Authentication Key........................................................................................................72

4.4. 802.1x Authentication.......................................................................................................................73

4.4.1. 802.1x authentication.......................................................................................................................75

4.4.1.1. Enabling 802.1x ...............................................................................................................................75

4.4.1.2. Configuring RADIUS Server ............................................................................................................75

4.4.1.3. Configuring the Authentication Mode ...............................................................................................77

4.4.1.4. Configuring the Authentication Port..................................................................................................77

4.4.1.5. Configuring the Status of Port ..........................................................................................................77

4.4.1.6. Configuring the interval for retransmitting Request/Identity packet ..................................................78

5 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.4.1.7. Configuring the Number of Request to RADIUS server...................................................................78

4.4.1.8. Configuring the Interval of Request to RADIUS server....................................................................79

4.4.2. 802.1x re-authentication .................................................................................................................. 80

4.4.2.1. Enabling 802.1x Re-authentication.................................................................................................. 80

4.4.2.2. Configuring the interval of re-authentication .................................................................................... 80

4.4.2.3. Configuring the interval of requesting re-authentication .................................................................. 81

4.4.2.4. 802.1x Re-authenticating................................................................................................................. 81

4.4.3. Initializing the authentication status ................................................................................................. 82

4.4.4. Applying the default value ............................................................................................................... 82

4.4.5. Showing 802.1x configuration ......................................................................................................... 82

4.4.6. Showing and deleting 802.1x user authentication statistics............................................................. 83

4.4.7. Sample Configuration ...................................................................................................................... 83

4.5. System Authentication ..................................................................................................................... 85

4.5.1. Configuring Authorization Method.................................................................................................... 86

4.5.2. Designating Authentication Interface ............................................................................................... 86

4.5.3. Configuring Priority of Authorization Method ...................................................................................87

4.5.4. Checking Configured Priority of Authorization Method ....................................................................87

4.5.5. Configuring RADIUS........................................................................................................................ 88

4.5.5.1. Configuring RADIUS Server ............................................................................................................ 88

4.5.5.2. Configuring the Priority for RADIUS server .....................................................................................88

4.5.5.3. Configuring Frequency of Retransmit .............................................................................................. 89

4.5.5.4. Configuring Timeout of Response ................................................................................................... 89

4.5.6. Configuring TACACS+..................................................................................................................... 90

4.5.6.1. Configuring TACACS Server ........................................................................................................... 90

4.5.6.2. Configuring the Priority for TACACS server.....................................................................................91

4.5.6.3. Selecting Authorization Type ........................................................................................................... 91

4.5.6.4. Configuring Timeout of Response ................................................................................................... 91

4.5.6.5. Configuring Client Priority................................................................................................................ 92

4.5.7. Recording User’s Configuration....................................................................................................... 92

4.5.8. Sample Configuration ...................................................................................................................... 92

5. Port Basic Configuration.................................................................................................................. 95

5.1. Port Basic Configuration.................................................................................................................. 95

5.1.1. Selecting Port Type ......................................................................................................................... 96

5.1.2. Activating Port ................................................................................................................................. 97

5.1.3. Configuring Auto-nego..................................................................................................................... 98

5.1.4. Port Transmit Rate........................................................................................................................... 99

5.1.5. Duplex Mode ................................................................................................................................... 99

6 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

5.1.6. Configuring Flow Control ...............................................................................................................100

5.1.7. Description of port..........................................................................................................................101

5.1.8. Viewing Port Statistics....................................................................................................................102

5.1.9. Showing the module information....................................................................................................104

5.1.10. Initializing Port Statistics ................................................................................................................104

5.2. Port Mirroring .................................................................................................................................105

5.2.1. Assigning Monitor Port and Mirrored Port ......................................................................................105

5.2.2. Enabling Port Mirroring ..................................................................................................................106

5.2.3. Showing Configuration of Port Mirroring ........................................................................................107

5.2.4. Sample Configuration ....................................................................................................................107

6. System Environment......................................................................................................................109

6.1. Environment Configuration ............................................................................................................109

6.1.1. Host Name.....................................................................................................................................109

6.1.2. Date and Time ...............................................................................................................................110

6.1.3. Time-zone ......................................................................................................................................110

6.1.4. NTP................................................................................................................................................112

6.1.5. SNTP .............................................................................................................................................113

6.1.6. Output Condition of Terminal Screen .............................................................................................114

6.1.7. DNS Server....................................................................................................................................115

6.1.8. Login Banner .................................................................................................................................118

6.1.9. Fan Operation ................................................................................................................................120

6.1.10. Stopping the demon operation .......................................................................................................121

6.2. Configuration Management............................................................................................................122

6.2.1. Checking Switch Configuration ......................................................................................................122

6.2.2. Saving Configuration......................................................................................................................123

6.2.3. Auto-Saving ...................................................................................................................................123

6.2.4. Reloading.......................................................................................................................................124

6.2.5. Configuration Backup.....................................................................................................................124

6.3. System Check................................................................................................................................126

6.3.1. Checking Network Connection.......................................................................................................127

6.3.2. IP ICMP Source-routing Function ..................................................................................................129

6.3.3. Tracing Packet Route ....................................................................................................................131

6.3.4. Checking Accessed User through Telnet .......................................................................................132

6.3.5. Showing MAC table .......................................................................................................................132

6.3.6. Configuring Ageing time.................................................................................................................133

6.3.7. Viewing Running Time of Switch....................................................................................................133

6.3.8. Showing System Information .........................................................................................................134

7 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

6.3.9. Checking Average of CPU Utilization ............................................................................................134

6.3.10. Checking CPU Process ................................................................................................................. 134

6.3.11. Viewing Utilization of Memory........................................................................................................ 134

6.3.12. Viewing Version of System Image ................................................................................................. 135

6.3.13. Viewing Size of System Image File ............................................................................................... 135

6.3.14. Checking Installed OS ................................................................................................................... 135

6.3.15. Configuring Default OS(※Supporting certain products) ................................................................ 136

6.3.16. Checking Switch Status ................................................................................................................. 138

6.3.17. Checking Tech-support .................................................................................................................. 138

7. Network Management ................................................................................................................... 139

7.1. SNMP ............................................................................................................................................ 139

7.1.1. Configuring SNMP v1 Community ................................................................................................. 140

7.1.2. Configuring Accessed Person and Location of SNMP Agent......................................................... 142

7.1.3. Configuring SNMP v2c Com2sec .................................................................................................. 143

7.1.4. Configuring Group ......................................................................................................................... 144

7.1.5. Limiting Open Range of OID ......................................................................................................... 144

7.1.6. Access Right for Limited OID ........................................................................................................ 146

7.1.7. Configuring SNMP v3 User............................................................................................................ 147

7.1.8. Configuring SNMP Trap................................................................................................................. 148

7.1.8.1. Configuring SNMP Trap-host......................................................................................................... 148

7.1.8.2. Configuring SNMP Trap................................................................................................................. 150

7.1.9. Configuring Type of Alarm Notifications ......................................................................................... 154

7.1.9.1. Enabling Alarm Notification............................................................................................................ 154

7.1.9.2. Configuring General Alarm Notification.......................................................................................... 155

7.1.9.3. Configuring Alarm Notification with the Severity ............................................................................ 156

7.1.10. Configuring IP Address of SNMP Agent......................................................................................... 162

7.1.11. Checking SNMP Configuration ...................................................................................................... 163

7.1.12. Disable SNMP ............................................................................................................................... 163

7.2. Configuring OAM ........................................................................................................................... 163

7.2.1. Configuring OAM Loopback .......................................................................................................... 164

7.2.1.1. OAM Loopback.............................................................................................................................. 164

7.2.1.2. Configuring Local OAM Mode ....................................................................................................... 165

7.2.1.3. Configuring Unidirection ................................................................................................................ 165

7.2.2. Configuring Remote OAM ............................................................................................................. 165

7.2.3. Showing OAM Configuration ......................................................................................................... 167

7.3. Configuring LLDP .......................................................................................................................... 168

7.3.1. How to operate LLDP .................................................................................................................... 168

8 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.3.1.1. LLDP operation ..............................................................................................................................168

7.3.2. Configuring LLDP...........................................................................................................................168

7.3.2.1. How to LLDP operation..................................................................................................................169

7.3.2.2. Configuring Basic TLV....................................................................................................................169

7.3.2.3. Receiving LLDP message..............................................................................................................170

7.3.2.4. Configuring Reinitdelay..................................................................................................................170

7.3.2.5. Configuring Delay time of transmitting LLDP frame .......................................................................170

7.3.2.6. Showing LLDP configuration..........................................................................................................171

7.3.2.7. Showing LLDP statistics ................................................................................................................171

7.3.2.8. Showing the statistics of Remote entry ..........................................................................................171

7.3.3. Sample Configuration ....................................................................................................................172

7.4. RMON............................................................................................................................................176

7.4.1. Configuring RMON History ............................................................................................................176

7.4.1.1. Assigning Source Port of Statistical Data .......................................................................................178

7.4.1.2. Identifying Subject of RMON History..............................................................................................178

7.4.1.3. Configuring Number of Sample Data .............................................................................................179

7.4.1.4. Configuring Interval of Sample Inquiry ...........................................................................................179

7.4.1.5. Activating RMON History ...............................................................................................................180

7.4.1.6. Deleting and Changing Configuration of RMON History ................................................................180

7.4.2. Configuring RMON Alarm ..............................................................................................................181

7.4.2.1. Identifying Subject of RMON Alarm................................................................................................182

7.4.2.2. Configuring Object of Sample Inquiry ............................................................................................183

7.4.2.3. Configuring Absolute Comparison and Delta Comparison. ............................................................183

7.4.2.4. Configuring Upper Bound of Threshold..........................................................................................184

7.4.2.5. Configuring Lower Bound of Threshold..........................................................................................185

7.4.2.6. Configuring Standard of the First Alarm .........................................................................................185

7.4.2.7. Configuring Interval of Sample Inquiry ...........................................................................................186

7.4.2.8. Activating RMON Alarm .................................................................................................................187

7.4.2.9. Deleting RMON Alarm and Changing Configuration ......................................................................187

7.4.3. Configuring RMON Event ..............................................................................................................188

7.4.3.1. Configuring Event Community .......................................................................................................189

7.4.3.2. Event Description...........................................................................................................................189

7.4.3.3. Identifying Subject of Event ...........................................................................................................190

7.4.3.4. Configuring Event Type..................................................................................................................190

7.4.3.5. Activating Event .............................................................................................................................191

7.4.3.6. Deleting RMON Event and Changing Configuration ......................................................................191

7.5. Syslog ............................................................................................................................................192

9 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.5.1. Configuring Level of Syslog Message ........................................................................................... 192

7.5.2. Configuring System Facility ........................................................................................................... 194

7.5.3. Configuring Syslog Message Priority............................................................................................. 194

7.5.4. Disabling Syslog ............................................................................................................................ 196

7.5.5. Showing Syslog configuration ....................................................................................................... 197

7.5.6. Designating IP Address of Syslog Message .................................................................................. 197

7.5.7. Checking Debug Message from Remote....................................................................................... 198

7.5.8. Configuring Threshold of CPU Utilization ...................................................................................... 199

7.5.9. Configuring Threshold of Port Traffic ............................................................................................. 200

7.5.10. Configuration Threshold of Fan ..................................................................................................... 201

7.5.11. Configuration Threshold of Temperature ....................................................................................... 202

7.6. Configuring Rule and QoS............................................................................................................. 203

7.6.1. How to Operate Rule and QoS ...................................................................................................... 203

7.6.1.1. Creating Rule................................................................................................................................. 204

7.6.1.2. Configuring the priority .................................................................................................................. 205

7.6.1.3. Configuring the condition for the packets....................................................................................... 205

7.6.1.4. Configuring Rule Operation ........................................................................................................... 207

7.6.1.5. Configuring Cos value and Tos value ............................................................................................208

7.6.1.6. Packet Counter.............................................................................................................................. 210

7.6.1.7. Saving Rule ................................................................................................................................... 211

7.6.1.8. Checking Rule Profile .................................................................................................................... 211

7.6.1.9. Modifying Rule............................................................................................................................... 211

7.6.1.10. Deleting Rule ................................................................................................................................. 211

7.6.2. Configuring QoS ............................................................................................................................ 212

7.6.2.1. Configuring QoS map .................................................................................................................... 212

7.6.2.2. Configuring Scheduling Method..................................................................................................... 213

7.6.2.3. Setting Weight ............................................................................................................................... 215

7.6.2.4. User-defined Setting for CPU Packet ............................................................................................215

7.6.2.5. Displaying QoS Setting.................................................................................................................. 216

7.6.3. Admin access rule ......................................................................................................................... 216

7.6.3.1. Creating Admin access rule ........................................................................................................... 216

7.6.3.2. Configuring the priority .................................................................................................................. 217

7.6.3.3. Configuring the condition for the packet ........................................................................................ 217

7.6.3.4. Configuring the operation of Admin access rule ............................................................................ 218

7.6.3.5. Saving Admin access rule ............................................................................................................. 219

7.6.3.6. Checking Admin access rule Profile .............................................................................................. 220

7.6.3.7. Modifying Admin-access-rule......................................................................................................... 220

10 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.6.3.8. Deleting Admin access rule............................................................................................................220

7.6.4. Sample Configuration ....................................................................................................................220

7.7. NetBIOS Filtering ...........................................................................................................................227

7.8. DHCP Server Packet Filtering........................................................................................................228

7.9. Martian Filtering .............................................................................................................................230

7.10. MAC Filtering .................................................................................................................................231

7.10.1. Configuring Default Policy of MAC Filtering ...................................................................................231

7.10.2. Adding Policy of MAC Filter ...........................................................................................................232

7.10.3. Deleting MAC Filtering Policy ........................................................................................................233

7.10.4. Listing of MAC Filtering Policy .......................................................................................................234

7.11. Configuring Max Host ....................................................................................................................234

7.11.1. Configuring Max-hosts ...................................................................................................................234

7.11.2. Configuring Max-new-hosts ...........................................................................................................235

7.12. Managing MAC Table.....................................................................................................................238

7.13. Configuring ARP Table ...................................................................................................................239

7.14. ARP-Alias ......................................................................................................................................241

7.15. Proxy-ARP .....................................................................................................................................243

7.16. Configuring Gratuitous ARP...........................................................................................................244

7.17. ICMP Message Control..................................................................................................................245

7.17.1. Blocking Echo Reply Message ......................................................................................................246

7.17.2. Configuring Interval to Transmit ICMP Message............................................................................247

7.17.3. Transmitting ICMP Redirect Message............................................................................................250

7.18. IP TCP flag control .........................................................................................................................251

7.18.1. RST Configuration .........................................................................................................................251

7.18.2. SYN Configuration .........................................................................................................................252

7.19. Displaying the usage of the packet routing table............................................................................253

8. System Main Function ...................................................................................................................254

8.1. VLAN(Virtual Local Area Network) .................................................................................................255

8.1.1. Default VLAN .................................................................................................................................257

8.1.2. Configuring VLAN based on the port .............................................................................................258

8.1.2.1. Making VLAN .................................................................................................................................258

8.1.2.2. Specifying PVID .............................................................................................................................259

8.1.2.3. Assigning and deleting port............................................................................................................259

8.1.2.4. Describing VLAN............................................................................................................................260

8.1.2.5. Releasing VLAN function ...............................................................................................................260

8.1.3. Configuring VLAN based on protocol.............................................................................................261

8.1.4. Configuring VLAN based on MAC address....................................................................................261

11 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.1.5. Configuring VLAN based on Subnet.............................................................................................. 262

8.1.6. Configuring QinQ........................................................................................................................... 262

8.1.6.1. Configuring QinQ........................................................................................................................... 264

8.1.6.2. Configuring the kind of TPID.......................................................................................................... 264

8.1.6.3. Releasing QinQ ............................................................................................................................. 264

8.1.7. Configuring Shared-VLAN in Layer 2 dedicated switch ................................................................. 265

8.1.8. Configuring Port Isolation .............................................................................................................. 268

8.1.9. Showing the configuration for VLAN.............................................................................................. 268

8.1.10. Sample Configuration .................................................................................................................... 269

8.2. Link aggregation ............................................................................................................................ 274

8.2.1. Port trunk ....................................................................................................................................... 275

8.2.1.1. Configuring Port Trunk................................................................................................................... 275

8.2.1.2. Releasing Port Trunking ................................................................................................................ 276

8.2.1.3. Showing Port Trunk Configuration ................................................................................................. 277

8.2.2. Configuring LACP.......................................................................................................................... 277

8.2.2.1. Enabling LACP .............................................................................................................................. 278

8.2.2.2. Configuring Packet Route.............................................................................................................. 278

8.2.2.3. Configuring Member Port .............................................................................................................. 279

8.2.2.4. Configuring Operating Mode of Member Port ................................................................................ 279

8.2.2.5. Configuring the priority of the switch.............................................................................................. 280

8.2.2.6. Deciding if LACP of member port is aggregated............................................................................281

8.2.2.7. Configuring BPDU Transmission Rate........................................................................................... 282

8.2.2.8. Configuring Key of Member Port ................................................................................................... 282

8.2.2.9. Configuring Port Priority ................................................................................................................ 284

8.2.2.10. Checking LACP Statistics .............................................................................................................. 284

8.2.2.11. Showing LACP Configuration ........................................................................................................ 285

8.2.3. Sample Configuration .................................................................................................................... 285

8.3. Configuring STP ............................................................................................................................ 289

8.3.1. STP Operation............................................................................................................................... 290

8.3.2. RSTP Operation ............................................................................................................................ 293

8.3.2.1. Port States ..................................................................................................................................... 293

8.3.2.2. BPDU Policy .................................................................................................................................. 294

8.3.2.3. Rapid Network Convergence......................................................................................................... 295

8.3.2.4. Comparability with 802.1d ............................................................................................................. 298

8.3.3. PVSTP and MSTP......................................................................................................................... 298

8.3.3.1. Operation....................................................................................................................................... 299

8.3.3.2. MSTP ............................................................................................................................................ 300

12 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.3.4. Configuring STP/RSTP/MSTP/PVSTP/PVRSTP mode .................................................................302

8.3.5. Configuring STP/RSTP/MSTP .......................................................................................................303

8.3.5.1. Activating STP/RSTP/MSTP..........................................................................................................303

8.3.5.2. Configuring Root ............................................................................................................................303

8.3.5.3. Configuring Path-cost ....................................................................................................................304

8.3.5.4. Configuring Port-priority .................................................................................................................305

8.3.5.5. Configuring Edge-port....................................................................................................................306

8.3.5.6. Configuring Point-to-point-mac ......................................................................................................306

8.3.5.7. Configuring MST Region................................................................................................................307

8.3.5.8. Showing the configuration..............................................................................................................308

8.3.6. Configuring PVSTP/PVRSTP ........................................................................................................309

8.3.6.1. Activating PVST/PVRSTP..............................................................................................................309

8.3.6.2. Configuring Root ............................................................................................................................310

8.3.6.3. Configuring Path-cost ....................................................................................................................310

8.3.6.4. Configuring Port-priority .................................................................................................................311

8.3.7. Configuring Root-Guard.................................................................................................................311

8.3.8. Configuring Restarting Protocol Migration .....................................................................................312

8.3.9. BPDU Configuration.......................................................................................................................313

8.3.9.1. Hello time.......................................................................................................................................314

8.3.9.2. Forward Delay ...............................................................................................................................314

8.3.9.3. Max age .........................................................................................................................................315

8.3.9.4. BPDU Hop .....................................................................................................................................315

8.3.9.5. Configuring BPDU Filter.................................................................................................................316

8.3.9.6. Configuring BPDU Guard...............................................................................................................316

8.3.9.7. Showing BPDU configuration.........................................................................................................318

8.3.10. Self Loop detection ........................................................................................................................318

8.3.11. Sample Configuration ....................................................................................................................319

8.4. Configuring ERP ............................................................................................................................322

8.4.1. ERP Operation...............................................................................................................................322

8.4.2. LOTP .............................................................................................................................................324

8.4.3. Configuring ERP ............................................................................................................................324

8.4.3.1. Configuring ERP Domain ...............................................................................................................324

8.4.3.2. Configuring RM Node ....................................................................................................................325

8.4.3.3. Configuring Port .............................................................................................................................325

8.4.3.4. Configuring Protected VLAN..........................................................................................................326

8.4.3.5. Configuring Protected Activation ....................................................................................................326

8.4.3.6. Configuring Manual Switch to Secondary ......................................................................................326

13 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.4.3.7. Configuring Wait-to-Restore Time ................................................................................................. 327

8.4.3.8. Configuring Learning Disable Time................................................................................................ 327

8.4.3.9. Configuring Test Packet Interval .................................................................................................... 327

8.4.3.10. Checking ERP Configuration ......................................................................................................... 328

8.5. Stacking ......................................................................................................................................... 333

8.5.1. Configuring switch group ............................................................................................................... 334

8.5.2. Designating Master switch............................................................................................................. 334

8.5.3. Designating Slave Switch .............................................................................................................. 334

8.5.4. Relesing Stakcing .......................................................................................................................... 335

8.5.5. Showing Stacking Configuration .................................................................................................... 335

8.5.6. Accessing to Slave switch from Master switch .............................................................................. 335

8.5.7. Sample Configuration .................................................................................................................... 335

8.6. Rate Limit ...................................................................................................................................... 338

8.6.1. Configuring Rate Limit ................................................................................................................... 338

8.6.2. Sample Configuration .................................................................................................................... 338

8.7. Flood-Guard .................................................................................................................................. 339

8.7.1. Configuring Flood-Guard ............................................................................................................... 340

8.7.2. Sample Configuration .................................................................................................................... 340

8.8. IP IGMP(Internet Group Management Protocol)............................................................................ 341

8.8.1. IGMP Snooping ............................................................................................................................. 342

8.8.2. IGMP Snooping Querier ................................................................................................................ 343

8.8.3. Fast-leave...................................................................................................................................... 344

8.8.4. Time to Register in Multicast Group............................................................................................... 344

8.8.5. Configuring Multicast Router Path ................................................................................................. 346

8.8.6. Multicast Packet Filtering............................................................................................................... 346

8.8.7. IGMP Packet Filtering.................................................................................................................... 348

8.8.8. Registering in Multicast Group....................................................................................................... 349

8.8.9. Checking IGMP Snooping Table .................................................................................................... 349

8.9. PIM-SM (Protocol Independent Multicast – Sparse Mode) ............................................................350

8.9.1. Enabling PIM-SM........................................................................................................................... 352

8.9.2. Deciding RP .................................................................................................................................. 353

8.9.3. Configuring Static RP .................................................................................................................... 354

8.9.4. Configuring BSR............................................................................................................................ 354

8.9.4.1. Candidate-BSR IP Address ........................................................................................................... 355

8.9.4.2. Candidate-BSR Priority ................................................................................................................. 355

8.9.4.3. Candidate-BSR Hash-mask .......................................................................................................... 356

8.9.5. Configuring RP Information ........................................................................................................... 357

14 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.9.5.1. Candidate-RP IP Address ..............................................................................................................357

8.9.5.2. Registering Multicast Group of Candidate-RP ...............................................................................357

8.9.5.3. Candidate-RP Priority ....................................................................................................................358

8.9.5.4. Interval of Candidate-RP Information Transmit ..............................................................................358

8.9.5.5. Blocking Candidate-RP Message of Another Member ...................................................................360

8.9.5.6. Deleting Candidate-RP information................................................................................................360

8.9.6. Configuring Assert Message Information .......................................................................................362

8.9.6.1. Configuring Metric..........................................................................................................................363

8.9.6.2. Configuring Preference ..................................................................................................................363

8.9.7. Whole-packet-checksum................................................................................................................364

8.9.8. Configuring Interval of Cache-check ..............................................................................................365

8.9.9. Configuring Multicast Routing Table...............................................................................................366

8.9.10. Configuring PIM-SM on Ethernet Interface ....................................................................................367

8.9.10.1. Activating PIM-SM on Ethernet Interface .......................................................................................367

8.9.10.2. Blocking Multicast packet...............................................................................................................368

8.9.10.3. Prohibiting Bootstrap Message ......................................................................................................368

8.9.10.4. Configuring Assert Message Information .......................................................................................369

8.9.11. Viewing PIM-SM Information..........................................................................................................371

8.9.11.1. Multicast Routing Table..................................................................................................................372

8.9.11.2. Checking PIM Neighbor Router .....................................................................................................372

8.9.11.3. RP Table ........................................................................................................................................372

8.9.11.4. PIM-SM on Ethernet Interface .......................................................................................................372

8.9.11.5. Static IP Multicast Routing Table....................................................................................................373

8.9.11.6. PIM Statistics .................................................................................................................................373

8.10. VRRP (Virtual Router Redundancy Protocol).................................................................................374

8.10.1. Configuring VRRP..........................................................................................................................375

8.10.1.1. Assigning Associated IP Address...................................................................................................376

8.10.1.2. Accessing Associated IP address ..................................................................................................376

8.10.1.3. Configuring Master Router and Backup Router .............................................................................376

8.10.2. Configuring VRRP Track function ..................................................................................................379

8.10.3. Configuring Authentication Password ............................................................................................381

8.10.4. Configuring Preempt ......................................................................................................................382

8.10.5. Configuring Advertisement Time ....................................................................................................383

8.10.6. Viewing VRRP Statistics ................................................................................................................384

8.10.7. Clearing VRRP Statistics................................................................................................................384

8.11. Bandwidth ......................................................................................................................................385

8.12. DHCP.............................................................................................................................................385

15 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.12.1. Activating DHCP server ................................................................................................................. 386

8.12.2. IP Pool ........................................................................................................................................... 387

8.12.2.1. Making IP Pool .............................................................................................................................. 387

8.12.2.2. Configuring DHCP Subnet............................................................................................................. 388

8.12.2.3. Configuring Subnet Default Gateway ............................................................................................ 389

8.12.2.4. Configuring IP Address Range ...................................................................................................... 389

8.12.2.5. Configuring the Available Time to Use IP address......................................................................... 390

8.12.2.6. Registering DNS Server ................................................................................................................ 390

8.12.2.7. Assigning IP address manually...................................................................................................... 391

8.12.2.8. Chekcing Lease Data .................................................................................................................... 391

8.12.2.9. Chekcing IP Pool Configuration..................................................................................................... 392

8.12.2.10. Checking Lease Data of each IP Pool ........................................................................................... 393

8.12.3. Blocking the Fixed IP..................................................................................................................... 393

8.12.4. DHCP Packet Filtering................................................................................................................... 394

8.12.5. Registering DNS Server that is common to all IP Pools ................................................................ 395

8.12.6. Configuring IP Available Time that is common to all IP Pools ........................................................ 395

8.12.7. Configuring DHCP Relay Agent..................................................................................................... 396

8.12.7.1. Registering DHCP server .............................................................................................................. 396

8.12.8. Configuring DHCP Snooping ......................................................................................................... 397

8.12.8.1. Configuring DHCP Snooping on the Switch................................................................................... 398

8.12.8.2. Removing IP Address of Entry from DHCP Snooping table........................................................... 398

8.12.8.3. Designating DHCP Snooping port .................................................................................................398

8.12.8.4. Displaying DHCP Snooping table .................................................................................................. 398

8.12.9. Displaying DHCP Packet Statistics................................................................................................ 399

8.12.10. DHCP Option-82............................................................................................................................ 399

8.12.10.1. Enabling DHCP Option-82............................................................................................................. 400

8.12.10.2. Configuring Option-82 Packet Policy ............................................................................................. 401

8.12.10.3. Configuring Remote-ID and the Number of Assigning IP Address................................................. 402

8.12.10.4. Configuring Remote-ID and Pool................................................................................................... 402

8.12.10.5. Remote-ID, Circuit-ID and the Number of Assigning IP Address ................................................... 403

8.12.10.6. Remote-ID, Circuit-ID and Pool ..................................................................................................... 404

8.12.10.7. Configuring System Remote-ID ..................................................................................................... 406

8.12.10.8. DHCP Option 82 Trust ................................................................................................................... 406

8.12.11. Back-up DHCP lease database ..................................................................................................... 407

8.12.12. DHCP Lease Database Reset ....................................................................................................... 407

8.13. Broadcast Storm Control ............................................................................................................... 408

8.14. Jumbo-frame Capacity .................................................................................................................. 409

16 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.15. Blocking Direct Broadcast..............................................................................................................410

8.16. MTU ...............................................................................................................................................411

9. IP Routing Protocol ........................................................................................................................412

9.1. BGP Routing Protocol....................................................................................................................412

9.1.1. Basic Configuration........................................................................................................................412

9.1.1.1. BGP Routing ..................................................................................................................................413

9.1.1.2. Configuring BGP Neighbor Router.................................................................................................413

9.1.1.3. Changing Routing Policy................................................................................................................414

9.1.1.4. Configuring BGP Weights ..............................................................................................................416

9.1.1.5. Aborting AS Route .........................................................................................................................416

9.1.1.6. BGP Route Filtering .......................................................................................................................417

9.1.1.7. AS Route Filtering..........................................................................................................................417

9.1.1.8. BGP Filtering through Prefix Lists ..................................................................................................418

9.1.1.9. Blocking information Transmission to Next Destination .................................................................420

9.1.1.10. Configuring BGP Version ...............................................................................................................421

9.1.2. Advanced Configuration.................................................................................................................421

9.1.2.1. Changing Route through Route Map .............................................................................................422

9.1.2.2. Configuring Aggregate Address .....................................................................................................423

9.1.2.3. Configuring BGP Community Filtering ...........................................................................................423

9.1.2.4. Assigning ID Number for Router ....................................................................................................424

9.1.2.5. Distributing Route to BGP..............................................................................................................424

9.1.2.6. Configuring Confederation of Routing Domain ..............................................................................424

9.1.2.7. Configuring Route Reflector...........................................................................................................425

9.1.2.8. Configurations through Neighbor ...................................................................................................425

9.1.2.9. Deactivating Neighbor Router ........................................................................................................427

9.1.2.10. Configuring Backdoor Route..........................................................................................................427

9.1.2.11. Deciding NLRI Type .......................................................................................................................428

9.1.2.12. Configuring Distance Value............................................................................................................428

9.1.2.13. Configuring BGP Timer ..................................................................................................................428

9.1.2.14. Checking Import Network...............................................................................................................429

9.1.2.15. Configuring the First AS .................................................................................................................429

9.1.2.16. Changing Priority of Local Network................................................................................................429

9.1.2.17. Deciding Route based on Router ID ..............................................................................................430

9.1.2.18. Considering Route without MED as the Worst Route ....................................................................430

9.1.2.19. Deciding AS Route based on MED from ASs.................................................................................430

9.1.2.20. Deciding Confederation Route based on MED ..............................................................................430

9.1.2.21. Deciding Route in Confederation based on MED ..........................................................................431

17 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9.1.2.22. Restoring Reflected Route ............................................................................................................ 431

9.1.2.23. Route Dampening.......................................................................................................................... 431

9.1.2.24. Checking and Managing BGP ....................................................................................................... 432

9.2. OSPF Protocol............................................................................................................................... 434

9.2.1. Enabling OSPF.............................................................................................................................. 435

9.2.2. Configuring ABR Type ................................................................................................................... 436

9.2.3. Configuring Compatibility............................................................................................................... 436

9.2.4. Configuring OSPF Interface .......................................................................................................... 436

9.2.5. Configuring Network OSPF Type................................................................................................... 438

9.2.6. Configuring Non-broadcast Network..............................................................................................438

9.2.7. Configuring Area............................................................................................................................ 439

9.2.8. Configuring Representative Route between OSPF Areas .............................................................439

9.2.9. Configuring Virtual Link ................................................................................................................. 440

9.2.10. Configuring Default Metric ............................................................................................................. 440

9.2.11. Configuring Interval to Calculate Route ......................................................................................... 441

9.2.12. Configuring Route Transmit Interval .............................................................................................. 441

9.2.13. Route Transmit to OSPF Network .................................................................................................441

9.2.14. Configuring Default Route ............................................................................................................. 442

9.2.15. Configuring OSPF Distance........................................................................................................... 442

9.2.16. Blocking Information Transmit ....................................................................................................... 442

9.2.17. Blocking Renewed Information ...................................................................................................... 443

9.2.18. OSPF Monitoring and Management .............................................................................................. 443

9.3. RIP Protocol .................................................................................................................................. 444

9.3.1. Enabling RIP ................................................................................................................................. 445

9.3.2. Configuring RIP Neighbor Router .................................................................................................. 446

9.3.3. Configuring RIP Version ................................................................................................................ 446

9.3.4. Creating Static Route available only for RIP .................................................................................. 447

9.3.5. Transmitting Routing Information................................................................................................... 447

9.3.6. Configuring Metrics for Redistributed Routes ................................................................................448

9.3.7. Configuring Administrative Distance .............................................................................................. 449

9.3.8. Creating Default Route .................................................................................................................. 449

9.3.9. Routing Information Filtering ......................................................................................................... 450

9.3.9.1. Blocking Outgoing Routing Information to Interface ...................................................................... 450

9.3.9.2. Configuring Offset List ................................................................................................................... 450

9.3.10. Configuring Time ........................................................................................................................... 450

9.3.11. Activating and Deactivating Split-horizon....................................................................................... 451

9.3.12. Managing Authentication Key ........................................................................................................ 452

18 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

9.3.13. Monitoring and Managing RIP .......................................................................................................452

19 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Illustrations
Fig. 2-1 Network Structure with SURPASS hiD 6615 ........................................................................................ 27

Fig. 3-1 Configuring SURPASS hiD 6615.......................................................................................................... 32

Fig. 4-1 Process of 802.1x Authentication ......................................................................................................... 74

Fig. 4-2 Multi Authentication Server................................................................................................................... 75

Fig. 4-3 Process of System Authentication ........................................................................................................ 85

Fig. 5-1 Port Mirroring ..................................................................................................................................... 105

Fig. 6-1 Domain Name Server......................................................................................................................... 117

Fig. 6-2 Ping test for Network connection........................................................................................................ 130

Fig. 6-3 IP Source Routing .............................................................................................................................. 130

Fig. 7-1 Organization of SNMP........................................................................................................................ 140

Fig. 7-2 Open Range of OID............................................................................................................................ 145

Fig. 7-3 Agent address .................................................................................................................................... 162

Fig. 7-4User-defined Setting for CPU Packet .................................................................................................. 213

Fig. 7-5 Packet Process in WRR ..................................................................................................................... 214

Fig. 7-6 The packet process in WFQ ............................................................................................................... 214

Fig. 7-7 Necessity of NetBIOS Filtering ........................................................................................................ 227

Fig. 7-8 DHCP Filtering ................................................................................................................................... 229

Fig. 7-9 ARP-Alias ........................................................................................................................................... 241

Fig. 7-10 Proxy-ARP ....................................................................................................................................... 243

Fig. 7-11 ICMP Message ................................................................................................................................. 245

Fig. 8-1 VLAN structure based on the port in Layer 2 environment................................................................. 255
Fig. 8-2 The process of deciding packet route based on VLAN....................................................................... 256

Fig. 8-3 The network construction of QinQ configuration................................................................................. 263

Fig. 8-4 In case the packets going outside in Layer 2 environment ................................................................. 265

Fig. 8-5 In case external packets enter under Layer 2 environment ①........................................................... 266

Fig. 8-6 In case external packet enter in Layer 2 environment② .................................................................... 267

Fig. 8-7 Link aggregation................................................................................................................................. 274

Fig. 8-8 The constitution example of Link aggregation ①............................................................................... 274

Fig. 8-9 Example of LACP Construction ①..................................................................................................... 283

Fig. 8-10 Example of LACP Construction ②................................................................................................... 283

Fig. 8-11 Example of Loop............................................................................................................................... 289

Fig. 8-12 Example of the running STP ............................................................................................................ 289

Fig. 8-13 Root Switch ...................................................................................................................................... 290

Fig. 8-14 Deciding Designated Switch............................................................................................................. 291

Fig. 8-15 Designated Switch and Designated Port .......................................................................................... 292

20 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Fig. 8-16 Example of Using Port priority ..........................................................................................................293

Fig. 8-17 Alternate Port and Backup Port ........................................................................................................294

Fig. 8-18 In case of Receiving Low BPDU.......................................................................................................295

Fig. 8-19 Convergence of 802.1d Network ......................................................................................................295

Fig. 8-20 Network convergence of 802.1w ① .................................................................................................296

Fig. 8-21 Network convergence of 802.1w ② .................................................................................................297

Fig. 8-22 Network convergence of 802.1w ③ .................................................................................................297

Fig. 8-23 Comparability with 802.1d ① ...........................................................................................................298

Fig. 8-24 Comparability with 802.1d ② ...........................................................................................................298

Fig. 8-25 STP...................................................................................................................................................299

Fig. 8-26 PVSTP..............................................................................................................................................299

Fig. 8-27 MSTP................................................................................................................................................300

Fig. 8-28 CST and IST① of MSTP..................................................................................................................301

Fig. 8-29 CST and IST② of MSTP..................................................................................................................302

Fig. 8-30 Ethernet ring operation in failure state ..............................................................................................322

Fig. 8-31 Ring Protection .................................................................................................................................323

Fig. 8-32 Link Failure Recovery .......................................................................................................................323

Fig. 8-33 Ring Recovery ..................................................................................................................................324

Fig. 8-34 The example of configuring stacking ................................................................................................333

Fig. 8-35 Rate Limit and Flood Guard..............................................................................................................339

Fig. 8-36 IP Multicasting ① .............................................................................................................................341

Fig. 8-37 IP Multicasting ② .............................................................................................................................342

Fig. 8-38 Example ① The Multicast packet registered in the IGMP group .....................................................347
Fig. 8-39 Example ② The unregistered Multicast packet ...............................................................................347

Fig. 8-40 RPT of PIM-SM.................................................................................................................................351

Fig. 8-41 STP of PIM-SM.................................................................................................................................351

Fig. 8-42 Network which needs Assert.............................................................................................................362

Fig. 8-43 Network that multicast source are not directly connected to multicast group....................................364

Fig. 8-44 RPF ..................................................................................................................................................366

Fig. 8-45 Network in case of Prohibiting transmitting Bootstrap Message .......................................................369

Fig. 8-46 VRRP Operation ...............................................................................................................................374

Fig. 8-47 VRRP Track ......................................................................................................................................380

Fig. 8-48 DHCP Service Construction .............................................................................................................386

Fig. 8-49 An example of the Relay agent.........................................................................................................396

Fig. 8-50 Packet Flow in case of Using DHCP Option-82 ................................................................................400

Fig. 8-51 Facket flow in cse of DHCP Option-82 .............................................................................................401

21 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

22 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Tables

Tab. 1-1 Command Notation of Console Terminal .............................................................................................25

Tab. 1-2 Command Notation of Guide Book ......................................................................................................26

Tab. 3-1 Main Commands of Privilege Exec View Mode....................................................................................33

Tab. 3-2 Main commands of Privilege Exec Enable Mode.................................................................................34

Tab. 3-3 Main Commands of Global Configuration Mode ..................................................................................35

Tab. 3-4 The main commands of Rule Configuration Mode ...............................................................................36

Tab. 3-5 Main Commands of DHCP Configuration Mode...................................................................................36

Tab. 3-6 Main Commands of DHCP Option-82 Configuration Mode..................................................................37

Tab. 3-7 Main Common Commands of RMON Configuration Mode ..................................................................37

Tab. 3-8 Main Commands of PIM Configuration Mode ......................................................................................38

Tab. 3-9 Main Commands of VRRP Configuration Mode...................................................................................39

Tab. 3-10 Main Commands of Bridge Configuration Mode ................................................................................39

Tab. 3-11 Main Commands of Interface Configuration Mode .............................................................................40

Tab. 3-12 Common Commands of Router Configuration Mode .........................................................................41

Tab. 3-13 Main Commands of Route-Map Configuration Mode .........................................................................41

Tab. 6-1 GMT Time .......................................................................................................................................... 111

Tab. 6-2 The basic information to operate ping test .........................................................................................127

Tab. 7-1 Basic QoS map..................................................................................................................................212

Tab. 7-2 The value of ICMP Message..............................................................................................................247

Tab. 7-3 The calculation for Default mask........................................................................................................248

Tab. 8-1 STP path-cost ....................................................................................................................................304

Tab. 8-2 RSTP path-cost..................................................................................................................................305

23 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

1. Preface
This Manual provides helpful information and instruction how to configure SURPASS
hiD 6615. All users should carefully read this guide before handing this product and fol-
low all instructions. For reader’s comprehension, it contains detail description and prac-
tical example of product configuration.

This guide is designed for network administrators who will be installing and maintaining
SURPASS hiD 6615. The system administrator should be familiar with the fundamen-
tals of LAN and have technical networking experience and professional knowledge
about network equipment.

1.1. Document Organization

This Manual is organized with the following chapters.

▣ Product Instruction : Introduces functions of SURPASS hiD 6615.

▣ Using CLI : Explains CLI command mode and how to use it.
▣ System Connection and IP Address : Provides information of system connection
and explains how to assign IP address to be used for network communication.
▣ Port Basic Configuration : Provides instruction how to configure default parame-
ters of Ethernet port and port mirroring.
▣ System Environment : Explains how to configure basic system environment, man-
age configuration, and check the system.
▣ Network Management : Provides instructions how to configure SNMP, Syslog, and
packet filtering.
▣ System Main Function : Describes functions such as VLAN, STP(Spanning Tree
Protocol), and IP multicasting.
▣ IP Routing Protocol : Explains how to configure routing protocol of BGP, OSPF,
and RIP.

24 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

1.2. Document Convention

This guide uses the following conventions to convey instructions and information.

Information
This information symbol provides useful information when using commands to config-
ure.

Note
This note symbol means reader take note. Notes contain helpful suggestions or refer-
ences.

Warning
This warning symbol means danger. You are in a situation that could cause bodily injury
or broke the equipment. Before you work on any equipment, be aware of the hazards
involved with electrical circuitry and be familiar with standard practices for preventing
accidents by making quick guide based on this guide.

1.3. Document Notation

◈ Notation of Console Terminal

The following table shows commands used in console terminal of SURPASS hiD 6615.
Please be aware of each command to use them correctly.

Notation Description

a Commands you should use as it is.

A Variables for which you supply values.

[ ] Commands or variables that appear within square brackets [ ] are optional.

< > Range of number that you can use.

A choice of required keywords appears in braces { }.

{ }
You must select one.

| Vertical bars separate optional variables |.

Tab. 1-1 Command Notation of Console Terminal

25 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

◈ Notation of Guide

The following table shows commands used in guidebook. Please be aware of each
command to use them correctly.

Notation Description

a,A Commands you should use as it is.

a Variables for which you supply values.

[ ] Commands or variables that appear within square brackets [ ] are optional.

< > Range of number that you can use.

A choice of required keywords appears in braces { }.

{ }
You must select one.

| Vertical bars separate optional variables |.

Tab. 1-2 Command Notation of Guide Book

26 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

2. Product Introduction
SURPASS hiD 6615 L3 switch is typical Layer 3 switch intended to construct large-
scale network, which provides aggregated function of upgraded LAN network consisted
of typical Ethernet switch. Layer 3 switch can connect to PC, web server, LAN equip-
ment, backbone equipment, or another switch through various interfaces.

SURPASS hiD 6615 L3 switch supports routing based on VLAN, IP multicasting, and
provides Layer 3 switching service such as IP packet filtering or DHCP.

The following picture is an example of network construction using SURPASS hiD 6615.

Internet

hiD 6615 L3 switch hiD 6615 L3 switch

Switch

Switch Switch

Fig. 2-1 Network Structure with SURPASS hiD 6615

27 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

2.1. Features

SURPASS hiD 6615 switch provides the following functions.

QoS (Quality of Service)

In SURPASS hiD 6615 switch, QoS-based forwarding sorts traffic into a number of
classes and marks the packets accordingly. Thus, different quality of service is provided
to each class, which the packets belong to. The rich QoS capabilities enable network
managers to protect mission-critical applications and support differentiated level of
bandwidth for managing traffic congestion. SURPASS hiD 6615 switch supports delay
priority of the packet based on the IEEE 802.1p class of services (CoS) standard.

Multicast Communication

Since SURPASS hiD 6615 switch provides IGMP Snooping and IGMP Querier, you can
use multicast communication. Through multicast communication, packets can be
transmitted to hosts who need them so that overloading can be prevented.

SNMP (Simple Network Management Protocol)/RMON (Remote Monitoring)

Switch in SNMP is mounted can manage and monitor switch at remote place. SUR-
PASS hiD 6615 switch supports SNMP version 1,2, and four kinds of groups’ RMON so
that administrator can check static data anytime.

IP Routing

Generally, switches are operating at Layer 2 of OSI layers. But, since SURPASS hiD
6615 switch is Layer 3 switch, it peforms IP routing that routers have. So you can save
cost for installing router additionally.

IP Packet Forwarding based on Network

Newly upgraded SURPASS hiD 6615 switch can restore the way of IP packet forward-
ing in terms of network so that entry remembered in switching chip is enlarged. Maxi-
mum thirteen ways of IP packet forwarding based on network can be restored.

DHCP Server and Relay

SURPASS hiD 6615 switch supports DHCP, which automatically assigns IP address to
clients, accessed to network. You can effectively utilize limited IP source and lower cost
to manage network because DHCP server manages all IP addresses from center.

28 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

VLAN(Virtual Local Area Network)

VLAN(Virtual Local Area Network) is made by dividing one network into several logical
networks. Packet cannot be transmitted and received between different VLANs. There-
fore it can prevent needless packets accumulating and strengthen security of VLAN.
SURPASS hiD 6615 switch recognizes 802.1Q tagged frame and supports maximum
4K VLANs.

ARP-alias

ARP-alias makes concentrating switch response to ARP request from equipment with-
out registered IP address for clients’ communication.

Proxy-ARP

Proxy-ARP responses to ARP request from equipment in other subnet, so it makes

communication connection between different subnet networks.

Packet Filtering

IP packet filtering limits network users so that only specific equipments and users can
access to network. Through this function, user can not only block unnecessary informa-
tion and prevent outflow of specific data, but also block unidentified users to strengthen
network security. In addition, when Martian-filter to block outgoing packet with other
source IP address and LAN service is provided in apartment or some areas, NetBIOS
filtering is also supported to protect clients’ private information.

Stacking

In switch group, a switch configured as master can configure, manage, and monitor the
other switches called slave with one IP address. Since one IP address can manage
several switches, IP source can be saved.

Port Trunk

SURPASS hiD 6615 L3 switch aggregates several physical interfaces into one logical
port(aggregate port). Port trunk aggregates interfaces with the standard of same speed,
same duplex mode, and same VLAN ID. According to IEEE 802.3ad, SURPASS hiD
6615 L3 switch can configure maximum six aggregate ports, which can include maxi-
mum eight ports to decrease traffic and improve fault recovery function.

29 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

LACP(Link Aggregation Control Protocol)

SURPASS hiD 6615 switch supports LACP, complying with IEEE 802.3ad, which ag-
gregates multiple links of equipments to use more enlarged bandwidth.

Rate-limit

SURPASS hiD 6615 switch provides graded bandwidths to all ports. Through providing
bandwidths graded by user’s configuration, ISP can charge graded billing plan and
manage efficient and economized lines.

Flood-Guard

Flood-guard limits amount of packets as many as user configures in a second, whereas

Rate limit does amount of packets by configuring port bandwidth.

STP (Spanning Tree Protocol)

STP(Spanning Tree Protocol) enables switches, which have double-path to use the
double-path without loops. That is, it activates only one path, which is the shortest one
among several paths and blocks the others to prevent loop.

PVST(Per VLAN Spanning Tree)

SURPASS hiD 6615 switch supports PVST(Per VLAN Spanning Tree) that STP is in-
dependently operated per each VLAN. PVST(Per VLAN Spanning Tree) prevents entire
network freezing caused by Loop in one VLAN.

RSTP(Rapid Spanning Tree Protocol) (802.1w)

It is possible to construct stable and flexible network on metro Ethernet RING or exist-
ing P-to-P through supporting RSTP(Rapid Spanning Tree Protocol) complying with
IEEE 802.1W. RSTP is designed to innovately decrease STP Reconvergency time. It
innovate saves time of Fail over on Layer 2 switch, which has Redundant link.

System Management Based on CLI

It is easy for users who administer system by using telnet or console port to configure
the functions for system operating through CLI. CLI is easy to configure the needed
functions after looking for available commands by help menu different with Unix.

802.1x Port based Authentication

30 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SURPASS hiD 6615 switch restricts clients attempting to access to port by 802.1x au-
thentication to enhance security and portability of network management. When a client
attempts to connect to port of 802.1x authentication enabled, the switch transfers re-
quired information to RADIUS server for authentication. Therefore, only authorized cli-
ent who has access right can connect to the port.

RADIUS and TACACS+

SURPASS hiD 6615 switch supports client authentication protocol, that is RA-
DIUS(Remote Authentication Dial-In User Service) and Tacacs+(Terminal Access Con-
troller Access Control System+). Not only user IP and password registered in switch but
also authentication through RADIUS server and TACACS+ server are required to ac-
cess. So, security of system and network management is strengthened.

SSH Server

Through enabled SSH(Secure Shell) server, the security of telnet and ftp server can be
strengthen.

Broadcast Storm Control

Broadcast storm control is, when too much of broadcast packets are being transmitted
to network, a situation of network timeout because the packets occupy most of transmit
capacity. SURPASS hiD 6615 switch supports broadcast packet, multicast packet, and
Broadcast storm control, which disuses Flooding packet, that exceed the limit during
the time configured by user.

31 DDJ:A-M-5212B0-01
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

3. Using Command
3.1. Command Mode

You can be configured and managed SURPASS hiD 6615 switch by console terminal
that is installed on User’s PC. When you configure and manage SURPASS hiD 6615
switch by console terminal, you can use the CLI-based interface command. Connect
RJ-45-to-DB-9 console cable to console port of SURPASS hiD 6615 switch.

Connect RJ-45-to-DB-9 console ca-

SURPASS hiD 6615
ble to SURPASS hiD 6615.

Configuration Console
& Management Terminal
installed in
PC

Fig. 3-1 Configuring SURPASS hiD 6615

This chapter explains how CLI command mode is organized before installing. CLI
command mode is consisted as follow:

• Privilege Exec View Mode

• Privilege Exec Enable Mode
• Global Configuration Mode
• Rule Configuration Mode
• DHCP Configuration Mode
• DHCP Option-82 Configuration Mode
• RMON Configuration Mode
• PIM Configuration Mode
• VRRP Configuration Mode

32 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

• Bridge Configuration Mode

• Interface Configuration Mode
• Router Configuration Mode
• Route-Map Configuration Mode

3.1.1. Privilege Exec View Mode

When user logs in successfully, the command mode is on Privilege Exec View Mode.
Privilege Exec View Mode is a read-only mode provided to all users accessing to the
switch. In Privilege Exec View Mode, it is possible to check the configuration of switch.

Table 3-1 shows main commands used on Privilege Exec View Mode of the SURPASS
hiD 6615.

Command Function

enable Enter into Privilege Exec Enable Mode.

exit Logs out of the system

show Shows the configuration of switch..

Tab. 3-1 Main Commands of Privilege Exec View Mode

3.1.2. Privilege Exec Enable Mode

To have not only reading right but also configuring right, you must enter into Privilege
Exec Enable Mode. It is possible to enter into Privilege Exec Enable Mode using “en-
able” command in Privilege Exec View Mode. After enter into Privilege Exec Enable
Mode, the command prompt changes SWITCH> to SWITCH#.

Command Mode Function

Enter to Privilege Exec Enable Mode from Privilege Exec View

enable View
Mode.

To enhance the security more, the administrator can designate the password. In Privi-
lege Exec Enable Mode, if the user successfully logs in the switch, enters to Privilege
Exec Enable Mode of CLI command.

The command in Privilege Exec Enable Mode is used to check the changes of terminal
configuration, network status and system information.

DDJ:A-M-5212B0-01 33
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Tab.3-2 is the command in OS 2.15 Privilege Exec Enable Mode of SURPASS hiD
6615.

Command Function

clock Inputs time and date in system

configure terminal Enters into Global Configuration mode.

copy Registers IP address and MAC address in ARP table.

debug Finds source of system problem.

disconnect Disconnect user accessed through telnet.

exit Logs out of the system

reload Reboots the system.

restore factory-defaults Initiates the configuration of switch.

telnet Connects to another device through telnet.

terminal line Configures the number of lines to be displayed in screen.

traceroute Traces transmission path of packet.

where Finds users accessed to system through telnet.

Tab. 3-2 Main commands of Privilege Exec Enable Mode

3.1.3. Global Configuration Mode

To enter into Global Configuration Mode, input the command, “configure terminal” on
Privilege Exec Enable Mode. After entering into Global Configuration Mode, the system
prompt is supposed to change to SWITCH(config)# from SWITCH#.

Command Mode Function

configure terminal Enable Enters into configuration mode from Enable mode.

Global Configuration Mode is to configure functions for general system management

and SNMP before configuring specific protocol or specific function. And user can enter
into Bridge/Interface Configuration Mode from configuration mode.
Table 3-3 shows main commands of Global Configuration Mode.

Command Function

access-list Configures policy to limit routing information on the standard of AS.

arp Registers IP address and MAC address in ARP table.

bgp Enters into Bridge configuration mode.

34 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

bridge Releases the configured function.

hostname Changes hostname of system prompt.

end Returns to Privilege Exec Enable Mode.

exec-timeout Configures auto-logout function.

exit Returns to the previous mode.

interface Enters into Interface configuration mode.

ip Configures various functions of interface such as DHCP server.

passwd Changes the password.

qos Configures QoS.

route-map Enters into Route-map configuration mode.

router Enters into Router configuration mode.

snmp Configures SNMP.

syslog Configures Syslog.

threshold Threshold Management

time-zone Configures Time-zone.

write memory Write running configuration to memory or terminal

Tab. 3-3 Main Commands of Global Configuration Mode

3.1.4. Rule Configuration Mode

You can enter into Rule Configuration Mode using the “rule name create” command in
Global Configuration Mode. If you enter into Rule Configuration Mode, the system
prompt changes from SWTCH(config)# to SWITCH(config-rule[name])#.

Command Mode Function

rule name create Global Enters into Rule configuration mode from Configuration.

In Rule Configuration Mode, it is possible to configure the condition and operational

method for packets which rule function is applied to.

Table 3-4 is the command of configuring OS 2.15 Rule Configuration Mode of SUR-
PASS hiD 6615.

Command Function

apply Configures Rule configuration and applies it to the switch.

cos Configures CoS in appropriate Rule.

DDJ:A-M-5212B0-01 35
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

end Returns to Privilege Exec Enable Mode

ethtype Configures the packet condition with Ethernet type.

exit Returns to the previous mode.

ip Configures the packet condition by IP address.

length Configures the packet condition by packet length.

mac Configures the packet condition by MAC address.

match Configures operational condition which meets the packet condition.

Configures the operational condition for the packet which doesn’t

no-match
meet the packet condition.
port Configures the packet condition with port number.

priority Configures the priority for Rule.

Tab. 3-4 The main commands of Rule Configuration Mode

3.1.5. DHCP Configuration Mode

To enter into DHCP Configuration Mode, input the command, “ip dhcp pool pool-
name” on configuration mode as follow. Then the system prompt is changed to
SWITCH(config-dhcp[pool-name])# from SWITCH(config)#.

Command Mode Function

ip dhcp pool pool-name Global Enters into DHCP Configuration Mode to configure DHCP.

DHCP Configuration Mode is to configure range of IP address used in DHCP server,

group in subnet, and default gateway of subnet.

Table 3-5 shows main commands of DHCP Configuration Mode.

Command Function

default-gateway Configures default-gateway of subnet.

dns-server Configures DNS-server.

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

range Configures range of IP address used in DHCP server.

Tab. 3-5 Main Commands of DHCP Configuration Mode

36 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

3.1.6. DHCP Option-82 Configuration Mode

In Global Configuration Mode, if you use “ip dhcp option82” command, system prompt
is changed to SWITCH(config-opt82)# from SWITCH(config)# and enters into
DHCP Option-82 Configuration Mode.

Command Mode Function

Enters into DHCP Option-82 Configuration Mode for DHCP

ip dhcp option82 Global
configuration.

In DHCP configuration mode, configure the range of IP address used in DHCP server
and designate the group in subnet and configure default gateway of the subnet. Table
3-6 is the main commands of configuring OS 2.15 DHCP Option82 Configuration Mode
of SURPASS hiD 6615.

Command Function

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

policy Configures the rule for Option-82 packet

system-remote-id Configures remote-id of the system

Tab. 3-6 Main Commands of DHCP Option-82 Configuration Mode

3.1.7. Rmon Configuration Mode

To enter into Rmon-alarm Configuration Mode, input “rmon-alarm <1-65534>”. To enter

into Rmon-event Configuration Mode, input “rmon-event <1-65534>”. And to enter into
Rmon-history Configuration Mode, input “rmon-history <1-65534>”. The system prompt
is supposed to be changed to SWTICH(config-rmonalarm[n])# on Rmon-alarm
Configuration Mode, to SWTICH(config-rmonevent[n])# on Rmon-event Configu-
ration Mode, and to SWTICH(config-rmonhistory[n])# on Rmon-history Configu-
ration Mode.

Command Function

active Activates each Rmon.

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

owner Shows the subject, which configures each Rmon and uses related information.

Tab. 3-7 Main Common Commands of RMON Configuration Mode

DDJ:A-M-5212B0-01 37
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

3.1.8. PIM Configuration Mode

To enter into PIM Configuration Mode, use the following command. The system prompt
will be changed to SWITCH (config_pim)# from SWITCH(config)#.

Command Mode Function

router pim Global Enters into PIM Configuration Mode from Global Configuration Mode.

On PIM Configuration Mode, you can configure PIM-SM to activate it.

Table 3-8 shows main commands of PIM Configuration Mode.

Command Function

Configures the interval that checks packet transmission result from

cache-check
source.
cand-bsr Configures information for candidate-BSR.

cand-rp Configures information for candidate-RP.

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

metric Configures metric to decide Assert.

preference Configures preference to decide Assert.

static-rp Configures RP by user manually.

Gives comparability with Cisco router when transmitting Register

whole-packet-checksum
message.

Tab. 3-8 Main Commands of PIM Configuration Mode

3.1.9. VRRP Configuration Mode

To enter into VRRP Configuration Mode, use the following command. The system
prompt is supposed to be changed to SWITCH(config-vrrp)# from SWITCH
(config)#.

Command Mode Function

Enters into VRRP Configuration Mode from Global

router vrrp interface-name group-id Global
Configuration Mode.

38 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

On VRRP Configuration Mode, you can configure VRRP to activate it. Table 3-9 shows
main commands of VRRP Configuration Mode.

Command Function

associate Configures Associated IP address same with Virtual Router.

authentication Configures password of Virtual Router group.

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

preempt Activates/Deactivates Preempt.

vr_priority Assigns priority to Virtual Router.

Configures Advertisement time, which means the interval that Master router
vr_timers
distributes its information to another Virtual Router.

Tab. 3-9 Main Commands of VRRP Configuration Mode

3.1.10. Bridge Configuration Mode

When you input the command, “bridge” on configuration mode as follow, the system
prompt is changed to SWITCH (bridge)# from SWITCH(config)#.

Command Mode Function

Enters into Bridge configuration mode from configu-

bridge Global
ration mode.

Bridge mode is to manage MAC address and to configure switch functions of Layer 2
such as VLAN, mirroring, STP.

Table 3-10 shows main commands of Bridge configuration mode.

Command Function

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

lacp Configure LACP function.

mac-flood-guard Configures Mac-flood-guard.

mirror Configures Mirroring function.

rate Configures Rate-limit function.

trunk Configures Trunk function.

vlan Configures VLAN function.

Tab. 3-10 Main Commands of Bridge Configuration Mode

DDJ:A-M-5212B0-01 39
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

3.1.11. Interface Configuration Mode

To enter into Interface configuration mode, input the command, “interface interface-
name” on configuration mode. When you enter into Interface configuration mode, the
system prompt is changed to SWITCH(config-if)# from SWITCH(config)#.

Command Mode Function

interface interface-name Global Enters into Interface configuration mode from configu-
ration mode.

Interface configuration mode is to assign IP address in Ethernet interface and to acti-

vate or deactivate interface.

Table 3-11 shows main commands of Interface configuration mode.

Tab. 3-11 Main Commands of Interface Configuration Mode

Command Function

bandwidth Configures bandwidth used to make routing information.

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

ip Assigns IP address.

shutdown Deactivates interface.

mtu Set mtu value to interface

3.1.12. Router Configuration Mode

To enter into Router Configuration Mode, use the following command. The system
prompt is supposed to be changed to SWITCH(config-router)# from
SWITCH(config)#.

Command Mode Function

router ip-protocol Global Enters into Router Configuration Mode.

According to routing protocol way, Router Configuration Mode is divided into BGP, RIP,
and OSPF. They are used to configure each IP routing protocol.

Table 3-12 shows common commands of Router Configuration Mode.

40 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Function

distance Configures distance value to find better route.

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

neighbor Configures Neighbor router.

network Configures network to operate each routing protocol.

redistribute Registers transmitted routing information to another router’s table.

Tab. 3-12 Common Commands of Router Configuration Mode

3.1.13. Route-Map Configuration Mode

To enter into Route-Map Configuration Mode, use the following command. The system
prompt is supposed to be changed to SWITCH(config-route-map)# from SWITCH
(config)#.

Command Mode Function

route-map name {permitㅣdeny} Global Enters into Route-Map Configuration Mode

<1-65535> from Global Configuration Mode.

On Route-Map Configuration Mode, you can configure the place where information is
from and sent in routing table.

Table 3-13 shows main commands of Route-Map Configuration Mode.

Command Function

end Returns to Privilege Exec Enable Mode.

exit Returns to the previous mode.

match Transmits routing information to specified place.

set Configures router address and distance.

Tab. 3-13 Main Commands of Route-Map Configuration Mode

DDJ:A-M-5212B0-01 41
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

3.2. Useful Tips

This section provides useful functions for user’s convenience while using DSH com-
mands. They are as follow.

• Listing Available Commands

• Calling Command History
• Using Abbreviation
• Using Privilege Exec Enable Mode Command
• Moving to the other mode

3.2.1. Listing Available Command

To find out available commands, input question mark(?). When you input the question
mark(?) in each command mode, you can see available commands used in the mode
and variables following after the commands. The following is the available commands
on Privilege Exec Enable Mode of hiD 6615.

SWITCH# ?
Exec commands:
clear Reset functions
clock Manually set the system clock
configure Enter configuration mode
copy Copy from one file to another
debug Debugging functions (see also 'undebug')
disconnect Disconnect user connection
enable Turn on privileged mode command
erase Erase saved configuration
exit End current mode and down to previous mode
halt Halt process
help Description of the interactive help system
no Negate a command or set its defaults
ping Send echo messages
quote Execute external command
rcommand Management stacking node
release Release the acquired address of the interface
reload Reload the system
renew Re-acquire an address for the interface
restore Restore configurations
show Show running system information
ssh Configure secure shell
tech-support Technical Supporting Function for Diagnosis System
(ommitted)
SWITCH#

42 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Question mark(?) will not be seen in the screen and you do not need to press Enter
key to display commands list. This guide is designed for the standard OS V2.15. The
displayed contents may vary depending on OS version.

In case of SURPASS hiD 6615 installed CLI, you can find out commands starting with
specific alphabet. Input the first letter and question mark without space. The following is
an example of finding out the commands starting ‘s’ in Privilege Exec Enable Mode of
SURPASS hiD 6615.

SWITCH# s ?
show Show running system information
ssh Configure secure shell

SWITCH# s

Also, it is possible to view variables you should input following after commands. After
inputting the command you need, make one space and input question mark. The fol-
lowing is an example of viewing variables after the command, write. Please note that
you must make one space after inputting

SWITCH# write ?
memory Write to NV memory
terminal Write to terminal

SWITCH# write

If you need to find out the list of available commands in each mode and the variables in
more detail, use the command, show list. The following is an example of displaying list
of available commands in Privilege Exec Enable Mode and the variables by using the
command, show list.

SWITCH# show list

clear arp
clear arp IFNAME
clear ip bgp *
clear ip bgp * in
clear ip bgp * in prefix-filter
clear ip bgp * ipv4 (unicast|multicast) in
clear ip bgp * ipv4 (unicast|multicast) in prefix-filter
clear ip bgp * ipv4 (unicast|multicast) out
clear ip bgp * ipv4 (unicast|multicast) soft
clear ip bgp * ipv4 (unicast|multicast) soft in
clear ip bgp * ipv4 (unicast|multicast) soft out
-- more --

Press any key to skip to the next list while you see “more”.

DDJ:A-M-5212B0-01 43
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

show list All shows all command list

show cli shows all command list by tree structure

This guide is designed for the standard OS V2.15. The displayed contents may vary
depending on OS version.

3.2.2. Calling Command History

In case of DSH, you do not have to enter repeated command again. When you need to
call command history, use this arrow key, (↑). When you press the arrow key, the latest
command you used will be seen one by one.

The following is an example of calling command history after using several commands.
After using these commands in order : show clock→configure terminal→interface 1→
exit, press the arrow key(↑) and then you will see the commands from latest one: exit
→interface 1→configure terminal→show clock.

SWITCH# show clock

Tue Nov 30 03:27:07 1999
SWITCH# configure terminal
SWITCH(config)# interface 1
SWITCH(config-if)# exit
SWITCH(config)# exit
SWITCH# (press the arrow key,↑)
↓
SWITCH# exit(arrow key,↑)
↓
SWITCH# interface 1(arrow key,↑)
Each time you press the arrow
↓ key, only the command is
SWITCH# configure terminal(arrow key,↑)
changed on the same line.
↓
SWITCH# show clock(arrow key,↑)

In hiD6625, user can check command list that had used with below command. It can be
shown up to 100 lines and the last command is listed at the bottom of history.

Command Mode Function

show history Enable/ shows all command list

Global/Bridge

44 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

3.2.3. Using Abbreviation

Almost commands can be used also with abbreviated form.

The following table shows some examples of abbreviated commands.

Command Abbreviation

Clock cl

Configure terminal conf t

Show sh

Syslog sys

3.2.4. Using Privilege Exec Enable Mode Command

In SURPASS hiD 6615, the user can use the commands of Privilege Exec Enable
Mode in the other mode.
To use the commands of Privilege Exec Enable Mode in the other mode, use the fol-
lowing command.

Command Mode Function

Global/RMON/DHCP/
It is possible to use Privilege Exec
do command Option-82/Bridge/Interface
Enable Commands in another mode.
/Rule/PIM/VRRP/Router/ Route-map

3.2.5. Moving to the Other Mode

In SURPASS hiD 6615, it is possible to return to the previous mode or move to Privi-
lege Exec Enable mode. On other hand, moving to previous mode is impossible in
Privilege Exec View mode and Privilege Exec Enable mode but it is possible to system
log out in the mode.

To return to the previous mode or Privilege Exec Enable Mode, use the following com-
mand.

Command Mode Function

Exit Returns to the previous mode.

All
End Returns to Privilege Exec Enable Mode.

DDJ:A-M-5212B0-01 45
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The same command is used for system log out in Privilege Exec View mode and Privilege
Exec Enable mode.

The following is to log out of the system in Privilege Exec View mode and Privilege
Exec Enable mode.

Command Mode Function

Exit View/Enable Logs out of the system.

46 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4. System Connection and IP Address

4.1. System Connection

After installing switch, SURPASS hiD 6615 is supposed to examine that each port is
rightly connected to network and management PC. And then, user connects to system
to configure and manage SURPASS hiD 6615.

This section provides instructions how to change password for system connection,
connect to system through telnet as the following order.

• System Login
• Changing Login Password
• Configuring password for Privilege Exec Enable Mode
• Configuring Auto-logout function
• Managing the user’s account
• Limiting the number of users
• Telnet Access
• Disconnecting Telnet Access
• System Reboot
• System Logout

4.1.1. System Login

After installing SURPASS hiD 6615, finally make sure that each port is correctly con-
nected to PC for network and management. And then, turn on the power and boot the
system as follow.

DDJ:A-M-5212B0-01 47
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Step 1 When you turn on the switch, booting will be automatically started and
login prompt will be displayed.

************************************************************
* *
* Boot Loader Version 4.61 *
* Siemens AG *
* *
************************************************************
Press 's' key to go to Boot Mode: 0
Load Address: 0x01000000
Image Size: 0x0097ac00
Start Address: 0x01000000

console=ttyS0,9600 root=/dev/ram rw
NOS version 3.02 #3022
CPU : Motorola [rev=1014]
Total Memory Size : 128 MB
Calibrating delay loop... 175.71 BogoMIPS
Switch init...

INIT: version 2.85 booting

Extracting configuration
Mon, 25 Jul 2005 19:28:14 +0000

INIT: Entering runlevel: 3

SWITCH login:

Step 2 When you enter login IP at the login prompt, password prompt will be dis-
played. And enter password to move into Privilege Exec View mode. By default setting,
login ID is configured as “admin” and it is possible to access without password.

SWITCH login: admin

Password:
SWITCH>

Step 3 In Privilege Exec View Mode, you can check only the configuration for the
switch. To configure and manage the switch, you should enter into Privilege Exec En-
able Mode. The following is an example of entering into Privilege Exec Enable Mode.

SWITCH> enable
SWITCH#

48 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.1.2. Changing Login Password

Administrator who manages and configures the switch can change system Login pass-
word. For thorough security, you would better to change the password whenever nec-
essary.

To change system password, use the following command on Global configuration mode.

Command Mode Function

passwd Global Changes Login password.

You can make password from at least five characters up to eight characters. Please
avoid similar one with login ID.

In order to change the Login password of added user with reading right, use the follow-
ing command.

Command Mode Function

passwd user-name Global Changes the Login password of added user with reading right.

[ Sample Configuration 1 ]

The following is an example of changing password to “networks”.

SWITCH(config)# passwd
Changing password for admin
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password: networks
Re-enter new password: networks
Password changed.
SWITCH(config)#

The password you enter will not be seen in the screen, so please be careful. You
need to enter the password twice not to make mistake.

DDJ:A-M-5212B0-01 49
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.1.3. Configuring password for Privilege Exec Enable Mode

You can configure the password to enhance the security when you change the mode
from Privilege Exec View Mode to Privilege Exec Enable Mode. To configure the pass-
word for changing, use the following command.

Command Mode Function

Configure the password in to access to Privilege

passwd enable password Global
Exec Enable Mode.

The password that you had configured is displayed in configuration mode with the
command show running-config. For the security reasons, you can configure not to
display with show running-config command. The password is displayed with being en-
crypted so that the user cannot recognize the password. by show running-config
command.

Command Mode Function

service password-encryption Global Encrypt system passwords.

To disable the password encryption, use the following command.

Command Mode Function

no service password-encryption Global Disable password encryption.

However, even though you configure the encrypted password with service password-
encryption command, the other user can check the password disabling this command.
To enhance the security for the password, you can configure to check the encrypted
password without service password-encryption command. However, in order to user it,
the user should input the character string for encrypted password.

To configure the character string for encrypted password not to show the password,
use the following command.

Command Mode Function

passwd enable 8 encrypted- Global Configures the password with the character string

password for encrypted password.

50 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

If you want to check the character string for encrypted password, first configure the
password using passwd enable password command and then enable service pass-
word-encryption and then check the password with show running-config.

By passwd enable 8 encrypted-password command, the encrypted password is dis-

played without enabling service password-encryption.

To disable the configured password, use the following command.

Command Mode Function

no passwd enable Global Deletes the configured password to enter into Privilege Exec

Enable

[ Sample Configuration 1 ]

SWITCH# configure terminal

SWITCH(config)# passwd enable networks
SWITCH(config)# show running-config
!
hostname SWITCH
!
passwd enable networks
!
exec-timeout 0 0
(Omitted)
SWITCH(config)#

The following is to access after configuring the password as the above.

SWITCH login: admin

Password:
SWITCH > enable
Password: networks
SWITCH #

DDJ:A-M-5212B0-01 51
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is to check the password by enabling service password-encryption.

SWITCH(config)# show running-config

!
hostname SWITCH
!
passwd enable 8 bJ6fclPZlAIRk
!
service password-encryption
exec-timeout 0 0
!
(Omitted)
SWITCH(config)#

[ Sample Configuration 2 ]

The following is to configure the password as networks using the character string for
the encrypted password and then log in.

You can check the character string for encrypted password like [ Sample Configura-
tion 1 ]. Configure the password with passwd enable password command and enable
service password-encryption and then check the password by show running-config
command.

SWITCH# configure terminal

SWITCH(config)# passwd enable 8 bJ6fclPZlAIRk
SWITCH(config)# exit
SWITCH# exit

SWITCH login: admin

Password:
SWITCH > enable
Password: networks
SWITCH #

4.1.4. Configuring Auto-logout Function

For security reasons of SURPASS hiD 6615, if no command is entered within the con-
figured inactivity time, the user is automatically logged out of the system. Administrator
can configure the inactivity timer.

52 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To configure the inactivity timer, use the following command.

Command Mode Function

exec-timeout 0 Releases auto-logout function.

exec-timeout <1-35791>< Global If no command is entered within the configured inactivity

0-59 > time, the user is automatically logged out of the system.

By default setting, auto-logout function is configured as 10 minutes.

The time unit for <1-35791> is minute and the time unit for < 0-59 > is second.

To view configuration of auto-logout function, use the following command.

Command Mode Function

show exec-timeout Enable/Global Shows configured inactivity timer.

The following is an example of configuring auto-logout function as 60 seconds and

viewing the configuration.

SWITCH(config)# exec-timeout 60
SWITCH(config)# show exec-timeout
Log-out time : 60 seconds
SWITCH(config)#

4.1.5. Managing the user’s account

In SURPASS hiD 6615, the administrator can add the other user’s account. And it is
possible to designate the level from Level o to Level 5 to enhance the security for the
switch.

The following describes how to manage the user’s account such as adding user, con-
figuring the user’s right.

DDJ:A-M-5212B0-01 53
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.1.5.1. Adding the user’s account

In SURPASS hiD 6615, the administrator can add the other user’s account. When you
add the user’s account, it is possible to designate the user’s right at once. If the user’s
right is not designated, the right for Level 0 is basically configured. To add the user’s
account, user the following command.

Command Mode Function

user add name description Adds the user’s account having the right of Level 1.

user add name level Global Add the user’s account with designating user’s right.

<0-15> description

As the account of Level 0 to Level 14 without configuring anything, it is possible to user

exit and help in Privilege Exec View Mode and it is not possible to access to Privilege
Exec Enable Mode. The account having the highest Level 15 is admin and it is possible
to have both Read-Write right.

In order to delete the added account, use the following command.

Command Mode Function

user del name Global Deletes the added account.

In order to show the added user’s account, use the following command.

Command Mode Function

show user Enable/Global Shows the added user’s account.

4.1.5.2. Configuring the user’s right

In SURPASS hiD 6615, it is possible to configure the Level for the user’s right from 0 to
15. Level 15, as the highest level, has both Read-Write right. The administrator can
configure from Level 0 to Level 14. The administrator decides which Level user uses
which commands in which level. As the basic right from Level 0 to Level 14, it is possi-
ble to use exit and help command in Privilege Exec View Mode and it is not possible to
access to Privilege Exec Enable Mode. The following is to configure the user’s right ac-
cording to the user’s Level.

54 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

privilege bgp level <0-15> {commandㅣ Uses the specific command of BGP configu-

all} ration mode in the Level.

privilege bridge level <0-15> {command Uses the specific command of Bridge mode

ㅣall} in the Level.

privilege configure level <0-15> Uses the specific command of Global mode

{commandㅣall} in the Level.

privilege dhcp-option82 level <0-15> Uses the specific command of DHCP-

{commandㅣall} option82 mode in the Level.

privilege dhcp-pool level <0-15> Uses the specific command of DHCP con-

{commandㅣall} figuration mode in the Level.

privilege enable level <0-15> {command Uses the specific command of Privilege

ㅣall} Exec Enable mode in the Level.

privilege interface level <0-15> {com- Uses the specific command of Interface

mandㅣall} Configuration mode in the Level.

privilege ospf level <0-15> {commandㅣ G Uses the specific command of OSPF mode

all} L in the Level.

privilege pim level <0-15> {commandㅣ O Uses the specific command of PIM mode in

all} B the Level.

privilege rip level <0-15> {commandㅣ A Uses the specific command of RIP mode in

all} L the Level.

privilege rmon-alarm level <0-15>

{commandㅣall}

privilege rmon-event level <0-15> Uses the specific command of RMON mode

{commandㅣall} in the Level.

privilege rmon-history level <0-15>

{commandㅣall}

privilege route-map level <0-15> Uses the specific command of Route-map

{commandㅣall} mode in the Level.

privilege rule level <0-15> {commandㅣ Uses the specific command of Rule mode in

all} the Level.

privilege view level <0-15> {commandㅣ Uses the specific command of Privilege

all} Exec View mode in the Level.

privilege vrrp level <0-15> {commandㅣ Uses the specific command of VRRP mode

all} in the Level.

DDJ:A-M-5212B0-01 55
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The commands that can be used in low Level can be also used in the higher Level.
For example, the command in Level 0 can be used in from Level 0 to Level 14.

The commands should be input same as the displayed commands by show list.
Therefore, it is not possible to input the commands in the bracket seperately.

SWITCH# show list

clear ip bgp *
clear ip bgp * in
clear ip bgp * in prefix-filter
clear ip bgp * ipv4 (unicast|multicast) in
clear ip bgp * ipv4 (unicast|multicast) in prefix-filter
clear ip bgp * ipv4 (unicast|multicast) out
(Omitted)

It is not possible to configure clear ip bgp * ipv4 unicast in. You should configure like
clear ip bgp * ipv4 {unicastㅣmulticast} in.

The commands starting with the same character are applied by inputting only the starting
commands. For example, if you input show, all the commands starting with show are ap-
plied.

To delete the configuration for user’s right, use the following command.

Command Mode Function

no privilege Deletes all the configurations by user’s right.

no privilege bgp level

<0-15> {commandㅣall}

no privilege bridge level

<0-15> {commandㅣall}

no privilege configure level Global Deletes the configuration by user’s right for

<0-15> {commandㅣall} each mode.

no privilege dhcp-option82 level

<0-15> {commandㅣall}

no privilege dhcp-pool level

<0-15> {commandㅣall}

56 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

no privilege enable level

<0-15> {commandㅣall}

no privilege interface level

<0-15> {commandㅣall}

no privilege ospf level

<0-15> {commandㅣall}

no privilege pim level <0-15>

{commandㅣall}

no privilege rip level <0-15>

{commandㅣall}

no privilege rmon-alarm level

<0-15> {commandㅣall}

no privilege rmon-event level

<0-15> {commandㅣall}

no privilege rmon-history level

<0-15> {commandㅣall}

no privilege route-map level

<0-15> {commandㅣall}

no privilege rule level

<0-15> {commandㅣall}

no privilege view level

<0-15> {commandㅣall}

no privilege vrrp level

<0-15> {commandㅣall}

To show the right for the Level configured by administrator, use the following command.

Command Mode Function

Shows the right for Level configured by ad-

show privilege
View/ ministrator.

show privilege now Enable Checks the Level of the current access.

/Global Shows the right according to Level config-

show user
ured by administrator and added user list.

DDJ:A-M-5212B0-01 57
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.1.5.3. Sample Configuration

[Sample Configuration 1 ]

The following is to add test0 having the right as Level10 and test1 having the right as
Level1 without password.

SWITCH# configure terminal

SWITCH(config)# user add test0 level 0 level0user
Changing password for test0
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:(Enter)
Bad password: too short.

Warning: weak password (continuing).

Re-enter new password: (Enter)
Password changed.
SWITCH(config)# user add test1 level 1 level1user
Changing password for test1
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password: (Enter)
Bad password: too short.

Warning: weak password (continuing).

Re-enter new password: (Enter)
Password changed.
SWITCH(config)# show user
====================================================
User name Description Level
====================================================
test0 level0user 0
test1 level1user 1
SWITCH(config)#

58 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The following is to configure the right level of Level 0 and Level 1.

SWITCH# configure terminal

SWITCH(config)# privilege view level 0 enable
SWITCH(config)# privilege enable level 0 show
SWITCH(config)# privilege enable level 1 clock
SWITCH(config)# privilege enable level 1 configure terminal
SWITCH(config)# show privilege

Command Privilege Level Configuration

-----------------------------------------------
Node All Level Command

EXEC(ENABLE) 1 clock
EXEC(ENABLE) 1 configure terminal
EXEC(VIEW) 0 enable
EXEC(ENABLE) 0 show

4 entry(s) found.

SWITCH(config)#

In the above configuration, as Level 0, it is possible to use only show command in

Privilege Exec Enable however as Level 1, it is possible to use not only the commands
in Level 1 but also time configuration commands in Privilege Exec Enable and access-
ing commands to Global configuration mode.

4.1.6. Limiting the number of users

In SURPASS hiD 6615, you can limit the number of users accessing to the switch. Here,
the user means who access to the switch through both console port and remote. In
case the switch is configured as RADIUS server, or TACACS+ server, the users ac-
cessing to the server are contained in the number of it.

To limit the number of users accessing to the switch, use the following command.

Command Mode Function

SURPASS hiD 6615 basically limits the number of users as 8.

DDJ:A-M-5212B0-01 59
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.1.7. Telnet Access

To connect to system by telnet at remote place, use the following commands.

Command Mode Function

Connects with IP address or hostname of another sys-

telnet destination
tem.
Enable
telnet destination port- Connects with specified port of another port.

number

When you save configuration with telnet connection, you should wait for [OK] message. Or, all
new configurations will be deleted when telnet session is disconnected. Please wait for [OK] mes-
sage and disconnect it.

SWITCH# write memory

Building configuration...
[OK]
SWITCH#

4.1.8. Disconnecting Telnet Access

Administrator of SURPASS hiD 6615 can show users connected from remote place and
make some of them disconnected, as administrator wants. To view tty of users con-
nected from remote place, before disconnecting a user, use the following command.

Command Mode Function

where Enable Shows users connected through telnet.

To disconnect a user connected from remote place by using this information, use the
following command.

Command Mode Function

disconnect tty Enable Disconnects a user connected from remote place.

The following is to check the remote user and disabling remote user ,“ttyp1”,

60 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH(config)# where
admin at ttyS0 from console for 23 hours 50 minutes 17.27 seconds
User’s ID admin at ttyp0 from 172.16.30.2:3246 for 4 hours 31 minutes 46.65 seconds
hyun at ttyp1 from 172.16.119.201:2633 for 2 hours 31 minutes 51.61 seconds
SWITCH(config)# disconnect ttyp1
SWITCH(config)#

4.1.9. System Rebooting

4.1.9.1. Passive System Rebooting

After downloading new system image from TFTP/FTP server, reboot the system. Input
the command, reload on Privilege Exec Enable Mode to reboot in other cases when
rebooting is needed during installing and managing switch through terminal program.

Command Mode Function

reload Enable Reboots system.

On other hand, In SURPASS hiD 6615, it is possible to support Dual-OS according to

the configured Flash Memory. Single-OS is provided in the case Flash Memory is
8M+16M and Dual-OS is provided in the case Flash Memory is 8M+32M. It is possible
to check Flash Memory with show system command. To reboot in Dual-OS, use the
following command.

Command Mode Function

reload {os1ㅣos2} Enable Reboots system by selecting NOS.

If you reboot system without saving new configuration, new configuration will be de-
leted. So, you have to save the configuration before rebooting. Not to make that mis-
take, SURPASS hiD 6615 is supposed to print the following message to ask if user
really wants to reboot and save configuration.

If you want to continue to reboot, press “y” key, if you want to save new configuration,
press “n” key.

SWITCH# reload
Warning : Changed configuration was not saved to flash memory.
Do you still want to reload the system?[y|N]

DDJ:A-M-5212B0-01 61
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.1.9.2. Auto System Rebooting

SURPASS hiD 6615 reboots the system according to user’s configuration. There are
two basises for system rebooting. They are CPU and Memory. CPU is rebooted in case
CPU Load or Interrupt Load continues for the configured time. Memory is automatically
rebooted in case Memory low occurs as the configured times.

The following is to configure system rebooting function.

Command Mode Function

Configures to reboot automatically in case cpu-load-

auto-reset cpu cpu-load-average
average or interrupt-load-average consist for the
interrupt-load-average time
configured time.

auto-reset memory Bridge Configures to reboot automatically in case Memory

time-threshold--memory-low low occurs as count--memory-low for time-threshold-

count--memory-low -memory-low.

no auto-reset {cpuㅣmemory} Deleting auto system rebooting.

The configurable range for cpu-load-average is from 50 to 100 and for interrupt-load-average is
from 1 to 100

The configurable range for time-threshold-of-memory-low is from 1 to 120 and for

count-of-memory-low is from 1 to 10.

The default for Time threshold of memory low is 10 minutes and the default for count
of memory low is 5 times.

To show auto system rebooting, use the following command.

Command Mode Function

show auto-reset {cpuㅣmemory} Enable/Global/Bridge Shows auto system rebooting.

62 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 1 ]

The following is to configure to reboot automatically in case CPU Load continues as

70% and Interrupt Load as 70% for a minute.

SWITCH(bridge)# auto-reset cpu 70 70 1

SWITCH(bridge)# show auto-reset cpu
------------------------------
Auto-Reset Configuration(CPU)
------------------------------
auto-reset: on
cpu load: 70
interrupt load: 70
continuation time: 1

SWITCH(bridge)#

[ Sample Configuration 2 ]

The following is to configure to reboot automatically in case Memory low occurs 3 times
in 10 minutes.

SWITCH(bridge)# auto-reset memory 10 3

SWITCH(bridge)# show auto-reset memory
---------------------------------
Auto-Reset Configuration(Memory)
---------------------------------
auto-reset : enabled
time threshold : 10
admin reboot count : 3

SWITCH(bridge)#

4.1.10. System Logout

It is possible to log out of the system in Privilege Exec View mode or Privilege Exec
Enable mode. Therefore you should return to Privilege Exec Enable mode to log out if
you are configuring in the other mode. To log out of the system, use the following com-
mand.

Command Mode Function

exit View/Enable Logs out of the system.

DDJ:A-M-5212B0-01 63
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.2. Assigning IP Address

The switch uses only the data’s MAC address to determine where traffic needs to come
from and which ports should receive the data. Switches do not need IP addresses to
transmit packets. However, if you want to access to SURPASS hiD 6615 from remote
place with TCP/IP through SNMP or telnet, it requires IP address.

As the default setting, SURPASS hiD 6615 is configured with virtual interface 1 and all
of the ports are member port of virtual interface 1.

You can enable interface to communicate with switch interface on network and assign
IP address as the following in order.

• Enabling Interface
• Disabling Interface
• Assigning IP Address to Network Interface
• Configuring Static Route and Default Gateway

4.2.1. Enabling Interface

Before you assign IP address to network interface, you need to show that interface to
communicate is enabled. Unless the interface is enabled, you can communicate by as-
signing IP address. To check if interface is enabled, use the command, “show run-
ning-config”.

The following is an example of checking if interface is enabled.

SWITCH# show running-config

Building configuration...
(omitted)
interface noshutdown lo
!
interface noshutdown default
(omitted)
SWITCH#

The VLAN name of interface 1 is default.

There are two ways to enable interface; on Global Configuration Mode and on Interface
Configuration Mode.

64 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.2.1.1. On Interface Configuration Mode

You also can enable interface on Interface configuration mode. Before enabling inter-
face on Interface Configuration Mode, you should enter into the mode. To enter into In-
terface Configuration Mode of the interface you are about to enable interface, use the
following command.

Command Mode Function

interface interface-name Global Enters into Interface configuration mode of speci-

fied interface.

And, enable the interface by using the following command.

Command Mode Function

no shutdown Interface Enables interface.

4.2.1.2. On Interface Configuration Mode

You also can disable interface on Interface configuration mode. Before enabling inter-
face on Interface configuration mode, you should enter into the mode.

To enter into Interface configuration mode of the interface you are about to enable inter-
face, use the following command.

Command Mode Function

Enters into Interface configuration mode of speci-

interface interface-name Global
fied interface.

And, to disable the interface, use the following command.

Command Mode Function

shutdown Interface Disables interface.

DDJ:A-M-5212B0-01 65
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.2.2. Assigning IP Address to Network Interface

After enabling interface, assign IP address. To assign IP address to network interface,

use the following commands.

Command Mode Function

ip address address/M Sets IP address of an Interface.

Interface
ip address address/M secondary Sets secondary IP address of an Interface.

To show assigned IP address, use the following command.

Command Mode Function

show ip Interface Shows assigned IP address in interface.

To disable the assigned IP address, use the following commands.

Command Mode Function

no ip address Clears all of IP address of an Interface.

Clears designated IP address of an Inter-

no ip address address/M Interface
face.

no ip address address/M secondary Assigns secondary IP address.

4.2.3. Configuring Static Route and Default Gateway

It is possible to configure Static route in SURPASS hiD 6615. Static route is a route that
user configures. Packets are transmitted to destination through Static route. Static route
includes destination address, neighbor router to receive packet, number of routes that
packets have to go through.

66 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To configure static route, use the following commands.

Command Mode Function

ip route ip-address prefix-mask {ip-gateway-addressㅣ

null} [1-255]

ip route ip-address/m {ip-gateway-addressㅣnull} [<1-

Global Configures static route.
255>]

ip route ip-address/m {ip-gateway-addressㅣnull} src

ip-address

To configure default gateway, use the following command in Configuration mode.

Command Mode Function

ip route default {ip-address |null} [<1-255>] Global Configures default gateway.

To view configured static route, use the following command.

Command Mode Function

show ip route [bgpㅣconnectedㅣisisㅣkernelㅣospfㅣ Enable/ Shows configured static

ripㅣstaticㅣip-addressㅣip-address/mㅣsummary ] Global route.

To delete configured static route, use the following commands.

Command Mode Function

no ip route ip-address ip-address {ip-addressㅣnull}

Deletes configured static
[1-255] Global
route.
no ip route ip-address/m {ip-address ㅣnull} [1-255]

To delete configured default gateway, use the following commands.

Command Mode Function

no ip route default { ip-address |null} [<1-255>] Global Deletes default gateway.

DDJ:A-M-5212B0-01 67
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

You can configure the maximum number of pathes when there are various multipahes.
To configure the maximum number of pathes, use the following command.

Command Mode Function

Designate the maximum number of pa-

ip maximum-paths <1-8> Global
thes.

4.2.4. Checking Interface Status

To show inferface configuration and status, use the following commands.

Command Mode Function

show interface {inteface-name} Shows detail interface statistics

show ip interface brief Shows brief information of all interfaces

Global
Shows brief information of specific inter-
show ip interface inerface-name brief
face

4.2.5. Sample Configuration

[ Sample Configuration 1 ]

The followings are examples of enabling interface 1 in two ways.

① On Configuration Mode

SWITCH# configure terminal

SWITCH(config)# interface noshutdown 1
SWITCH(config)#

② On Interface Configuration Mode

SWITCH# configure terminal

SWITCH(config)# interface 1
SWITCH(config-if)# no shutdown
SWITCH(config-if)#

68 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 2 ]

The following is an example of assigning IP address 192.168.1.10 to 1.

SWITCH(config-if)# ip address 192.168.1.10/16

SWITCH(config-if)# show ip
IP-Address Scope Status
-------------------------------------
192.168.1.10/16 global

SWITCH(config-if)#

[ Sample Configuration 3 ]

The following is an example of configuring default gateway.

SWITCH# configure terminal

SWITCH(config)# ip route default 192.168.1.254
SWITCH(config)#

4.3. SSH

Network security is getting more important and more important according to using net-
work has been generalized between users. However, typical ftp and telnet service have
big weakness for security. SSH(Secure Shell) is security shell for login. Through SSH,
all data are encoded, traffic is compressed. So, transmit rate becomes faster, and tun-
nel for existing ftp and pop, which are not safe in security, is supported.

4.3.1. Operating SSH Server

SURPASS hiD 6615 can be operated as server. You can configure the following things
in SURPASS hiD 6615 as SSH server.

• Enabling SSH Server

• Viewing on-line Clients
• Disconnecting Clients
• Viewing Connection History of Clients

DDJ:A-M-5212B0-01 69
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.3.1.1. Enabling SSH Server

To enable SSH server, use the following command.

Command Mode Function

ssh server enable Global Enables SSH server.

To disable SSH server, use the following command.

Command Mode Function

ssh server disable Global Disables SSH server.

4.3.1.2. Viewing On-line Clients

It is possible to view clients who are connected to SSH server, SURPASS hiD 6615. To
view on-line clients, use the following command.

Command Mode Function

show ssh Enable/Global Shows clients who are connected to SSH server.

The following is an example of viewing clients who are connected to SSH server.

SWITCH# show ssh

connected clients : 001
num pid ppid srv_usr remote_ip Start_Time SPrevileged_Time

001 731 96 root 100.10.14.20 Fri Mar 7 04:23:51 1980 --------

SWITCH#

4.3.1.3. Disconnecting Clients

It is possible to disconnect clients who are connected on SSH server. To have clients
disconnected, use the following command.

Command Mode Function

ssh disconnect pid Global Disconnects clients who are connected to SSH server.

70 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

“pid” is SSH client’s number. It can be displayed by using the command, “show ssh”.

4.3.1.4. Checking Connection History of Client

It is possible to view connection history of clients who are connected to SSH server af-
ter SURPASS hiD 6615 is operated as the server. To view connection history of client,
use the following command.

Command Mode Function

show ssh history Global Shows connection history of clients who are connected

to SSH server up to now.

When you use the command, “show ssh history” to view connection history, you can
view the history of only disconnected clients. To view connected clients at present,
use the command, “show ssh”.

4.3.2. Using Client

SURPASS hiD 6615 can be used for the following ways as client of SSH server.

• Login to SSH Server

• File Copy
• Configuring Authentication Key
• Connecting to FTP

4.3.2.1. Login to SSH Server

To log in to SSH server after configuring SURPASS hiD 6615 as SSH client, use the
following command.

Command Mode Function

ssh login destination enable Accesses to SSH server.

DDJ:A-M-5212B0-01 71
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

You can input IP address or「ID@IP address or host domain name(ex : [email protected])」
at “destination”.

4.3.2.2. File Copy

It is possible to copy file or open file in server through SSH after SURPASS hiD 6615 is
configured as client. To copy file through SSH, use the following command.

Command Mode Function

copy {scp l sftp} config Connects to file through SSH. “source” is source file
Global
{download l upload} config-file and “destination” is file to be copied.

4.3.2.3. Configuring Authentication Key

SSH client can access to server through authentication key after configuring authenti-
cation key and informing it to server. It is safer to use authentication key than inputting
password every time for login, and it is also possible to connect to many SSH server
with using one authentication key. To configure authentication key in SURPASS hiD
6615, use the following command.

Command Mode Function

ssh keygen {rsa1ㅣrsaㅣdsa}

copy {scp l sftp} key download Global Configures authentication key.

copy {scp l sftp} key upload Key-file

“rsa1” is authentication way supported in ssh1, and “rsa” and “dsa” are authentication
ways supported in ssh2.

To configure authentication key and connect to server with the authentication key, per-
form the following steps.

Step 1 Configures authentication key in user’s switch.

The following is an example of configuring password, “networks” as authentication key

for authentication way of dsa in SWITCH A.

72 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH_A(config)# ssh keygen dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/etc/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):networks
Enter same passphrase again:networks
Your identification has been saved in /etc/.ssh/id_dsa.
Your public key has been saved in /etc/.ssh/id_dsa.pub. Stored directory
and file name
The key fingerprint is:
d9:26:8e:3d:fa:06:31:95:f8:fe:f6:59:24:42:47:7e root@hiD6615
SWITCH_A(config)#

Step 2 Copy file, in which authentication key is stored into SWITCH B, which is SSH
server. You should connect to SWITCH B to copy. So, you have to input password of ID,
“root”. In this time, IP address of SWITCH B is 172.16.209.10.

Step 3 Connect to SSH server with authentication key.

SWITCH_A(config)# ssh login 172.16.209.10

Enter passphrase for key '/etc/.ssh/id_dsa': networks
SWITCH_B#

4.4. 802.1x Authentication

To enhance security and portability of network management, there are two ways of Au-
thentication based on MAC address and Port-Base Authentication which restrict clients
attempting to access to port.
In a word, Port-Base Authentication (802.1x) decides to give access to RADIUS server
having the information about user who tries to access.

802.1x Authentication adopts EAP(Extensible Authentication Protocol) structure. In

EAP system, there are EAP-MD5 (Message Digest 5), EAP-TLS(Transport Level Secu-
rity), EAP-SRP(Secure Remote Password), EAP-TTLS(Tunneled TLS) and hiD 6615
supports EAP-MD5 and EAP-TLS.Accessing with user’s ID and password, EAP-MD5 is
one-way Authentication based on the password. EAP-TLS accesses through the mu-
tual authentication system of server authentication and personal authentication and it is
possible to guarantee high security because of mutual Authentication system.

At a request of user Authentication, from user’s PC EAPOL-Start type of packets are

transmitted to Authenticator and Authenticator again requests identification. After get-
ting respond about identification, request to approve access to RADIUS server and be
authenticated by checking access through user’s information.

DDJ:A-M-5212B0-01 73
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In this case, Supplicant and Authenticator are came under PAE(Port Authentication En-
tities). Authenticator operates only as a bridge and it has no information about user. Da-
tabase of the user’s information needed for authentication has RADIUS server.

The below picture briefly shows the process of 802.1x authentication.

EAPOL EAP over RADIUS

(EAP over LAN)

PC
Switch RADIUS
1
[ Suppliant ] [ Authenticator ] [ Authentication
Server ]

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity Radius-Access-Request

EAP-Request Radius-Access-Challenge

EAP-Response Radius-Access-Request

EAP-Success Radius-Access-Accept

Fig. 4-1 Process of 802.1x Authentication

In order to enable 802.1x authentication on port of hiD 6615, you must be able to per-
form the following tasks.

• Configuring 802.1x
• Configuring 802.1x Re-authentication
• Initializing the authentication status
• Applying the default value
• Showing 802.1x configuration

There are two ways of Authentication based on MAC address and Port-Base Authenti-
cation which restrict clients attempting to access to the LAN.

74 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.4.1. 802.1x authentication

4.4.1.1. Enabling 802.1x

In order to configure 802.1x, the user should enable 802.1x demon first. In order to en-
able 802.1x demon, use the following command.

Command Mode Function

dot1x system-auth-control Enables 802.1x demon.

Global
no dot1x system-auth-control Disables 802.1x demon.

4.4.1.2. Configuring RADIUS Server

As RADIUS server is registered in Authenticator, Authenticator also can be registered in

RADIUS server.
Here, Authenticator and RADIUS server need extra data authenticating each other be-
sides they register each other’s IP address. The data is Key and should be the same
value for each other. For the Key value, every kinds of character can be used except
the space or special character.

SURPASS hiD 6615

PC
RADIUS
server

[ Supplicant ] [ Authenticator ] [ Authentication

server ]

Authentication request as the order Radius server(as the

order of registration)
Configure as Default RADIUS A : 10.1.1.1
server Response
B : 20.1.1.1

C : 30.1.1.1

J : 100.1.1.1

Fig. 4-2 Multi Authentication Server

DDJ:A-M-5212B0-01 75
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

If you register in several server, the authentication server starts form RADIUS server
registered as first one, then requests the second RADIUS server in case there’s no re-
sponse. According to the order of registering the authentication request, the authentica-
tion request is tried and the server which responds to it becomes the Default server
from the point of response time.
After Default server is designated, all requests start from the RADIUS server. If there’s
no response from Default server again, the authentication request is tried for RADIUS
server designated as next one.

To configure IP address of RADIUS server and key value, use the following command.

Command Mode Function

dot1x radius-server host {ip-addressㅣ Register RADIUS server with key value

name} auth-port <0-65535> key key and UDP port of radius server.
Global
dot1x radius-server host {ip-addressㅣ Configures IP address of RADIUS

name} key key server and key value.

<0-65535> is the value for auth-port.

You can designate up to 5 RADIUS server as authenticator.

Authenticator and RADIUS server need extra data authenticating each other besides
they register each other’s IP address. The data is Key and should be the same value
for each other. For the Key value, every kinds of character can be used except the
space or special character.

To delete the registered RADIUS server, use the following command.

Command Mode Function

no dot1x radius-server host Global Deletes the registered RADUIS server.

{nameㅣip-address }

You can configure the priority for the radius server that have configured by user.

Command Mode Function

dot1x radius-server move {nameㅣip- Configures the priority for the configured
Global
address } priority priority server.

76 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.4.1.3. Configuring the Authentication Mode

You can give the access right for clients using MAC address or Port number. To select
the authentication mode, use the following command.

Command Mode Function

Configure to give the access right for cli-

dot1x auth-mode mac-base port-number
ents using MAC address.
Global
no dot1x auto-mode mac-base port- Configure to give the access right for cli-

number ents using port number.

Before configuring 802.1x based on MAC address, you should deny all packets enter-
ing into the authentication port using the mac-filter default-policy deny port-number
command.

4.4.1.4. Configuring the Authentication Port

After configuring 802.1x authentication mode, you should select the authentication port.

Command Mode Function

dot1x nas-port port-number Designates 802.1x authentication port.

Global
no dot1x nas-port port-number Disables 802.1x authentication port.

It is possible to configure more than one port-number by using “,” or “-”.

4.4.1.5. Configuring the Status of Port

In SURPASS hiD 6615, you can permit the users requesting the access regardless of
the authentication from RADIUS server. For example, even though a client is authenti-
cated from the server, it is possible to configure not to be authenticated from the server.
In order to manage the approval for the designated port, use the following command.

Command Mode Function

dot1x port-control {auto | force-authorized | Configures the status of the authenti-

force-unauthorized} port-number Global cation port.

no dot1x port-control port-number Releases the configured status.

DDJ:A-M-5212B0-01 77
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

“auto” means to follow the authentication of RADIUS server. And “force-authorized” is

to give the permit to a client even though RADIUS server didn’t approve it. “force-
unauthorized” is not to authenticate a client even though RADIUS server authenticate
it.

Default is “auto”.

4.4.1.6. Configuring the interval for retransmitting Request/Identity packet

In SURPASS hiD 6615, it is possible to specify how long the device waits for a client to
send back an response/identity packet after the device has sent an request/identity
packet. If the Client does not send back an response/identity packet during this time,
the device retransmits the request/identity packet.

To configure the number of seconds that the switch waits for a response to an re-
quest/identity packet, use the following command.

Command Mode Function

dot1x timeout tx-period <1-65535> port- Sets reattempt interval for requesting re-
Global
number quest/identity packet.

To disable the interval for requesting identity, use the following command.

Command Mode Function

no dot1x timeout tx-period port-number Global Disables the interval for requesting identity

The default time is 30 seconds.

You can configure the interval between 1 ~ 65, 535

4.4.1.7. Configuring the Number of Request to RADIUS server

After 802.1x authentication being configured as explained above, when the user tries to
connect with the port, the process of authentication is progressed among user’s PC
and the equipment as Authenticator and RADIUS server. It is possible to configure how
many times the device which will be authenticator requests for authentication to RA-
DIUS server.

78 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Authentication request means “Radius-Access-Request” in 【 authentication proc-

ess for 802.1x user 】

In order to configure times of authentication request in SURPASS hiD 6615, please use
the command in Global mode.

Command Mode Function

Configure times of authentication request to RA-

dot1x radius-server retries number Global
DIUS server

In SURPASS hiD 6615, basically you can configure the authentication request three
times.

4.4.1.8. Configuring the Interval of Request to RADIUS server

In SURPASS hiD 6615, it is possible to set the time for the retransmission of packets to
check RADIUS server. If there’s a response from other packets, the switch waits for a
response from RADIUS server during the configured time before resending the request.

Command Mode Function

Configures the interval of request to RADIUS

dot1x radius-server timeout interval Global
server.

Authentication request means “Radius-Access-Request” in 【 authentication proc-

ess for 802.1x user 】

You can configure the interval between 1 ~ 120

You should consider the distance from the server for configuring the interval of re-
questing the authentication to Radius server. If you configure the interval too short,
the authentication couldn’t be realized. If it happens, you’d better to reconfigure the in-
terval longer.

DDJ:A-M-5212B0-01 79
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.4.2. 802.1x re-authentication

In hiD 6615 S331, it is possible to update the authentication status on the port periodi-
cally. To enable re-authentication on the port, perform the below order.

Step 1 Enables 802.1x re-authentication.

Step 2 Configures the interval of re-authentication.
Step 3 Configuring the interval of requesting re-authentication in case of re-
authentication fails.
Step 4 Executing 802.1x Re-authenticating regardless the interval.

4.4.2.1. Enabling 802.1x Re-authentication

Enable 802.1x re-authentication with the following command.

Command Mode Function

dot1x reauth-enable port-number Enables 802.1x re-authentication.

Global
no dot1x reauth-enable port-number Disables 802.1x re-authentication.

4.4.2.2. Configuring the interval of re-authentication

RAIDIUS server contains the database about the user who has access right. The data-
base is real-time upgraded so it is possible for user to lose the access right by updated
database even though he is once authenticated. In this case, even though the user is
accessible to network, he should be authenticated so that the changed database is ap-
plied to. Besides, because of various reasons managing RADIUS server and 802.1x
authentication port, the user is supposed to be re-authenticated every regular time. The
administer of SURPASS hiD 6615 can configure a term of re-authentication

Re-authentication is applied to EAPOL-start in 【 authentication process for 802.1x

user 】.

In order to configure a term of re-authentication, use the following command in configu-

ration mode.

80 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

dot1x timeout reauth-period<1- Set the period between re-authentication

4294967295> port-number attempts.

Global
no dot1x timeout reauth-period port- Deletes the period between re-

number authentication attempts.

4.4.2.3. Configuring the interval of requesting re-authentication

When the authenticator sends Request/Identity packet for re-authentication and no re-
sponse is received from the suppliant for the number of seconds, the authenticator re-
transmits the request to the suppliant. In hiD 6615, you can set the number of seconds
that the authenticator should wait for a response to request/identity packet from the
suppliant before retransmitting the request.

The authentication process of configuring reattempt interval for requesting identity is

applicable to “EAP-Request/Identity” and “EAP-Response/Identity” in 【Figure 4-
1】 Process of 802.1x Authentication.

Command Mode Function

dot1x timeout quiet-period <1-65535> port- Sets reattempt interval for requesting re-

number quest/identity packet.

Global
Disables the interval for requesting iden-
no dot1x timeout quiet-period port-number
tity.

The default time is 30 seconds.

4.4.2.4. 802.1x Re-authenticating

4.4.2.2. Configuring a term of re-authentication , it is described even though the

user is accessible to network, he should be authenticated so that the changed data-
base is applied to.

Besides, because of various reasons managing RADIUS server and 802.1x authentica-
tion port, the user is supposed to be re-authenticated every regular time.

DDJ:A-M-5212B0-01 81
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

However, there are some cases of implementing re-authentication immediately. In

SURPASS hiD 6615, it is possible to implement re-authentication immediately regard-
less of configured time interval.

Command Mode Function

Implement re-authentication regardless of the

dot1x reauthenticate port-number Global
configured time interval.

4.4.3. Initializing the authentication status

The user can initialize all the configuration on the port. Once the port is initialized, the
supplicants accessing to the port should be re-authenticated.

Command Mode Function

dot1x initialize port-number Global Initializes the authentication status on the port.

4.4.4. Applying the default value

To apply the default value to the system, use the following command.

Command Mode Function

dot1x default port-number Global Applies the default value.

4.4.5. Showing 802.1x configuration

To show 802.1x configuration, use the following command.

Command Mode Function

View/ Shows 802.1x configuration.

show dot1x [port-number] Enable

/Global

It is possible to configure more than one port-number by using “,” or “-”.

82 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.4.6. Showing and deleting 802.1x user authentication statistics

It is possible for user to make reset state by showing and deleting the statistics of
802.1x user authentication. To show the statistics about the process of 802.1x user au-
thentication, use the following command.

Command Mode Function

show dot1x statistics port-number Global Shows the statistics of 802.1x user authentication

on the port.

To make reset state by deleting the statistics of 802.1x user authentication, use the fol-
lowing command.

Command Mode Function

dot1x clear statistic port-number Global Makes Reset state by deleting the statistics of

802.1x on the port.

4.4.7. Sample Configuration

[Sample Configuration 1] Configuring port based authentication

The following is to show the configuration after configuring pot number 4 as the authen-
tication port and registering IP address of authentication port and information of RA-
DIUS server.

SWTICH(config)# dot1x system-auth-control

SWTICH(config)# dot1x nas-port 4
SWTICH(config)# dot1x port-control force-authorized 4
SWTICH(config)# dot1x radius host 10.1.1.1 auth-port 4 key test
SWTICH(config)# show dot1x
802.1x authentication is enabled.
RADIUS Server : 10.1.1.1 (Auth key : test)
-------------------------------------------------------
| 1 2 3 4
802.1x |123456789012345678901234567890123456789012
-------------------------------------------------------
PortEnable |...p......................................
PortAuthed |...u......................................
MacEnable |..........................................
MacAuthed |..........................................
-------------------------------------------------------
p = port-based, m = mac-based, a = authenticated, u = unauthenticated
SWTICH(config)#

DDJ:A-M-5212B0-01 83
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[Sample Configuration 2]

The following is configuring a term of reauthentication as 1800 and a tem of reauthenti-

cation as 1000 sec.

SWTICH(config)# dot1x timeout quiet-period 1000 4

SWTICH(config)# dot1x timeout reauth-period 1800 4
SWTICH(config)# dot1x reauth-enable 4
SWTICH(config)# show dot1x 4
Port 4
SystemAuthControl : Enabled
ProtocolVersion : 0
PortControl : Force-Authorized
PortStatus : Unauthorized
ReauthEnabled : True
QuietPeriod : 1000
ReauthPeriod : 1800
SWTICH(config)#

[Sample Configuration 3]

The following is an example of showing the configuration after configuring the authenti-
cation based on MAC address.

SWTICH(config)# dot1x auth-mode mac-base 4

SWTICH(config)# show dot1x
802.1x authentication is enabled.

RADIUS Server : 10.1.1.1 (Auth key : test)

-------------------------------------------------------
| 1 2 3 4
802.1x |123456789012345678901234567890123456789012
-------------------------------------------------------
PortEnable |..........................................
PortAuthed |..........................................
MacEnable |...m......................................
MacAuthed |...u......................................
-------------------------------------------------------
p = port-based, m = mac-based, a = authenticated, u = unauthenticated

SWTICH(config)#

84 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.5. System Authentication

SURPASS hiD 6615 is enhanced security of client authentication and user is able to
configure authorization method in diverse ways.

Usually, ID/password registered in switch is used but if you use RADIUS(Remote Au-
thentication Dial-In User Service), which is client authentication protocol, and TA-
CACS+(Terminal Access Controller Access Control System+), only clients recorded in
each server can connect to the system. With TACACS+ configured, sends client infor-
mation for authorization.

With configured RADIUS,

sends client information for
authorization.

Takes authorization process

according to configuration

Connects to switch through

Console or telnet.
Sends Result
RADIUS Server SURPASS hiD 6615

Sends Result
With TACACS+ configured,
sends client information for
authorization.
TACACS
Server

Fig. 4-3 Process of System Authentication

You need to configure the followings for system authentication in SURPASS hiD 6615.

• Configuring Authorization Method

• Designating Authentication Interface
• Configuring Priority of Authorization Method
• Checking Configured Priority of Authorization Method
• Configuring RADIUS
• Configuring TACACS+
• Recording User’s Configuration
• Sample Configuration

DDJ:A-M-5212B0-01 85
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To enable RACIUS or TACACS+, add user with reading right named「user」by using
the command, “user add”. Or, all users connecting through authentication protocol
are supposed to receive a right as 「root」. Refer to 「4.1.5 Managing the user’s
account」for the instruction to add user with reading right.

4.5.1. Configuring Authorization Method

You can authorize clients attempting to access to SURPASS hiD 6615 by using regis-
tered ID/password, RADIUS and TACACS+. It is possible to take all of three and to se-
lect one of them.

To configure authorization method, use the following commands.

Command Mode Function

login local {radiusㅣtacacsㅣhostㅣall} Global Configures authorization method for cli-

enable ents connecting through console.

login remote {radiusㅣtacacsㅣhostㅣall} Configures authorization method for cli-

enable ents connecting through telnet.

“host” is authentication by using ID/password registered in switch. It is configured in

SURPASS hiD 6615 by default.

Also, To release configured authorization method, use the following commands.

Command Mode Function

login local {radiusㅣtacacsㅣhostㅣall} dis- Releases authorization method for cli-

able ents connecting through console.

Global
login remote {radiusㅣtacacsㅣhostㅣall} Releases authorization method for cli-

disable ents connecting through telnet.

4.5.2. Designating Authentication Interface

In SURPASS hiD 6615 where over 2 interfaces or IP addresses are configured , in

case RADIUS or TACACS is used for authentication, the user can designate the packet
destination as specific interface or IP address.

86 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To designate the authentication interface, use the following command.

Command Mode Function

login {radius | tacacs} interface Global Designates user authentication interface or IP

interface-name [ip-address] address.

no login {radius | tacacs} interface Clears user authentication interace

4.5.3. Configuring Priority of Authorization Method

After configuring authorization in diverse ways, you can configure priority of authoriza-
tion method which method will be the first or second or the last.

To configure priority of authorization method, use the following commands.

Command Mode Function

login local {radiusㅣtacacsㅣhost} Configures priority of authorization method for

primary clients connecting through console.

Global
login remote {radiusㅣtacacsㅣ Configures priority of authorization method for

host} primary clients connecting through telnet.

By default, priority of SURPASS hiD 6615 authentication is set to “host → radius → ta-
cacs” in order.

4.5.4. Checking Configured Priority of Authorization Method

User is able to check configured priority of authorization method. To do it, use the fol-
lowing command.

Command Mode Function

show login Enable/Global Shows configuration about authorization method.

DDJ:A-M-5212B0-01 87
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.5.5. Configuring RADIUS

4.5.5.1. Configuring RADIUS Server

After configuring RADIUS for client authentication, you need to configure RADIUS
server to be used in switch. To configure RADIUS server, use the following command.

Command Mode Function

Registers IP address and key value of RA-

login radius server ip-address key Global

Configures RADIUS server with the authenti-
auth_port port-number acct_port port-
cated port and Accounting port.
number

“port-number” is to input port of RADIUS server connected to switch.

You can configure maximum 5 RADIUS servers in SURPASS hiD 6615.

To delete registered RADIUS server, use the following command.

Command Mode Function

no login radius serverip-address Global Deletes registered RADIUS server

4.5.5.2. Configuring the Priority for RADIUS server

It is possible to configure up 5 RADIUS Server in hiD 6615. In the case of multiple RA-
DIUS Servers, you can give the priority for the servers.

The server having higher priority is supposed to be used first. The smaller number the
higher priority.

Command Mode Function

priority server.

The priority is configured from 1 to 5. .

88 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.5.5.3. Configuring Frequency of Retransmit

When SURPASS hiD 6615 cannot get any response from RADIUS server, it is sup-
posed to retransmit request. By default, frequency of retransmit is three times, but user
can configure the number of the times. To configure frequency of retransmit, use the
following command.

Command Mode Function

formation to RADIUS server.

no login radius retransmit Clears retransmt time

You can configure the retransmit times from 1 to 10.

The default is 3 times in SURPASS hiD 6615.

4.5.5.4. Configuring Timeout of Response

In SURPASS hiD 6615, the number of seconds that the switch waits for a response
from RADIUS server is configured. User can configure it for convenience. To configure
timeout of response, use the following command.

Command Mode Function

for a response from RADIUS server.

no login radius timeout Clears waiting time for response

It is possible to configure the response time from 1 to 100 seconds.

The default is 3 seconds in SURPASS hiD 6615.

DDJ:A-M-5212B0-01 89
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

4.5.6. Configuring TACACS+

4.5.6.1. Configuring TACACS Server

After configuring TACACS+ for client authentication, you need to configure TACACS
server to be used in switch. To configure TACACS server, use the following command.

Command Mode Function

TACACS server to be used in switch.

And then, you should register interface of TACACS server connected to user’s switch.
Use the following command.

Command Mode Function

login tacacs interface interface-name Global Registers interface of TACACS server

[ ip-address] connected to user’s switch.

no login tacacs interface Clears TACACS server interface

“port-number” is to input interface of TACACS server connected to user’s switch.

Please check interface of TACACS server connected to user’s switch before inputting
it.

You can register maximum five TACACS servers in SURPASS hiD 6615.

To register port of TACACS server connected to user’s switch, use the following com-
mand.

Command Mode Function

to user’s switch.

no login tacacs socket-port Clears register port of TACACS server

To delete registered TACACS server, use the following command.

Command Mode Function

no login tacacs server ip-address Global Deletes registered TACACS server.

90 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

4.5.6.2. Configuring the Priority for TACACS server

It is possible to configure up 5 TACAS Server in hiD 6615. In the case of multiple TA-
CAS Servers, you can give the priority for the servers. The server having higher priority
is supposed to be used first. The smaller number the higher priority.

Command Mode Function

address priority

The priority is configured from 1 to 5. .

4.5.6.3. Selecting Authorization Type

When you configure TACACS+ for authentication, you need to select authorization type
of TACACS+. To select authorization type of TACACS+, use the following command.

Command Mode Function

login tacacs auth-type {asciiㅣ

Selects authorization type of TACACS+.
papㅣchap} Global

no login tacas auth-type Clears authorization type of TACACS+

pap stands for Password Authentication Protocol and chap stands for Challenge Hand-
shake Authentication Protocol.

The default is “ascii” type of TACACS+ in SURPASS hiD 6615.

4.5.6.4. Configuring Timeout of Response

In SURPASS hiD 6615, the number of seconds that the switch waits for a response
from TACACS server is configured. User can configure it for convenience. To configure
timeout of response, use the following command.

Command Mode Function

no login tacas timeout time waits for a response from TACACS server.

DDJ:A-M-5212B0-01 91
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

It is possible to configure the response time from 1 to 100 seconds.

The default is five seconds.

4.5.6.5. Configuring Client Priority

It is possible to configure priority of client’s right to use server according to configura-

tion of TACACS server authorization method. This priority is not used in SURPASS hiD
6615 but in TACACS server user connects. To configure priority of client’s right to use
server, use following command.

Command Mode Function

maxㅣroot} TACACS server.

no login tacacs priority-level Clears priority of client’s right

Comparatively speaking, the priority is “max = root ＞user ＞min” in order.

4.5.7. Recording User’s Configuration

When user configures RADIUS or TACACS+ for system authentication, the system re-
cords specific services user has taken. Through this function, it is possible to apply bill-
ing policy to specific service. To enable this function, use the following command.

Command Mode Function

login accounting-mode {noneㅣstartㅣ Global Applies billing policy to switch.

stopㅣboth}

no login accounting-mode Disables biiling policy

“start” sets the standard on user’s login and “stop” sets the standard on user’s logout.
“both” takes both of them and “none” releases applied billing policy.

4.5.8. Sample Configuration

[Sample Configuration 1] Configuration RADIUS server

The following is an example of configuring authorization method in SURPASS hiD 6615.

92 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

It is configured to add RADIUS to default method in case of clients connecting through

console and telnet. And, the priority is given to RADIUS in case of clients connecting
through console and to default method in case of clients connecting through telnet.

Then, show the configuration. And The following is an example of configuring frequency
of retransmit and timeout of response after registering RADIUS server.

SWITCH(config)# user add user test1

Changing password for user
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:vertex
Re-enter new password:vertex
Password changed.
SWITCH(config)# login local radius enable
SWITCH(config)# login remote radius enable
SWITCH(config)# login local radius primary
SWITCH(config)# login remote host primary
SWITCH(config)# login radius server add 100.1.1.1 1
SWITCH(config)# login radius retransmit 5
SWITCH(config)# login radius timeout 10
SWITCH(config)# show login
[AUTHEN]
Local login : radius host
Displayed according to priority.
Remote login : host radius
Accounting mode : both
------------------------------------
[HOST]
maximum_login_counts : 8

------------------------------------
[RADIUS]
<Radius Servers & Key>
100.1.1.1 1

Radius Retries : 5
Radius Timeout : 10
Radius Interface : default
------------------------------------
[TACACS]
<Tacacs Servers & Key>

Tacacs Timeout : 3
Tacacs Socket Port : 49
Tacacs Interface : default
Tacacs PPP Id : 1
Tacacs Authen Type : ASCII
Tacacs Priority Level : MIN
SWITCH(config)#

DDJ:A-M-5212B0-01 93
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[Sample Configuration 2] Configuration TACACS+ server

The following is an example of configuring authorization method as TACACS+.

SWITCH(config)# user add user test1

Changing password for user
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:vertex
Re-enter new password:vertex
Password changed.
SWITCH(config)# login local tacacs enable
SWITCH(config)# login remote tacacs enable
SWITCH(config)# login local tacacs primary
SWITCH(config)# login remote tacacs primary
SWITCH(config)# login tacacs server add 200.1.1.1 1
SWITCH(config)# login tacacs interface default
SWITCH(config)# login tacacs socket-port 1
SWITCH(config)# login tacacs auth-type pap
SWITCH(config)# login tacacs timeout 10
SWITCH(config)# login tacacs priority-level root
SWITCH(config)# show login
[AUTHEN]
Local login : tacacs host
Displayed according to the priority
Remote login : tacacs host
Accounting mode : both
------------------------------------
[HOST]
maximum_login_counts : 8

------------------------------------
[RADIUS]
<Radius Servers & Key>

Radius Retries : 3
Radius Timeout : 3
Radius Interface : default
------------------------------------
[TACACS]
<Tacacs Servers & Key>
200.1.1.1 1

Tacacs Timeout : 10
Tacacs Socket Port : 1
Tacacs Interface : default
Tacacs PPP Id : 1
Tacacs Authen Type : PAP
Tacacs Priority Level : MAX(ROOT)
SWITCH(config)#

94 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

5. Port Basic Configuration

It is possible for user to configure basic environment such as auto-negotiate, transmit
rate, and flow-control of SURPASS hiD 6615 port. Also, it includes instructions how to
configure port mirroring and port as basic.

5.1. Port Basic Configuration

It is possible to configure default environment of port such as port state, speed. To con-
figure port, you need to enter into Bridge configuration mode by using bridge command
on configuration mode.

When you are entered into Bridge configuration mode, system prompt will be changed
to SWITCH(bridge)# from SWITCH(config)#.

Command Mode Function

Bridge Global Enters into Bridge configuration mode.

The following is an example of entering into Bridge configuration mode.

SWITCH(config)# bridge
SWITCH(bridge)#

◆ SURPASS hiD 6615 Port Default Configuration

Detail Default Configuration

Port State Available

Auto-negotiate On( except 100BASE-FX )

Duplex mode Full duplex mode

Flow Control Off

STP For VLAN 1

VLAN Default

DDJ:A-M-5212B0-01 95
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To view the configuration of user’s switch port, use the following command.

Command Mode Function

show port port-number Enable/Global/Bridge Shows port configuration.

When you use the command, show port command, if you input letter at port-number,
the message, “% Invalid port: port'” will be displayed, and if you input wrong number,
the message, “% Invalid range: 100 [1-32]” will be displayed.

SWITCH(bridge)# show port port

%Invalid port: port
SWITCH(bridge)# show port 100
%Invalid range: 100 [1-18]
SWITCH(bridge)#

On CLI command mode, you can use “,” and “-” at port-number to choose several ports.

You can configure the below functions about port basic configuration.

• Selecting Port Type

• Activating Port
• Auto negotiation
• Port Transmit Rate
• Duplex Mode
• Flow Control
• Description of Port
• Viewing Port Statistics
• Showing the module information
• Initializing Port Statistics

5.1.1. Selecting Port Type

Because hiD6615 S223 switch ports have two types (RJ45 and SFP), user should se-
lect port type what to use.

96 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To select port type, use the following command.

Command Mode Function

port medium port-number {sfp / rj45} Bridge Selects port type

Default port type is RJ45.

To view the configuration of switch port type, use the following command.

Command Mode Function

show port medium Enable/Global/Bridge Shows port type

5.1.2. Activating Port

To activate port or deactivate port, use the following commands.

Command Mode Function

port enable port-number Activates port.

Bridge
port disable port-number Deactivates port.

By default, all ports are logically activated.

The following is an example of deactivating port 1 Ethernet port and showing it.

SWITCH(bridge)# show port 1

-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Up/Up Auto/Full/100 Off Y
SWITCH(bridge)# port disable 1
SWITCH(bridge)# show port 1
-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Down/Down Auto/Full/100 Off Y
SWITCH(bridge)#

DDJ:A-M-5212B0-01 97
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

5.1.3. Configuring Auto-nego

You can configure auto-negotiation for a port, automatically to match the transmission
speed and the duplex mode of the attached device.

To determine if the speed and duplex mode are set to auto-negotiate, use the following
command in the bridge configuration mode at configuration level.

Command Mode Function

port nego port-number on Sets the port to auto-negotiate..

Bridge
port nego port-number off Deletes auto-negotiate.

By default, auto-nego is activated.

The following is an example of deleting auto-negotiate of port 1 and 2 and showing it.

SWITCH(bridge)# show port 1-2

-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Up/Down Auto/Half/100 Off Y
2: Ethernet 1 Up/Down Auto/Half/100 Off Y
SWITCH(bridge)# port nego 1-2 off
SWITCH(bridge)# show port 1-2
-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Up/Down Force/Half/100 Off Y
2: Ethernet 1 Up/Down Force/Half/100 Off Y
SWITCH(bridge)#

In case of FX port module, you don’t have to use Auto-nego function.

To support Auto MDIX, you need to configure auto-nego as “on.”

98 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

5.1.4. Port Transmit Rate

It is possible to configure transmit rate of each port. To configure transmit rate of port,
use the following command.

Command Mode Function

port speed port-number {10ㅣ100ㅣ Bridge Configure transmit rate of port as 10, 100, or

1000} 1000Mbps.

The following is an example of configuring transmit rate of port 1 as 10Mbps and show-
ing it.

SWITCH(bridge)# show port 1

-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Up/Up Force/Half/100 Off Y
SWITCH(bridge)# port speed 1 10
SWITCH(bridge)# show port 1
-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Up/Up Force/Half/10 Off Y
SWITCH(bridge)#

It is impossible to configure transmit rate of 1000BASE-X Gigabit port.

5.1.5. Duplex Mode

Only unidirectional communication is possible on half duplex mode and bi-directional

communication is possible on full duplex mode to transmit packet for two ways. By
transmitting packet for two ways, Ethernet bandwidth is enlarged two times- 10Mbps to
20Mbps, 100Mbps to 200Mbps.

To configure duplex mode of 10/100BaseTx Ethernet port, use the following command.

DDJ:A-M-5212B0-01 99
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

port duplex port-number {full | half} Bridge Configures duplex mode of port.

When auto-nego is activated, it is impossible to change transmit rate.

The following is an example of configuring duplex mode of port 2 as half mode and
showing it.

SWITCH(bridge)# show port 1

-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Up/Up Force/Full/100 Off Y
SWITCH(bridge)# port duplex 1 half
SWITCH(bridge)# show port 1
-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Up/Up Force/Half/100 Off Y
SWITCH(bridge)#

Before connecting the link, the port of hiD 6615 is basically configured as 「Half du-
plex mode」.

100BASE-FX Ethernet and 1000BASE-X Gigabit Ethernet can be configured as full

duplex. User of 100BASE-FX Ethernet and 1000BASE-X Gigabit Ethernet cannot
change the mode.

5.1.6. Configuring Flow Control

Ethernet ports on the switches use flow control to restrain the transmission of packets
to the port for a period of time. Typically, if the receive buffer becomes full, the port
transmits a "pause" packet that tells remote ports to delay sending more packets for a
specified period of time. In addition, the Ethernet ports can receive and act upon
"pause" packets from other devices. To configure flow control on the Ethernet port, use
the following command.

Command Mode Function

port flow-control port-number {onㅣoff} Bridge Configures flow control.

By default, Flow-control is set to “off”.

100 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The following is an example of configuring flow control to port 1.

SWITCH(bridge)# port flow-control 1 off

SWITCH(bridge)# show port 1
-------------------------------------------------------------------
NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------
1: Ethernet 1 Up/Down Auto/Full/1000 Off Y
SWITCH(bridge)#

5.1.7. Description of port

For user’s reference, you can make description for each port.

To write port description, use the following command.

Command Mode Function

port description port-number Makes description of each port.

Bridge
description

To view description of port, use the following command.

Command Mode Function

show port description [port_number] Enable/Global/ Shows description of one port or

Bridge/Interface more.

The following is an example of making description of port 1 and viewing it.

SWITCH(bridge)# port description 1 test1

SWITCH(bridge)# show port description 1
------------------------------------------------------------
NO TYPE STATE LINK DESCRIPTION
(ADM/OPR)
------------------------------------------------------------
1 Unknown Up/Down 0HDX test1
SWITCH(bridge)#

To delete port description, use the following command.

DDJ:A-M-5212B0-01 101
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

no port description port-number Bridge Deletes description of specified port.

5.1.8. Viewing Port Statistics

To display traffic average of each port or interface MIB, RMON MIB data defined in
SNMP MIB, use the following commands.

Command Mode Function

show port statistics avg-pkt

Shows traffic average of specified port.
[port-number]
Enable
show port statistics interface
/Global Shows MIB data of specified port.
[port-number]
/Bridge
show port statistics rmon
Shows RMON MIB data of specified port.
[port-number]

The following is an example of viewing traffic average of port 13.

SWITCH# show port statistics avg-pkt 13

=============================================================================
Port | Tx | Rx
-----------------------------------------------------------------------------
Time | pkts/s | bytes/s | bits/s | pkts/s | bytes/s | bits/s
=============================================================================
port 13 ---------------------------------------------------------------------
5 sec: 0 0 0 10 1926 15,408
1 min: 0 0 0 8 2094 16,752
10 min: 0 0 0 9 2037 16,296
SWITCH#

102 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The following is an example of viewing interface MIB data of port 13.

SWITCH(config)# show port statistics interface 13

ifDescr port 13-TX-10/100
ifType 6
ifMtu 1500
ifPhysAddress 00:d0:cb:0d:00:12
ifAdminStatus UP
ifOperStatus UP
ifInOctets 341089087
ifInUcastPkts 5246410
ifInNUcastPkts 19472
ifInDiscards 0
ifInErrors 0
ifInUnknownProtos 0
ifOutOctets 0
ifOutUcastPkts 0
ifOutNUcastPkts 0
ifOutDiscards 0
ifOutErrors 0
ifSpecific 0
SWITCH(config)#

The following is an example of viewing RMON MIB data of port 13.

SWITCH(config)# show port statistics rmon 13

Port 13 ethernet
etherStatsDropEvents 172
etherStatsOctets 647931
etherStatsPkts 6
etherStatsBroadcastPkts 63187
etherStatsMulticastPkts 56513
etherStatsCRCAlignErrors 5479
etherStatsUndersizePkts 0
etherStatsOversizePkts 0
etherStatsFragments 0
etherStatsJabbers 0
etherStatsCollisions 0
etherStatsPkts64Octets 0
etherStatsPkts65to127Octets 44362
etherStatsPkts128to255Octets 6024
etherStatsPkts256to511Octets 12315
etherStatsPkts512to1023Octets 468
etherStatsPkts1024to1518Octets 19
SWITCH(config)#

DDJ:A-M-5212B0-01 103
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

5.1.9. Showing the module information

The user can show the information of the port where module is installed. To display the
module information, use the following command.

Command Mode Function

show port module-info [port-number] Global/Bridge Displays the module information.

5.1.10. Initializing Port Statistics

To clear all recorded statistics of port and initiate, use the following command. It is pos-
sible to initiate statistics of port and select specific port.

Command Mode Function

clear port statistics { port-number ㅣall} Global Initializes port statistics. It is possible to se-

lect several ports.

104 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

5.2. Port Mirroring

Port mirroring is the function of monitoring a designated port. Here, one port to monitor
is called “monitor port” and a port to be monitored is called “mirrored port”. Traffics
transmitted from mirrored port are copied and sent to monitor port so that user can
monitor network traffic.

The following is a network structure to analyze the traffic by configuring port mirroring It
analyzes traffic on the switch and network status by configuring Mirrored port and Moni-
tor port and connecting the computer, that the watch program is installed, to the port
configured as Monitor port.

MONITORING

SURPASS hiD 6615

Mornitor port

Mirrored Mirrored
Port 1 Port 3

Mirrored Traffic transmitted from

Port 2 Mirrored port
1,2,3

Fig. 5-1 Port Mirroring

To configure port Mirroring in hiD 6615, designate Mirrored port and Monitor port and
enable port mirroring function. Monitor port should be connected to PC that Watch pro-
gram is installed. You can designate only one Monitor port but many Mirrored ports for
one switch.

5.2.1. Assigning Monitor Port and Mirrored Port

You should assign monitor port and mirrored port, and then you can configure Port-
mirroring. To assign monitor port and mirrored port, use the following command.

Command Mode Function

mirror add port-number [ingressㅣegress] Configures mirrored port.

Bridge
mirror monitor { port-number | cpu} Configures monitor port or CPU.

DDJ:A-M-5212B0-01 105
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To configure over 2 Mirrored ports, you can input the port-number using 「,」or「-」.

Ex) SWITCH(bridge)# mirror add 1,2,3 or SWITCH(bridge)# mirror add 1-3

If CPU is monitoring the traffic on Mirrored port, it can cause CPU overloads.

To delete mirroring group, use the following command.

Command Mode Function

mirror del port-number [ingressㅣegress] Bridge Deletes mirrored port.

To disable monitoring function, use the following command.

Command Mode Function

no mirror monitor Bridge Deletes mirrored port.

5.2.2. Enabling Port Mirroring

To use port mirroring function, you should enable port mirroring first. To enable port mir-
roring, use the following command.

Command Mode Function

mirror enable Bridge Enables port mirroring.

Also, you have to disable port mirroring to release it. To do it, use the following com-
mand.

Command Mode Function

mirror disable Bridge Disables port mirroring.

You’d better to delete Mirrored port or disable Mirroring port after data analyzing. Us-
ing Mirroring function too long time can cause CPU overload so that packet process
would be delayed.

106 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

5.2.3. Showing Configuration of Port Mirroring

To check the configuration of, use the following command.

Command Mode Function

show mirror View/Enable/Global/Bridge Shows configuration of port mirroring.

5.2.4. Sample Configuration

[Sample Configuration 1] Configuring monitoring through port

The following is to configure to monitor 2,3,4,5 ports from port number 1.

Step 1 Connect PC, that Watch program is installed for, to the port number 1 as Moni-
tor port.

Step 2 Configure port number 1 as Monitor port and port number 2,3,4,5 as Mirroring
ports.

SWITCH(bridge)# mirror monitor 1

SWITCH(bridge)# mirror add 2
SWITCH(bridge)# mirror add 3-5
SWITCH(bridge)#

Step 3 Enable Mirroring function.

SWITCH(bridge)# mirror enable

SWITCH(bridge)#

Step 4 Check port mirroring configuration.

SWITCH(bridge)# show mirror

Mirroring enabled
Monitor port = 1

Ingress mirrored ports

-- 02 03 04 05 -- -- -- -- -- -- -- -- -- -- -- -- --

Egress mirrored ports

-- 02 03 04 05 -- -- -- -- -- -- -- -- -- -- -- -- --

SWITCH(bridge)#

DDJ:A-M-5212B0-01 107
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[Sample Configuration 2] Configuring monitoring through CPU

The following is to configure to monitor 2,3,4,5 ports from CPU.

Step 1 Configure 2,3,4,5 port as Mirroring port and monitor them by CPU.

SWITCH(bridge)# mirror monitor cpu

SWITCH(bridge)# mirror add 2-5
SWITCH(bridge)#

Step 2. Enable mirroring function.

SWITCH(bridge)# mirror enable

SWITCH(bridge)#

Step 3 Check the port mirroring configuration.

SWITCH(bridge)# show mirror

Mirroring enabled
Monitor port = cpu

Ingress mirrored ports

-- 02 03 04 05 -- -- -- -- -- -- -- -- -- -- -- -- --

Egress mirrored ports

-- 02 03 04 05 -- -- -- -- -- -- -- -- -- -- -- -- --

SWITCH(bridge)#

108 DDJ:AM-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

6. System Environment
This chapter explains how to configure host name and time of system and how to man-
age it.

It contains the following sections.

• Environment Configuration
• Configuration Management
• System Check

6.1. Environment Configuration

User must configure the following items.

• Host name
• Date and Time
• Time-zone
• NTP
• SNTP
• Output Condition of Terminal Screen
• DNS Server
• Log-in Banner
• Fan Operation
• Demon Operation

6.1.1. Host Name

Host name displayed on prompt is necessary to distinguish each device connected to

network. To configure or change host name of switch, use the command, “hostname”
on Global configuration mode.

Command Mode Function

hostname name Global Configures host name of switch with new name user assigns.

DDJ:A-M-5212B0-01 109
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The variable, “name” which follows command is the new name of switch user assigns.
Default is “SWITCH”.

The following is an example of changing hostname to “hiD6615”.

SWITCH(config)# hostname hiD6615

hiD6615(config)#

To delete the hostname, use the following command.

Command Mode Function

no hostname name Global Deletes the configured host name..

6.1.2. Date and Time

To configure or change time and date in switch, use the command, “clock” on Privilege
Exec Enable Mode.

Command Mode Function

clock datetime Enable Configures or change time and date in user’s switch.

The variable, “datetime” you need to enter after the command is “Day Month Year
Hour:Minute”.
The following is an example of configuring as Dec., 13th , PM 04:14 in 2002.

SWITCH# clock 13 dec 2002 4:14

SWITCH#

To view configured date and time, use the following command.

Command Mode Function

show clock Enable/Global Shows configured date and time.

6.1.3. Time-zone

You can configure Time-zone to the SURPASS hiD 6615 with the following command.
Time-zone is classified GMT, UCT, UTC.

110 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

If you want to know what kind of Time-zone can you configure, Use the “show time-
zone” command. Time-zone is predefined as the UTC(Universal Coordinated Time) at
the factory configuration

Command Mode Function

show time-zone Enable/Global Show the kinds of Time-zone.

The command, “show time-zone” only displays kinds of Time-zone. To show configura-
tion about Time-zone, use the command, “show clock”.

The following table shows the kinds of Time-zone, which can configure to the Switch
and a main country or area, belong to the Time-zone.

Time-zone Country Time-zone Country Time-zone Country

GMT-12 Eniwetok GMT-3 Rio De Janeiro GMT+6 Rangoon

GMT-11 Samoa GMT-2 Maryland GMT+7 Bangkok, Singapore

Hawaii, Hono-
GMT-10 GMT-1 Azores GMT+8 Hong Kong, Peking
lulu

GMT-9 Alaska GMT+0 London, Lisbon GMT+9 Seoul, Tokyo

GMT-8 LA, Seattle GMT+1 Berlin, Rome GMT+10 Sydney, Melbourne

GMT-7 Denver GMT+2 Cairo, Athens GMT+11 Okhotsk

GMT-6 Chicago, Dallas GMT+3 Moscow GMT+12 Wellington

New York, Mi-

GMT-5 GMT+4 Teheran
ami

GMT-4 George Town GMT+5 New Dehli

Tab. 6-1 GMT Time

To configure time-zone, use the following command.

Command Mode Function

time-zone time-zone Global Configures or modifies the current Time-zone on the

Switch.

The default is UCT(Universal Coordinated Time).

DDJ:A-M-5212B0-01 111
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To show configuration about Time-zone, use the following command.

Command Mode Function

show clock Enable/Global Shows user’s configuration about date/time and Time-zone.

The following is an example of configuring Time-zone as Seoul and viewing the con-
figuration.

SWITCH(config)# time-zone GMT+9

SWITCH(config)# clock 121316142002
Fri, 13 Dec 2002 16:14:10 GMT+0900
SWITCH(config)# show clock
Fri, 13 Dec 2002 16:14:10 GMT+0900
SWITCH(config)#

6.1.4. NTP

NTP(Network Time Protocol) can be used to configure user’s switches to 1/1000 sec-
ond to guarantee the exact time on networks. The Switch and NTP server constantly
transmit the massage each other to converge the correct time. It is very important to
configure exact time to the Switch so that switch operates properly. The details about
NTP will be given at STD and RFC 1119. To configure the switch in NTP, use the follow-
ing commands.

Command Mode Function

Specifies the IP address of the NTP server. It is

ntp server 1 [server 2] [server 3]
Global possible up to three number of server.

no ntp server 1 [server 2] [server 3] Deletes specific IP address of NTP server

You do not need ntp start command. After configuration of above command, NTP
function starts automatically.

We can use the public NTP server and private NTP server both and enter the Domain
name or IP address of NTP server. The「time.nuri.net」is used in Korea, IP address is
「203.255.112.96」.

To release NTP function, use the following command.

Command Mode Function

no ntp Global Releases NTP function.

112 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To show NTP function, use the following command.

Command Mode Function

show ntp Enable/Global Verifies NTP function.

The following is an example of configuring 203.255.112.96 as NTP server, running it

and showing it.

SWITCH(config)# ntp 203.255.112.96

SWITCH(config)# ntp start
SWITCH(config)# show ntp
ntp started
ntp server 203.255.112.96
SWITCH(config)#

The following is an example of releasing NTP and showing it.

SWITCH(config)# no ntp
SWITCH(config)# show ntp
ntp stoped
SWITCH(config)#

6.1.5. SNTP

NTP (Network Time Protocol) and SNTP (Simple Network Time Protocol) are the same
TCP/IP protocol in that they use the same UDP time packet from the Ethernet Time
Server message to compute accurate time. The basic difference in the two protocols is
the algorithms being used by the client in the client/server relationship.

The NTP algorithm is much more complicated than the SNTP algorithm. NTP normally
uses multiple time server to verify the time and then controls the rate of adjustment or
slew rate of the PC which provides a very high degree of accuracy. The algorithm de-
termines if the values are accurate by identifying time server that don't agree with other
time servers. It then speeds up or slows down the PC's drift rate so that the PC's time
is always correct and there won't be any subsequent time jumps after the initial correc-
tion. Unlike NTP, SNTP usually uses just one Ethernet Time Server to calculate the
time and then it "jumps" the system time to the calculated time. It can, however, have
back-up Ethernet Time Servers in case one is not available.

To configure the switch in SNTP, use the following commands.

DDJ:A-M-5212B0-01 113
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

sntp server 1 [server 2] Specifies the IP address of the SNTP server. It

[server 3] is possible up to three number of server.

Global
no sntp server 1 [server 2]
Disables specific SNTP server.
[server 3]

show sntp Enable/Global Show SNTP configuration.

You do not need sntp start command. After configuration of above command, SNTP
function starts automatically.

The following is to register SNTP server as 203.255.112.96 and enable it.

SWITCH(config)# sntp 203.255.112.96

SWITCH(config)# show sntp
==========================
sntpd is running.
==========================
Time Servers
--------------------------
1st : 203.255.112.96
==========================
SWITCH(config)#

You can configure up to 3 servers so that you use second and third servers as backup
use in case the first server is down.

In order to disable SNTP function, use the following command.

Command Mode Function

no sntp Global Disables SNTP function.

6.1.6. Output Condition of Terminal Screen

By default setting, SURPASS hiD 6615 is configured to display 24 lines composed by

80 characters on console terminal screen. User can change the number of displayed
lines by using the command, line. You can display maximum 512 lines.

To configure the number of displayed lines on terminal screen, use the following com-
mand on Privilege Exec Enable Mode.

114 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

service terminal length Configures the number of displayed lines on ter-

View/Enable
<0~512> minal screen.

The maximum of the number of line is 512.

The following is an example of configuring the number of displayed lines in terminal

screen as 20 lines.

SWITCH# service terminal-length 20

SWITCH#

To disable the configuration for terminal length, use the following command.

Command Mode Function

no service terminal length View/Enable Disables the configuration for the number of dis-

<0~512> played lines on terminal screen.

6.1.7. DNS Server

In SURPASS hiD 6615, it is possible to use hostname or URL instead of IP address

when you use telnet, ftp, tftp, and ping command. To do that, you should register DNS
server. To register DNS server, use the following command.

Command Mode Function

dns server server-ip-address Global Registers DNS server in switch.

After registering DNS server with using the above command, DNS server is connected
to network. Then, you can use hostname or URL instead of IP address with commands
such as telnet, ftp, tftp, and ping.

To support this function, SURPASS hiD 6615 and DNS server should be connected to
network.

To delete DNS server, use the following command.

DDJ:A-M-5212B0-01 115
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

no dns server server-ip-address Global Deletes DNS server in switch.

To view registered DNS server, use the following command.

Command Mode Function

show dns Enable/Global Shows registered DNS server in switch.

The following is an example of registering 168.126.63.1 as DNS server and checking it.

SWITCH(config)# dns server 168.126.63.1

SWITCH(config)# show dns
nameserver 168.126.63.1
SWITCH(config)#

The above example is just for your reference. In real configuration, you must input the
DNS server you are going to use.

The following is an example of taking ping test with domain name after registering DNS
server.

SWITCH# ping da-san.com

PING da-san.com (203.236.124.3) from 203.236.124.248 : 56(84) bytes of
data.
64 bytes from 203.236.124.3: icmp_seq=0 ttl=254 time=0.4 ms
64 bytes from 203.236.124.3: icmp_seq=1 ttl=254 time=0.3 ms
64 bytes from 203.236.124.3: icmp_seq=2 ttl=254 time=0.3 ms
64 bytes from 203.236.124.3: icmp_seq=3 ttl=254 time=0.3 ms
64 bytes from 203.236.124.3: icmp_seq=4 ttl=254 time=0.3 ms
64 bytes from 203.236.124.3: icmp_seq=5 ttl=254 time=0.2 ms
64 bytes from 203.236.124.3: icmp_seq=6 ttl=254 time=0.3 ms

--- da-san.com ping statistics ---

7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.3/0.4 ms
SWITCH#

116 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In addition, when you register specific domain name, you can use hostname in the do-
main instead of IP address to use the commands such as telnet, ftp, tftp, and ping.

SURPASS
Internet

Domain name server

Domain name - A

Host A Host B Host C Host D

Fig. 6-1 Domain Name Server

In the above example, after domain name “A” is registered in hiD 6615, it is possible to
use hostname instead of IP address to use the commands such as telnet, ftp, tftp, and
ping.

To register specific domain name in switch, use the following command.

Command Mode Function

dns search domain-name Global Registers specified domain name.

To support this function, SURPASS hiD 6615 and DNS server should be connected to
network.

The following is an example of inputting hostname instead of IP address for ping test to
host “B” after registering domain “A”.

DDJ:A-M-5212B0-01 117
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

SWITCH(config)# dns search A

SWITCH# ping B
PING B.A (192.168.218.10) from 192.168.218.248 : 56(84) bytes of data.
64 bytes from 192.168.218.10: icmp_seq=0 ttl=127 time=0.6 ms
64 bytes from 192.168.218.10: icmp_seq=1 ttl=127 time=0.3 ms
64 bytes from 192.168.218.10: icmp_seq=2 ttl=127 time=0.3 ms
64 bytes from 192.168.218.10: icmp_seq=3 ttl=127 time=0.3 ms
64 bytes from 192.168.218.10: icmp_seq=4 ttl=127 time=0.3 ms

--- B.A ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.4/0.6 ms
SWITCH#

In the above example, “A” and “B” are just example. In real configuration, you should
input actual domain name and hostname instead of A and B.

To delete registered DNS domain name, use the following command.

Command Mode Function

no dns search Global Deletes DNS domain name.

To delete registered DNS server and domain name, use the following command.

Command Mode Function

no dns Global Deletes DNS server and domain name.

6.1.8. Login Banner

It is possible to write message in system login page. Through the message, administra-
tor can leave a message to another user. To write a message in system login page, use
the following command.

Command Mode Function

Banner Registers displayed message before login the system.

Registers displayed message when successfully log in the

banner login
Global system.

Registers displayed message when fail to login the sys-

banner login-fail
tem.

118 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To delete login banner in system login page, use the following command.

Command Mode Function

no banner Deletes displayed message before login the system.

Deletes displayed message when successfully log in the

no banner login Global
system.

no banner login-fail Deletes displayed message when fail to login the system.

To view login banner, use the following command.

Command Mode Function

show banner Enable/Global Displays login banner user creates.

[ Sample Configuration 1 ]

The following is to generating Banner before Login.

When you use the above command, the following message will be displayed.

SWITCH(config)# banner
Save & Exit : CTRL-D When you press Ctrl + D key, you can exit
to system prompt.

Write message you need. When you finish the message, press Ctrl+D key.

SWITCH(config)# banner
When you press Ctrl+D key after writ-
Save & Exit : CTRL-D
ing a message, you can exit to system
do not change the configuration
prompt.
SWITCH(config)#

Then, the banner will be shown before you log in.

SWITCH# exit

do not change the configuration

SWITCH login: admin

Password:
SWITCH>

DDJ:A-M-5212B0-01 119
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

6.1.9. Fan Operation

In SURPASS hid 6615, it is possible to configure FAN operation. To configure FAN op-
eration, use the following command.

Command Mode Function

fan operation {onㅣoff} Global Configures Fan operation.

On other hand, if Fan is on, it is possible to configure to start and stop Fan operation.
on specific temperature. To configure to operate Fan by temperature, use the following
command.

Command Mode Function

threshold fan start-temperature Configures the starting and stopping temperature for
Global
stop-temperature fan operation.

By default, the starting temperature is 30℃ and stopping temperature is 0℃.

It is possible to configure up to 100℃ for starting temperature and -30℃ for stopping
temperature.

The starting temperature should be higher than the starting temperature.

To check Fan status and the temperature for Fan operation, use the following com-
mand.

Command Mode Function

show status fan View/Enabl Check the Fan status and the temperature for the

e/Global fan operation.

The following is to configure the starting temperature as 25℃ and stopping tempera-
ture as 5℃ for Fan operation.

120 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH(config)# threshold fan 25 5

SWITCH(config)# show status fan

Fan A : None
Fan B : None
Fan A-1 : None
Fan A-2 : None
Fan A-3 : None
Fan B-1 : None
Fan B-2 : None
Fan B-3 : None
Fan operation : ON
Fan threshold : Run 25 C / Stop 5 C

SWITCH(config)#

6.1.10. Stopping the demon operation

The user can stop the demon operation unnessarily occupying CPU. To stop certain
demon operation, use the following command.

Command Mode Function

halt process-id Enable Stops the demon operation of PID.

You can display PID of demon with the show process command.

SWITCH# show process

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
admin 1 0.0 0.5 1448 592 ? S 15:56 0:03 init [3]
admin 2 0.0 0.0 0 0 ? S 15:56 0:00 [keventd]
admin 3 0.0 0.0 0 0 ? SN 15:56 0:00 [ksoftirqd_CPU0]
admin 4 0.0 0.0 0 0 ? S 15:56 0:00 [kswapd]
--More--

DDJ:A-M-5212B0-01 121
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

6.2. Configuration Management

User can check if user’s configurations are correct and save them in system. This sec-
tion contains the following functions.

• Checking Switch Configuration

• Saving Configuration
• Auto-Saving
• Reloading
• Configuration Backup

6.2.1. Checking Switch Configuration

User can view switch configuration. To do it, use the following command.

Command Mode Function

show running-config Shows switch configuration.

show running-config { admin-ruleㅣarpㅣ

bridgeㅣdnsㅣfullㅣhostnameㅣloginㅣpmㅣ

qosㅣrmon-alarmㅣrmon-eventㅣrmon-

historyㅣruleㅣsnmpㅣsyslogㅣtime-zoneㅣ
All Shows only the configuration that
time_out }
corresponds to each option.
show running-config interface interface-

name

show running-config router {bgp | ospf | pim

| rip | vrrp}

The following is to show Syslog configuration.

SWITCH# show running-config syslog

syslog start
syslog output info local volatile
syslog output info local non-volatile
!
SWITCH#

122 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

6.2.2. Saving Configuration

After you download a new system image to SURPASS hiD 6615 from TFTP/FTP server,
if the configuration files are changed, you must save the changed file in the flash mem-
ory. Unless you saved the changed file, the configuration file will delete incase of re-
booting. To save the configuration files in the flash memory, use the following command.

Command Mode Function

Enable / Global / Bridge Saves changed configuration in the

write memory
/ Interface / DHCP/…etc flash memory.

The following is an example of saving configuration.

SWITCH# write memory

[OK]
SWITCH#

When you store configurations with using this command, please wait for [OK] mes-
sage without any key pressed.

6.2.3. Auto-Saving

In hiD 6615, it is possible to save the configuration automatically. To configure the con-
figuration periodically, use the following command.

Command Mode Function

write interval <0-1440> Configures auto-configuration periodically.

Global
no write interal Disables auto-saving function.

The unit for auto-saving <0-1440> is 10 minutes.

To release auto-saving, use the following command.

Command Mode Function

write interval 0 Global Releases the auto-saving function.

DDJ:A-M-5212B0-01 123
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

6.2.4. Reloading

User can delete an individual configuration one by one, and also can reload the switch
with the default setting. To reload the switch, use the following command on configura-
tion mode.

Command Mode Function

restore factory-defaults Resets to factory defaults.

restore layer2-defaults Enable Resets to L2 defaults.

restore layer3-defaults Resets to L3 defaults.

After reloading with the command, “restore factory-defaults”, restore factory-defaults,

you have to reboot the switch to initiate.

The following is an example of reloading switch.

SWITCH(config)# restore factory-defaults

You have to restart the system to apply the changes
SWITCH(config)#

6.2.5. Configuration Backup

It is possible to save user’s configurations and to use for the data recovery or system
operating. To back up user’s configuration, use the following commands.

To use back up file, use the following command. Variable “name” is a kind of file name
that can be configured by user.

Command Mode Function

copy running-config Copies the current configuration with a name con-

{file-nameㅣstartup-config} figured by user or startup configuration.

Enable Copies startup configuration with a name configured

copy startup-config file-name
by user.

copy file-name1 file- name2 Copies backup file with another name.

124 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To use back up file using ftp or tftp server, use the following commands.

Command Mode Function

copy {ftp|tftp} config upload Uploads a file to ftp or fttp server with a name con-

{file-nameㅣstartup-config} figured by user.

copy {ftp|tftp} config Downloads a file from ftp or fttp server with a name

download {file-nameㅣstartup- configured by user.

config} Enable

copy {ftp|tftp} os upload {os1| Uploads a file to ftp or fttp server with a name of os1

os2} or os2.

copy {ftp|tftp} os download Downloads a file from ftp or fttp server with a name

{os1| os2} of os1 or os2.

To access to FTP to back up the configuration or use the backup file, you should know
FTP user ID and the password.

To back up the configuration or use the file through FTP, you can check the transmis-
sion rate of file because hash on function is automatically

To use backup file, use the following command.

Command Mode Function

copy file-name startup-config Enable Opens backup file named name to use as startup

configuration.

To apply back up file to switch, you should reboot the system.

To check starting-up config, use the following command.

Command Mode Function

show startup-config Enable / Global Check the contents of starup-configuration.

To list backup files, use the following command.

Command Mode Function

show config-list Enable / Global Lists backup files.

DDJ:A-M-5212B0-01 125
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is an example of copying the current configuration with a name and
showing it.

SWITCH(config)# copy running-config SURPASShiD6615

SWITCH(config)# show config-list
=========================
CONFIG-LIST
=========================
SURPASShiD6615
SWITCH(config)#

To delete backup file, use the following command.

Command Mode Function

erase config filename Enable Deletes backup file.

6.3. System Check

When there is any problem in switch, user must find what the problem is and its solu-
tion. Also neither he nor she should always check switch to prevent trouble. Therefore
user should not only be aware of switch status but also check if configurations are cor-
rectly changed.

This section includes the following functions with CLI command.

• Checking Network Connection

• IP Source-routing Function
• Tracing Packet Route
• Checking Accessed User through Telnet
• Showing MAC table
• Configuring Ageing Time
• Viewing Running Time of Switch
• Showing System Information

126 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

• Checking Average of CPU Utilization

• Checking CPU Process
• Viewing Utilization of Memory
• Viewing Version of System Image
• Viewing Size of System Image File
• Checking Installed OS
• Configuring Default OS
• Checking Switch Status
• Checking Tech-support

6.3.1. Checking Network Connection

To check if user’s switch is correctly connected to network, use the command, ping. In
IP network, the command, ping transmits echo message to ICMP(Internet Control Mes-
sage Protocol). ICMP is internet protocol that notifies fault situation and provides infor-
mation on the location where IP packet is received. When ICMP echo message is re-
ceived at the location, its replying message is returned to the place where it came from.

To operate Ping test to check network status, use the following commands in privileged
mode.

Command Mode Function

ping [word] Enable Operate Ping test to check network status.

The following is the basic information to operate Ping test. Input the following configura-
tions after operating Ping test in Privilege Exec Enable Mode.

Contents Basic Configuration

Protocol [ip] Supports Ping test. Default is IP.

Sends ICMP echo message by inputting IP address or Hostname of

Target IP address
destination in order to check network status with relative.

Repeat count [5] Sends ICMP echo message as many as count.Default is 5.

Datagram size [100] Ping packet size. Default is 100 bytes.

It is considered as successful Ping test if reply returns within the

Timeout in seconds [2]
configured time interval. Default is 2 seconds.

Extended commands [n] Shows the additional commands. Default is no.

Tab. 6-2 The basic information to operate ping test

DDJ:A-M-5212B0-01 127
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

When a number of IP addresses are configured in user’s switch, sometimes you need
to check the connection status between the specific IP address and network status.

To take Sping test, use the same process as Ping test and then input the followings af-
ter ‘ Extended commands’. It is possible to check the connection between specific IP
address and network using the following command. The following is the information to
use Sping test.

Contents Basic Configuration

Source address or inter- Designates the address where the relative device should respond in

face: source ip address.

The service filed of Qos (Quality Of Service) in Layer 3 application. It is

Type of service [0]:
possible to designate the priority for IP Packet.

Decides whether Don’t Fragment (DB) bit is applied to Ping packet or

Set DF bit in IP header? not. Default is no. If the user choose ‘yes’, when the packets pass

[no] through the segment compromised with the smaller data unit, it prevents

the packet to be Fragment. Therefore there could be error message.

Data pattern [0xABCD] Configures data pattern. Default is OxABCD.

Use “sping” in the case there are a number of IP addresses in user’s switch. It is not
necessary for the switch having only one IP address.

[ Sample configuration 1 ]

The following is an example of Ping test 5 times to check network status with IP ad-
dress 172.16.1.254.

SWITCH# ping
Protocol [ip]: ip
Target IP address: 172.16.1.254
Repeat count [5]: 5
Datagram size [100]: 100
Timeout in seconds [2]: 2
Extended commands [n]: n
PING 172.16.1.254 (172.16.1.254) 100(128) bytes of data.
Warning: time of day goes back (-394us), taking countermeasures.
108 bytes from 172.16.1.254: icmp_seq=1 ttl=255 time=0.058 ms
108 bytes from 172.16.1.254: icmp_seq=2 ttl=255 time=0.400 ms
108 bytes from 172.16.1.254: icmp_seq=3 ttl=255 time=0.403 ms
108 bytes from 172.16.1.254: icmp_seq=4 ttl=255 time=1.63 ms
108 bytes from 172.16.1.254: icmp_seq=5 ttl=255 time=0.414 ms

128 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

--- 172.16.1.254 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 8008ms
rtt min/avg/max/mdev = 0.058/0.581/1.632/0.542 ms
SWITCH#

[ Sample configuration 2 ]

In case that user’s switch is configured with several IP addresses, sometimes you need
to check network connection of between specific IP address and partner.

The following is to check network status between 172.16.157.100 and 172.16.1.254

when IP address of the switch is configured as 172.16.157.100.

SWITCH# ping
Protocol [ip]:
Target IP address: 172.16.1.254
Repeat count [5]: 5
Datagram size [100]:100
Timeout in seconds [2]:2
Extended commands [n]: y Input to select Extended com-
Source address or interface: 172.16.157.100 mands to operate “sping”.
Type of service [0]:0

Set DF bit in IP header? [no]:no

Data pattern [0xABCD]:
PATTERN: 0xabcd
PING 172.16.1.254 (172.16.1.254) from 172.16.157.100 : 100(128) bytes of data.
108 bytes from 172.16.1.254: icmp_seq=1 ttl=255 time=30.4 ms
108 bytes from 172.16.1.254: icmp_seq=2 ttl=255 time=11.9 ms
108 bytes from 172.16.1.254: icmp_seq=3 ttl=255 time=21.9 ms
108 bytes from 172.16.1.254: icmp_seq=4 ttl=255 time=11.9 ms
108 bytes from 172.16.1.254: icmp_seq=5 ttl=255 time=30.1 ms

--- 172.16.1.254 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 8050ms
rtt min/avg/max/mdev = 11.972/21.301/30.411/8.200 ms
SWITCH#

6.3.2. IP ICMP Source-routing Function

If you implement PING test to check the status of network connection, icmp request ar-
rives at the final destination as the closest route according to the routing theory.

DDJ:A-M-5212B0-01 129
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Reply B

Request
E

A(SURPASS hiD 6615)

PING test for C

The route of general PING test

Fig. 6-2 Ping test for Network connection

In the above figure, if you implement PING test from PC to C, it goes through the route
of 「A→B→C」This is the general case. But, in SURPASS hiD 6615, it enables to im-
plement PING test from PC as the route of 「A→E→D→C」.

Reply Request
B

A(SURPASS hiD 6615)

PING test for C

Fig. 6-3 IP Source Routing

To implement PING test as the route which the manager designated, use the following
steps.

130 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Step 1 Enables IP source-routing function from the equipment connected to PC which

the PING test is going be implemented.

To enable IP source-routing in SURPASS hiD 6615, use the following command.

Command Mode Function

ip icmp source-route Enables IP source-routing function.

Global
no ip icmp source-route Disables IP source-routing function.

Step 2 Implements the PING test from PC as the designate route with the 「ping –k
ip-address ip-address…」command.

6.3.3. Tracing Packet Route

In hiD 6615, the user can check the tracing route while the packet goes to the destina-
tion. To show the tracing route, traceroute command displays the returning time for
every passing route after sending test packet. If there’s no response until the returning
time, (*) is displayed.

To trace packet route, use the following command in Privilege Exec Enable.

Command Mode Function

traceroute [word] Traces packet transmission route by configuring IP

Enable
traceroute ip [word] address or Hostname of the destination.

Contents Basic Configuration

Source address or inter- Designates the address where the relative device should respond in

face: source ip address.

The service filed of Qos (Quality Of Service) in Layer 3 application. It

Type of service [0]:
is possible to designate the priority for IP Packet.

Decides whether Don’t Fragment (DB) bit is applied to Ping packet or

not.Default is no. If the user choose ‘yes’, when the packets pass
Set DF bit in IP header?
through the segment compromised with the smaller data unit, it pre-
[no]
vents the packet to be Fragment. Therefore there could be error mes-

sage.

Data pattern [0xABCD] Configures data pattern. Default is OxABCD.

DDJ:A-M-5212B0-01 131
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is to check the route of the packet transmitted to 192.168.1.10

SWITCH# traceroute 192.168.1.10

traceroute to 192.168.1.10 (192.168.1.10), 30 hops max, 38 byte packets
1 hmt.da-san.com (203.236.124.252) 0.528 ms 0.450 ms 0.719 ms
2 172.16.147.49 (172.16.147.49) 141.994 ms 125.313 ms 13.171 ms
3 168.126.228.101 (168.126.228.101) 13.600 ms 6.597 ms 6.591 ms
4 211.193.39.1 (211.193.39.1) 6.848 ms 6.884 ms 6.691 ms
5 211.196.155.2 (211.196.155.2) 7.215 ms 7.023 ms 6.995 ms
6 hh-k5-ge3.kornet.net (211.192.47.15) 7.749 ms 11.795 ms 50.576 ms
7 128.134.40.182 (128.134.40.182) 8.389 ms 34.922 ms 13.549 ms
8 211.39.255.229 (211.39.255.229) 134.076 ms 12.646 ms 7.442 ms
9 211.45.90.253 (211.45.90.253) 8.134 ms 13.891 ms 7.714 ms
10 * * *
11 * * *
12 * * *
SWITCH#

6.3.4. Checking Accessed User through Telnet

To check accessed user through telnet, use the following command.

Command Mode Function

where Enable Checks accessed user from remote place.

The following is an example of checking if there is any accessed user from remote
place.

SWITCH# where
admin at ttyS0 from console for 4 hours 6 minutes 21.57 seconds
SWITCH#

6.3.5. Showing MAC table

To display MAC table recorded in specific port, use the following command.

Command Mode Function

show mac bridge-name [port- Enable/ Global/ Shows MAC table.

number] Bridge

The following is an example of displaying MAC table recorded in default

132 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH(config)# show mac 1

The above message may vary according to product codes.

There are more than about a thousand MAC addresses in MAC table. And it is difficult
to find information you need at one sight. So, The system shows certain amount of ad-
dresses displaying 「-more-」on standby status. Press any key to search more. After
you find the information, you can go back to the system prompt without displaying the
other table by pressing “q”.

6.3.6. Configuring Ageing time

SURPASS hiD 6615 records MAC Table to prevent Broadcast packets from transmitting.
And unnecessary MAC address that does not response during specified time is deleted
from the MAC table automatically. The specified time is called Ageing time.

To specify the Ageing time, use the following command.

Command Mode Function

mac aging-time <10-2147483647> Bridge Specifies the Ageing time.

Default is 300 seconds.

6.3.7. Viewing Running Time of Switch

User can view time how long user’s switch has been running after booting.

To view running time of user’s switch, use the following command.

Command Mode Function

View/Enable Shows running time of user’s switch after

show uptime
/Global/Bridge power on.

DDJ:A-M-5212B0-01 133
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

6.3.8. Showing System Information

To view system information such as product model, memory size, hardware specifica-
tion, and OS version, use the following command.

Command Mode Function

View/Enable Shows system information.

show system
/Global/Bridge

6.3.9. Checking Average of CPU Utilization

It is possible to check average of CPU utilization. To do it, use the following command.

Command Mode Function

show cpuload View/Enable Shows threshold of CPU utilization and average

/Global/Bridge of CPU utilization.

6.3.10. Checking CPU Process

It is possible to check CPU loading process classified by each process. Through this
function, user can see which demon possesses the most of CPU, if there is unneces-
sary demon, and operating process of troubled demon. This information is useful data
to solve problem.

To check CPU process, use the following command.

Command Mode Function

Enable/Global Checks CPU loading process

show process
/Bridge

6.3.11. Viewing Utilization of Memory

To view utilization of memory, use the following command.

134 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

show memory Enable Shows utilization of switch memory.

show memory /Global Shows utilization of Memory for specific

{bgp | dhcp | imi | lib| nsm | ospf |pim | rip } /Bridge function.

6.3.12. Viewing Version of System Image

User can view current system image version of SURPASS hiD 6615. To view the cur-
rent system image version, use the following command.

Command Mode Function

show version View/Enable/Global/Bridge Shows version of system image.

6.3.13. Viewing Size of System Image File

User can show the size of the current system image file of SURPASS hiD 6615. To do
this, use the following command.

Command Mode Function

show os-size View/Enable/Global/Bridge Shows size of system image.

6.3.14. Checking Installed OS

It is possible to view utilization of flash memory. To do it, use the following command.

Command Mode Function

show flash View/Enable/Global/Bridge Shows utilization of flash memory.

In SURPASS hiD 6615, it is possible to provide Dual-OS according to Flash Memory in-
stalled in the switch.

DDJ:A-M-5212B0-01 135
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

On other hand, In SURPASS hiD 6615, it is possible to support Dual-OS according to

the configured Flash Memory. Single-OS is provided in the case Flash Memory is
8M+16M and Dual-OS is provided in the case Flash Memory is 8M+32M

It is possible to check Flash Memory with show system command.The following is the
information of providing Dual-OS.

SWITCH(config)# show system

SysInfo(System Information)
Model Name : SURPASS hiD6615 S323
Main Memory Size : 256 MB
Flash Memory Size : 8 MB(INTEL 28F640J3), 16 MB(INTEL 28F256J3)
S/W Compatibility : 3, 7
H/W Revision : DS-T6-07I-A2
NOS Version : 2.15
B/L Version : 4.68
H/W Address : 00:d0:cb:00:0b:40
PLD Version : 0x01
Serial Number : M0507R5212A2008

SWITCH#

The following is to show NOS installed in the switch that supports Dual-OS.

SWITCH# show flash

Flash Information(Bytes)

Area total used free

--------------------------------------------------------------
OS1(default)(running) 16777216 0 16777216 3.02 #3021
OS2 16777216 0 16777216 3.01 #3009
CONFIG 4194304 671744 3522560
--------------------------------------------------------------
Total 37748736 671744 37076992
SWITCH#

The above information can be different according to the product.

6.3.15. Configuring Default OS(※Supporting certain products)

On other hand, In SURPASS hiD 6615, it is possible to support Dual-OS according to

the configured Flash Memory. Single-OS is provided in the case Flash Memory is
8M+16M and Dual-OS is provided in the case Flash Memory is 8M+32M. You can
show the Flash Memory by using show system command.

136 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

When there are two kinds of system images installed, user can configure one of two as
Default OS as user wants in SURPASS hiD 6615.

In SURPASS hiD 6615, a system image saved in os1 is configured as Default OS by

default.

User can configure default OS used in case of booting or rebooting the system. To do
this, use the follow command.

Command Mode Function

default-os {os1ㅣos2} Enable Configures default OS of switch.

The following is an example of configuring OS2 as default OS.

SWITCH# default-os os2

SWITCH#

To show configured Default OS, view the system image installed in flash memory by
using the command, show flash. The following is an example of configuring os2 as De-
fault OS of SURPASS hiD 6615 by changing from os1.

SWITCH# show flash

Flash Information(Bytes)
Area total used free
--------------------------------------------------------------
OS1(default)(running) 16777216 9922240 6854976 3.02 #3021
OS2 16777216 9613344 7163872 2.09-01 #3006
CONFIG 4194304 684032 3510272
--------------------------------------------------------------
Total 37748736 20219616 17529120
SWITCH# default-os os2
SWITCH# show flash
Flash Information(Bytes)
Area total used free
--------------------------------------------------------------
OS1(default)(running) 16777216 9922240 6854976 3.02 #3021
OS2 16777216 9613344 7163872 2.09-01 #3006
CONFIG 4194304 684032 3510272
--------------------------------------------------------------
Total 37748736 20219616 17529120

DDJ:A-M-5212B0-01 137
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

6.3.16. Checking Switch Status

You can check temperature of switch, power status, and fan status. To do it, use the fol-
lowing commands.

Command Mode Function

show status fan Shows fan status of switch.

View/Enable/
show status power Shows power status.
Global/Bridge
show status temp Shows temperature of switch.

6.3.17. Checking Tech-support

In SURPASS hiD 6615, you can check the configuration and configuration file, log in-
formation, register, memory, debugging information using the following commands. By
checking Tech-supporting, check the system errors and use it for solving the problem.

Command Mode Function

tech-support {all | crash-info} con- Check Tech-support on console.

sole
View/Enable
tech-support {all | crash-info} re- Save the contents of Tech-support in the

mote ip-address file-name {ftp | tftp} designated address.

If you choose all among options, you can check all of Tech-support information and if
you choose crash-info, you can check [SYSTEM], [SYSINFO], [VERSION], [TAG],
[SHOW RUNNING-CONFIG], [VOLATILE SYSLOG], [NON-VOLATILE SYSLOG],
[SWITCHING ASIC INFO], [UPTIME INFO], [FLASHINFO].

Tech-support contents displayed on console are showed at once regardless of the

number of display lines of terminal screen.

138 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7. Network Management

This chapter provides guidelines to manage SURPASS hiD 6615 and network in which
SURPASS hiD 6615 is. It contains the following sections.

• SNMP
• RMON
• Syslog
• QoS and Packet Filtering
• MAC Filtering
• Configuring Max Host
• Managing MAC Table
• Configuring ARP Table
• ARP-Alias
• Proxy-ARP
• Configuring Gratuitous ARP
• ICMP Message Control
• IP TCP flag control
• Routing Table

7.1. SNMP

SNMP(Simple Network Management Protocol) system is consisted of three parts:

SNMP manager, a managed device and SNMP agent. SNMP is an application-layer
protocol that allows SNMP manager and agent stations to communicate with each
other. SNMP provides a message format for sending information between SNMP man-
ager and SNMP agent. The agent and MIB reside on the switch. In configuring SNMP
on the switch, you define the relationship between the manager and the agent. Accord-
ing to community, you can give right only to read or right both to read and to write. The
SNMP agent has MIB variables to reply to request from SNMP administrator. And
SNMP administrator can obtain data from the agent and save data in the agent. The
SNMP agent gets data from MIB, which saves information on system and network.

The SNMP agent sends trap to administrator for some cases. Trap is a warning mes-
sage to alert network status to SNMP administrator. Trap informs improper user au-
thentication, rebooting, connection status(activate or deactivate), closing of TCP con-
nection, disconnected to neighbor switch.

DDJ:A-M-5212B0-01 139
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Internet
Managed Device
Requested information
(Each SNMP Agent included) transferred to SNMP
manager

Request information
to SNMP Agent

SNMP Manager
NMS(Network Management
System) used

Fig. 7-1 Organization of SNMP

SURPASS hiD 6615 has supported SNMP v1, v2c, v3. SURPASS hiD 6615 enhances
accessing management of SNMP agent more and limit the range of OID opened to
agents. The following is how to configure SNMP in SURPASS hiD 6615.

• Configuring SNMP v1 Community

• Configuring Accessed Person and Location of SNMP Agent
• Configuring SNMP v2c Com2sec
• Configuring Group
• Limiting the open range of OID
• Access right for limited OID
• Configuring SNMP v3 User
• Configuring SNMP Trap
• Configuring IP Address of SNMP Agent
• Checking SNMP Configuration
• Deleting SNMP function

7.1.1. Configuring SNMP v1 Community

Only authorized person can access to the SNMP agent installed in the switch by con-

140 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

figuring password called as community.

To configure the community in SNMP v1, use the following command on Global con-
figuration mode.

Command Mode Function

snmp community {ro | rw} community Global Configures community to allow authorized

[ip-address] [oid] person to access.

It is possible to configure SNMP community up to maximum three for each reading

right and writing right in SURPASS hiD 6615.

Community means password as we usually know. You can configure the community
by entering password you want at community. And it is possible to give access right
only to read or both to read and to write according to configuring password.

The abbreviations following, ro stands for read-only and rw stands for read/write.
They are commands to distinguish access right.

To delete configured community, use the following command.

Command Mode Function

no snmp community {ro | rw} community Global Deletes community.

To check configured community, use the following command.

Command Mode Function

Enable/
show snmp community Checks Community.
Global

[ Sample configuration 1]

The followings are two examples of giving access right both to read and write by con-
figuring password as public, and giving access right only to read by configuring pass-
word as private.

DDJ:A-M-5212B0-01 141
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

SWITCH(config)# snmp community rw public

SWITCH(config)# snmp community ro private
SWITCH(config)# show snmp community

Community List
Community Source OID
--------------------------------------------
community rw public
community ro private

SWITCH(config)#

7.1.2. Configuring Accessed Person and Location of SNMP Agent

You can configure accessed person and location of the SNMP agent so that these de-
scriptions can be saved at SNMP configuration file. To configure accessed person and
location of the SNMP agent, use the following commands.

Command Mode Function

snmp contact name Enters name of accessed person.

Global
snmp location name Enters location of SNMP agent.

To delete accessed person and location of the SNMP agent, use the following com-
mand.

Command Mode Function

no snmp contact Deletes the name of accessed person.

Global
no snmp location Deletes location of SNMP agent.

To check accessed person and location of the SNMP agent, use the following com-
mand.

Command Mode Function

show snmp contact Shows the name of accessed person.

Enable/Global
show snmp location Shows location of SNMP agent

142 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[Sample Configuration 2]

The following is to configure the information about system administrator of SNMP agent
as dasan<02.3484.6500> and the location of the switch where SNMP agent configured
as Seoul,Korea.

SWITCH(config)# snmp contact dasan<02.3484.6500>

SWITCH(config)# show snmp contact

contact dasan<02.3484.6500>

SWITCH(config)# snmp location Seoul,Korea

SWITCH(config)# show snmp location

location Seoul,Korea

SWITCH(config)#

7.1.3. Configuring SNMP v2c Com2sec

SNMP v2 authorizes the host to access the agent, according to the identity of the host
and Community name. The command, com2sec, specifies the mapping from the iden-
tity of the host and Community name to Security name. To create Security name, use
the following command.

Command Mode Function

snmp com2sec security-name Specifies the mapping from the identity of the
Global
{ip-addressㅣip-address/m} community host and Community name to Security name.

To delete the registered Security name, use the following command.

Command Mode Function

no snmp com2sec security-name Global Deletes the registered Security name.

To check registered Security name, use the following command.

Command Mode Function

show snmp com2sec Enable/Global Checks the registered Security name.

DDJ:A-M-5212B0-01 143
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[Sample Configuration 3]

The following is an example of configuring com2sec and checking it.

SWITCH(config)# snmp com2sec test 100.1.1.1 public

SWITCH(config)# show snmp com2sec

com2sec list
---------------------------------------
com2sec test 100.1.1.1 public

SWITCH(config)#

7.1.4. Configuring Group

User can make SNMP Manager that can access SNMP Agent and its Community be-
longs to a group. To create SNMP group, use the following command.

Command Mode Function

snmp group group-name {v1ㅣv2cㅣv3} user-name Global Creates SNMP group.

User can choose the security type from {v1ㅣv2cㅣv3}. security-name takes the one
created from the command, com2sec. However, security-name is a part of the basic
SNMP protocol in SNMP v3, so user also can specify this without com3sec configura-
tion.

To delete SNMP group, use the following command.

Command Mode Function

no snmp group group-name [v1ㅣv2cㅣv3] Global Deletes SNMP group.

To check the registered group, use the following command.

Command Mode Function

show snmp group Enable/Global Checks the registered group.

7.1.5. Limiting Open Range of OID

The SNMP v2c and v3 can block the user with only access to limited OID. OID which
limits the open range is “view”.

144 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

View A

View B

Fig. 7-2 Open Range of OID

To configure View in SURPASS hiD 6615, use the following command.

Command Mode Function

snmp view view included oid [mask] Configures OID which contains Sub-tree as “view”

snmp view view excluded oid Global Configure OID which doesn’t contain Sub-tree is

[mask] designated as “view”.

DDJ:A-M-5212B0-01 145
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To delete configured View, use the following command.

Command Mode Function

no snmp view view Global Deletes View of the name “view”.

To show configured View, use the following command.

Command Mode Function

show snmp view Enable/Global Checks configured View.

[Sample Configuration 4]

The following is an example of registering View and checking it.

SWITCH(config)# snmp view TEST included 410

SWITCH(config)# show snmp view

View list
-------------------------------------------
view TEST included 410

SWITCH(config)#

7.1.6. Access Right for Limited OID

In SURPASS hiD 6615, the manager can configure for the particular Group to look at
limited OID(=View).

To permit the particular group to access to limited OID, use the following command.

Command Mode Function

snmp access group-name {v1ㅣv2c} read- Configures View to permit for appropriate

view write-view notify-view group in SNMP v1 and SNMP v2c.

Global
snmp access group-name v3 {noauthㅣ Configures View to permit for appropriate

authㅣpriv} read- view write-view notify-view group in SNMP v3.

146 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To release the configuration for accessing to limited OID, use the following command.

Command Mode Function

Releases the Group which gets the per-

no snmp access group-name Global
mission for limited OID.

To check the group which gets the permission for limited OID, use the following com-
mand.

Command Mode Function

Shows the group which gets the permis-

show snmp access Enable/Global
sion for limited OID.

7.1.7. Configuring SNMP v3 User

In SNMP v3, register the agent as user. If you register User, you should configure it
with the authentication key. To configure SNMP v3, user the following command.

Command Mode Function

snmp user user-name {md5ㅣsha} auth-key

Global Configures user of SNMP v3.
[des] [private_key]

To delete register user, use the following command.

Command Mode Function

no snmp user user-name Global Deletes User.

To check registered user, user the following command.

Command Mode Function

show snmp user Enable/Global Checks registered user.

DDJ:A-M-5212B0-01 147
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.1.8. Configuring SNMP Trap

SNMP trap is alert message that SNMP agent notifies SNMP manager about certain
problems. If you configure SNMP trap, switch transmits pertinent information to network
management program. In this case, trap message receivers are called trap-hosts.

7.1.8.1. Configuring SNMP Trap-host

To configure trap-host who receives trap message, use the following command. In this
case, you should input IP address of trap-host who is supposed to receive trap. For ex-
ample, if SNMP manager is trap-host, you should input IP address of SNMP manager.

In hiD 6615, it is possible to configure trap-host of SNMP v1 and SNMP v2c and SNMP
v3 inform-trap-host.

Command Mode Function

snmp trap-host ip-address [community] Configures SNMP version 1 trap host.

snmp trap2-host ip-address [community] Configures SNMP version 2 trap host.

Global
snmp inform-trap-host ip-address [com-
Configures SNMP v3 inform trap host.
munity]

SNMP Trap starts to be transmitted by configuring Trap-host.

To disable to configuration of transmitting Trap message to appropriate IP address, use

the following command.

Command Mode Function

Disables the configuration of transmitting

no snmp trap-host ip-address [community]
Trap message to appropriate IP address.

Disables the configuration of transmitting

no snmp trap2-host ip-address [community] SNMP v2c Trap message to appropriate

Global
IP address.

Disables the configuration of transmitting

no snmp inform-trap-host ip-address SNMP v3 inform Trap message to appro-

priate IP address.

To check configured SNMP trap-host, use the following command.

148 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

show snmp trap Enable/Global Checks configured SNMP trap-host and SNMP trap.

It is possible to configure maximum 16 SNMP trap-hosts in SURPASS hiD 6615.

When you configure more than one trap-host, you can configure it by inputting IP ad-
dress one by one or inputting the IP addresses at once.

[ Sample Configuration 5 ]

The following is an example of configuring IP address 10.1.1.3, 20.1.1.5, and 30.1.1.2

as trap-host in two ways.

SWITCH(config)# snmp trap-host 10.1.1.3

SWITCH(config)# snmp trap-host 20.1.1.5
SWITCH(config)# snmp trap-host 30.1.1.2
SWITCH(config)#

SWITCH(config)# snmp trap-host 10.1.1.3 20.1.1.5 30.1.1.2

SWITCH(config)#

DDJ:A-M-5212B0-01 149
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 6 ]

The following is an example of configuring IP address 10.1.1.1 as trap-host, 20.1.1.1 as

trap2-host and 30.1.1.1 as inform-trap-host.

SWITCH(config)# snmp trap-host 10.1.1.1

SWITCH(config)# snmp trap2-host 20.1.1.1
SWITCH(config)# snmp inform-trap-host 30.1.1.1
SWITCH(config)# show snmp trap

Trap-Host List
Host Community
------------------------------------------
inform-trap-host 30.1.1.1
trap2-host 20.1.1.1
trap-host 10.1.1.1
Trap List
Trap-type Status
--------------------------
auth-fail enable
cold-start enable
cpu-threshold enable
port-threshold enable
dhcp-lease enable
power enable
module enable
fan enable
temp-threshold enable

SWITCH(config)#

7.1.8.2. Configuring SNMP Trap

There are nine kinds of SNMP trap messages provided by SNMP – authentication-
failure, cold-start, link-Up/Down, CPU-threshold, port-threshold, temp-threshold, DHCP-
lease, fan, module, power.

Each trap message is shown in the following cases.

(1) authentication-failure is shown to inform wrong community is input when user try-
ing to access to SNMP inputs wrong community.

150 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

(2) cold-start is shown when SNMP agent is turned off and rebooted again.

(3) link-up/down is shown when network of port specified by user is disconnected, or

when the network is connected again.

(4) cpu-threshold is shown when CPU utilization rises above the threshold configured
by user referred to「6.3.3 Configuring Threshold of CPU Utilization」. Also, when
CPU utilization falls below the threshold, trap message will be shown to notify it.

(5) dhcp-lease is shown when there is no more IP address can be assigned in subnet
of DHCP server. Even though only one subnet does not have IP address to assign
when there are several subnets, this trap message will be seen.

(6) port-threshold is shown when the port traffic rises above the threshold configured
by user referred to「7.3.4 Configuring Threshold of Port Traffic」. Also, when port
traffic falls down below the threshold, port-threshold will be shown.

(7) fan/module/power is shown when there is any problem in Fan, Module, and Power.

(8) temp-threshold is shown when temperature rises above the threshold configured
by user referred to Configuring Threshold of Temperature.

SNMP Trap message provided by each switch can be different. Each switch that sup-
ports SNMP function can use all or a part of the following commands when you config-
ure the switch. To check the command provided by each switch, use snmp trap ? in
Global Configuration Mode.

However, it may inefficiently work if all these trap messages are too frequently sent.
Therefore, user can select type of trap sent to trap-host.

DDJ:A-M-5212B0-01 151
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To configure kinds of trap messages that user wants to receive, use the following com-
mands.

Command Mode Function

Configures Authentication-failure trap message

snmp trap auth-fail
to be sent.

snmp trap cold-start Configures Cold-start trap message to be sent.

Configures Link-down message to be sent

snmp trap link-down
when network of port specified by user is dis-
port-number [node-number]
connected.

snmp trap link-up Configures Link-up message to be sent when

port-number [node-number] network of port specified by user is connected.

Configures CPU-threshold trap message to be

snmp trap cpu-threshold sent when CPU utilization rises above the

threshold and falls down below the threshold.

Configures port-threshold trap message to be

snmp trap port-threshold sent when the port traffic rises above the
Global
threshold and falls down below the threshold.

Configures temp-threshold trap message to be

snmp trap temp-threshold sent when the temperature rises above the

threshold and falls down below the threshold.

Configures DHCP-lease trap message to be

snmp trap dhcp-lease sent is when there is no more IP address can

be assigned in subnet of DHCP server.

Sends trap message when there is any prob-

snmp trap fan
lem in fan.

Sends trap message when there is any prob-

snmp trap module
lem in module.

Sends trap message when there is any prob-

snmp trap power
lem in power.

By default, all kinds of trap messages are configured to send.

152 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To block each message to trap-host, use the following commands.

Command Mode Function

no snmp trap auth-fail Blocks authentication failure trap message.

no snmp trap cold-start Blocks cold-start trap message.

no snmp trap link-down port-number

Blocks link-down trap message.
[node-number]

no snmp trap link-up port-number [node-

Blocks link-up trap message.
number]

no snmp trap cpu-threshold Global Blocks cpu-threshold trap message.

no snmp trap dhcp-lease Blocks dhcp-lease trap message.

no snmp trap port-threshold Blocks port threshold trap message.

no snmp trap temp-threshold Blocks temp threshold trap message.

no snmp trap fan Blocks fan trap message.

no snmp trap module Blocks module trap message.

no snmp trap power Blocks power trap message.

To check the configured trap messages, use the following commands.

Command Mode Function

show snmp trap Global Checks configured SNMP trap-host and SNMP trap.

DDJ:A-M-5212B0-01 153
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 6 ]

The following is an example of blocking authentication failure trap message.

SWITCH(config)# no snmp trap auth-fail

SWITCH(config)# show snmp trap

Trap-Host List
Host Community
------------------------------------------
inform-trap-host 30.1.1.1
trap2-host 20.1.1.1
trap-host 10.1.1.1
Trap List
Trap-type Status
--------------------------
auth-fail disable
cold-start enable
cpu-threshold enable
port-threshold enable
dhcp-lease enable
power enable
module enable
fan enable
temp-threshold enable

SWITCH(config)#

7.1.9. Configuring Type of Alarm Notifications

In this mode, you can configure the Alarm notification. The notification will be sent to a
configured trap host whenever the configuration change occurs through CLI and ACI-E.
This enhanced alarm notification allows the network administrator to customize the se-
verity on each alarm.

7.1.9.1. Enabling Alarm Notification

To enable general alarm notifications, use the following command.

Command Mode Function

snmp notify-activity Global Enables the activity for the general notifi-

{ enable|disable} cation processed through CLI or ACI-E.

This is disabled by default.

154 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.1.9.2. Configuring General Alarm Notification

To configure the severity for general alarm notifications, use the following command.

Command Mode Function

snmp alarm-severity default{ criti- Configures the severity for alarm notifica-
Global
cal|major|minor |warning|intermediate} tions.

The default severity is “minior” by default.

If the severity is not configured for an alarm-notification, the default severity, which is
“minor”, is applied to the alarm notification. This can be changed by network adminis-
trator. To configure the alarm-severity criteria in CLI, use the following command.

Command Mode Function

snmp alarm-severity criteria{ criti-

Global Configures the severity criteria.
cal|major|minor|warning|intermediate}

The default severity is “warning” by default.

This alarm-severity can be configured through CLI command or ACI-E, but this is spe-
cific to EMS function. For example, if alarm-severity criterion is configured as “major” .
then all other alarms that are greator than (or equal to) this severity are only allowed to
be shown in ACI-E, otherwise, will not be shown in ACI-E.

DDJ:A-M-5212B0-01 155
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.1.9.3. Configuring Alarm Notification with the Severity

To configure the severity for alarms, use the following commands.

Command Mode Function

snmp alarm-severity fan-fail Sends alarm notification with the severity when there’s a

{ critical|major|minor |warning|intermediate} problem on the fan.

snmp alarm-severity cold-start Sends alarm notification severity when SNMP agent is

{ critical|major|minor |warning|intermediate} turned off and rebooted again..

snmp alarm-severity broadcast-over Sends alarm notification with the severity when broadcast

{ critical|major|minor |warning|intermediate} traffic is overload

snmp alarm-severity cpu-load-over Sends alarm notification with the severity in the case of

{ critical|major|minor |warning|intermediate} cpu overload.

Sends alarm notification with the severity when when

snmp alarm-severity dhcp-lease
there is no more IP address can be assigned in subnet of
{ critical|major|minor |warning|intermediate}
DHCP server.

snmp alarm-severity dhcp-illegal Sends alarm notification with the severity when there’s ip

{ critical|major|minor |warning|intermediate} address illegally assigned.

snmp alarm-severity fan-remove Global Sends alarm notification with the severity when the fan is

{ critical|major|minor |warning|intermediate} removed from the switch.

snmp alarm-severity ipconflict Sends alarm notification with the severity when IP ad-

{ critical|major|minor |warning|intermediate} dress conflict happens.

snmp alarm-severity memory-over Sends alarm notification with the severity in the case of

{ critical|major|minor |warning|intermediate} memory overload.

snmp alarm-severity mfgd-block Sends alarm notification with the severity when MAC

{ critical|major|minor |warning|intermediate} flood guard function is configured.

snmp alarm-severity port-link-down Sends alarm notification with the severity when network

{ critical|major|minor |warning|intermediate} of port specified by user is disconnected.

snmp alarm-severity port-remove Sends alarm notification with the severity when the port is

{ critical|major|minor |warning|intermediate} removed.

snmp alarm-severity port-thread-over Sends alarm notification with the severity when port traffic

{ critical|major|minor |warning|intermediate} is over thread.

156 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

snmp alarm-severity power-fail Sends alarm notification with the severity when there’s

{ critical|major|minor |warning|intermediate} any problem on the power.

snmp alarm-severity power-remove Sends alarm notification with the severity when the power

{ critical|major|minor |warning|intermediate} is removed.

snmp alarm-severity rmon-alarm-rising Sends alarm notification with the severity when traffic is

{ critical|major|minor |warning|intermediate} rising over rmon alarm threshold.

snmp alarm-severity rmon-alarm-falling Sends alarm notification with the severity when traffic is
Global
{ critical|major|minor |warning|intermediate} falling over rmon alarm threshold.

snmp alarm-severity system-restart Sends alarm notification with the severity when system is

{ critical|major|minor |warning|intermediate} turn off and rebooted.

snmp alarm-severity module-remove Sends alarm notification with the severity when the mod-

{ critical|major|minor |warning|intermediate} ule is removed from the switch.

snmp alarm-severity temperature-high Sends alarm notification with the severity when there is

{ critical|major|minor |warning|intermediate} any problem in temperature.

To disable the user's configuration, use the following commands.

Command Mode Function

no snmp alarm-severity fan-fail

no snmp alarm-severity cold-start

no snmp alarm-severity broadcast-over

no snmp alarm-severity cpu-load-over

no snmp alarm-severity dhcp-lease

no snmp alarm-severity dhcp-illegal To disable the user's configuration, use the following
Global
no snmp alarm-severity fan-remove commands.

no snmp alarm-severity ipconflict

no snmp alarm-severity memory-over

no snmp alarm-severity mfgd-block

no snmp alarm-severity port-link-down

no snmp alarm-severity port-remove

DDJ:A-M-5212B0-01 157
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

no snmp alarm-severity port-thread-over

no snmp alarm-severity power-fail

no snmp alarm-severity power-remove

no snmp alarm-severity rmon-alarm-rising To disable the user's configuration, use the following
Global
no snmp alarm-severity rmon-alarm-falling commands.

no snmp alarm-severity system-restart

no snmp alarm-severity module-remove

no snmp alarm-severity temperature-high

To configure the severity of alarms for ADVA status, use the following commands.

Command Mode Function

snmp alarm-severity adva-fan-fail Sends alarm notification with the severity when ADVA in-

{critical|major|minor|warning|intermediate} forms fan-fail.

snmp alarm-severity adva-if-misconfig Sends alarm notification with the severity when ADVA in-

{critical|major|minor|warning|intermediate} forms there’s any mis-configuration.

snmp alarm-severity adva-if-opt-thres Sends alarm notification with the severity when ADVA in-

{ critical|major|minor |warning|intermediate} forms traffic is over threshold on optical interface.

snmp alarm-severity adva-if-rcv-fail Sends alarm notification with the severity when ADVA in-

{ critical|major|minor |warning|intermediate} forms to fail to receive the packets.

snmp alarm-severity adva-if-sfp-mismatch Sends alarm notification with the severity when ADVA in-

{ critical|major|minor |warning|intermediate} forms SFP module is mismatched.

Global
snmp alarm-severity adva-if-trans-fault Sends alarm notification with the severity when ADVA in-

{ critical|major|minor |warning|intermediate} forms to fail to transmit the packets.

snmp alarm-severity adva-psu-fail Sends alarm notification with the severity when ADVA in-

{ critical|major|minor |warning|intermediate} forms there’s any problem on the power.

snmp alarm-severity adva-temperature Sends alarm notification with the severity when ADVA in-

{ critical|major|minor |warning|intermediate} forms there is any problem in temperature.

snmp alarm-severity adva-voltage-high Sends alarm notification with the severity when ADVA in-

{ critical|major|minor |warning|intermediate} forms the voltage is high.

snmp alarm-severity adva-voltage-low Sends alarm notification with the severity when ADVA in-

{ critical|major|minor |warning|intermediate} forms the voltage is low.

158 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To disable the user's configuration, use the following commands.

Command Mode Function

no snmp alarm-severity adva-fan-fail

no snmp alarm-severity adva-if-misconfig

no snmp alarm-severity adva-if-opt-thres

no snmp alarm-severity adva-if-rcv-fail

no snmp alarm-severity adva-if-sfp-

mismatch To disable the user's configuration, use the

Global
no snmp alarm-severity adva-if-trans-fault following commands.

no snmp alarm-severity adva-psu-fail

no snmp alarm-severity adva-temperature

no snmp alarm-severity adva-voltage-

high

no snmp alarm-severity adva-voltage-low

To configure the severity of alarms for ERP status, use the following commands.

Command Mode Function

Sends alarm notification with the severity

snmp alarm-severity erp-domain-lotp when no test packet has been received

{critical|major|minor|warning|intermediate} within 3 test packet intervals in ERP

mechanism.

snmp alarm-severity erp-domain-multi-rm Sends alarm notification with the severity

{critical|major|minor|warning|intermediate} when a Multiple RM node is created.

snmp alarm-severity erp-domain-reach- Sends alarm notification with the severity

Global
fail when there is disconnection between ERP

{critical|major|minor|warning|intermediate} domains

Sends alarm notification with the severity

when no test packet has been received

snmp alarm-severity erp-domain-ulotp
within 3 test packet intervals in one ERP
{critical|major|minor|warning|intermediate}
port while test packets are received in the

other port with ERP state.

DDJ:A-M-5212B0-01 159
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To disable the user's configuration, use the following commands.

Command Mode Function

no snmp alarm-severity erp-domain-lotp

no snmp alarm-severity erp-domain-multi-

rm To disable the user's configuration, use the

Global
no snmp alarm-severity erp-domain- following commands.

reach-fail

no snmp alarm-severity erp-domain-ulotp

To configure the severity of alarms for STP Guard status, use the following commands.

Command Mode Function

snmp alarm-severity stp-bpdu-guard Sends alarm notification with the severity

{critical|major|minor|warning|intermediate} when there is stp-bpdu-guard problem

Global
snmp alarm-severity stp-root-guard Sends alarm notification with the severity

{critical|major|minor|warning|intermediate} when there is stp-root-guard problem

To disable the user's configuration, use the following commands.

Command Mode Function

no snmp alarm-severity stp-bpdu-guard To disable the user's configuration, use the

Global
no snmp alarm-severity stp-root-guard following commands.

To check the severity of alarms that user configure, use the following commands.

Command Mode Function

To check the severity of alarms that user

show snmp alarm-severity Enable/Global
configure

160 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 8 ]

The following is to configure alarm-severity.

SWITCH(config)# snmp notify-activity enable

SWITCH(config)# snmp alarm-severity criteria critical
SWITCH(config)# snmp alarm-severity cpu-load-over warning
SWITCH(config)# show snmp alarm-severity
notify activity : enable
default severity : minor
severity criteria : critical
cpu-load-over : warning
SWITCH(config)#

To show what kind of alarm has been transmitted, use the following command.

Command Mode Function

show snmp alarm-history Enable/Global Shows what kind of alarm has been transmitted.

To deletes the recorded alarm in the system, use the following command.

Command Mode Function

snmp clear alarm-history Global Deletes the recorded alarm in the system.

The following is to show the transmitted alarm and delete the records.

SWITCH(config)# show snmp alarm-history

cold-start minor Fri Mar 25 15:30:56 2005 System booted.
SWITCH(config)# snmp clear alarm-history
SWITCH(config)# show snmp alarm-history
SWITCH(config)#

To show the current alarms which are not cleared, use the following command.

Command Mode Function

Enable/
show snmp alarm-report Shows the current alarms which are not cleared.
Global/Bridge

DDJ:A-M-5212B0-01 161
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.1.10. Configuring IP Address of SNMP Agent

In case SNMP agent has various IP addresses, SNMP transmits information through
the best route when SNMP manager requests for information. Therefore, when the
manager requests information, the information having different address from referred IP
address could be transmitted.

Refer to the below picture.

IP : 10.1.1.1 IP : 20.1.1.1
( contain SNMP agent )

Ex) In spite that SNMP

IP : 30.1.1.1 IP : 40.1.1.1 manager requests for infor-
mation through IP address
10.1.1.1, if the SNMP de-
cides that 40.1.1.1 is the
SNMP manager best route, information is
transmitted through 40.1.1.1
IP address.

Fig. 7-3 Agent address

In SURPASS hiD 6615, user can designate IP address of SNMP agent in order to re-
ceive information again when the administrator requests for information. As the above
picture, if SNMP manager configures IP address as 10.1.1.1, SNMP information is
transmitted through IP address 10.1.1.1. In order to configure IP address of SNMP
agent, use the following command.

Command Mode Function

snmp agent-address ip-address Configures IP address of SNMP agent.

Global
no snmp agent-address Deletes IP address of SNMP agent.

If the designated IP address of SNMP agent is deleted from the switch, SNMP may
not respond.

If you try to delete the designated IP as the IP address of SNMP agent from device, it
informs that SNMP may not respond as follows.

162 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH(config)# snmp agent-address 10.1.1.1

SWTICH(config)# interface default
SWITCH(config-if)# no ip addres 10.1.1.1/8
Warning : 172.16.209.100/16 is specified to the SNMP agent address.
SNMP agent may not reply.
SWITCH(config-if)#

To check IP address of SNMP agent, use the following command.

Command Mode Function

show snmp agent-address Enable/Global Shows the IP address of SNMP agent

7.1.11. Checking SNMP Configuration

To check SNMP configuration, use the following command.

Command Mode Function

show snmp View/Enable/Global/Bridge Shows the configuration of the switch.

7.1.12. Disable SNMP

To disable SNMP, use the following command.

Command Mode Function

no snmp Global Disables SNMP.

When you use the above command, all configurations concerned with SNMP will be de-
leted.

7.2. Configuring OAM

OAM(Operations, Administration, Maintenance) is useful function for watching the Link

Operation. Network administrator watches the network so that it helps to seize the loca-
tion where the error happens fast. OAM shows the network status by using Loopback
function. And it also helps to recognize the status of ADVA switch by receiving SNMP
information of ADVA.

DDJ:A-M-5212B0-01 163
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.2.1. Configuring OAM Loopback

7.2.1.1. OAM Loopback

For OAM Loopback function, the user’s switch and host connected to the user’s device
should support OAM function. OAM Loopback function enables Loopback function from
the user’s device to host connected to the user’s device and operate it.

To enable Local OAM, use the following command.

Command Mode Function

oam local admin enable port-number Bridge Enables Local OAM.

To disable Local OAM, use the following command.

Command Mode Function

oam local admin disable port-number Bridge Disables Local OAM.

To enable Loopback function of the host connected to the user’s switch, use the follow-
ing command.

Command Mode Function

oam remote loopback enable port-number Bridge Enables Loopback function of Peer device.

To disable Loopback function of peer device, use the following command.

Command Mode Function

oam remote loopback disable port-number Bridge Disables Loopback function of Peer de-

vice.

To operate Loopback, use the following command

Command Mode Function

oam remote loopback start port-number Bridge Operates Loopback.

164 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.2.1.2. Configuring Local OAM Mode

To configure Local OAM, use the following command.

Command Mode Function

oam local mode {activeㅣpassive} port-

Bridge Configures the mode of Local OAM.
number

Both Request and Loopback are possible for Local OAM active.
Whereas, Request or Loopback is impossible in Local OAM passive.

7.2.1.3. Configuring Unidirection

When RX is impossible in Local OAM, it is possible to send the information by using TX.

To enable the function, use the following command.

Command Mode Function

oam local unidirection enable port-number Bridge Sends the information by using TX

To disable to transmit the information by using TX, use the following command.

Command Mode Function

oam local unidirection disable port-number Bridge Disables to transmit the information by

using TX.

7.2.2. Configuring Remote OAM

To enable Remote OAM, use the following command.

Command Mode Function

oam remote oam admin <1-2> enable port- Bridge Enables Remote OAM.

number

To disable Remote OAM, use the following command.

DDJ:A-M-5212B0-01 165
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

oam remote oam admin <1-2> disable Bridge Disables Remote OAM.

port-number

To configure the mode of Remote OAM, use the following command.

Command Mode Function

oam remote oam mode <1-2> {activeㅣ Bridge Configures the mode of Remote OAM.

passive} port-number

Both Request and Loopback are possible for Remote OAM active. Whereas, Request
or Loopback is impossible in Remote OAM passive.

To check the information of peer host using OAM function, use the following command.

Command Mode Function

oam remote alarm optical <1-3> <0-

65535> port-number

oam remote alarm temperature <1-3> <0-

255> port-number

oam remote alarm voltage {minㅣmax} <0-

65535> port-number
Bridge Check the information of peer host using
oam remote alarm electrical mode {fullㅣ
OAM function.
half} port-number

oam remote alarm general autoneg <1-4>

{enableㅣdisable} port-number

oam remote alarm general forwarding <3-

4> {enableㅣdisable} port-number

oam remote alarm general speed <1-4>

<0-4294967295> port-number

oam remote alarm general user <1-4>

string port-number

oam remote system interface {unforcedㅣ

forceAㅣforceB} port-number

166 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

oam remote system interval <0-255> port-

number

oam remote system mode {masterㅣ

slave} port-number

oam remote system reset port-number

7.2.3. Showing OAM Configuration

To check OAM configuration, use the following command.

Command Mode Function

show oam Shows OAM configuration.

show oam local [port-number] Shows Local OAM configuration.

show oam remote [port-number] Shows Remote OAM configuration.

View/Enable
show oam remote variable <0-
/Global/Bridg
255><0-255> port-number
e
show oam remote variable spe-

cific<0-255><0-255><0-4> port-

number

The following is to configure to enable OAM Loopback function through 25 port of the
user’s switch and operate once.

SWITCH(bridge)# oam local admin enable 25

SWITCH(bridge)# oam remote loopback enable 25
SWITCH(bridge)# show oam local 25
LOCAL PORT[25]
-------------------------------------------
item | value
-------------------------------------------
admin | ENABLE
mode | ACTIVE
mux action | FORWARD
par action | DISCARD
variable | UNSUPPORT
link event | UNSUPPORT
loopback | SUPPORT(disable)
uni-direction | UNSUPPORT(disable)
-------------------------------------------
SWITCH(bridge)# show oam remote 25

DDJ:A-M-5212B0-01 167
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

REMOTE PORT[25]
-------------------------------------------
item | value
-------------------------------------------
mode | ACTIVE
MAC address | 00:d0:cb:27:00:94
variable | UNSUPPORT
link event | UNSUPPORT
loopback | SUPPORT(enable)
uni-direction | UNSUPPORT
-------------------------------------------
SWITCH(bridge)# oam remote loopback start 25
PORT[25]: The remote DTE loopback is success.
SWITCH(bridge)#

7.3. Configuring LLDP

LLDP(Link Layer Discovery Protocol) is the function of transmitting data for network
management for the switches connected in LAN according to IEEE 802.1ab standard.

LLDP is described as follows.

7.3.1. How to operate LLDP

hiD 6615 supporting LLDP transmits the management information between near
switches. The information shows the management information that can recognize the
switches and the function. Then this information is saved in internal MIB(Management
Information Base).

7.3.1.1. LLDP operation

When LLDP starts to operate, the switches send their information to near switches. If
Local status is changed, it sends their changed information to near switch to inform
their changes. For example, if the port statue is changed to disable, it informs that the
port is disabled to near switches. On other hand, the switch that receives the informa-
tion from near switches processes LLDP frame and saves the information of the other
switches. The information received from other switches is Ageing.

7.3.2. Configuring LLDP

How to configure LLDP is as follows.

168 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.3.2.1. How to LLDP operation

If LLDP is enabled on the port, then you should configure how to operate LLDP.

In hiD 6615, LLDP operation is configured no to process the frames.

To configure how to operate LLDP, use the following command.

Command Mode Function

lldp adminstatus port-number {bothㅣ

Bridge Configure how to operate LLDP.
tx_onlyㅣrx_only ㅣ disable}

Tx-only is to receive LLDP frame and rx-only is to send LLDP frame. Both is to receive
and send LLDP frame. To configure not to process LLDP operation, use the following
command.

Command Mode Function

lldp adminstatus port-number disable Bridge Not to process LLDP frame.

7.3.2.2. Configuring Basic TLV

LLDC is transmitted through TLV. There are Mandatory TLV and Optional TLV. In op-
tional TLV, there are Basic TLV and organizationally specific TLV. Basic TLV must be in
the switch where LLDP is realized , specific TLV can be added according to the feature
of the switch..

In hiD 6615, the administrator can enable and disable Basic TLV by selecting it.

To enable Basic TLV by selecting it, use the following command.

Command Mode Function

lldp port-number {portdescriptionㅣ Bridge Select Basic TLV that is sent in the port..

sysnameㅣsysdescriptionㅣsyscap}

DDJ:A-M-5212B0-01 169
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To disable Basic TLV configured to be sent, use the following command.

Command Mode Function

no lldp port-number {portdescriptionㅣ Bridge To disable Basic TLV configured to be sent

sysnameㅣsysdescriptionㅣsyscap} in the port.

7.3.2.3. Receiving LLDP message

In hiD 6615, it is possible to configure the interval time and times of sending LLDP
message. To configure the interval time and times of LLDP message, use the following
command.

Command Mode Function

Configures the interval of sending LLDP message.

lldp msg txinterval <5-32768>
Bridge The unit is second.

lldp msg txhold <2-10> Configures the periodic times of LLDP message.

Default for sending LLDP message is 4 time in every 30 seconds.

7.3.2.4. Configuring Reinitdelay

In hiD 6615, the administrator can configure the interval time of enabling LLDP frame
after configuring not to process it.

To configure the interval time of enabling LLDP frame after configuring not to process it,
use the following command.

Command Mode Function

lldp reinitdelay <1-10> Bridge Configures the interval time of enabling LLDP

frame from the time of configuring not to process

LLDP frame.

Default for interval time is 2 seconds.

7.3.2.5. Configuring Delay time of transmitting LLDP frame

In hiD 6615 , the administrator can configure Delay time of transmitting LLDP frame. To
configure Delay time of transmitting LLDP frame, use the following command.

170 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

lldp txdelay <1-8192> Bridge Configures Delay time of transmitting LLDP frame

In hiD 6615, Delay time for transmitting LLDP frame is 2 seconds.

7.3.2.6. Showing LLDP configuration

To show LLDP configuration, use the following command.

Command Mode Function

show lldp config port-number Shows LLDP configuration.

Enable/Global/Bridge
show lldp remote port-number Show statistics for Remote entries

7.3.2.7. Showing LLDP statistics

To show LLDP operation and statistics, use the following command.

Command Mode Function

show lldp statistics port-number Enable/Global/Bridge Shows LLDP operation and statistics.

To initialize the accumulated statistics on the port, use the following command.

Command Mode Function

clear lldp statistics port-number Bridge Initializes the accumulated statistics on the port

7.3.2.8. Showing the statistics of Remote entry

To show the statistics of Remote entry, use the following command.

Command Mode Function

show lldp remote port-number Enable/Global/Bridge Shows the statistics of Remote entry.

DDJ:A-M-5212B0-01 171
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.3.3. Sample Configuration

[ Sample Configuration 1 ]

The following is to enable LLDP on the port 25,26 and show it.

SWITCH(bridge)# lldp enable 25-26

SWITCH(bridge)# show running-config
!
hostname SWITCH
!
exec-timeout 0 0
!
syslog start
syslog output info local volatile
syslog output info local non-volatile
syslog output info console
!
bridge
vlan create 101,201-300
!
vlan fid 201-300 1000
!
vlan add default 7-42 untagged
vlan add br101 1-2,5-6 tagged
vlan add 201-300 1-2,5-6 tagged
!
vlan pvid 1-42 1
!
lldp enable 25-26
!
erp domain 101
erp protections 101 201-300
erp port 101 primary 1 secondary 2
erp activation 101
!
interface noshutdown lo
!
end
SWITCH(bridge)#

172 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 2 ]

The following is to show Statistics of LLDP Remote entries.

SWITCH(bridge)# show lldp remote

Port 25:
MSAP-Identifier: 00 d0 cb 27 00 88 65 74 68 32 35
ChassisType : macAddress(4)
ChassisID : 00 d0 cb 27 00 88
PortType : interfaceAlias(1)
PortID : 'eth25'
PortDescription: 'port25-TX-10/100/1000'
SystemName : 'EL2'
SystemDescript.: 'hiD6615 NOS 3.02/DS-QA-07D-B0'
SysCapabilities: [0x16] repeater(0x02), bridge(0x04), router(0x10),
SysCapEnabled : [0x04] bridge(0x04),
Mgmt: ifType ifId ifAddress |OID

Port 26:
MSAP-Identifier: 00 d0 cb 27 00 8d 65 74 68 32 36
ChassisType : macAddress(4)
ChassisID : 00 d0 cb 27 00 8d
PortType : interfaceAlias(1)
PortID : 'eth26'
PortDescription: 'port26-TX-10/100/1000'
SystemName : 'EL3'
SystemDescript.: 'hiD6615 NOS 3.02/DS-QA-07D-B0'
SysCapabilities: [0x16] repeater(0x02), bridge(0x04), router(0x10),
SysCapEnabled : [0x04] bridge(0x04),
Mgmt: ifType ifId ifAddress |OID

SWITCH(bridge)#

DDJ:A-M-5212B0-01 173
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 3 ]

The following is to show LLDP statistics.

SWITCH(bridge)# show lldp statistics

GLOBL:
RemTabInserts = 4 RemTabAgeouts = 0
RemTabDeletes = 0 RemTabDrops = 0

TX | RX TLV Drop CurrentRem

PORTS Frames | Frames Drop Error Disc Unknown Ageouts Burst Count
1: 0 | 0 0 0 0 0 0 0 0
2: 0 | 0 0 0 0 0 0 0 0
3: 0 | 0 0 0 0 0 0 0 0
4: 0 | 0 0 0 0 0 0 0 0
5: 0 | 0 0 0 0 0 0 0 0
6: 0 | 0 0 0 0 0 0 0 0
7: 0 | 0 0 0 0 0 0 0 0
8: 0 | 0 0 0 0 0 0 0 0
9: 0 | 0 0 0 0 0 0 0 0
10: 0 | 0 0 0 0 0 0 0 0
11: 0 | 0 0 0 0 0 0 0 0
12: 0 | 0 0 0 0 0 0 0 0
13: 0 | 0 0 0 0 0 0 0 0
14: 0 | 0 0 0 0 0 0 0 0
15: 0 | 0 0 0 0 0 0 0 0
16: 0 | 0 0 0 0 0 0 0 0
17: 0 | 0 0 0 0 0 0 0 0
18: 0 | 0 0 0 0 0 0 0 0
19: 0 | 0 0 0 0 0 0 0 0
20: 0 | 0 0 0 0 0 0 0 0
21: 0 | 0 0 0 0 0 0 0 0
22: 0 | 0 0 0 0 0 0 0 0
23: 0 | 0 0 0 0 0 0 0 0
24: 0 | 0 0 0 0 0 0 0 0
25: 4 | 4 0 0 0 0 0 0 1
26: 6 | 7 0 0 0 0 0 0 1
27: 0 | 0 0 0 0 0 0 0 0
28: 0 | 0 0 0 0 0 0 0 0
SWITCH(bridge)#

174 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 4 ]

The following is to initialize the statistics.

SWITCH(bridge)# clear lldp statistics

SWITCH(bridge)# show lldp statistics
GLOBL:
RemTabInserts = 4 RemTabAgeouts = 0
RemTabDeletes = 0 RemTabDrops = 0

TX | RX TLV Drop CurrentRem

PORTS Frames | Frames Drop Error Disc Unknown Ageouts Burst Count
1: 0 | 0 0 0 0 0 0 0 0
2: 0 | 0 0 0 0 0 0 0 0
3: 0 | 0 0 0 0 0 0 0 0
4: 0 | 0 0 0 0 0 0 0 0
5: 0 | 0 0 0 0 0 0 0 0
6: 0 | 0 0 0 0 0 0 0 0
7: 0 | 0 0 0 0 0 0 0 0
8: 0 | 0 0 0 0 0 0 0 0
9: 0 | 0 0 0 0 0 0 0 0
10: 0 | 0 0 0 0 0 0 0 0
11: 0 | 0 0 0 0 0 0 0 0
12: 0 | 0 0 0 0 0 0 0 0
13: 0 | 0 0 0 0 0 0 0 0
14: 0 | 0 0 0 0 0 0 0 0
15: 0 | 0 0 0 0 0 0 0 0
16: 0 | 0 0 0 0 0 0 0 0
17: 0 | 0 0 0 0 0 0 0 0
18: 0 | 0 0 0 0 0 0 0 0
19: 0 | 0 0 0 0 0 0 0 0
20: 0 | 0 0 0 0 0 0 0 0
21: 0 | 0 0 0 0 0 0 0 0
22: 0 | 0 0 0 0 0 0 0 0
23: 0 | 0 0 0 0 0 0 0 0
24: 0 | 0 0 0 0 0 0 0 0
25: 0 | 0 0 0 0 0 0 0 0
26: 0 | 0 0 0 0 0 0 0 0
27: 0 | 0 0 0 0 0 0 0 0
28: 0 | 0 0 0 0 0 0 0 0
SWITCH(bridge)#

DDJ:A-M-5212B0-01 175
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.4. RMON

RMON(Remote Monitoring) is a function to monitor communication status of devices

connected to Ethernet at remote place. While SNMP can give information only about
the device mounted SNMP agent, RMON gives information about overall segments in-
cluding devices. Thus, user can manage network more effectively. For instance, in case
of SNMP it is possible to be informed traffic about certain ports but through RMON you
can monitor traffics occurred in overall network, traffics of each host connected to seg-
ment and current status of traffic between hosts.

Since RMON processes quite lots of data, its processor share is very high. Therefore,
administrator should take intensive care to prevent performance degradation and not to
overload network transmission caused by RMON. There are nine defined RMON MIB
groups in RFC 1757: Statistics, History, Alarm, Host, Host Top N, Matrix, Filter, Packet
Capture and Event. SURPASS hiD 6615 supports three MIB groups of them, most ba-
sic ones: History, Alarm and Event.

7.4.1. Configuring RMON History

RMON History is periodical sample inquiry of statistical data about each traffic occurred
in Ethernet port. Statistical data of all ports are pre-configured to be monitored at 30-
minute interval, and 50 statistical data stored in one port. It also allows you to configure
the time interval to take the sample and the number of samples you want to save.

The following is an example of viewing the default configuration of History.

SWITCH(config)# show running-config

(omitted)
!
rmon-history 1
owner monitor
data-source ifIndex.n1/port1
interval 30
requested-buckets 50
!
(omitted)
SWITCH(config)#

You need to enter into History configuration mode first to configure RMON history. To
enter into History configuration mode, use the following command. After entering into
History configuration mode, the system prompt is changed to SWITCH(config-
rmonhistory[n]# from SWITCH(config)#. The variable “n” is number to be con-
figured to distinguish each different History.

176 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

Configures a number to distinguish RMON History. It can be

rmon-history <1-65534> Global
configured from 1 to 65,534.

The following is an example of entering into History Configuration mode to configure

History 5.

SWITCH(config)# rmon-history 5
SWITCH(config-rmonhistory[5])#

Input a question mark(?) at the system prompt on History configuration mode if you
want to list available commands.

The following is an example of listing available commands on History configuration

mode.

SWITCH(config-rmonhistory[1])# ?
RMON history configuration commands:
active Activate the history
data-source Set data source name for the ethernet port
do To run exec commands in config mode
exit End current mode and down to previous mode
help Description of the interactive help system
interval Define the time interval for the history
owner Assign the owner who define and is using the history re-
sources
requested-buckets Define the bucket count for the interval
show Show running system information

SWITCH(config-rmonhistory[1])#

The question mark(?) you enter will not be seen. Right after entering the question
mark, the commands will be displayed.

To return into configuration mode, or to enter into Privilege Exec Enable Mode, use the
following commands.

Command Mode Function

exit Returns to Global Configuration Mode.

RMON
end Goes back right to Privilege Exec Enable Mode.

DDJ:A-M-5212B0-01 177
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The followings are examples of returning to Global Configuration Mode and going back
to Privilege Exec Enable Mode from RMON-History Configuration Mode.

SWITCH(config-rmonhistory[5])# exit
SWITCH(config)#

SWITCH(config-rmonhistory[5])# end
SWITCH#

7.4.1.1. Assigning Source Port of Statistical Data

When you configure RMON History, you have to assign source port of statistical data.
To invest statistical data from a certain port as sample inquiry, assign the port by using
the following command.

Command Mode Function

data-source data-object-id RMON Assigns a source port of statistical port. The variable

object should be formed as “ifIndex .number”.

The following is an example of assigning port 1 as source port.

SWITCH(config-rmonhistory[5])# data-source ifindex.default

SWITCH(config-rmonhistory[5])#

7.4.1.2. Identifying Subject of RMON History

User can configure RMON History and identify subject using many kinds of data from
History.

To identify subject using History, use the following command.

Command Mode Function

Configures History and identifies subject using re-

owner name RMON
lated data.

The following is an example of configuring subject of History as “siemens”.

SWITCH(config-rmonhistory[5])# owner siemens

SWITCH(config-rmonhistory[5])#

178 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

When you configure subject of RMON History, it is possible to input maximum 32

letters. If you input more than 32 letters, the error message, “%Too long owner
name” will be displayed.

7.4.1.3. Configuring Number of Sample Data

User can configure the number of sample data in RMON History.

To do that, use the following command.

Command Mode Function

requested-buckets count RMON Configures the number of sample data.

The following is an example of configuring the number of sample data as 25 in History.

SWITCH(config-rmonhistory[5])# requested-buckets 25
SWITCH(config-rmonhistory[5])#

You can configure the number of sample data 1-100.

7.4.1.4. Configuring Interval of Sample Inquiry

User can configure the interval of sample inquiry in terms of second.

To do it, use the following command.

Command Mode Function

interval time RMON Configures the interval of sample inquiry. The default

setting is 30 seconds.

The following is an example of configuring the interval of sample inquiry as 60 seconds.

SWITCH(config-rmonhistory[5])# interval 60
SWITCH(config-rmonhistory[5])#

You can configure the interval of sample inquiry as maximum 3,600 seconds.

DDJ:A-M-5212B0-01 179
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.4.1.5. Activating RMON History

After finishing all configurations, you need to activate RMON History. To activate RMON
History, use the following command.

Command Mode Function

active RMON Activates RMON History.

The following is an example of activating RMON History and viewing the configuration

SWITCH(config-rmonhistory[5])# active
SWITCH(config-rmonhistory[5])# show running-config
Building configuration...
(Omitted)
rmon-history 5
owner test
data-source ifindex.hdlc1
interval 60
requested-buckets 25
active

(Omitted)
SWITCH(config-rmonhistory[5])#

Before activating RMON History, check if user’s configuration is correct. After RMON
History is activated, you cannot change its configuration. If you need to change configu-
ration, you have to delete RMON History and configure it again.

7.4.1.6. Deleting and Changing Configuration of RMON History

When you need to change configuration of RMON History, you should delete RMON
History of the number and change the configuration again.

To delete RMON History, use the following command.

Command Mode Function

no rmon-history number Global Deletes RMON History of specified number.

The following is an example of deleting RMON History 5.

SWITCH(config)# no rmon-history 5
SWITCH(config)#

180 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.4.2. Configuring RMON Alarm

RMON Alarm invests sample data at the interval as use configured, and when the data
is not in the configured threshold.

There are two ways to compare with the threshold: Absolute comparison and Delta
comparison.

• Absolute Comparison : Comparing sample data with the threshold at configured

interval, if the data is more than the threshold or less than the threshold, Alarm is oc-
curred.
• Delta Comparison : Comparing difference between current data and the latest
data with the threshold, if the data more than the threshold or less than the threshold,
Alarm is occurred.

You need to enter into RMON Alarm configuration mode first to configure RMON Alarm.

To enter into RMON Alarm configuration mode, use the following command. After enter-
ing into RMON Alarm configuration mode, the system prompt is changed to
SWITCH(config-rmonalarm[n]# from SWITCH (config)#. The variable “n” is
number to be configured to distinguish each RMON Alarm.

Command Mode Function

rmon-alarm <1-65534> Global Enters into RMON Alarm configuration mode.

The following is an example of entering into Alarm configuration mode to configure

RMON Alarm 1.

SWITCH(config)# rmon-alarm 1
SWITCH(config-romonalarm[1]#

Input a question mark(?) at the system prompt on Alarm configuration mode if you want
to list available commands.

The following is an example of listing available commands on Alarm configuration mode.

SWITCH(config-rmonalarm[1])# ?
RMON alarm configuration commands:
active Activate the event
do To run exec commands in config mode
exit End current mode and down to previous mode

DDJ:A-M-5212B0-01 181
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

falling-event Associate the falling threshold with an existing RMON event

falling-threshold Define the falling threshold
help Description of the interactive help system
owner Assign the owner who define and is using the history resources
rising-event Associate the rising threshold with an existing RMON event
rising-threshold Define the rising threshold
sample-interval Specify the sampling interval for RMON alarm
sample-type Define the sampling type
sample-variable Define the MIB Object for sample variable
show Show running system information
startup-type Define startup alarm type

SWITCH(config-rmonalarm[1])#

The question mark(?) you enter will not be seen. Right after entering the question
mark, the commands will be displayed.

To return into configuration mode, or to enter into Privilege Exec Enable Mode, use the
following commands.

Command Mode Function

exit Returns to Configuration mode.

RMON
end Goes back right to Privilege Exec Enable Mode.

The followings are examples of returning to Configuration mode and going back to
Privilege Exec Enable Mode from History configuration mode.

SWITCH(config-rmonalarm[1])# exit
SWITCH(config)#

SWITCH(config-rmonalarm[1])# end
SWITCH#

7.4.2.1. Identifying Subject of RMON Alarm

User needs to configure RMON Alarm and identify subject using many kinds of data
from Alarm. To identify subject using Alarm, use the following command.

Command Mode Function

owner name RMON Configures RMON Alarm and identifies subject using

many kinds of data from Alarm

The following is an example of configuring subject of Alarm as “Test”.

182 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH(config-rmonalarm[1])# owner test

SWITCH(config-rmonalarm[1])#

When you identify subject of RMON Alarm, it is possible to input maximum 32 letters.
If you input more than 32 letters, the error message, “%Too long owner name” will be
displayed.

7.4.2.2. Configuring Object of Sample Inquiry

User needs object value used for sample inquiry to provide RMON Alarm. The following
is rule of object for sample inquiry.

svcExt.mib prescribes object used as sample.

CntExt.mib prescribes notation of object value.

To assign object used for sample inquiry, use the following command.

Command Mode Function

sample-variable mib-object RMON Assigns MIB object used for sample inquiry.

The following is an example of configuring MIB object apSvcConnections used for

sample inquiry

SWITCH(config-rmonalarm[1])# sample-variable ifinerrors.n1/port2

SWITCH(config-rmonalarm[1])#

7.4.2.3. Configuring Absolute Comparison and Delta Comparison.

It is possible to select the way to compare MIB object used for sample inquiry in case of
configuring RMON Alarm. Absolute comparison directly compares object selected as
sample with the threshold. For instance, when you want to know the point of 30,000
times of sample inquiry, if you configure apSvcConnections as 30,000, it is for Absolute
comparison.

To compare object selected as sample with the threshold, use the following command.

Command Mode Function

sample-type absolute RMON Compares object with the threshold directly.

DDJ:A-M-5212B0-01 183
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Delta comparison compares difference between current data and the latest data with
the threshold. For instance, in order to know the point of variable notation rule 100,000
more than the former rule, configure apCntHits as Delta comparison.

To configure Delta comparison, use the following command.

Command Mode Function

sample-type delta RMON Compares difference between current data and the
latest data with the threshold.

7.4.2.4. Configuring Upper Bound of Threshold

If you need to occur Alarm when object used for sample inquiry is more than upper
bound of threshold, you have to configure the upper bound of threshold.

To configure upper bound of threshold, use the following command.

Command Mode Function

rising-threshold number RMON Configures upper bound of threshold.

The following is an example of configuring upper bound of threshold as 100.

SWITCH(config-rmonalarm[1])# rising-threshold 100

SWITCH(config-rmonalarm[1])#

You can configure upper bound of threshold as maximum 2,147,483,647. If you con-
figure it as 0, then there will not be Alarm.

After configuring upper bound of threshold, configure to occur RMON Event when ob-
ject is more than configured threshold. Use the following command.

Command Mode Function

rising-event <0-65535> RMON Configures to occur RMON Event when object is more
than configured threshold.

The following is an example of configuring to occur RMON event 1 when object is more
than configured threshold.

SWITCH(config-rmonalarm[1])# rising-event 1
SWITCH(config-rmonalarm[1])#

184 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

If you configure the standard, the upper bound of threshold as 0, there will not be
Event.

7.4.2.5. Configuring Lower Bound of Threshold

If you need to occur Alarm when object used for sample inquiry is less than lower
bound of threshold, you should configure lower bound of threshold. To configure lower
bound of threshold, use the following command.

Command Mode Function

falling-threshold number RMON Configures lower bound of threshold.

The following is an example of configuring lower bound of threshold as 90.

SWITCH(config-rmonalarm[1])# falling-threshold 90
SWITCH(config-rmonalarm[1])#

You can configure lower bound of threshold as maximum 2,147,483,647. If you config-
ure it as 0, there will not be Alarm.

After configuring lower bound of threshold, configure to occur RMON Event when ob-
ject is less than configured threshold. Use the following command.

Command Mode Function

falling-event <0-65535> RMON Configures to occur RMON Alarm when object is

less than configured threshold.

The following is an example of configuring ro occur RMON Event when object is less
than configured threshold.

SWITCH(config-rmonalarm[1])# falling-event 2
SWITCH(config-rmonalarm[1])#

If you configure lower bound of threshold as 0, there will not be Event.

7.4.2.6. Configuring Standard of the First Alarm

It is possible for users to configure standard when Alarm is first occurred. User can se-
lect the first point when object is more than threshold, or the first point when object is
less than threshold, or the first point when object is more than threshold or less than

DDJ:A-M-5212B0-01 185
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

threshold. To configure the first RMON Alarm to occur when object is less than lower
bound of threshold first, use the following command.

Command Mode Function

Configures the first RMON Alarm to occur

startup-type falling RMON when object is less than lower bound of

threshold first.

To configure the first Alarm to occur when object is firstly more than upper bound of
threshold, use the following command.

Command Mode Function

Configures the first Alarm to occur when

startup-type rising RMON object is firstly more than upper bound of

threshold.

To configure the first Alarm to occur when object is firstly more than threshold or less
than threshold, use the following command.

Command Mode Function

Configures the first Alarm to occur when

startup-type rising-and-falling RMON object is firstly more than threshold or less

than threshold.

7.4.2.7. Configuring Interval of Sample Inquiry

The interval of sample inquiry means time interval to compare selected sample data
with upper bound of threshold or lower bound of threshold in terns of seconds. To con-
figure interval of sample inquiry for RMON Alarm, use the following command.

Command Mode Function

sample-interval <0-65535> RMON Configures interval of sample inquiry.

The following is an example of configuring interval of sample inquiry as 60 seconds.

SWITCH(config-rmonalarm[1])# sample-interval 60
SWITCH(config-rmonalarm[1])#

186 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.4.2.8. Activating RMON Alarm

After finishing all configurations, you need to activate RMON Alarm. To activate RMON
Alarm, use the following command.

Command Mode Function

active RMON Activates RMON Alarm.

The following is an example of activating RMON Alarm and viewing the configuration.

SWITCH(config-rmonalarm[1])# active
SWITCH(config-rmonalarm[1])# show running-config
Building configuration...
(Omitted)
rmon-alarm 1
owner test
sample-variable ifinerrors.n1/port2
sample-type absolute
startup-type rising
rising-threshold 100
falling-threshold 90
rising-event 1
falling-event 2
sample-interval 60
active
(Omitted)
SWITCH(config-rmonalarm[1])#

You should make sure that all configurations are correct before activating RMON Alarm.
After activating RMON Alarm, you cannot change configuration. If you need to change
configuration, you have to delete RMON Alarm and configure it again.

7.4.2.9. Deleting RMON Alarm and Changing Configuration

When you need to change configuration of RMON Alarm, you should delete RMON
Alarm of the number and configure it again. To delete RMON Alarm, use the following
command.

Command Mode Function

no rmon-alarm <1-65534> Global Deletes RMON Alarm of specified number.

The following is an example of deleting RMON Alarm 1.

DDJ:A-M-5212B0-01 187
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

SWITCH(config)# no rmon-alarm 1
SWITCH(config)#

7.4.3. Configuring RMON Event

RMON Event identifies all operations such as RMON Alarm in switch. User can config-
ure Event message or Trap message to be sent to SNMP management server when
sending RMON Alarm. You need to enter into Event configuration mode to configure
RMON Event. When you enter into Event configuration mode by using the following
command, the system prompt is changed to SWITCH(config-rmonevent[n]# from
SWITCH(config)#. The variable “n” is a number to distinguish each different Event.

Command Mode Function

rmon-event <1~65534> Global Enters into RMON Event configuration mode.

The following is an example of entering into Event configuration mode to configure

Rmon Event 1.

SWITCH(config)# rmon-event 1
SWITCH(config-rmonevent[1])#

To list available commands for RMON Event, input the question mark(?) at the system
prompt on Event configuration mode.

The following is an example of listing available commands on Event configuration mode.

SWITCH(config-rmonevent[1])# ?
RMON event configuration commands:
active Activate the event
community Define a community to an unactivated event
description Define description of RMON event
do To run exec commands in config mode
exit End current mode and down to previous mode
help Description of the interactive help system
owner Assign the owner who define and is using the history resources
show Show running system information
type Define the event type determines where send the event notification

SWITCH(config-rmonevent[1])#

The question mark(?) you enter will not be seen. Right after entering the question
mark, the commands will be displayed.

188 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To return into configuration mode, or to enter into Privilege Exec Enable Mode, use the
following commands.

Command Mode Function

exit Returns to Global Configuration Mode.

RMON
end Goes back right to Privilege Exec Enable Mode.

The followings are examples of returning to configuration mode and going back to Privi-
lege Exec Enable Mode from Event configuration mode.

SWITCH(config-rmonevent[1])# exit
SWITCH(config)#
SWITCH(config-rmonevent[1])# end
SWITCH#

7.4.3.1. Configuring Event Community

When RMON Event is happened, you need to input community to transmit SNMP trap
message to host. Community means a password to give message transmission right.

To configure community for trap message transmission, use the following command.

Command Mode Function

community password RMON Configures password for trap message transmission right.

The following is an example of configuring community of RMON Event as “password”.

SWITCH(config-rmonevent[1])# community password

SWITCH(config-rmonevent[1])#

7.4.3.2. Event Description

It is possible to describe Event briefly when Event is happened. However, the descrip-
tion will not be automatically made. Thus administrator should make the description. To
make a description about Event, use the following command.

Command Mode Function

description description RMON Describes Event.

DDJ:A-M-5212B0-01 189
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is an example of describing Event.

SWITCH(config-rmonevent[1])# description This event ..

SWITCH(config-rmonevent[1])#

The maximum description of Event is 126 characters.

7.4.3.3. Identifying Subject of Event

User should configure Event and identify subject using various data from Event. To
identify subject of Event, use the following command.

Command Mode Function

Identifies subject of Event. You can use maximum

owner name RMON 126 characters and this subject should be same with
the subject of Alarm.

The following is an example of identifying subject of Event as “test”.

SWITCH(config-rmonevent[1])# owner test

SWITCH(config-rmonevent[1])#

When you identify subject of RMON Event, it is possible to input maximum 32 letters. If
you input more than 32 letters, the error message, “%Too long owner name” will be dis-
played.

7.4.3.4. Configuring Event Type

When RMON Event is happened, you need to configure Event type to arrange where to
send Event.

To configure Event type, use the following commands.

Command Mode Function

Configures Event type as log type. Event of log type

type log
is sent to the place where the log file is made.

Configures Event type as trap type. Event of trap

type trap RMON
type is sent to SNMP administrator and PC.

Configures Event type as both log type and trap

type log-and-trap
type.

190 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.4.3.5. Activating Event

After finishing all configurations, you should activate RMON Event. To activate RMON
Event, use the following command.

Command Mode Function

active RMON Activates Event.

The following is an example of activating RMON Event and viewing the above configu-
ration.

SWITCH(config-rmonevent[1])# active
SWITCH(config-rmonevent[1])# show running-config
Building configuration...
(omitted)
!
rmon-event 1
owner test
community password
description This event ...
type log-and-trap
active

(omitted)
SWITCH(config-rmonevent[1])#

You should make sure that all configurations are correct before activating RMON
Event. After activating RMON Event, you cannot change configuration. If you need to
change configuration, you have to delete RMON Event and configure it again.

7.4.3.6. Deleting RMON Event and Changing Configuration

Before changing the configuration of RMON Event, you should delete RMON Event of
the number and configure it again.

To delete RMON Event, use the following command.

Command Mode Function

no rmon-event number Global Deletes RMON Event of specified number.

DDJ:A-M-5212B0-01 191
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is an example of deleting RMON Event 1.

SWITCH(config)# no rmon-event 1
SWITCH(config)#

7.5. Syslog

The function of syslog massage is to inform the troubles that occurred in user’s switch,
to the network manager. By default, system logger is activated in SURPASS hiD 6615.
Therefore, although you delete this function, it will be activated again.

By default, system logger is activated in SURPASS hiD 6615.

This section contains the following functions.

• Configuring Level of Syslog Message

• Configuring System Facility
• Configuring Syslog Message Priority
• Disabling Syslog
• Checking Syslog Configuration
• Designating IP Address of Syslog Message
• Checking Debug message from remote
• Configuring Threshold of CPU Utilization
• Configuring Threshold of Port Traffic
• Configuration Threshold of Temperature

7.5.1. Configuring Level of Syslog Message

In hiD 6615, Syslog message is transmitted with Level and Priority. To mark level for all
Sylslog message regardless of Priority, use the following command. Here, it is also
possible to configure the destination of syslog message.

192 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To configure level of syslog message and place to transmit, use the following com-
mands.

Command Mode Function

syslog output {emergㅣalertㅣcritㅣerrㅣ Transmits syslog message of configured

warningㅣnoticeㅣinfoㅣdebug } console level to console.

syslog output {emergㅣalertㅣcritㅣerrㅣ

Transmits syslog message of configured
warningㅣnoticeㅣinfoㅣdebug} local
Global level to inside of system.
{volatileㅣnon-volatile}

syslog output {emergㅣalertㅣcritㅣerrㅣ

Transmits syslog message of configured
warningㅣnoticeㅣinfoㅣdebug } remote
level to inside of host.
ip-address

There are seven levels of syslog message according to its importance; emergencyㅣ
alertㅣcriticalㅣerrorㅣwarningㅣnoticeㅣinfo. Emergency is the highest level and info is
the lowest level in importance.

User can configure level of syslog, but user cannot receive messages of lower levels
than user’s configured level. That means, in order to receive all messages, user have
to configure the level as info. When user configures syslog level as error, he can re-
ceive messages of higher level than error.

If you want to receive syslog message through console on user’s PC, enter console,
and if you want to receive it within the system, enter local, and if you want to receive it
remote host, enter remote.

To release configuration of syslog message, use the following commands.

Command Mode Function

no syslog output {emergㅣalertㅣcritㅣerrㅣ

warningㅣnoticeㅣ infoㅣdebug } console

no syslog output {emergㅣalertㅣcritㅣerrㅣ

warningㅣnoticeㅣinfoㅣdebug} local {vola- Releases syslog level and place to trans-

Global
tileㅣnon-volatile} mit configured by user.

no syslog output {emergㅣalertㅣcritㅣerrㅣ

warningㅣnoticeㅣ infoㅣdebug } remote ip-

address

DDJ:A-M-5212B0-01 193
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.5.2. Configuring System Facility

Provide Local-code to Facility of Syslog message with the command. With the local-
code, you can manage the system or syslog message per system group.

Command Mode Function

syslog local-code <0 – 7> Configures System Facility.

no syslog local-code Global Disables System Facility.

show syslog Shows System Facility.

The following is to configure System Facility as 3 and displaying it.

SWITCH(config)# syslog local-code 3

SWITCH(config)# show syslog
System logger on running!
info local volatile
info local non-volatile
local_code 3
SWITCH(config)#

7.5.3. Configuring Syslog Message Priority

In hiD 6615, it is possible to configure the Priority for Syslog Message, and transmit
specific syslog message that is selected by user. Here, Level and the destination
should be configured at once.

Command Mode Function

syslog output priority {authㅣauthpriv

ㅣkern ㅣsyslogㅣuser } {emergㅣalert Transmits specific message of configured

ㅣcritㅣerrㅣwarningㅣnoticeㅣinfo} priority and level to console.

console

syslog output priority {authㅣauthpriv

ㅣkernㅣ syslogㅣuser } {emergㅣalert Transmits specific message of configured

Global
ㅣcritㅣerrㅣwarningㅣnoticeㅣinfo } priority and level to within the system.

local {volatileㅣnon-volatile}

syslog output priority {authㅣauthpriv

ㅣkernㅣsyslogㅣuser} {emergㅣalertㅣ Transmits specific message of configured

critㅣerrㅣwarningㅣnoticeㅣinfo} re- priority and level to remote host.

mote ip-address

194 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

You can choose auth, authpriv, kern, syslog, user as the priority in hiD 6615. As the pri-
ority, you can also configure from local 0 to local 7. This is used to sort out Syslog mes-
sage of each host when Syslog server receives Syslog message from many hosts. To
transmit Syslog message by configuring Priority, use the following command.

Command Mode Function

syslog output priority {local0ㅣlocal1ㅣlocal2ㅣ

local3ㅣlocal4ㅣlocal5ㅣlocal6ㅣlocal7} {emergㅣ

alertㅣcritㅣerrㅣwarningㅣnoticeㅣinfo } console

syslog output priority {local0ㅣlocal1ㅣlocal2ㅣ

local3ㅣlocal4ㅣlocal5ㅣlocal6ㅣlocal7} {emergㅣ
Transmit Sylsog message by con-
alertㅣcritㅣerrㅣwarningㅣnoticeㅣinfo } local Global
figuring the Priority.
{volatileㅣnon-volatile}

syslog output priority {local0ㅣlocal1ㅣlocal2ㅣ

local3ㅣlocal4ㅣlocal5ㅣlocal6ㅣlocal7} {emergㅣ

alertㅣcritㅣerrㅣwarningㅣnoticeㅣinfo } remote

ip-address

To relase the configuration of transmitting syslog message, use the following command.

Command Mode Function

no syslog output priority {authㅣauthpriv ㅣkern

ㅣ syslogㅣuser} {emergㅣalertㅣcritㅣerrㅣ

warningㅣnoticeㅣinfo} console

no syslog output priority {authㅣauthprivㅣkern

ㅣsyslogㅣuser} {emergㅣalertㅣcritㅣerrㅣ Relase the configuration of trans-

Global
warningㅣnoticeㅣinfo} local {volatileㅣnon- mitting syslog messages.

volatile}

no syslog output priority {authㅣauthprivㅣkern

ㅣsyslogㅣuser} {emergㅣalertㅣcritㅣerrㅣ

warningㅣnoticeㅣinfo} remote ip-address

DDJ:A-M-5212B0-01 195
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 1 ]

The following is an example of configuring syslog message to send all logs higher than
notice to external host 10.1.1.1 and configuring local1.info to transmit to console.

SWITCH(config)# syslog output notice remote 10.1.1.1

SWITCH(config)# syslog output priority local1 info console
SWITCH(config)# show syslog
System logger on running!
info local volatile
info local non-volatile
notice remote 10.1.1.1
local1.info console
SWITCH(config)#

[ Sample Configuration 2 ]

The following is to configure Priority of all Syslog message, that is transmitted to re-
mote, as local0.

SWITCH(config)# syslog output err remote 10.1.1.1

SWITCH(config)# syslog local-code 0
SWITCH(config)# show syslog
System logger on running!
info local volatile
info local non-volatile
err remote 10.1.1.1
local_code 0
SWITCH(config)#

7.5.4. Disabling Syslog

To disable Syslog, use the following command.

Command Mode Function

no syslog Global Disables Syslog.

196 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.5.5. Showing Syslog configuration

To show the configuration of the syslog massage, use the following “show” commands.
Take notice that the configuration of the syslog can’t be showed by using “show run-
ning-config” command.

Command Mode Function

show syslog Shows the configuration of the syslog.

show syslog local {volatileㅣ

Shows the syslog massage.
non-volatile}

Enable Shows the newest massage as number of enter-

show syslog local {volatileㅣ
/Global ing. For example, you enter “2”, show two number
non-volatile} number
of newest massages.

show syslog {volatileㅣnon- Shows memory size which used for syslog infor-

volatile} information mation saving.

It is impossible to view syslog configuration with the command, “show running-config”.

The following shows the configuration that Emergency massage is saved in the console
and Info massage and the higher massage than Info is saved in the volatile file.

SWITCH(config)# show syslog

System logger on running!

info local volatile

emerg console
SWITCH(config)#

If you need to delete the log massage that is saved in the syslog file, use the following
command.

Command Mode Function

clear syslog local {volatileㅣnon- Global Deletes the log massage in the Syslog file.

volatile}

7.5.6. Designating IP Address of Syslog Message

The user can designate which IP address to be assigned for syslog message for-
warded remotely. In order to designate which IP address to be assigned for syslog

DDJ:A-M-5212B0-01 197
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

message, use the following command.

Command Mode Function

syslog bind-address ip-address Global Designates IP address for syslog message for-

warded with remotely.

no syslog bind-address Disables syslog bind-address configuration

7.5.7. Checking Debug Message from Remote

For the user who accesses from remote, it is possible to check Syslog message
through the server by sending syslog message to the server. In hiD 6615, it is possible
to check Debug message in user’s own Console window even from remote.

To check Debug message in remote user’s Console window, use the following com-
mand.

Command Mode Function

Check Debug message in remote user’s own Con-

terminal monitor Enable
sole window.

The following is to check Debug message in remote user’s own Console window.

SWITCH# terminal monitor

SWITCH# show syslog
System logger on running!

info local volatile

info local non-volatile
user.debug /dev/ttyP1 the user who excesses through telnet.
SWITCH#

To disable terminal monitor in remote user’s own Console window, use the following
command.

Command Mode Function

Disables terminal monitor in remote user’s own Console

no terminal monitor Enable
window.

198 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.5.8. Configuring Threshold of CPU Utilization

SURPASS hiD 6615 has a function that sends syslog message to inform when CPU
utilization excesses configured threshold or is less than the threshold. To configure
threshold of CPU utilization, use the following command.

Command Mode Function

threshold cpu <20-100> {5ㅣ Configures threshold of CPU utilization. The unit is “%”

60ㅣ600} Global and it is possible to configure from 20% to 100%.

no threshold cpu Disables cpu threshold configuration

The default is 50% and you can configure 5, 60,600 seconds as time interval.

To view configured threshold of CPU, use the following command.

Command Mode Function

show cpuload View/Enable Shows configured threshold of CPU utilization

/Global/Bridge and average of CPU utilization.

The following is an example of configuring threshold of CPU utilization as 70% and

checking it.

SWITCH(config)# threshold cpu 70 60

SWITCH(config)# show cpuload
----------------
Average CPU load
----------------
5 sec: 12.42(11.79) %
1 min: 12.35(11.74) %
10 min: 12.39(11.74) %

cpuload threshold : 70
timer interval : 60 seconds

After you configure as the above, the following message will be displayed when CPU
utilization excesses 70%.

Oct 18 17:37:24 zebra[80]: CPU Overload Warning : Threshold [70] < CPU Load [86]

DDJ:A-M-5212B0-01 199
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

And the following message will be displayed when the CPU utilization goes down less
than 70%.

Oct 18 17:37:29 zebra[80]: CPU Overload Cleared : Threshold [70] > CPU Load [39]

In the above message, the number in [ ] means loading rate.

7.5.9. Configuring Threshold of Port Traffic

SURPASS hiD 6615 has a function that sends syslog message to inform when port
traffic excesses configured threshold or is less than the threshold.

To configure threshold of port traffic, use the following command.

Command Mode Function

threshold port port-number range {5ㅣ60 Global Configures threshold of port traffic. The unit

ㅣ600} { rxㅣtx } is “kbps”.

The port threshold is basically configured as maximum rate value. 1000000kbps is con-
figured for Giga port and 100000kbps is configured for 100M port.

You can configure 5, 60,600 seconds as time interval.

To disable threshold of port traffic, use the following command.

Command Mode Function

no threshold port port-number { rxㅣtx } Global Disables threshold of port traffic.

To show configured threshold of port traffic, use the following command.

Command Mode Function

show port threshold Enable/Global Shows configures threshold of port traffic.

The following is an example of configuring threshold of port 1 traffic as 500Mbps and

checking it.

SWITCH(config)# threshold port 1 500 5 rx

200 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The contents for show status fan can be different according to the product.

7.5.10. Configuration Threshold of Fan

The user can control the Fan operation in certain temperature. The fan automatically
stops and runs by the temperature. To configure the temperature to run or stop the fan
operation, use the following command.

Command Mode Function

threshold fan start-temperature stop- Global Configures the temperature to run or stop the

temperature fan operation.

no threshold fan Disables fan threshold configuration

By default, the running temperature is configured as 30℃ and stopping temperature

is configrued as 0℃.

The highest operating temperature is 100℃ and the lowest temperature is -30℃.

The operating temperature should be higher than the lowest temperature.

To show the fan status and the operating temperature, use the following command.

Command Mode Function

Shows the fan stauts and the operating tem-

show status fan Enable/Global
perature.

The following is to configure the operating temperature as 25℃ and stopping tempera-
ture as 5℃.

SWITCH(config)# threshold fan 25 5

SWITCH(config)# show status fan

Fan A : Installed
Fan B : Installed
Fan A-1 : OK
Fan A-2 : OK
Fan A-3 : OK
Fan B-1 : OK
Fan B-2 : OK

DDJ:A-M-5212B0-01 201
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Fan B-3 : OK
Fan operation : ON
Fan threshold : Run 25 C / Stop 5 C

SWITCH(config)#

7.5.11. Configuration Threshold of Temperature

In hiD 6615, If the user configures the threshold for the switch temperature, the system
informs by syslog message when the temperature accesses the threshold and goes
down under the threshold.

To configure the threshold for the temperature of the switch, use the following com-
mand in Global configuration mode.

Command Mode Function

Configures the threshold for the temperature of the

threshold temp <-40-100>
Global switch.

no threshold temp Disables temperature threshold configuration

The default temperature is 80℃.

To show the temperature status and the threshold for the switch, use the following
command.

Command Mode Function

Informs the temperature status and threshold value for

show status temp Enable/Global
the user’s switch.

The following is to configure the threshold of the temperature as 45℃ and checking it.

SWITCH(config)# threshold temp 45

SWITCH(config)# show status temp

Temperature 1 current : 37 C
Temperature 2 current : 31 C
Temp Threshold : 45 C

SWITCH(config)#

The contents for show status fan can be different according to the product.

202 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.6. Configuring Rule and QoS

SURPASS hiD 6615 provides Rule and Qos function for traffic management. Rule func-
tion analyzes the transmitted packets and decides packet forwarding by classified ac-
cording to the designated policy. MAC address, VLAN ID, IP address are used for dis-
tinguishing the packets in order to configure the policy of Rule function. And the packets
by this function operate as the user has configured. The user can configure the policy
in order to block unnecessary data and keep important data thorough Rule function.

QoS(Quality of Service) is one of useful functions to provide more convenient service

about network traffic for users. It is very serviceable to prevent overloading and delay-
ing or failing of sending traffic by giving priority to traffic. By the way, you need to be
careful for other traffics not to be failed by the traffic configured as priority by user.

QoS can give a priority to a specific traffic by basically offering the priority to the traffic
or limiting the others. When processing data, data are usually supposed to be proc-
essed in time-order like first in, first out. This way, not processing specific data first,
might lose all data in case of overloading traffics.

However, in case of overloading traffics QoS can apply processing order to traffic by
reorganizing priorities according to its importance. By favor of QoS, user can predict
network performance in advance and manage bandwidth more effectively.

7.6.1. How to Operate Rule and QoS

In SURPASS hiD 6615, Rule and Qos operate as follows.

◆ Rule Creation

To classify the packets according to the specific basis, configure the policies about
them first. The basis used to classify the packets is IP address, TCP/UDP, Port number,
Protocol.

◆ Rule Action

Configure the policy classifying the packets and Precedence and DiffServ, Cos to des-
ignate the priority for the classified packets.

Prescribe Rule action for the classified packets according to the user’s requirements.

“Permit” operates for the traffic meeting the requirements.

DDJ:A-M-5212B0-01 203
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

“Deny” operates for the traffic which do not meet the requirements.
“Mirror” transmits the classified traffic to monitor port.
“Redirect” re-transmits the appropriate traffics.

◆ Scheduling

To handle overloading of traffics, you need to configure differently processing orders of

graphic by using scheduling algorithm. SURPASS hiD 6615 provides Strict Priority
Queuing, WRR(Weighted Round Robin), WFQ(Weighted Fair Queuing).Configure Rule
is as follows.

• Creating Rule
• Configuring the priority
• Configuring the condition for the packets
• Configuring Rule Operation
• Configuring Cos value and Tos value
• Packet Counter
• Saving Rule
• Checking Rule Profile
• Modifying Rule contents
• Deleting Rule

7.6.1.1. Creating Rule

In SURPASS hiD 6615, in order to create rule, enter into Rule configuration mode first.
To enter Rule configuration mode, use the following command.

Command Mode Function

To create new Rule, enter into Rule configura-

rule name create Global
tion mode.

After entering into Rule creation mode, the prompt changes SWITCH(config)# into
SWITCH(config-rule[name])#.

Rule name should not start with alphabet ‘a-’.

The following is to enter into Rule creation mode in order to create new Rule named by
“TEST”.

204 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH(config)# rule TEST create

SWITCH(config-rule[TEST])#

It is possible to create a number of policies in a Rule.

After entering into Rule configuration mode, configure Rule that the user wants. For the
rule, configure the packet condition and how to process the packets.

7.6.1.2. Configuring the priority

To configure the priority for the Rule, use the following command. The higher priority
Rule has, the faster it is processed.

Command Mode Function

priority {lowㅣmediumㅣhighㅣhighest} Rule Configure the priority for the new Rule.

The priority of the all rule is basically configured as “low”.

7.6.1.3. Configuring the condition for the packets

In Rule, configure the condition for the packets and how to process the packets. Con-
figure Rule of the condition with various basis.

To configure Rule, use the following commands.

Command Mode Function

mac {src-mac-addressㅣany} {dst-mac- Configure the Rule based on Source MAC

Rule
addressㅣany} address and Destination MAC address.

ip {src-ip-addressㅣsrc-ip-address/mㅣany}

{dst-ip-addressㅣdst-ip-address/mㅣany}
Configure the Rule based on Source IP
ip {src-ip-addressㅣsrc-ip-address/mㅣany}
address and Destination IP address.
{dst-ip-addressㅣdst-ip-address/mㅣany} <0-

255>

ip {src-ip-addressㅣsrc-ip-address/mㅣany} Configure the Rule based on Source IP

{dst-ip-addressㅣdst-ip-address/mㅣany} address, Destination IP address, and pro-

{icmpㅣtcpㅣudp} tocol.

DDJ:A-M-5212B0-01 205
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

ip {src-ip-addressㅣsrc-ip-address/mㅣany}
Configure Message type and Code value
{dst-ip-addressㅣdst-ip-address/mㅣany}
of ICMP.
icmp {<0-255>ㅣany} {<0-255>ㅣany}

ip {src-ip-addressㅣsrc-ip-address/mㅣany}

{dst-ip-addressㅣdst-ip-address/mㅣany} tcp Configure based on TCP Source port and

{<1-65535>ㅣany} {<1-65535>ㅣany} [tcp- Destination port.

flagㅣany]

ip {src-ip-addressㅣsrc-ip-address/mㅣany}
Configure the rule based on UDP Source
{dst-ip-addressㅣdst-ip-address/mㅣany}
port and Destination port.
udp {<1-65535>ㅣany} {<1-65535>ㅣany}

Configure the rule based on IP TOS

ip-prec {<0-7>ㅣany}
precedence.

port {src-port-numberㅣany} {dst-port-

Configure the rule based on the port.
numberㅣcpuㅣany}

cos {<0-7>ㅣany} Configure the rule with CoS value.

tos {<0-255>ㅣany} Configure the rule with ToS value.

Configure the rule based on DSCP value

dscp {<0-63>ㅣany}
in ToS area of packets.

ethtype {ethertypeㅣarpㅣany} Configure the rule based on Ethtype.

vlan {<1-4094>ㅣany} Configure the rule based on VLAN ID.

Configure the rule based on the packet

length {<21-65535>ㅣany}
length.

It is possible to configure a number of rules in a Rule.

To delete the configured Rule, use the following commands.

Command Mode Function

no cos

no ethtype

no ip

no length Rule To delete the configured Rule.

no mac

no tos

no vlan

206 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.6.1.4. Configuring Rule Operation

After configuring the packet condition for Rule, then configure how to process the
packets. To configure Rule operation, use the following command.

Command Mode Function

Configure the maximum bandwidth used for packet

match bandwidth bandwidth
transmission. The unit for bandwidth is Mbps.

match copy-to-cpu Sends the packets correspond to Rule to CPU.

match deny Do not get the packets correspond to Rule.

Designate MAC address of packets that correspond to

match dmac dst-mac-address
Rule.
Designate DSCP value in ToS area of the packets that
match dscp <0-63>
correspond to Rule.
Excludes specific ports from matched-packet's egress
match egress filter port-number Rule
ports

match egress port port-number Replaces matched-packet's egress ports

Transmits the copied packets correspond to Rule

match mirror
packet to the mirroring port.

match permit Get the packets correspond to Rule.

Sends the packets correspond to Rule packet to the

match redirect port-number
designate port.
Designate VID for the packets that correspond to
match vlan <1-4094>
Rule.

To disable above configuration, use the following command.

Command Mode Function

no match bandwidth

no match copy-to-cpu

no match deny

no match dmac

no match dscp Release the configuration for the process of the pack-
Rule
no match egress ets that correspond to Rule.

no match mirror

no match permit

no match redirect

no match vlan

DDJ:A-M-5212B0-01 207
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is to process the packets that correspond to Rule.

Command Mode Function

no-match copy-to-cpu Sends the packets that don’t correspond to Rule to CPU.

no-match deny Denies the packets that don’t correspond to Rule.

Designate DSCP value in ToS area of packets that don’t

no-match dscp <0-63>
correspond to Rule.
Rule
Sends a copy of packets that don’t correspond to Rule to
no-match mirror
mirroring port.

no-match redirect port- Sends the packets that don’t correspond to Rule to the

number designated port.

To release the above configuration, use the following command.

Command Mode Function

no no-match copy-to-cpu

no no-match deny
Release the process for the packets that don’t correspond
no no-match dscp Rule
to Rule.
no no-match mirror

no no-match redirect

7.6.1.5. Configuring Cos value and Tos value

To apply the scheduling value using the configured Rule, first apply a class that can ad-
just to the scheduling value for each rule. CoS value is classified as 8 class. On the
other hand, “overwite “ variable decides whether the packets are processed with CoS
class only in internal of the switch or they are transmitted to external network with the
designated CoS value. Therefore, if the command contains “overwrite”, CoS value ad-
just to the packets when they communicate with external and if it is not contained in the
command, it is only for internal.

208 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To apply the class to the packets that correspond to Rule, use the following command.

Command Mode Function

Give CoS value to the packets that correspond to

match cos <0-7> [overwrite]
Rule.

Designate CoS value for the packets that corre-

match cos same-as-tos overwrite
spond to Rule as IP ToS precedence value.
Rule
Designate IP ToS precedence for the packets that
match ip-prec <0-7>
correspond to Rule.

Designate IP ToS precedence value for the packets

match ip-prec same-as-cos
that correspond to Rule as CoS value.

To release the above configuration, use the following command.

Command Mode Function

no match cos Disable the configuration of configuring CoS or IP

Rule ToS precedence value for the packets that corre-

no match ip-prec
spond to Rule.

To adjust the class when the packets that don’t correspond to Rule, use the following
command.

Command Mode Function

Give CoS value to the packets that don’t corre-

no-match cos <0-7> [overwrite]
spond to Rule.

Designate CoS value for the packets that don’t

no-match cos same-as-tos overwrite correspond to Rule as IP ToS precedence

value.
Rule
Designate IP ToS precedence for the packets
no-match ip-prec <0-7>
that don’t correspond to Rule.

Designate IP ToS precedence value for the

no-match ip-prec same-as-cos packets that don’t correspond to Rule as CoS

value.

DDJ:A-M-5212B0-01 209
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To release the above configuration, use the following command.

Command Mode Function

no no-match cos Disable the configuration of configuring CoS or IP

Rule ToS precedence value for the packets that don’t

no no-match ip-prec
correspond to Rule.

7.6.1.6. Packet Counter

When packets defined in rule are come, QoS policy is applied. However, suppose that
packet defined to throw out is come. In that case, it will be thrown out without any no-
tice or record. For administrators, it would better to know the packet is transmitting al-
though it is unnecessary and harmful. It is possible to know how many times packet de-
fined in specified rule are come.

In SURPASS hiD 6615, it is possible to know how many times packet defined in speci-
fied rule are come. To check how many times packet defined in specified rule are come,
use the following command.

Command Mode Function

Check how many times packet defined in speci-

match counter Rule
fied rule are come.

To release the configuration for how many times packet defined in specified rule are
come, use the following command.

Command Mode Function

no match counter Rule Release the configuration for how many times

packet defined in specified rule are come.

To clear the statistics of packets that have been transmitted in the Rule, use the follow-
ing command.

Command Mode Function

clear rule counter {NAME| all} Global To clear the statistics of packets that have been

transmitted in the Rule.

210 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.6.1.7. Saving Rule

After configuring rule using the above commands, apply it to the switch by saving. If
you don’t save and apply rule to the switch, all configurations are deleted.

To save and apply the rule, use the following command.

Command Mode Function

apply Rule Save rule and apply it to the switch.

After configuring the rule, it should be applied to the switch.

7.6.1.8. Checking Rule Profile

To check the configured rule Profile, use the following command.

Command Mode Function

Access- Check the Profile of appropriate rule.

show rule-profile
Rule

show rule Check the profile of all rule.

View/
show rule name Check the profile of designated Rule.
Enable
show rule all Check all Rule and all Admin access rule Profile.
/Global
show rule statistics Check amount of Rule.

7.6.1.9. Modifying Rule

It is possible to modify the Rule configuration. To modify them, use the following com-
mand.

Command Mode Function

rule name modify Global To modify Rule named by “name”, enter into Rule con-

figuration mode.

7.6.1.10. Deleting Rule

To delete the Rule, use the following command.

DDJ:A-M-5212B0-01 211
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

no rule name Deletes the appropriate Rule.

Global
no rule all Deletes all Rule and all Admin access rule.

7.6.2. Configuring QoS

In SURPASS hiD 6615, it is possible to use RED, Strict Priority Queuing,

WFQ(Weighted Fair Queuing), and WRR(Weighted Round Robin) for QoS.

How to configure Qos, the following contents are explained.

• Configuring QoS map

• Configuring Scheduling Method
• Setting Weight
• Configuring Min-bandwidth
• Limiting Max-bandwidth
• User-defined Setting for CPU Packet
• RED Setting
• Displaying QoS Setting

7.6.2.1. Configuring QoS map

In SURPASS hiD 6615, it is possible to Mapping to Queue with CoS configured for
packets. Basically, they are Mapping as below.

CoS Que number CoS Que number

0 0 4 4

1 1 5 5

2 2 6 6

3 3 7 7

Tab. 7-1 Basic QoS map

To create QoS Map, in order to classify the rule having a class to Queue, use the fol-
lowing command in Global Configuration Mode.

212 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

qos map <0-7> <0-7> Global Classify the rule to Queue. CoS number is 0~7,

queue number is 0~7.

In SURPASS hiD 6615, it is possible to use all 8 of Queues.

CoS number is from 0 to 7. Que number is from 0 to 7.

To return to Basic QoS map, use the following command in Global Configuration Mode.

Command Mode Function

qos map default Global Returns to Basic QoS map

7.6.2.2. Configuring Scheduling Method

To process Queue, it is possible to use Strict Priority Queuing, WFQ, WRR method.

• Strict Priority Queuing

Strict Priority Queuing is used to process firstly more important data than the others.
Since all data are processed by their priorities, data with high priorities can be proc-
essed fast but data without low priorities might be delayed and piled up. This method
has a strong point of providing the distinguished service with a simple way. However, if
the packets having higher priority enter, the packets having lower priority are not proc-
essed.

The processing order in Strict Priority Queuing in case of entering packets hav-
ing the Queue number as below.

3
7
6
7 1 3 4 6 7 7 7

7
4
1

Fig. 7-4User-defined Setting for CPU Packet

DDJ:A-M-5212B0-01 213
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

• WRR(Weighted Round Robin)

WRR processes packets as much as Weight. Processing the packets that have higher
priority is the same way as Strict Priority Queuing. However, it passes to next stage af-
ter processing as configured Weight so that it is possible to configure for packet proc-
ess not to be partial to the packets having higher priority. However, there’s a limitation
of providing differentiated service from those existing service.

The processing in WRR when the packets having following Queue numbers

3
Queue W
7
0 1
1 1 6
2 1 7 6 7 1 3 6 7 7
3 1
4 1 7
5 1 6
6 1
7 2 1

Fig. 7-5 Packet Process in WRR

• WFQ(Weighted Fair Queuing)

WFQ has only good points of Strict Priority Queuing and WRR. If the bandwidth is con-
figured for all Queues, the packets of appropriate Queue can be processed in the as-
signed bandwidth.

The processing in WRQ when the packets having following Queue numbers

3
Que BW 7
7
0 7 50M
1 6
7
2 7
3
7 6 50M
4
5 6 6
6 50Mbps
1
7 50Mbps

Fig. 7-6 The packet process in WFQ

214 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To decide one among three scheduling methods, use the following command.

Command Mode Function

qos scheduling-mode {spㅣwrr } Global Decide the scheduling method.

In SURPASS hiD 6615, default is “WRR”.

7.6.2.3. Setting Weight

In WRR, the packets are processed by Weight. The user can configure the weight
value.

The default for weight is “1”.

To set the weight, use the following command.

Command Mode Function

qos weight port-number <0-7> <1-15> Set Weight

Global
qos weight port-number <0-7> unlimited Process Qos with Strict Priority Queuing

It is not possible to configure Weight in WFQ.

7.6.2.4. User-defined Setting for CPU Packet

Queue processing for CPU packet can be set up by user with two scheduling methods,
Strict Priority Queuing, WRR (Weighted Round Robin)

To select which scheduling method of the two, use the following command.

Command Mode Function

qos cpu scheduling-mode sp Global Selects scheduling method for CPU packet.

Default scheduling method for CPU packet is “WRR”

WRR method is a packet processing method according to weight value. Weight value
can be designated by user.

DDJ:A-M-5212B0-01 215
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

IDefault weight value for all queues is “1”

7.6.2.5. Displaying QoS Setting

To show the QoS setting, use following command.

Command Mode Function

show qos Displays set-up for QoS scheduling

Enable
show qos port-number Displays set-up for QoS scheduling per each port
/Global
show qos cpu Displays set-up for QoS scheduling of CPU packet

7.6.3. Admin access rule

In SURPASS hiD 6615, it is possible to configure to block the service access such as
telnet, ftp, icmp, snmp accessing to switch. To block the service such as telnet, ftp,
icmp, snmp entering to switch, use Admin access rule.

How to check Admin access rule is as follows.

• Creating Admin access rule

• Configuring the priority
• Configuring the condition for the packet
• Configuring the operation of Admin access rule
• Saving Admin access rule
• Checking Admin access rule Profile
• Deleting Admin access rule

7.6.3.1. Creating Admin access rule

In SURPASS hiD 6615, in order to create Admin access rule, enter into Rule configura-
tion mode first.

216 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To enter Admin access rule configuration mode, use the following command.

Command Mode Function

To create Admin access Rule, enter into Admin ac-

rule name create admin Global
cess Rule mode.

After entering into Admin access rule mode, the prompt changes SWITCH(config)#
into SWITCH(config-admin-rule [name])#.

The following is to enter into Admin access rule mode in order to create new Admin ac-
cess rule named by “TEST”.

SWITCH(config)# rule TEST create admin

SWITCH(config-admin-rule[TEST])#

It is possible to create a number of policies in a Rule.

After entering into Admin access rule configuration mode, configure Admin access rule
that the user wants. For the Admin access rule, configure the packet condition and how
to process the packets.

7.6.3.2. Configuring the priority

To configure the priority for the Rule, use the following command. The higher priority
Rule has, the faster it is processed.
.

Command Mode Function

priority {lowㅣmediumㅣhigh Configure the priority for the new Admin Ac-
Admin access rule
ㅣhighest} cess Rule.

The priority of the all rule is basically configured as “low”.

7.6.3.3. Configuring the condition for the packet

In Admin access rule, you can configure the condition for the packet and how to proc-
ess the packets that correspond to the condition. Configure Admin access rule with
various conditions.

DDJ:A-M-5212B0-01 217
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To configure Admin access rule, use the following command.

Command Mode Function

ip {src-ip-addressㅣsrc-ip-address/mㅣany}

{dst-ip-addressㅣdst-ip-address/mㅣany}
Configure a rule based on Source IP ad-
ip {src-ip-addressㅣsrc-ip-address/mㅣany}
dress and Destination IP address.
{dst-ip-addressㅣdst-ip-address/mㅣany} <0-

255>

ip {src-ip-addressㅣsrc-ip-address/mㅣany} Configure the rule based on Source IP

{dst-ip-addressㅣdst-ip-address/mㅣany} address, Destination IP address and pro-

{icmpㅣtcpㅣudp} Admin tocol.

ip {src-ip-addressㅣsrc-ip-address/mㅣany} ac-
Configure Message type and Code value
{dst-ip-addressㅣdst-ip-address/mㅣany} cess
of ICMP.
icmp{<0-255>ㅣany} {<0-255>ㅣany} rule

ip {src-ip-addressㅣsrc-ip-address/mㅣany}

{dst-ip-addressㅣdst-ip-address/mㅣany} Configure the rule based on TCP Source

tcp{<1-65535>ㅣany} {<1-65535>ㅣany} port and Destination port.

[tcp-flagㅣany]

ip {src-ip-addressㅣsrc-ip-address/mㅣany}
Configure the rule based on UDP Source
{dst-ip-addressㅣdst-ip-address/mㅣany}
port and Destination port.
udp {<1-65535>ㅣany} {<1-65535>ㅣany}

It is possible to configure a number of policies in one Admin access rule

7.6.3.4. Configuring the operation of Admin access rule

After configuring the condition of packets for Admin access rule, configure how to proc-
ess the packets.

To configure Rule operation, use the following command.

Command Mode Function

match deny Denies the packets of Admin access rule.

Admin access rule
match permit Permits the packets of Admin access rule.

218 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To disable the above configuration, use the following command.

Command Mode Function

no match deny Disable the configuration for the packet process

Admin access rule
no match permit of Admin access rule

To process the packets that don’t correspond to the Rule, use the following command.

Command Mode Function

Deny the packets that correspond to Admin

no-match deny
access rule.
Admin access rule
Permit the packets that don’t correspond to
no-match permit
Admin access rule.

To release the above configuration, use the following command.

Command Mode Function

no no-match deny Release the configuration for the process of

Admin access rule packets which don’t correspond to Admin ac-

no no-match permit
cess rule.

7.6.3.5. Saving Admin access rule

After configuring Admin access rule using the above commands, apply it to the switch
by saving. If you don’t save and apply Admin access rule to the switch, all configura-
tions are deleted.

To save and apply Admin access rule, use the following command.

Command Mode Function

apply Admin access rule Save Admin access rule and apply it to the switch.

After configuring Admin access rule, it should be applied to the switch

DDJ:A-M-5212B0-01 219
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.6.3.6. Checking Admin access rule Profile

To check the configured Admin access rule Profile, use the following command.

Command Mode Function

show rule-profile Admin access rule Check the Profile of appropriate Admin access rule.

show rule name Check specific Admin access rule

admin
View/Enable/Global
show rule admin Check the profile of all Admin access rule.

show rule all Check all Rule and all Admin access rule Profile.

7.6.3.7. Modifying Admin-access-rule

It is possible to modify the Admin-access-rule configuration. To modify them, use the

following command.

Command Mode Function

To modify Admin-access-rule named by “name”,

rule name modify admin Global
enter into Rule configuration mode.

7.6.3.8. Deleting Admin access rule

To delete the configure Admin access rule, use the following command.

Command Mode Function

no rule admin Delete all of Admin access rule.

no rule name admin Global Delete specific Admin access rule

no rule all Delete all of Rule and all of Admin access rule.

7.6.4. Sample Configuration

[ Sample Configuration 1 ] Rule Configuration

The following is an example of configuring Rule as “TEST” and applying it to the sys-
tem.

220 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH> enable
SWITCH# configure terminal
SWITCH(config)# rule TEST create
SWITCH(config-rule[TEST])# priority high
SWITCH(config-rule[TEST])# ip 10.1.1.1 20.1.1.1 tcp 22 any
SWITCH(config-rule[TEST])# cos 0
SWITCH(config-rule[TEST])# match deny
SWITCH(config-rule[TEST])# show rule-profile
rule TEST
priority high
ip 10.1.1.1/32 20.1.1.1/32 tcp 22 any
match deny
SWITCH(config-rule[TEST])# apply You should apply it to the system.
SWITCH(config-rule[TEST])# exit
SWITCH(config)# show rule
rule TEST
priority high
cos 0
ip 10.1.1.1/32 20.1.1.1/32 tcp 22 any
match deny
SWITCH(config)#

If you don’t apply it to the system and change to other configuration, all the configura-
tion is deleted as follows.

SWITCH> enable
SWITCH# configure terminal
SWITCH(config)# rule TEST create
SWITCH(config-rule[TEST])# priority high
SWITCH(config-rule[TEST])# ip 10.1.1.1 20.1.1.1 tcp 22 any
SWITCH(config-rule[TEST])# cos 0
SWITCH(config-rule[TEST])# match deny
SWITCH(config-rule[TEST])# show rule-profile
rule TEST
priority high
cos 0
ip 10.1.1.1/32 20.1.1.1/32 tcp 22 any
match deny
SWITCH(config-rule[TEST])# exit
SWITCH(config)# show rule
There is no configured rule.
SWITCH(config)#

DDJ:A-M-5212B0-01 221
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 2 ] Modifying Rule

The following is an example of modifying Rule named by TEST.

SWITCH> enable
SWITCH# configure terminal
SWITCH(config)# rule TEST modify
SWITCH(config-rule[TEST])# show rule-profile
rule TEST
priority high
cos 0
ip 10.1.1.1/32 20.1.1.1/32 tcp 22 any
match deny
SWITCH(config-rule[TEST])# match permit
SWITCH(config-rule[TEST])# show rule-profile
rule TEST
priority high
cos 0
ip 10.1.1.1/32 20.1.1.1/32 tcp 22 any
match permit
SWITCH(config-rule[TEST])# apply
SWITCH(config-rule[TEST])# exit
SWITCH(config)#

222 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 3 ] Configuring Strict Priority Queuing

The following is how to configure Strict Priority Queuing on SURPASS hiD 6615.

SWITCH# configure terminal

SWITCH(config)# qos scheduling-mode sp
SWITCH(config)# qos max-bandwidth 1-5 7 50
SWITCH(config)# show qos
cpu-rx-cos : enabled
cpu-tx-cos : 7

Scheduling mode : SP (Strict Priority Queuing)

CoS-Queue Map : cos 0 1 2 3 4 5 6 7

-----------------------
queue 0 1 2 3 4 5 6 7

PORT Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
-------------------------------------
1 UN UN UN UN UN UN UN 50
2 UN UN UN UN UN UN UN 50
3 UN UN UN UN UN UN UN 50
4 UN UN UN UN UN UN UN 50
5 UN UN UN UN UN UN UN 50
6 UN UN UN UN UN UN UN UN
7 UN UN UN UN UN UN UN UN
8 UN UN UN UN UN UN UN UN
9 UN UN UN UN UN UN UN UN
10 UN UN UN UN UN UN UN UN
11 UN UN UN UN UN UN UN UN
12 UN UN UN UN UN UN UN UN
13 UN UN UN UN UN UN UN UN
14 UN UN UN UN UN UN UN UN
15 UN UN UN UN UN UN UN UN
16 UN UN UN UN UN UN UN UN
17 UN UN UN UN UN UN UN UN
18 UN UN UN UN UN UN UN UN
19 UN UN UN UN UN UN UN UN
20 UN UN UN UN UN UN UN UN
21 UN UN UN UN UN UN UN UN
22 UN UN UN UN UN UN UN UN
23 UN UN UN UN UN UN UN UN
24 UN UN UN UN UN UN UN UN
25 UN UN UN UN UN UN UN UN
26 UN UN UN UN UN UN UN UN
SWITCH(config)#

DDJ:A-M-5212B0-01 223
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 4 ] Configuring WRR Scheduling

The following is how to configure WRR scheduling in SURPASS hiD 6615.

SWITCH# configure terminal

SWITCH(config)# qos scheduling-mode wrr
SWITCH(config)# qos weight 1-10 7 5
SWITCH(config)# qos weight 11-15 6 4
SWITCH(config)# qos weight 16-20 5 3
SWITCH(config)# show qos
cpu-rx-cos : enabled
cpu-tx-cos : 7

Scheduling mode : WRR (Weighted Round Robin)

CoS-Queue Map : cos 0 1 2 3 4 5 6 7

-----------------------
queue 0 1 2 3 4 5 6 7

PORT Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
-------------------------------------------------------------
1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
2 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
3 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
4 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
5 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
6 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
7 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
8 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
9 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
10 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/5
11 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/4 UN/1
12 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/4 UN/1
13 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/4 UN/1
14 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/4 UN/1
15 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/4 UN/1
16 UN/1 UN/1 UN/1 UN/1 UN/1 UN/3 UN/1 UN/1
17 UN/1 UN/1 UN/1 UN/1 UN/1 UN/3 UN/1 UN/1
18 UN/1 UN/1 UN/1 UN/1 UN/1 UN/3 UN/1 UN/1
19 UN/1 UN/1 UN/1 UN/1 UN/1 UN/3 UN/1 UN/1
20 UN/1 UN/1 UN/1 UN/1 UN/1 UN/3 UN/1 UN/1
21 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1
22 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1
23 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1
24 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1
25 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1
26 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1 UN/1
SWITCH(config)#

224 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 6-4-5 ] Configuring WFQ Scheduling

The following is how to configure WFQ scheduling in SURPASS hiD 6615.

SWITCH# configure terminal

SWITCH(config)# qos scheduling-mode wfq
SWITCH(config)# qos min-bandwidth 1-10 7 30
SWITCH(config)# qos min-bandwidth 1-10 6 20
SWITCH(config)# qos max-bandwidth 1-10 7 35
SWITCH(config)# qos max-bandwidth 1-10 6 25
SWITCH(config)# show qos
cpu-rx-cos : enabled
cpu-tx-cos : 7

Scheduling mode : WFQ (Weighted Fair Queuing)

CoS-Queue Map : cos 0 1 2 3 4 5 6 7

-----------------------
queue 0 1 2 3 4 5 6 7

PORT Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
---------------------------------------------------------------------
1 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
2 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
3 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
4 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
5 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
6 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
7 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
8 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
9 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
10 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 25/20 35/30
11 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
12 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
13 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
14 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
15 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
16 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
17 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
18 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
19 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
20 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
21 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
22 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
23 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
24 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
25 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
26 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0 UN/0
SWITCH(config)#

DDJ:A-M-5212B0-01 225
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 6-4-5 ] Configuring RED

The following is how to configure RED in SURPASS hiD 6615.

SWITCH# configure terminal

SWITCH(config)# qos red enable
SWITCH(config)# qos red 7 start 60 probability 7
SWITCH(config)# show qos red
WRED enabled
-----------------------------------------------
queue | start TH | Queue Length | probability
-----------------------------------------------
0 96 128 5
1 96 128 5
2 96 128 5
3 96 128 5
4 96 128 5
5 96 128 5
6 96 128 5
7 60 128 7

SWITCH(config)#

[Sample Configuration 6-4-6 ] Configuring Admin-access-rule

The following is an exmple of configuring not to permit all telent to the switch.

SWITCH> enable
SWITCH# configure terminal
SWITCH(config)# rule TEST create admin
SWITCH(config-admin-rule[TEST])# priority high
SWITCH(config-admin-rule[TEST])# ip 10.1.1.1 20.1.1.1 tcp 22 any
SWITCH(config-admin-rule[TEST])# match deny
SWITCH(config-admin-rule[TEST])# apply
SWITCH(config-admin-rule[TEST])# exit
SWITCH(config)#

If you save the configured Admin access rule and go out from Admin access rule con-
figuration mode without applying it to the switch, all of the configuration would be de-
leted.

226 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.7. NetBIOS Filtering

NetBIOS is used at LAN(Local Area Network) environment where should share infor-
mation with each other to communicate between computers. However, in case
ISP(Internet Service Provider) provides internet communication through LAN service to
specific area such as apartments, customer’s information should be kept.

Cyber Apt.
LAN environment for Internet Service Internet

Information Shared

Needs to prevent sharing in-

formation between units.

Fig. 7-7 Necessity of NetBIOS Filtering

In this case, without NetBIOS filtering, customers’ data may be opened to each other
even though the data should be kept. To keep customer’s information and prevent shar-
ing information in the above case, NetBIOS filtering is necessary.

Command Mode Function

netbios-filter port-number Bridge Configures NetBIOS filtering in specified port.

To release NetBIOS filtering according to user’s request, use the following command.

Command Mode Function

no netbios-filter port-number Bridge Releases NetBIOS filtering from specific port.

To view configuration of NetBIOS filtering, use the following command.

Command Mode Function

show netbios-filter Enable/Global/Bridge Shows configuration of NetBIOS filtering.

DDJ:A-M-5212B0-01 227
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is an example of configuring NetBIOS filtering in port 1~5 and showing it.

SWITCH(bridge)# netbios-filter 1-5

SWITCH(bridge)# show netbios-filter
o:enable .:disable
--------------------------
1 2
12345678901234567890123456
--------------------------
ooooo.....................
--------------------------
SWITCH(bridge)#

7.8. DHCP Server Packet Filtering

DHCP(Dynamic Host Control Protocol) makes DHCP server assign IP address to

DHCP clients automatically and manage the IP address. Most ISP operators provide
the service as such a way. At this time, if a DHCP client connects with the equipment
that can be the other DHCP server such as Internet access gateway router, communi-
cation failure might be occurred.

DHCP filtering helps to operate DHCP service by blocking Request which enters
through subscriber’s port and goes out into uplink port or the other subscriber’s port
and Reply which enters to the subscriber’s port.

In the below example, server A has the IP area from 192.168.10.1 to 192.168.10.10.
Suppose a user connects with Client 3 that can be DHCP server to A in order to share
IP address from 10.1.1.1 to 10.1.1.10.

228 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

DHCP Server A Client

The equipment which
192.168.10.1~
can be DHCP server
192.168.10.10 Request of
IP Assign Client 1,2
it transmitted
to Client3
SURPASS hiD 6615 IP assign from
not DHCP 10.1.1.1 ~
Server A 10.1.1.10
but Client 3 IP Assign
To prevent IP from be-
ing assigned from Client
Client 1 Client 2 PC PC PC
3, DHCP filtering is
needed for the port.

Fig. 7-8 DHCP Filtering

Here, if Client 1 and Client 2 are not blocked from Client 3 of DHCP server, Client 1 and
Client 2 will request and receive IP from Client 3 so that communication blockage will
be occurred.

Therefore, the filtering function should be configured between Client 1 and Client 3,
Client 2 and Client 3 in order to make Client 1 and Client 2 receive IP without difficulty
from DHCP server A

To configure DHCP filtering function in particular port according to user’s demand, after
enabling filtering function, designate the port needing DHCP filtering function by using
the following command.

Command Mode Function

dhcp-server-filter port-number Configures DHCP server packet filtering.

Bridge
no dhcp-server-filter port-number Releases DHCP server packet filtering.

Enable/Global/
show dhcp-server-filter Checks DHCP server packet filtering.
Bridge

DDJ:A-M-5212B0-01 229
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is an example for configuring DHCP filtering from 1 to 5 and checking it.

SWITCH(bridge)# dhcp-server-filter 1-5

SWITCH(bridge)# show dhcp-server-filter
o:enable .:disable
--------------------------
1 2
12345678901234567890123456
--------------------------
ooooo.....................
--------------------------
SWITCH(bridge)#

7.9. Martian Filtering

It is possible to block packets, which try to bring different source IP out from same net-
work. If packet brings different IP address, not its source IP address, then it is impossi-
ble to know it makes a trouble. Therefore, you would better prevent this kind of packet
outgoing from your network. This function is named as Martian-filter.

To block packets, which try to bring different source IP out from same network, use the
following command.

Command Mode Function

ip martian-filter interface-name Global Blocks packets, which brings different Source IP

address from specified interface.

It is not possible to configure both Qos and Martin Filtering at the same time.

To release the above configuration, use the following command.

Command Mode Function

no ip martian-filter interface- Releases blocked packet, which brings different

Global
name Source IP address from specified interface.

To view configuration of Martian-filter, use the following command.

Command Mode Function

show running-config Enable/Global/Bridge/Interface Shows switch configurations.

230 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The following is an example of configuring Martian-filter in br 1 and checking it.

SWITCH(config)# ip martian-filter default

SWITCH(config)# show running-config
Building configuration...
(omitted)
!
!

ip martian-filter default
(omitted)
SWITCH(config)#

7.10. MAC Filtering

It is possible to forward frame to MAC address of destination. Without specific perform-

ance degradation, maximum 4,096 MAC addresses can be registered.

7.10.1. Configuring Default Policy of MAC Filtering

The basic policy of filtering based on system is set to allow all packets for each port.
However the basic policy can be changed for user’s requests.

After configuring basic policy of filtering for all packets, use the following command on
Bridge mode to show the configuration.

Command Mode Function

mac-filter default-policy {denyㅣ Configures basic policy of MAC Filtering in

Bridge
permit} port-number specified port.

Enable/
show mac-filter default-policy Shows the basic policy.
Global/Bridge

By default, basic filtering policy provided by system is configured to permit all packets
in each port.

DDJ:A-M-5212B0-01 231
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 1 ]

This is an example of blocking all packets in port 1~3 and port 7.

SWTICH(bridge)# mac-filter default-policy deny 1-3

7.10.2. Adding Policy of MAC Filter

You can add the policy to block or to allow some packets of specific address after con-
figuring the basic policy of MAC Filtering. To add this policy, use the following com-
mands on Bridge mode.

Command Mode Function

mac-filter add mac-address {denyㅣ Allows or blocks packet which brings configured
Bridge
permit} mac address to specified port.

Variable MAC-ADDRESS is composed of twelve digits number in Hexa decimal. It is

possible to check it by using the command show mac. 00:d0:cb:06:01:32 is an exam-
ple of MAC address.

232 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To show user’s configuration about MAC filter policy, use the following commands.

Command Mode Function

Enable/

show mac-filter Global Shows MAC filter policy.

/Bridge

[ Sample Configuration 2 ]

The latest policy is recorded as number 1. The following is an example of permitting

MAC address 00:02:a5:74:9b:17 and 00:01:a7:70:01:d2 and showing table of filter pol-
icy.

SWITCH(bridge)# mac-filter add 00:02:a5:74:9b:17 permit

SWITCH(bridge)# mac-filter add 00:01:a7:70:01:d2 permit
SWITCH(bridge)# show mac-filter
=================================
ID | MAC | ACTION
=================================
1 00:01:a7:70:01:d2 PERMIT
2 00:02:a5:74:9b:17 PERMIT
SWITCH(bridge)#

The following is an example of viewing one configuration.

SWITCH(bridge)# show mac-filter 1

=================================
ID | MAC | ACTION
=================================
1 00:01:a7:70:01:d2 PERMIT
SWITCH(bridge)#

7.10.3. Deleting MAC Filtering Policy

To delete MAC filtering policy, use the following command.

Command Mode Function

mac-filter del source-mac-address Bridge Deletes filtering policy for specified MAC ad-

dress.

DDJ:A-M-5212B0-01 233
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To delete MAC filtering function, use the following command.

Command Mode Function

no mac-filter Bridge Deletes all MAC filtering functions..

7.10.4. Listing of MAC Filtering Policy

When you need to make many MAC filtering policies at a time, it is hard to input com-
mand one by one. In this case, it is more convenient to save MAC filtering policies at
“/etc/mfdb.conf” and display the list of MAC filtering policy. To view the list of MAC filter-
ing policy at /etc/mfdb.conf, use the following command.

Command Mode Function

mac-filter list Bridge Shows the list of MAC filtering policy at

/etc/mfdb.conf.

7.11. Configuring Max Host

7.11.1. Configuring Max-hosts

User can limit the number of users by configuring maximum number of users also
named as Max host for each port. In this case, you need to consider not only the num-
ber of PCs in network but also devices such as switches in network.

For SURPASS hiD 6615, you have to lock the port like MAC filtering before configuring
Max Host. In case of ISPs, it is possible to arrange billing plan for each user by using
this configuration.

To configure Max host, use the following command.

Command Mode Function

max-hosts port-number max-mac- Bridge Limits the number of connection to a port by

number setting maximum host.

234 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

When Max host is configured as “0”, no one can connect to the port.

The following is an example of configuring to allow two MAC addresses to port 1, and
five addresses to port 2,3 ,and to ten addresses to port 4.

SWITCH(bridge)# max-hosts 1 2
SWTICH(bridge)# max-hosts 2 5
SWTICH(bridge)# max-hosts 3 5
SWTICH(bridge)# max-hosts 4 10
SWTICH(bridge)#

To delete max host, use the following command.

Command Mode Function

no max-hosts port-number Bridge Deletes configured max-host.

To check configured max host, use the following command.

Command Mode Function

show max-hosts Enable/Global/Bridge Shows configured max host.

The following is an example of viewing configured max hosts.

SWITCH(bridge)# show max-hosts

port 1 : 0/2 (current/max)
port 2 : 0/5 (current/max)
port 3 : 0/5 (current/max)
port 4 : 0/10 (current/max)
port 5 : 0/Unlimited (current/max)
(omitted)
SWITCH(bridge)#

7.11.2. Configuring Max-new-hosts

Max-new-hosts are to limit the number of users by configuring the number of MAC ad-
dress that can be Learning on the system and on the port for a second. The number of
MAC address that ca be Learning on the system has the priority. To configure Max-
new-hosts, use the following command.

DDJ:A-M-5212B0-01 235
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

max-new-hosts port-number max- The number of MAC address that can be Learning

mac-number on the port for a second.

Bridge
max-new-hosts system port- The number of MAC address that can be Learning

number max-mac-number on the system for a second.

To delete the configured Max-new-hosts, use the following command.

Command Mode Function

Deletes the number of MAC address that can be

no max-new-hosts port-number
Learning on the port.
Bridge
Deletes the number of MAC address that can be
no max-new-hosts system
Learning on the system..

To check the configured Max-new-hosts, use the following command.

Command Mode Function

show max-new-hosts Enable/Global/Bridge Shows the configured Max-new-hosts.

If MAC that is already counted disappears before passing 1 seconds and again starts
Learning, it is not counted.

In case the same MAC changes the port, it is not counted again. For example, if MAC
that is Learning port number 1 is Learning port number 2, it is supposed to move the
port. So, it is deleted from port number 1 and Learning on port number 2 but it is not
counted.

236 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 1 ]

The following is to limit the number of MAC address that can be Learning on the sys-
tem for a second as 10 and limit the number of MAC address that can be Learning on
the port number 1-10 for a second as 3.

SWITCH(bridge)# max-new-hosts system 10

SWITCH(bridge)# max-new-hosts 1-10 3
SWITCH(bridge)# show max-new-hosts
System : 10

port 1 : 3
port 2 : 3
port 3 : 3
port 4 : 3
port 5 : 3
port 6 : 3
port 7 : 3
port 8 : 3
port 9 : 3
port 10 : 3
port 11 : Unlimited
port 12 : Unlimited
port 13 : Unlimited
port 14 : Unlimited
port 15 : Unlimited
port 16 : Unlimited
port 17 : Unlimited
port 18 : Unlimited
port 19 : Unlimited
port 20 : Unlimited
port 21 : Unlimited
--More--
SWITCH(bridge)#

In the above configuration, after MAC is Learning on the port number 1-10, when 11th
MAC starts Learning, it is limited because the number of MAC address, that can be
Learning on the system for a second, is already exceeded.

DDJ:A-M-5212B0-01 237
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

7.12. Managing MAC Table

There are two types of addresses registered in MAC table: Dynamic address and Static
address. Dynamic address is deleted when it is not used after the switch registers it in
MAC table. Static address is the configured address by user that is remained even after
rebooting. To register Static address in MAC table, use the following command on
Bridge configuration mode.

Command Mode Function

mac bridge-name port-number Registers Static address in MAC table with

Bridge
mac-address MAC address, bridge name and port number.

Enable/
show mac bridge-name [port-
Global/ Shows MAC address user configured.
number]
Bridge

The following is an example of registering MAC address 00:01:02:9a:61:17 in port 13

MAC table of 1.

SWITCH(bridge)# mac 1 13 00:01:02:9a:61:17

SWITCH(bridge)#

The following is an example of showing MAC address of destination, the specified port
number, VLAN ID, and time registered in table.

SWITCH(bridge)# show mac 1 24

==================================================================
port mac addr permission in use
==================================================================
eth24(24) 00:01:02:9a:61:1a static 0.00
eth24(24) 00:10:5a:84:46:76 OK 0.01
eth24(24) 00:e0:4c:1a:37:17 OK 0.07
eth24(24) 00:d0:cb:0a:a0:b7 OK 0.15
eth24(24) 00:c0:ca:33:5b:90 OK 0.18
eth24(24) 00:03:47:70:e3:30 OK 0.50
(omitted)
SWITCH(bridge)#

To delete Static address in MAC table, use the following commands on Bridge configu-
ration mode.

238 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

no mac [bridge-name] [port-number] [mac- Deletes specified MAC address regis-

Bridge
address] tered in specified port.

To reset the addresses registered in MAC table, use the following command.

Command Mode Function

clear mac brdge-name port-number mac-

Bridge Resets MAC table.
address

7.13. Configuring ARP Table

Devices connected to IP network have two address, LAN address and network address.
LAN address is sometimes called as data link because it is used in Layer 2 level, but
more commonly the address is known as MAC address.

Switch on Ethernet needs 48-bit-MAC address to transmit packets. In this case, the
process of finding proper MAC address from IP address is called as address resolution.
On the other hand, the progress of finding proper IP address from MAC address is
called as reverse address resolution. Siemens’ switches find MAC address from IP ad-
dress through Address Resolution Protocol(ARP). ARP saves these addresses in ARP
table for quick search. Referring to IP address in ARP table, packet attached IP address
is transmitted to network. When configuring ARP table, it is possible to do it only in
some specific interfaces.

To match a specific IP address and MAC address, use the following command on con-
figuration mode.

Command Mode Function

arp ip-address mac-address Saves IP address and MAC address in ARP table.
Global
[interface-name] Also possible to configure a specific interface.

To view ARP table, use the following command on Privilege Exec Enable Mode or con-
figuration mode.

Command Mode Function

show arp [interface-nameㅣip- Enable/ Shows registered ARP table.

address] Global

DDJ:A-M-5212B0-01 239
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To release ARP function about IP address and MAC address, use the following com-
mand on configuration mode.

Command Mode Function

Releases ARP function about IP address and

no arp [ ip-address] [interface-name]
Global MAC address.

clear arp[interface-name] Resets ARP table.

The following is an example of saving IP address 10.1.1.1 in MAC address

00:d0:cb:00:00:01.

SWITCH(config)# arp 10.1.1.1 00:d0:cb:00:00:01

SWITCH(config)#

The following is an example of viewing ARP table.

SWITCH(config)# show arp

Address HWtype HWaddress Flags Mask Iface
172.16.1.254 ether 00:D0:CB:06:01:32 C 1

240 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.14. ARP-Alias

Although clients are joined in same client switch, it may be impossible to communicate
between clients for their private security. When you need to make them communicate
each other, SURPASS hiD 6615 supports ARP-alias, which responses ARP request
from client net through Concentrating switch.

In the below picture, it is impossible to communicate between clients 10.1.1.2~10.1.1.5.

In this case, you can configure ARP-alias to response ARP request from the clients
10.1.1.2~10.1.1.5. Through Concentrating switch, they can communicate after configur-
ing ARP-Alias.

Internet

Concentrating

③ Concentrating switch Switch

responses ARP request ① Register 10.1.1.2 ~10.1.1.5
from 10.1.1.2~10.1.1.5 in ARP-Alias

Client Switch

② ARP requests of
10.1.1.2~10.1.1.5 sent to
Concentration Switch
Client Net
For private security
10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 impossible to communicate
between clients
∴ No ARP between Clients.

Fig. 7-9 ARP-Alias

To register address of client net range in ARP-Alias, use the following command.

Command Mode Function

arp-alias start-ip-address end-ip- Global Registers IP address range and MAC address in

address [mac-address] ARP-Alias to make user’s equipment response ARP

request.

DDJ:A-M-5212B0-01 241
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Unless you input MAC address, MAC address of user’s equipment will be used for ARP
response.

To delete registered IP address range of ARP-Alias, use the following command.

Command Mode Function

no arp-alias start-ip-address end-

Global Deletes registered IP address range of ARP-Alias.
ip-address

To view ARP-Alias, use the following command.

Command Mode Function

show arp-alias Enable/Global Shows registered ARP-Alias.

【 Sample Configuration 1 】

The following is an example of configuring ARP-Alias by registering IP address from

10.1.1.2 to 10.1.1.5.

SWITCH(config)# arp-alias 10.1.1.2 10.1.1.5

SWITCH(config)#

Unless you input MAC address as the above example, MAC address of hiD 6615 will
be used.

242 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

7.15. Proxy-ARP

SURPASS hiD 6615 has Proxy-ARP, which responses ARP request instead of other
equipment. In the below picture, Host A has IP address 172.16.10.100 and the subnet
mask is set to /16. So, it is considered as connecting to network 172.16.0.0.

In case Host A needs to send packet to Host D, Host A is supposed to send ARP re-
quest considering that Host D is on the same network. Since ARP request is trans-
ferred through broadcast, the ARP request from Host A is sent not to Host D, but to 1
interface and nodes belonged to subnet A.

Host A Host B
172.16.10.100/16 172.16.10.200/24
default 172.16.10.99/24
subnet A

SURPASS hiD 6615

br2 172.16.20.99/24

subnet B

Host C Host D
172.16.20.100/24 172.16.20.200/24

Fig. 7-10 Proxy-ARP

However, SURPASS hiD 6615 is aware that Host D belongs to other subnet and able to
transmit packet to Host D. Therefore it responses to ARP request from Host A with its
own MAC address. Using this way, all ARP requests from subnet A to subnet B are re-
sponded with MAC address of SURPASS hiD 6615. Packets, which should be transmit-
ted to Host D from Host A are well transmitted through SURPASS hiD 6615.

To configure Proxy-ARP, enter into Interface configuration mode of specific interface

and use the following command.

Command Mode Function

ip proxy-arp Interface Configures Proxy-ARP in specific interface.

To disable Proxy-ARP, use the following command.

DDJ:A-M-5212B0-01 243
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

no ip proxy-arp Interface Disables Proxy-ARP.

【 Sample Configuration 1 】

The following is an example of configuring Proxy-ARP in 1.

SWITCH# configure terminal

SWITCH(config)# interface 1
SWITCH(config-if)# ip proxy-arp
SWITCH(config-if)# show running-config
Building configuration...
(omitted)
interface 1
no shutdown
ip proxy-arp
ip address 172.16.209.50/16
!
ip route 0.0.0.0/0 172.16.1.254
!
no snmp
!
SWITCH(config-if)#

7.16. Configuring Gratuitous ARP

In SURPASS hiD 6615 3.02 NOS, by broadcasting Gratuitous ARP containing IP ad-
dress and MAC address of gateway, the network is accessible even though IP ad-
dresses of specific host’s gateway are repeatedly assigned.

Configure Gratuitous ARP interval and transmission count using following commands.
And configure transmission delivery-start in order to transmit Gratuitous ARP after ARP
reply.

Gratuitous ARP is transmitted after some time from transmitting ARP reply.

Command Mode Function

arp-patrol interval count {delivery-start} Configures Gratuitous ARP.

no arp-patrol Global Releases Gratuitous ARP.

show running-config Shows the configuration of Gratuitous ARP.

244 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The following is an example of configuring the transmission interval as 10 sec and

transmission times as 4 and showing it.

SWITCH(config)# arp-patrol 10 4
SWITCH(config)# show running-config
Building configuration...

Current configuration:
hostname SWITCH

(Omitted)

arp-patrol 10 4
!
no snmp
!
SWITCH(config)#

7.17. ICMP Message Control

ICMP stands for Internet Control Message Protocol. When it is impossible to transmit
data or configure route for data, ICMP sends error message about it to host.

The first 4 bytes of all ICMP messages are same, but the other parts are different ac-
cording to type field value and code field value.

There are fifteen values of field to distinguish each different ICMP message, and code
field value helps to distinguish each type in detail.

The following shows simple ICMP message construction.

0 7 15 16 31

8-bit type 8-bit code 16-bit checksum

(contents depend on type and code)

Fig. 7-11 ICMP Message

DDJ:A-M-5212B0-01 245
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following table shows explanations for fifteen values of ICMP message type.

Type Explanation Type Explanation

0 echo reply 12 parameter problem

3 destination unreachable 13 timestamp request

4 source quench 14 timestamp reply

5 redirect 15 information request

8 echo request 16 information reply

9 router advertisement 17 address mask request

10 router solicitation 18 address mask reply

11 time exceeded

It is possible to control ICMP message through user’s configuration. You can configure
not to send echo reply message to the partner who is taking ping test to device and in-
terval to transmit ICMP message. You can configure the following to control ICMP mes-
sage.

• Blocking Echo Reply Message

• Configuring Interval to Transmit ICMP Message
• Transmitting ICMP Redirect Message

7.17.1. Blocking Echo Reply Message

It is possible to configure not to send echo reply message to the partner who is taking
ping test to device. To block echo reply message, use the following commands.

Command Mode Function

Blocks echo reply message to all partners who are

ip icmp ignore echo all
taking ping test to device.
Global
ip icmp ignore echo broad- Blocks echo reply message to partner who is taking

cast broadcast ping test to device.

246 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To release blocked echo reply message, use the following commands.

Command Mode Function

Releases blocked echo reply message to all partners

no ip icmp ignore echo all
who are taking ping test to device.
Global
no ip icmp ignore echo Releases blocked echo reply message to partner

broadcast who is taking broadcast ping test to device.

7.17.2. Configuring Interval to Transmit ICMP Message

It is possible to configure interval to transmit ICMP message. After you configure the in-
terval, ICMP message will not be sent until configured time based on the last message
is up. For example, if you configure the interval as 1 second, ICMP will not be sent
within 1 second after the last message has been sent.
To configure interval to transmit ICMP message, the administrator should configure the
type of message and the interval time.

To configure the interval to transmit ICMP message, use the following command.

Command Mode Function

ip icmp interval rate-mask mask Global Configures the interval to transmit ICMP message

mask should be input as hexadecimal number.

Each ICMP message has the value as follows.

Tab. 7-2 The value of ICMP Message

TYPE VALUE TYPE VALUE

ICMP_ECHOREPLY 0 ICMP_DEST_UNREACH 3

ICMP_SOURCE_QUENCH 4 ICMP_REDIRECT 5

ICMP_ECHO 8 ICMP_TIME_EXCEEDED 11

ICMP_PARAMETERPROB 12 ICMP_TIMESTAMP 13

ICMP_TIMESTAMPREPLY 14 ICMP_INFO_REQUEST 15

ICMP_INFO_REPLY 16 ICMP_ADDRESS 17

ICMP_ADDRESSREPLY 18

DDJ:A-M-5212B0-01 247
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

How to calculate Mask is as follows. If mask that is input as hexadecimal number is

calculated as binary number,“1” means “Status ON”, “0” means “Status OFF”. In binary
number, if the digit showed as “1” matches with the value of ICMP message, it means
ICMP Message is selected as “Status ON”. Digit value starts from 0.

Digit value in binary number starts from 0.

For example, if hexadecimal number “8” is changed as binary number, it is “1000”. In

1000, 0 digit is “0” and 1 digit is “0”, 2 digit is “0” and 3 digit is “1”. The digit showed as
“1” is “3” and ICMP_DEST_UNREACH means ICMP value is “3”. So
ICMP_DEST_UNREACH is chosen the message of limiting the transmission time.

Default for mask is 0x1818.

Maximum mask value is 0xFFFFFFFF.

Default is 0x1818. If 1818 as 16 hexadecimal number is changed as binary number, it

is 1100000011000. By calculating from 0 digit, 3 digit, 4 digit, 11 digit, 12 digit is “1” and
it is “STATUS ON”. Therefore, the message that corresponds to 3,4,11,12 is chosen as
the message limiting the transmission rate.

The following shows the result of mask calculation of Default.

TYPE STATUS

ICMP_ECHOREPLY(0) OFF

ICMP_DEST_UNREACH(3) ON

ICMP_SOURCE_QUENCH(4) ON

ICMP_REDIRECT(5) OFF

ICMP_ECHO(8) OFF

ICMP_TIME_EXCEEDED(11) ON

ICMP_PARAMETERPROB(12) ON

ICMP_TIMESTAMP(13) OFF

ICMP_TIMESTAMPREPLY(14) OFF

ICMP_INFO_REQUEST(15) OFF

ICMP_INFO_REPLY(16) OFF

ICMP_ADDRESS(17) OFF

ICMP_ADDRESSREPLY(18) OFF

Tab. 7-3 The calculation for Default mask

248 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To configure how much time ICMP transmission time is limited, use the following com-
mand.

Command Mode Function

ip icmp interval rate-limit interval Global Configures how much time ICMP transmission

time is limited

The unit for “interval” 10㎳(1/100s).

The default transmission time is 1second(100㎳).

If 0 is input in “interval”, the message is sent without limiting interval.

To return to default configuration, use the following command.

Command Mode Function

ip icmp interval default Global Returns to default configuration

To view ICMP interval configuration, use the following command.

Command Mode Function

show ip icmp interval Enable/Global shows ICMP interval configuration

[Sample Configuration 1]

The following is to limit the transmission rate of the message for ICMP_ECHO,
ICMP_INFO_REQUEST, ICMP_INFO_REPLY.

ICMP_ECHO is 8, ICMP_INFO_REQUEST is 15, ICMP_INFO_REPLY is 16 and you

should input mask by changing binary number which 8 digit, 15 digit, 16 digit is “1” into
hexadecimal number. As binary number, it is 11000000100000000 and it is 18100 as
hexadecimal number.

DDJ:A-M-5212B0-01 249
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

SWITCH(config)# ip icmp interval rate-mask 0x18100

SWITCH(config)# show ip icmp interval
----------------------------------------
RATE-LIMIT : 100 (default:100)
----------------------------------------
RATE-MASK : 0x18100 (default:0x1818)
----------------------------------------
TYPE | STATUS
----------------------------------------
ICMP_ECHOREPLY(0) | OFF
ICMP_DEST_UNREACH(3) | OFF
ICMP_SOURCE_QUENCH(4) | OFF
ICMP_REDIRECT(5) | OFF
ICMP_ECHO(8) | ON
ICMP_TIME_EXCEEDED(11) | OFF
ICMP_PARAMETERPROB(12) | OFF
ICMP_TIMESTAMP(13) | OFF
ICMP_TIMESTAMPREPLY(14)| OFF
ICMP_INFO_REQUEST(15) | ON
ICMP_INFO_REPLY(16) | ON
ICMP_ADDRESS(17) | OFF
ICMP_ADDRESSREPLY(18) | OFF
----------------------------------------
SWITCH(config)#

7.17.3. Transmitting ICMP Redirect Message

User can configure to transmit ICMP Redirect Message. Transmitting ICMP Redirect
Message is one of the ways preventing DoS(Denial of Service), and this can make the
switch provide the constant service to the hosts.SURPASS hiD 6615 transmits more
optimized route to the host than the present route between the host connected to the
switch and the specific destination.

To activate the function transmitting ICMP Redirect Message, use the following com-
mand.

Command Mode Function

Activates the function transmitting ICMP Redirect Mes-

ip redirects
sage.
Global
Deactivates the function transmitting ICMP Redirect
no ip redirecs
Message.

show running-config Enable/Global Checks the present configuration.

250 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The following is an example for configuring ICMP Redirect Message and checking the
configuration.

SWITCH(config)# show running-config

(omitted)

interface 1
ip address 222.121.68.247/24
!
!
!
SWITCH(config)# ip redirects
SWITCH(config)# show running-config

(omitted)

interface 1
ip address 222.121.68.247/24
!!
ip redirects
!
!
SWITCH(config)#

7.18. IP TCP flag control

TCP(Transmission Control Protocol) header includes six kinds of flags that are URG,
ACK, PSH, RST, SYN, and FIN. In SURPASS hiD 6615, you can configure RST and
SYN as the below.

• RST Configuration
• SYN Configuration

7.18.1. RST Configuration

RST sends a message that TCP connection cannot be done to a person who tries to
make it. However, it is also possible to configure not to send the message. This func-
tion will help prevent that hackers can find impossible connections.

DDJ:A-M-5212B0-01 251
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To configure not to send the message that informs TCP connection cannot be done,
use the following command.

Command Mode Function

ip tcp ignore rst-unknown Global Configures not to send the message that informs TCP

connection cannot be done.

The default is enabled RST.

To enable RST, use the following command.

Command Mode Function

no ip tcp ignore rst-unknown Global Enables RST.

7.18.2. SYN Configuration

SYN sets up TCP connection. SURPASS hiD 6615 transmits cookies with SYN to a
person who tries to make TCP connection. And only when transmitted cookies are re-
turned, it is possible to permit TCP connection. This function prevents connection over-
crowding because of accessed users who are not using and helps the other users use
service. To permit connection only when transmitted cookies are returned after sending
cookies with SYN, use the following command.

Command Mode Function

ip tcp syncookies Global Permits only when transmitted cookies are re-

turned after sending cookies with SYN.

To disable the above configuration, use the following command.

Command Mode Function

Disables configuration to Permits only when

no ip tcp syncookies Global transmitted cookies are returned after sending

cookies with SYN.

252 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[Sample Configuration 1]

The following is an example of disabling RST and permitting only when transmitted
cookies are returned after sending cookies with SYN.

SWITCH(config)# ip tcp ignore rst-unknown

SWITCH(config)# ip tcp syncookies
SWITCH(config)# show running-config
Building configuration...
(omitted)
ip tcp ignore rst-unknown
ip tcp syncookies
!
ip route 0.0.0.0/0 172.16.254.1
!
dot1x address 172.16.209.5
dot1x port enable 1
!
no snmp
!
SWITCH(config)#

7.19. Displaying the usage of the packet routing table

The packet routing based on host uses L3 table as it’s memory. It searches the infor-
mation of destination addess in L3 table to get the Nexthop information and transmits
packets through Rewriting process.

If it does not find the information of destination in L3 table, it refers to CPU routing table
and records Nexthop information in L3 table and then transmits the packets through
Rewriting process. hiD 6615 provides 4k of L3 table.

The packet routing based on network complements the ineffectual process of recording
with packet unit.
HiD 6615 uses LPT table as it’s memory and it provides 16k of LPM table.

To show the usage of L3 table, LPM table or interface used in packet routing, use the
following command.

Command Mode Function

show ip tables summary Enable Show the usage of L3 table or LPM table or interface.

DDJ:A-M-5212B0-01 253
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8. System Main Function

This chapter describes main functions of this switch such as VLAN, Port trunking, and
STP. It contains the following sections.

• VLAN
• Port Trunking
• LACP Configuration
• STP and RSTP, PVST and MSTP
• Stacking
• Configuring Port Bandwidth
• Flood-Guard
• Configuring Bandwidth-share-group
• IP IGMP
• PIM-SM
• VRRP
• Bandwidth
• DHCP
• Broadcast Storm Control
• Blocking Direct Broadcast

254 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.1. VLAN(Virtual Local Area Network)

Every nodes in the same LAN could get the information from a node by Broadcast.
However, there’s the inconvenience of having unnecessary information from Broadcast.
Here, if you divide LAN into logical LAN again, nodes only on the same logical LAN
would get the information from Broadcast.

LAN, separated like this way is named VLAN (Virtual LAN). It is logical Network logi-
cally separated as user’s needs and a VLAN contains many ports. The network com-
posed of VLAN can transmit the packets only in the same VLAN if there’s no routing
function.

The following is an example of construction based on the port in Layer 2 environment.

SURPASS hiD 6615

br 1 br 3

br 2

Fig. 8-1 VLAN structure based on the port in Layer 2 environment

In the above figure, default, br2, br3 configured as VLAN is logically configured virtual
network. If it operates as Layer 2, it is possible to communicate in the same virtual net-
work, however it is impossible to communicate with other virtual network. SURPASS
hiD 6615 provides Layer 3 switching function so that it makes the ports in the other
VLAN to communicate with each other.

VLAN decreases Ethernet traffic to improve transmit rate and strengthens security by
transmission per VLAN. You can construct VLAN based on port, MAC address, and
protocol. VLAN based on the port designate VLAN as ports, a port could belong to
various VLANs. VLAN based on MAC addresses configures VLAN with their MAC ad-

DDJ:A-M-5212B0-01 255
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

dresses. Even though the administrator changes the connection port, VLAN is not
changed because it uses its own MAC address. Also, VLAN based on protocol is the
way of structuring VLAN by the protocol. SURPASS hiD 6615 supports VLAN based on
the port and the protocol. The number of VLAN which can be generated from VLAN is
4096 and it is possible to generate up to 8 VLAN based on the protocol.

In order to decide the packet path, first of all, VLAN based on the protocol is used.
When the packet is transmitted, it is forwarded to VLAN as the user configured. How-
ever, if the user did not configure VLAN for the packet, the packet path would be de-
cided according to the port.

SURPASS hiD 6615 according to IEEE 802.1q standards already has VLAN ID(PVID)
on the all ports. If the packet entering to Tagged port keeps its VLAN ID and the packet
transmitting to Untagged port receives PVID that the system configured. In other words,
if a port of SURPASS hiD 6615 ports constructing VLAN network can transmit packets
to VLAN by PVID.

The following is how to decide packet route by VLAN configured in SURPASS hiD 6615.

There’s VLAN con-

structing with the Transmit to

→ →
appropriate proto- VLAN
Check
col.
protocol
Transmits ac-
There’s no appro- Tagged
→ → Check the → → cording to Tag of
priate protocol. port
port packets

Untagge Transmits pack-

→ d → ets by giving

port PVID on them

Fig. 8-2 The process of deciding packet route based on VLAN

256 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

VLAN has following features.

◆ Enlarged Network Bandwidth

Users belonged in each different VLAN can use more enlarged bandwidth than no
VLAN composition because they do not receive unnecessary Broadcast information.

◆ Cost-Effective Way
When you use VLAN to prevent unnecessary traffic loading because of broadcast, you
can get cost-effective network composition since switch is not needed.

◆ Strengthened Security
Usually node shares broadcast information, in some case, authorization is required for
the information. VLAN supports the way for VLAN member consisted of only authorized
users so that network security can be more strengthened.

Configuring VLAN describes as follows.

• Default VLAN
• Configuring VLAN based on the port
• Configuring VLAN based on the protocol
• Configuring VLAN based on MAC address
• Configuring VLAN based on Subnet
• Configuring QinQ
• Configuring FID
• Showing the configuration related to VLAN

8.1.1. Default VLAN

In SURPASS hiD 6615, all ports are basically configured as Default VLAN. Default
VLAN designates PVID as 1 and it is impossible to deleted. In order to contain the ports
in newly generated VLAN without duplication, the user should delete the ports from De-
fault VLAN. The ports deleted from other VLAN are automatically contained in Default.
Also, the ports that are once the member port of Trunk port and then released are con-
tained in Default VLAN.

The following is an example of deleting port number 3 from br2 and showing it to return
to Default status again.

DDJ:A-M-5212B0-01 257
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

SWITCH(bridge)# vlan create br2

SWITCH(bridge)# vlan del default 3,4
SWITCH(bridge)# vlan add br2 3,4 untagged
SWITCH(bridge)# show vlan
u: untagged port, t: tagged port
-----------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-----------------------------------------------------------------
default( 1| 1) |uu..uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br2( 2| 2) |..uu......................................
SWITCH(bridge)# vlan del br2 3
SWITCH(bridge)# show vlan
u: untagged port, t: tagged port
-----------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-----------------------------------------------------------------
default( 1| 1) |uuu.uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br2( 2| 2) |...u......................................
SWITCH(bridge)#

8.1.2. Configuring VLAN based on the port

In order to configure VLAN based on the port in SURPASS hiD 6615, first of all, newly
make VLAN and designate the member and assign PVID for them. The following de-
scribes VLAN configuration as follows.

• Making VLAN
• Specifying PVID
• Assigning Port in VLAN
• Releasing VLAN

8.1.2.1. Making VLAN

In SURPASS hiD 6615, make vlan-name form “brN” (N=integer) in order to make VLAN.
Here, VID for each VLAN is automatically configured as “N”. In other words, VID for br2
is 2 and VID for br100 is 100. Default VLAN is VLAN that has VID 1.

Therefore the user can not make VLAN which has the name of default.

In order to configure new VLAN in user’s network, user the following command.

258 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

vlan create vlan-name Bridge By designating VLAN name, make new VLAN.

Make vlan-name form “brN” (N=integer) or “N”. If you input wrong letter, not BrN, the fol-
lowing message will be displayed.

SWITCH(bridge)# vlan create A

%invalid input parameter: A
SWITCH(bridge)#

In order to use vlan-name for “N”, you can input large range by using “-” and display
them by using “,”.
For the form “brN”, you should configure one by one.

8.1.2.2. Specifying PVID

In SURPASS hiD 6615, “N” for vlan-name is automatically configured as VID. For ex-
ample, if vlan-name is configured as “br2” or “2”, VID will be also “2”

The user can designate PVID. In order to designate PVID on the port, use the following
command.

Command Mode Function

vlan pvid port-number <1-4094> Bridge The user can configure PVID as their pleases. It is

possible to configure PVID from 1 to 4094..

8.1.2.3. Assigning and deleting port

After making VLAN newly, you should assign port for it. In SURPASS hiD 6615, be-
cause all ports are basically integrated in interface “default”, you should delete all ports
from “default” in order to assign ports to another VLAN without duplication.

In SURPASS hiD 6615, all ports basically belong to “default”. In order to assign them
to VLAN without duplication, fist of all, delete the ports from “default”.

The following is a command of deleting and assigning ports to VLAN.

DDJ:A-M-5212B0-01 259
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

vlan add vlan-name port-number Designate the port which VLAN to belong and

{tagged | untagged} Bridge configure the port as tagged or untagged.

vlan del vlan-name port-number Delete the port in VLAN

When you designate many ports in VLAN, displays the port number using “,” without va-
cancy. In order to designate a series of port range, input them using “-”.

8.1.2.4. Describing VLAN

After making VLAN, you can describe for specific VLAN. The following is a command of
describing for specific VLAN.

Command Mode Function

vlan description vlan-name description Describes for specific VLAN.

Bridge
no vlan description vlan-name Deletes VLAN description of specfic VLAN

8.1.2.5. Releasing VLAN function

In order to delete VLAN configured in SURPASS hiD 6615, you should delete all ports
in appropriate VLAN first After disable VLAN interface, delete VLAN.

The following is an example of deleting the designated VLAN.

Step 1 In bridge mode, delete all ports in VLAN by using the commands.

Command Mode Function

vlan del vlan-name port-number Bridge Delete all ports in VLAN.

Step 2 Enter interface mode from configuration mode in order to disable virtual inter-
face.

Command Mode Function

Input the name of VLAN which is going to be

Interface interface-name Global
deleted and enter into interface mode.

shutdown Interface Disable virtual interface.

260 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Step 3 Delete VLAN using the following command in bridge mode.

Command Mode Function

no vlan vlan-name Bridge Deletes VLAN.

If you delete VLAN, all ports in appropriate VALN will be disabled. There ports keep dis-
abled status until they are assigned to new VLAN.

8.1.3. Configuring VLAN based on protocol

In order to configure VLAN based on protocol, user should designate port, protocol and
PVID. If an entering packet corresponds to the protocol composing of VLAN, it is
transmitted to VLAN according to the configured PVID.

In order to configure VLAN based on protocol, use the following command.

Command Mode Function

vlan pvid port-number ethertype Configure VLAN based on protocol by designating

Bridge
ethertype <1-4094> packet type.

In order to clear VLAN based on protocol, use the following command.

Command Mode Function

no vlan pvid port-number ether- Bridge Clears configured VLAN based on protocol.

type [ethertype]

8.1.4. Configuring VLAN based on MAC address

In order to configure VLAN based on MAC address, user should designate MAC ad-
dress.

In order to configure VLAN based on MAC address, use the following command.

Command Mode Function

vlan macbase MAC-address <1- Bridge Configure VLAN based on MAC address

4094>

DDJ:A-M-5212B0-01 261
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In order to clear VLAN based on MAC address, use the following command.

Command Mode Function

no vlan macbase MAC-address Bridge Clears configured VLAN based on MAC address.

8.1.5. Configuring VLAN based on Subnet

In order to configure VLAN based on Subnet, user should designate Subnet.

To configure Subnet based VLAN , use the following command.

Command Mode Function

vlan subnet ip-address/M <1- Bridge Configure VLAN based on Subnet.

4094>

To clear VLAN configuration based on Subnet, use the following command.

Command Mode Function

no vlan subnet {ip-address} Bridge Clears configured VLAN based on Subnet.

To make precedence between MAC address and Subnet based VLAN, user can
choose one of both with below command.

Command Mode Function

vlan precedence {MAC / Subnet} Bridge Configure precedence between MAC based VLAN

and Subnet based VLAN..

8.1.6. Configuring QinQ

In the QinQ environment, it is possible to communicate between networks where differ-

ent VLANs are configured by using a VLAN. It is also called Double Q-tag because an-
other Tag is attached to in order to send a packet.

In existing network environment, suppose that there are two switches composed of dif-
ferent VLAN. For all switches connecting those two switches, VLAN should be config-
ured just the same. However, you don’t need to configure a number of VLAN by using
QinQ function in SURPASS hiD 6615.

262 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Network A-1
communication with PVID 10 Network A-1/A-2 and Network other
VLAN is configured with PVID 3.

If you configure QinQ

on the port connected SWITCH 1
to Network A-1, des-
Connecting Network A-1 and
ignated PVID is at-
Network A-2 with PVID 3
tached to the current
PVID. SWITCH 2
Here, configure PVID
connecting SWITCH1
and SWITCH 2.
Network A-2
If you configure QinQ on the port communication with PVID 10
connected to Network A-1, If you
configure QinQ on the port con-
nected to Network A-2, the origi-
nal PVID shows by taking off
covered PVID.

Fig. 8-3 The network construction of QinQ configuration

In above figure, when Network A-1 sends packet to Network A-2, packets are transmit-
ted to QinQ port of SWITCH 1 and the transmitted packets are sent to Network A-2
through SWITCH 2 where Qin Q has been configured.

If you configure QinQ on the port connected to Network A-2, the original PVID shows
by taking off covered PVID.

Here, if packets are sent to SWITCH 1 from Network A-1, the packets going out from
QinQ port attaching other Tag. This Tag is to use transmit packets from Network where
a number of VLAN are configured. When packets are transmitted to Network A-2
through QinQ of SWITCH 2, the attached Tag on QinQ port is removed and the original
Tag of packet is transmitted.

Configure other ports except QinQ port as Tagged port.

Because not QinQ port but other ports should transmit Tagged packet, it should be con-
figured as Tagged port.

DDJ:A-M-5212B0-01 263
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.1.6.1. Configuring QinQ

In order to configure QinQ, configure the port where other VLAN is configured as QinQ
and configure PVID used for other VLAN ‘s network on that port. In case of 【 Figure
7-1-3 】The construction example of QinQ configuration, configure PVID as “3”.

The following is the order of configuring QinQ.

Step 1 In order to configure the port where QinQ is configured, follow below order.

Command Mode Function

vlan dot1q-tunnel enable port-number Bridge Configure QinQ on the designated port.

The port where QinQ is configured does not operate as a member of VLAN.

Step 2 Configure the same PVID with network communicating to other VLAN on the
port where QinQ is configured.

Command Mode Function

vlan pvid port-number <1-4094> Bridge The user Configure PVID from 1~4094.

8.1.6.2. Configuring the kind of TPID

TPID(Tag Protocol Identifier) shows the kind of Tag protocol and currently used protocol.
The user can change TRIP.

In TPID, the port configuring 802.1q(0x8100) does not operate as the member of VLAN.

In order to configure TRIP of QinQ port, use the following command.

Command Mode Function

vlan dot1q-tunnel tpid tpid Bridge Configure TRIP of QinQ port.

8.1.6.3. Releasing QinQ

In order to release the configuration of QinQ, use the following command.

264 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

vlan dot1q-tunnel disable port-number Bridge Release the configuration as QinQ port.

8.1.7. Configuring Shared-VLAN in Layer 2 dedicated switch

This configuration is applied if only SURPASS hiD 6615 is used as L2 dedicated switch.

SURPASS hiD 6615 is actually Layer 3 switch and it is possible to use as Layer 2 dedi-
cated switch. In case the user uses it as Layer 2 switch, because there’s no routing
function, it is not possible to communicate between VLAN. Specially, the port desig-
nated as Uplink port should receive packets from all VLAN. In case of using it as Layer
2 switch, if the user doesn’t configure Uplink port in all VLAN, it is not possible to re-
ceive packets.

Therefore, in order to configure VLAN in Layer 2 Switch, you should configure Uplink
port to belong in all VLAN as below.

SWITCH(bridge)# show vlan

u: untagged port, t: tagged port
-----------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-----------------------------------------------------------------
default( 1| 1) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br2( 2| 2) |.u.....................u..................
br3( 3| 3) |..u....................u..................
br4( 4| 4) |...u...................u..................
SWITCH(bridge)#

default
X
br2
External
Network
X
br3

br4 X
Uplink Port

By configuring Uplink port as a member of

all VLAN for packets going out from from
each VLAN, transmit them through Uplink

Fig. 8-4 In case the packets going outside in Layer 2 environment

DDJ:A-M-5212B0-01 265
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In the above configuration, when Untagged packet enters into port number 1, PVID
would attach tag 1. Because Uplink port 24 belongs to VLAN 1, it is possible to transmit
to port number 24.

The problem is Untagged packet entering into Uplink port. It is hardly known Untagged
packet coming down Uplink port would be transmitted to which port with what kind of
PVID.

SWITCH(bridge)# show vlan

default
X
br2
External
Network
? X
br3

br4 X
Uplink When untagged packets that
Port should be transmitted to br3
through Uplink port, it is impos-
sible to know what kind of PVID
should be attached

Fig. 8-5 In case external packets enter under Layer 2 environment ①

In order to transmit untagged packets Uplink port to the other port, you should create a
VLAN having all pots containing Uplink port as a member.

By this configuration, Uplink port recognizes all ports. Here, what helps packet trans-
mission is FID.FID is used to control MAC table and it is possible to inform the packet

266 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

process because same FID manages with same MAC table. If you don’t configure FID
equally, packet would be Flooded because the switch cannot recognize the information
through MAC table.

SWITCH(bridge)# show vlan

u: untagged port, t: tagged port
-----------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-----------------------------------------------------------------
default( 1| 5) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br2( 2| 5) |.u.....................u..................
br3( 3| 5) |..u....................u..................
br4( 4| 5) |...u...................u..................
br4( 5| 5) |uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu

SWITCH(bridge)#

br5 containing all ports

Configure same FID for all ports

default

br2
External
Network br3

br4

Uplink
Port
Packet transmission to br3 is possible since a
connection is established among them.

Fig. 8-6 In case external packet enter in Layer 2 environment②

Therefore for L2 exclusive use, add Uplink port to all VLAN as a member and create
one more VLAN having all ports as a member and configure FID equally for the com-
munication between VLANs. In order to configure FID, use the following command.

Command Mode Function

vlan fid vlan-name fid Bridge Fid value is from 1to 4094

DDJ:A-M-5212B0-01 267
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.1.8. Configuring Port Isolation

The Port Isolation feature is a method that restricts L2 switching between isolated ports
in a VLAN. But flows between isolated port and non-isolated port are not restricted. If
you configure ‘port protected’ command, packet cannot be transmitted between pro-
tected ports. However, to non-protected ports, communication is possible.

To configure Port Isolation, use the following command.

Command Mode Function

port protected port-number Configures port isolation function

Bridge
no port protected port-number Disables port isolation function

8.1.9. Showing the configuration for VLAN

In SURPASS hiD 6615, it is possible to show port based VLAN, protocol based VLAN,
QinQ.How to show the configuration is as follows.

Command Mode Function

show vlan Shows all VLAN configuration.

show vlan vlan-name Shows the configuration for specific VLAN.

show vlan description Shows the description for specific VLAN.

Enable/
show vlan dot1q-tunnel Shows QinQ configuration.
Global/
show vlan protocol Shows VLAN based on protocol.
Bridge
show vlan macbase Shows VLAN based on MAC address

show vlan subnet Shows VLAN based on subnet

Show port protected Shows Port Isolation configuration

268 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.1.10. Sample Configuration

[ Sample Configuration 1 ] Configuring port based VLAN

The following is assigning br2,br3,br4 to port 2, port 3, port 4.

Default br2 br3 br4

SWITCH(bridge)# vlan create br2

SWITCH(bridge)# vlan create br3
SWITCH(bridge)# vlan create br4
SWITCH(bridge)# vlan del default 2-4
SWITCH(bridge)# vlan add br2 2 untagged
SWITCH(bridge)# vlan add br3 3 untagged
SWITCH(bridge)# vlan add br3 3 untagged
SWITCH(bridge)# vlan pvid 2 2
SWITCH(bridge)# vlan pvid 3 3
SWITCH(bridge)# vlan pvid 4 4
SWITCH(bridge)# show vlan
u: untagged port, t: tagged port
-----------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-----------------------------------------------------------------
default( 1| 1) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br2( 2| 2) |.u........................................
br3( 3| 3) |..u.......................................
br4( 4| 4) |...u......................................
SWITCH(bridge)#

DDJ:A-M-5212B0-01 269
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 2 ] Deleting port based VLAN

The following is deleting br3 among configured VLAN.

SWITCH(bridge)# vlan del br3 3

SWITCH(bridge)# exit
SWITCH(config)# interface br3
SWITCH(interface)# shutdown
SWITCH(interface)# exit
SWITCH(config)# bridge
SWITCH(bridge)# no vlan br3
SWITCH(bridge)# show vlan
u: untagged port, t: tagged port
-----------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-----------------------------------------------------------------
default( 1| 1) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br2( 2| 2) |.u........................................
br4( 4| 4) |...u......................................
SWITCH(bridge)#

270 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[Sample Configuration 3 ] Configuring protocol based VLAN

The following is configuring protocol based VLAN on the port number 2 and port num-
ber 4.

0x800 packet among 0x900 packet among the

the packets entering packets entering to Port 4.
to Port 2.

Default br2 br3 br4

SWITCH(bridge)# vlan pvid 2 ethertype 0x800 5

SWITCH(bridge)# vlan pvid 4 ethertype 0x900 6
SWITCH(bridge)# show vlan
u: untagged port, t: tagged port
-----------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-----------------------------------------------------------------
default( 1| 1) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br2( 2| 2) |.u........................................
br3( 3| 3) |..u.......................................
br4( 4| 4) |...u......................................
SWITCH(bridge)# show vlan protocol
---------------------------------------------------------------
| 1 2 3 4
Ethertype | VID |123456789012345678901234567890123456789012
---------------------------------------------------------------
0x0800 2 .p........................................
0x0900 4 ...p......................................
SWITCH(bridge)#

With above configuration, the packets from port number 2 and 4 are decided according
to the protocol kinds. In case the protocol is incongruous, the route is decided accord-
ing to the port based VLAN.

DDJ:A-M-5212B0-01 271
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[Sample Configuration 4 ] Configuring QinQ

10 port of SWITCH 1 and 11 port of SWITCH 2 are connected to the network where dif-
ferent VLAN is configured. In order to communicate without changing VLAN configura-
tion of SWITCH 1 and SWITCH 2 which communicate with PVID 10, configure it as fol-
lows.

You should configure the ports connected to network communicating with PVID 11 as
Tagged VLAN port.

The network
communicating
with PVID 11

Communicating SWITCH 1 SWITCH 2 Communicat-

with PVID 10 ing with PVID
Connecting to 10
port number 10 Connecting to
of SWITCH 1 port number 11
of SWITCH 1

< SWITCH 1 >

SWITCH(bridge)# vlan dot1q-tunnel enable 10
SWITCH(bridge)# vlan pvid 10 11
SWITCH(bridge)# show vlan dot1q-tunnel
Tag Protocol Id : 0x8100 (d: double-tagging port)
----------------------------------------------------
| 1 2 3 4
Port |123456789012345678901234567890123456789012
----------------------------------------------------
dtag .........d................................
SWITCH(bridge)#

< SWITCH 2 >

SWITCH(bridge)# vlan dot1q-tunnel enable 11
SWITCH(bridge)# vlan pvid 11 11
SWITCH(bridge)# show vlan dot1q-tunnel
Tag Protocol Id : 0x8100 (d: double-tagging port)
----------------------------------------------------
| 1 2 3 4
Port |123456789012345678901234567890123456789012
----------------------------------------------------
dtag ..........d...............................
SWITCH(bridge)#

272 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[Sample Configuration 5 ] Configuring Shared-VLAN using FID

Configure br2, br3, br4 in SURPASS hiD 6615 configured Layer 2 environment and 24
ports as Uplink port is configured. In order to transmit Untagged packet through Uplink
port rightly, follow below configuration.

default

br2
External
Network br3

br4

Uplink
Port

SWITCH(bridge)# vlan create br2

SWITCH(bridge)# vlan create br3
SWITCH(bridge)# vlan create br4
SWITCH(bridge)# vlan del default 3-8
SWITCH(bridge)# vlan add br2 3,4 untagged
SWITCH(bridge)# vlan add br3 5,6 untagged
SWITCH(bridge)# vlan add br4 7,8 untagged
SWITCH(bridge)# vlan add br2 24 untagged
SWITCH(bridge)# vlan add br3 24 untagged
SWITCH(bridge)# vlan add br4 24 untagged
SWITCH(bridge)# vlan create br5
SWITCH(bridge)# vlan add br5 1-42 untagged
SWITCH(bridge)# vlan fid 1-5 5
SWITCH(bridge)# show vlan
u: untagged port, t: tagged port
-----------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-----------------------------------------------------------------
default( 1| 5) |uu......uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br2( 2| 5) |..uu...................u..................
br3( 3| 5) |....uu.................u..................
br4( 4| 5) |......uu...............u..................
br5( 5| 5) |uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
SWITCH(bridge)#

DDJ:A-M-5212B0-01 273
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.2. Link aggregation

LACP(Link Aggregation Control Protocol) complying with IEEE 802.3ad bundles sev-
eral physical ports together to from one logical port so that user can get enlarged
bandwidth”.

Bandwidth from a port

It takes effect
from a wide bandwidth by us-
A logical port that can ing a number of ports.
be made by aggregating
a number of the ports.

Fig. 8-7 Link aggregation

In SURPASS hiD 6615, it is possible to make the configured logical port with Link aggregation
up to maximum 14 and contain physical port in logical port up to 8.

SURPASS hiD 6615 supports two kinds of Link aggregation as port trunk and LACP.
There is a little difference in these two ways.

In case of Port Trunking, it is quite troublesome to set the configuration manually and
the rate to adjust to the network environment changes when connecting to the switch
using logical port. However, if the user configures physical port aggregated with the
logical port in each switches, the switches are connected as the configuration. There-
fore it is easier for user to configure comparing to the port trunk and could quickly re-
spond to the environmental changes.

Connecting SWITCH A and

SWITCH C through 3 ports.

SWICH C SWICH A

Connecting SWITCH A and

SWITCH B through 2 ports

SWICH B

Fig. 8-8 The constitution example of Link aggregation ①

274 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH A is aggregated with SWITCH B as a logical port by connecting 2 physical

ports and it is aggregated with SWITCH C as a logical port by three physical ports.

Link aggregation function should be used for the above configuration. Here, if port trunk
is use for the configuration, first the user should configure the logical port by aggregat-
ing 3 physical ports and the logical ports by aggregating 2 physical ports. Configure a
logical port by aggregating 2 physical ports in SWITCH B and configure a logical port
by aggregating three physical ports. If the user connects the ports with cables, it oper-
ates as Link aggregation status.

However, using LACP could make the configuration to be easier. The link is automati-
cally generated if logical port and physical port which is going to be aggregated as logi-
cal port are configured.

For SWITCH A, after making two logical ports, designate 5 physical ports which will be
contained in the logical port. Then, even though there’s no configuration as above, it
operates as Link aggregation status by connecting the cable.The following is how to
configure port trunk and LACP.

8.2.1. Port trunk

Port trunking enables you to dynamically group similarly configured interfaces into a
single logical link (aggregate port) to increase bandwidth, while reducing the traffic
congestion.

• Configuring port trunk

• Releasing port trunk
• Checking port trunk

8.2.1.1. Configuring Port Trunk

In order to make logical port by aggregating the ports, use the following command.

Command Mode Function

trunk <0-5> port-number Adds a port to the aggregation port group

trunk distmode <0-5> {dstipㅣ Designate physical port as logical port and
Bridge
dstmacㅣsrcdstipㅣsrcdstmacㅣ decide which packets are transmitted to the

srcipㅣsrcmac } aggregated port.

DDJ:A-M-5212B0-01 275
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

It is possible to input Group-id from “0” to “13” because SURPASS hiD 6615 supports 14
logical ports.

Group-id of port trunk and Aggregator-number of LACP cannot be repeatedly configured.

If packets enter to logical port aggregating several ports and there’s no way to decide
packet route, the packets could be gathered on particular member port so that it is not
possible to use logical port effectively. Therefore SURPASS hiD 6615 is configured to
decide the way of packet route in order to divide on member port effectively when
packets enter. It is decided with Source IP address, Destination IP address, Source
MAC address, Destination Mac address and the user could get information of packets
to decided packet route. dstip is Destination IP address and dstmac means Destination
MAC address .srcdstip means Destination IP address and srcdstmac means Source
Destination MAC address. srcip is Source IP address and srcmac is Source MAC ad-
dress.

In SURPASS hiD 6615, Source Destination MAC address is basically used to decide
packet route.

The port designated as member port of port trunk is automatically deleted from existing
VLAN as the following example. Therefore, if member port and aggregated port exist in
other VLAN, VLAN configuration should be changed for the aggregated port.

If member port and aggregated port exist in other VLAN, VLAN configuration for aggre-
gated port should be changed.

8.2.1.2. Releasing Port Trunking

In order to release the configured port trunk, use the following command.

Command Mode Function

no trunk <0-5> port-number

Bridge Releases the configured trunk port.
no trunk distmode <0-5>

If the user deleted member port from logical port or release port trunk, they are auto-
matically contained as Default VLAN.

276 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.2.1.3. Showing Port Trunk Configuration

In order to show the configuration of port trunk, use the following command.

Command Mode Function

show trunk Enable/Global/Bridge Shows the configuration for trunk.

8.2.2. Configuring LACP

LACP(Link Aggregation Control Protocol) is the function of using more wide bandwidth
by aggregating more than two ports as a logical port as previously stated port trunk
function. However, what is different from port trunk is to make aggregated bandwidth
automatically in case logical Aggregator that aggregates the ports and physical mem-
ber port which will be aggregated as logical port are configured.

If the integrated port by configuring from port trunk is in other VLAN which is different
from VLAN where existing member port is originally belong to, it should be moved to
VLAN where the existing member port is belong to. However, the integrated port con-
figured by LACP is automatically added to appropriate VLAN.

The integrated port from LACP could support up to 14 so that it is possible to input Ag-
gregator-number from “0” to “13”.

Group-id of port trunk and Aggregator-number of LACP cannot be configured repeat-

edly.

The following explains how to configure LACP.

• Enabling LACP
• Configuring packet route
• Configuring member port
• Configuring operation mode of member port
• Configuring the priority of the switch
• Deciding if LACP of member port is aggregated
• Configuring the cycle of BPDU transmission
• Configuring Key value of member port
• Configuring port priority
• Showing LACP configuration

DDJ:A-M-5212B0-01 277
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.2.2.1. Enabling LACP

To configure LACP function in SURPASS hiD 6615, fist enable LACP function.

In order to LACP, use the following command in Bridge configuration mode.

Command Mode Function

lacp aggregator aggregator- Enable LACP of designated Aggregator-number.

Bridge
number Valid aggregator-number is from 0 to 13.

On the other hand, in order to release LACP and delete the configuration of LACP, use
the following command.

Command Mode Function

no lacp aggregator aggregator-

Bridge Release LACP for designated Aggregator-number.
number

8.2.2.2. Configuring Packet Route

When packets enter to logical port integrating several ports, if there’s no process to de-
cide packet route, it is possible not to use logical port effectively from focusing packets
on a particular member port.

Therefore SURPASS hiD 6615 is configured to decide the way of packet route in order
to divide on member port effectively when packets enter. It is decided with Source IP
address, Destination IP address, Source MAC address, Destination Mac address and
the user could get information of packets to decided packet route. dstip is Destination
IP address and dstmac means Destination MAC address .srcdstip means Destination
IP address and srcdstmac means Source Destination MAC address. srcip is Source IP
address and srcmac is Source MAC address.

In SURPASS hiD 6615, Source Destination MAC address is basically used to decide
packet route.

278 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

After configuring aggregator, you should configure packets transmitting aggregator port.
The following is the command of configuring packets transmitting aggregator port.

Command Mode Function

lacp aggregator distmode aggregator- Defines packets tranmitted by way of ag-

number {dstipㅣdstmacㅣsrcdstipㅣ Bridge gregator which is a logical aggregated

srcdstmacㅣsrcipㅣsrcmac } port.

8.2.2.3. Configuring Member Port

After the configuration for Aggregator, configure the physical port that is a member of
aggregated port. In order to configure member port of aggregated port, use the follow-
ing command in Bridge mode.

Command Mode Function

Configure physical port that is member

lacp port port-number Bridge
port of Aggregator.

It is possible to configure plural port-number using “,” or “-“.

In order to release member port, use the following command.

Command Mode Function

no lacp port port-number Bridge Release member port of Aggregator.

8.2.2.4. Configuring Operating Mode of Member Port

After configuring member port, configure the mode of member port. There are two
kinds of mode of “Active Mode ” and “Passive mode ” in member port. The port of
Passive mode starts LACP when there’s Active mode on the port of opposite switch.
The priority of Active mode is higher that that of Passive mode so that the port of Pas-
sive mode follows the port of Active mode.

If each member ports of the connected switch is configured as“ active mode” and “pas-
sive mode”, “active mode” is the standard. If both switches are configured as “passive
mode”, Link for member ports of two switches is not realized.

DDJ:A-M-5212B0-01 279
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In order to configure the mode of member port, use the following command in Bridge
mode.

Command Mode Function

lacp port activity port-number {active

Bridge Configure the mode of member port.
ㅣpassive}

The operating mode of member port is basically configured as “active mode”.

In order to release the operating mode of configured member port, use the following
command.

Command Mode Function

Release operation mode of configured mem-

no lacp port activity port-number Bridge
ber port.

After releasing operating mode of configured member port, the basic configuration re-
turns to default.

8.2.2.5. Configuring the priority of the switch

In case the member ports of connected switches are configured as Active mode, it is
required to configure which switch would be a standard for it. For this case, the user
could configure the priority on switch.. The following is the command of configuring the
priority of the switch in LACP function.

Command Mode Function

lacp system priority <1-65535> Bridge Sets the priority of the switch in LACP function.

In SURPASS hiD 6615, the priority of the system is basically configured as

“32768(=0x8000)”.

If each member ports of the connected switch is configured as“ active mode” and
“passive mode”, “active mode” is the standard. If all of them is configured as “active
mode”, the switch having higher priority would be the standard.

280 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to release the priority of configured switch, use the following command.

Command Mode Function

no lacp system priority Bridge Clears the priority of the configured switch.

After clearing operating mode of configured member port, the basic configuration re-
turns to default.

8.2.2.6. Deciding if LACP of member port is aggregated

The port configured as member port is basically configured to aggregated to LACP.

However, even though the configuration as member port is not released, they could
operate as independent port without being aggregated to LACP. These independent
ports cannot be configured as trunk port because they are independent from being ag-
gregated to LACP under the condition of being configured as member port. In order to
configure for member port to aggregated to LACP, use the following command.

Command Mode Function

lacp port aggregation port-number Designate whether a member port is included in

Bridge
{ aggregatableㅣindividual } LACP or not

In SURPASS hiD 6615, the member port is basically configured to aggregated to LACP.

In order to clear aggregated to LACP of configured member port, use the following
command.

Command Mode Function

no lacp port aggregation port-number Bridge Clears the configured member in LACP.

If you clear the user-configuration of aggregating to LACP, it returns to default configura-

tion.

DDJ:A-M-5212B0-01 281
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.2.2.7. Configuring BPDU Transmission Rate

Member port transmits BPDU with it’s information. In SURPASS hiD 6615, it is possible
to configure the BPDU transmission rate, use the following command.

Command Mode Function

lacp port timeout port-number { longㅣ

Bridge Configure BPDU transmission rate.
short}

In SURPASS hiD 6615, BPDU transmission rate of member port is basically configured as
“long”.

The transmission rate of “long” is 30 sec and that of “short” is 1 sec.

In order to clear BPDU transmission rate, use the following command.

Command Mode Function

no lacp port timeout port-number Bridge Clears BPDU transmission rate of configured

member port.

8.2.2.8. Configuring Key of Member Port

Member port of LACP has key value. All member ports in one aggregator have same
key values. In order to make an aggregator consisted of specified member ports, con-
figure different key value with key value of another port.

Command Mode Function

lacp port admin-key port-number <1-15> Bridge Configure Key value of member port.

In hiD 6615, key value of all ports are basically configured as “1”.

For example, switch A and switch B are linked with switch C in the below picture. Two
aggregators are configured in switch A and ports 7 ~ 10 are configured as member port.
One aggregator is configured in switch B and ports 7 ~ 8 are configured as member
port. And one aggregator is configured as switch C and port 9 ~ 10 are configured as
member port. After these configurations, ports 7~8 of switch A and B are linked with
ports 9~10 of switch A and C, then switch A is linked with switch B and C through ag-
gregators.

282 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Aggregators of switch A and C

are linked through port 9, 10
Internet
SWITCH C SWITCH A

Aggregators of switch A and C

are linked through port 7, 8

SWITCH B

Fig. 8-9 Example of LACP Construction ①

Meanwhile, switch A is linked with switch B in the below picture. Two aggregators are
configured in both switch A and B, ports 7~10 are configured as member port. With this
configuration, if ports 7~10 are connected through cable, one aggregator including the
ports is made. However, if key values of ports 7~10 are differently configured, two ag-
gregators are made.

SWITCH A
Internet

Aggregators of switch A Aggregators of switch A

and B are linked and B are linked through
through port 7, 8 port 9,10

SWITCH B

Fig. 8-10 Example of LACP Construction ②

DDJ:A-M-5212B0-01 283
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In order to delete key value of configured member port, use the following command.

Command Mode Function

no lacp port admin-key port-number Bridge Delete key value of member port.

If you delete Key value of configured member port, it returns to default configuration.

8.2.2.9. Configuring Port Priority

One aggregator can include maximum eight ports. When there are ten ports configured,
higher priories are selected. However, user can configure the priority when user wants
specific port to configure as member port regardless of its priority. In order to configure
priority of LACP member port, use the following command.

Command Mode Function

lacp port priority port-number <1-

Bridge Sets the LACP priority of member port.
65535>

In SURPASS hiD 6615, the LACP priority of a member port is basically configured.
“32768(=0x8000)”.

In order to clear port priority of configured member port, use the following command.

Command Mode Function

no lacp port priority port-number Bridge Clears port priority of member port.

After releasing the priority of configuring member port, it returns to default configuration.

8.2.2.10. Checking LACP Statistics

To check LACP statistic, use the following command.

Command Mode Function

show lacp statistic Global/ Checks LACP statistic.

clear lacp statistic Bridge Clears LACP statistic information.

284 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.2.2.11. Showing LACP Configuration

In SURPASS hiD 6615, the user can show LACP configuration.

In order to show LACP configuration, use the following command.

Command Mode Function

show lacp aggregator Shows the information of aggregated port.

show lacp aggregator aggregator- Shows the information of appropriate aggre-

Enable
number gated port.
/Global
show lacp port Shows the information of member port.
/Bridge
Shows the information of appropriated
show lacp port port-number
member port.

8.2.3. Sample Configuration

[Sample Configuration 1] Configuring LACP

The following is an example of configuring Aggregator 0 in SWITCH A and SWITCH B

and port number 2, 3 as the member port. Here, in order to configure SWITCH A as a
reference, configure operating mode of member port for SWITCH B as “Passive mode”.
If there’s no configuration on it, the reference is automatically displayed.

SWITCH A

SWITCH B

DDJ:A-M-5212B0-01 285
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

< Configuration in SWITCH A>

SWITCH_A(bridge)# lacp aggregator 0

SWITCH_A(bridge)# lacp aggregator distmode 0 srcdstmac
SWITCH_A(bridge)# lacp port 1-3
SWITCH_A(bridge)# show lacp aggregator
AGGR ACTOR SYSTEM PARTNER SYSTEM MEMBER
---- ------------- -------------- ------ It is showed when Link is
0 8000.000000-000000 0000.000000-000000 2(o)-3(o) formed between the mem-
ber ports.
SWITCH_A(bridge)# show lacp port
PORT AGGR (A) KEY (P) PORT (P) KEY (A)-(P) ACTIVITY
---- ---- ------- -------- ------- ----------------
01 - 1000 000000-000000(P 1) 1000 ACTIVE - PASSIVE
02 - 1000 000000-000000(P 2) 1000 ACTIVE - PASSIVE
03 - 1000 000000-000000(P 3) 1000 ACTIVE - PASSIVE

SWITCH_A(bridge)#

< Configuration in SWITCH B>

SWITCH_B(bridge)# lacp aggregator 0

SWITCH_B(bridge)# lacp aggregator distmode 0 srcdstmac
SWITCH_B(bridge)# lacp port 1-3
SWITCH_B(bridge)# lacp port activity 1-3 passive
SWITCH_A(bridge)# show lacp aggregator
AGGR ACTOR SYSTEM PARTNER SYSTEM MEMBER
---- ------------- -------------- ------
0 8000.000000-000000 0000.000000-000000 2(o)-3(o)
It is showed when Link is
formed between the
member ports.
SWITCH_A(bridge)# show lacp port
PORT AGGR (A) KEY (P) PORT (P) KEY (A)-(P) ACTIVITY
---- ---- ------- -------- ------- ----------------
01 - 1000 000000-000000(P 1) 1000 PASSIVE - ACTIVE
02 - 1000 000000-000000(P 2) 1000 PASSIVE - ACTIVE
03 - 1000 000000-000000(P 3) 1000 PASSIVE - ACTIVE

SWITCH_A(bridge)#

“AGGR” shows ID of Aggregator by using the “show lacp port” command. It is different
from Aggregator-number.

286 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[Sample Configuration 4] Configuring Admin-key

SWITCH A
Internet

The intergtated ports of The intergtated ports of

SWITCH A and SWITCH A and
SWITCH B are con- SWITCH B are con-
nected through port nected through port
number 7,8. number 9,10.
SWITCH B

The following example is configuring two intergrate ports and 7-10 port as member port
in SWITCH A and SWITCH B without changing Key value.

SWITCH_A(bridge)# lacp aggregator 0

SWITCH_A(bridge)# lacp aggregator 1
SWITCH_A(bridge)# lacp aggregator distmode 0 srcdstmac
SWITCH_A(bridge)# lacp port 7-10
SWITCH_A(bridge)# show lacp aggregator

AGGR PRIORITY PARTNER MEMBER

---- ------------------- ------------ ------
0 0x8000.00D0CB0A01B3 00D0CB0AA790 eth07(o)-eth08(o)-eth09(o)-
eth10(o)
1 0x8000.000000000000

SWITCH_A(bridge)#

SWITCH_B(bridge)# lacp aggregator 0

SWITCH_B(bridge)# lacp aggregator 1
SWITCH_B(bridge)# lacp aggregator distmode 0 srcdstmac
SWITCH_B(bridge)# lacp port 7-10

SWITCH_B(bridge)# lacp port activity 7-10 passive

SWITCH_A(bridge)# show lacp aggregator
SWITCH_B(bridge)# show lacp aggregator

DDJ:A-M-5212B0-01 287
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

AGGR PRIORITY PARTNER MEMBER

---- ------------------- ------------ ------
0 0x8000.00D0CB0A01B3 00D0CB0AA790 eth07(o)-eth08(o)-eth09(o)-
eth10(o)
1 0x8000.000000000000

SWITCH_B(bridge)#

The above configiuration shows 4 integrated ports are integrated to a port. However,
you can make 2 integrated ports by configuring key value of port 7,8 and 9,10 in
SWITCH A and SWITCH B.

SWITCH_A(bridge)# lacp port admin-key 9-10 2

SWITCH_A(bridge)# show lacp aggregator

AGGR PRIORITY PARTNER MEMBER

---- ------------------- ------------ ------
0 0x8000.00D0CB0A01B3 00D0CB0AA790 eth07(o)-eth08(o)
1 0x8000.000000000000 00D0CB0AA790 eth09(o)-eth10(o)

SWITCH_A(bridge)#

SWITCH_B(bridge)# lacp port admin-key 9-10 2

SWITCH_B(bridge)# show lacp aggregator

AGGR PRIORITY PARTNER MEMBER

---- ------------------- ------------ ------
0 0x8000.00D0CB0A01B3 00D0CB0AA46C eth07(o)-eth08(o)
1 0x8000.000000000000 00D0CB0AA46C eth09(o)-eth10(o)

SWITCH_B(bridge)#

288 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.3. Configuring STP

LAN, which is composed of double-path like token ring, has the advantage that it is
possible to access in case of disconnection with one path. However there is another
problem named Loop when you always use the double-path. Loop is; when there are
more than two paths between switches as below figure(SWITCH A,B), PC A sends
packet through broadcast or multicast and then the packet keeps rotating. It causes su-
perfluous data-transmission and network fault.

SWITCH A SWITCH B

PC A PC B

Fig. 8-11 Example of Loop

STP(Spanning-Tree Protocol) is the function to prevent Loop in LAN with more than two
paths and to utilize the double-path efficiently. It is specified in IEEE 802.1d. When STP
is configured, there is no Loop since it chooses more effective path of them and closes
the other path. In other words, when SWITCH C in the below figure sends packet to
SWITCH C, path 1 is chosen and path 2 is closed.

SWITCH A

SWITCH B SWITCH E

Path 1

Path 2 SWITCH D
SWITCH C

Fig. 8-12 Example of the running STP

Meanwhile, RSTP(Rapid Spanning-Tree Protocol) defined in IEEE 802.1w innovate re-

duces the time of network convergence on STP. Due to same vocabularies and con-
figuration parameter used in 802.1d, it is easy and fast to configure new protocol.

DDJ:A-M-5212B0-01 289
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Also, 802.1w includes 802.1d inside, so it can provide comparability with 802.1d. For
more detail description of STP and RSTP, refer to the following.

• STP operation
• RSTP operation
• Configuring STP/RSTP/MSTP/PVSTP/PVRSTP mode
• Configuring STP/RSTP/MSTP
• Configuring PVSTP/PVRSTP
• Configuring Root Guard
• BPDU(Bridge Protocol Data Unit) configuration

8.3.1. STP Operation

The 802.1d STP defines port state as Blocking, Listening, Learning, and Forwarding.
When STP is configured in LAN with double-path, switches exchange their information
including Bridge ID.

It is named as BPDU(Bridge Protocol Data Unit). Switches decide port state based on
exchanged BDPU and automatically decide optimized path to communicate with Root
switch as standard of Spanning-Tree.

◆ Root Switch

The critical information to decide Root switch is Bridge ID. Bridge ID is composed of 2
bytes-Priority and 6 Bytes-MAC address. The Root switch is decided with the lowest
Bridge ID.

SWITCH A
Priority : 8
ROOT

SWITCH B SWITCH C
Priority : 9 Priority : 10

SWITCH D
Fig. 8-13 Root Switch

290 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

For example, suppose there are three linked switches as below picture. After configur-
ing STP, switches exchange their information. The Priority of SWITCH A is 8, the Prior-
ity of SWITCH B is 9 and the Priority of SWITCH C is 10. In this case, SWITCH A is
automatically configured as Root switch.

◆ Designated Switch

After deciding Root switch, when SWTCH A transmits packet to SWITCH C, SWITCH A
compares exchanged BDPU to decide path. The critical information to decide path is
path-cost. Path-cost depends on transmit rate of LAN interface and path with lower
path-cost is selected.

The standard to decide designated switch is total Root path-cost which is added with
path-cost to Root. Path-cost depends on transmit rate of switch LAN interface and
switch with lower path-cost is selected to be designated switch.

SWITCH A
Priority : 8
ROOT

Path-cost 50 Path-cost 100

Designated
SWITCH

SWITCH B SWITCH C
Priority : 9 Priority : 10

Path-cost 100 Path-cost 100

SWITCH D

: Path 1

: Path2
(PATH 1=50+100=150, PATH 2=100+100=200, PATH 1＜ PATH 2, ∴ PATH 1 selected)

Fig. 8-14 Deciding Designated Switch

In case of the above picture showing SWITCH C sends packet, path-cost of PATH 1 is
150 and path- cost of PATH 2 is total 200(100 + 100 ; path-cost of SWITCH C to B +
path-cost of SWITCH B to C). Therefore lower path-cost, PATH 1 is chosen. In this
case, port connected to Root switch is named Root port. In the above picture, port of
SWITCH C connected to SWITCH A as Root switch is Root port. There can be only one
Root port in one equipment.

DDJ:A-M-5212B0-01 291
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The standard to decide designated switch is total Root path-cost which is added with path-
cost to Root. switch with lower path-cost is selected to be designated switch. When Root
path-costs are same, bridge ID is compared.

◆ Designated Port and Root Port

Also, selected switch for communication in a segment is named Designated switch. In

the below picture, suppose that packet is transmitted from Root switch to SWITCH D.
SWITCH B and SWITCH C can be selected.

However, since Loop is created transmitting packet to SWITCH D, one of two must be
selected by comparing information of BDPU. As a result, if PATH 1 is selected, Des-
ignated switch against segment transmitted to SWITCH D is SWITCH B.

Except Root port in each switch, selected port to communicate is Designated port. The
other ports, except Root port and Designated port, are named Blocked port.

SWITCH A

ROOT
Designated▶
Port

SWITCH B
◀ Root Port
Designated
SWITCH
Designated ▶ SWITCH C
Port
PATH 1 PATH 2

SWITCH D

Fig. 8-15 Designated Switch and Designated Port

◆ Port-priority

Meanwhile, when path-costs of two paths are same, port-priority is compared. As the
below picture, suppose that two switches are connected.

Since the path-costs of two paths are 100, same, their port-priorities are compared and
port with smaller port-priority is selected to transmit packet.

292 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

- Path-cost 100
- Port priority 7
ROOT - Port 1
PATH 1

PATH 2
- Port 2
- Port priority 8
- Path-cost 100

( path-cost of PATH 1 = path-cost of PATH 2 = 100 ∴ unable to compare

PATH 1 port priority = 7, PATH 2 port priority = 8, PATH 1＜ PATH 2, ∴ PATH 1 is chosen )

Fig. 8-16 Example of Using Port priority

All these functions are automatically performed by BDPU, which is the information of
switch. It is also possible to configure BDPU to change Root switch or path manually.
Refer to ‘8.4.4 Configuring BPDU (Bridge Protocol Data Unit) Transmission’.

8.3.2. RSTP Operation

When SRP or RSTP is configured on network where Loop can be created, result of the
last Previlegedology is same. However, RSTP is more rapidly progressed than STP at
the stage of reaching to the last Previlegedology. This section describes how the RSTP
more improved than STP works. It contains the below sections.

• Port States
• BPDU Policy
• Rapid Network Convergence
• Comparability with 802.1d

8.3.2.1. Port States

RSTP defines port states as Discarding, Learning, and Forwarding. Blocking of 802.1d
and Listening is combined into Discarding. Same as STP, Root port and Designated
port are decided by port state. But existing Blocked port is divided into Alternate port
and Backup port.

Alternate port means a port blocked by receiving BDPU of priority of high numerical
value from another equipment, and Backup port means a port blocked by receiving
BDPU of priority of high numerical value from another port of same equipment. The be-
low picture shows Alternate port and Backup port.

DDJ:A-M-5212B0-01 293
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

SWITCH A
ROOT

SWITCH B SWITCH C

Alternate ▶ Designated ▶ ◀ Backup Port

Port Port
PATH 1 PATH 2

SWITCH D

Fig. 8-17 Alternate Port and Backup Port

The difference of between Alternate port and Backup port is that Alternate port can al-
ternate path of packet when there is a problem between Root switch and SWITCH C
but Backup port cannot provide stable connection in that case.

8.3.2.2. BPDU Policy

802.1d forwards BDPU following Hello-time installed in Root switch and the other
switch except Root switch its own BDPU only when receiving BDPU from Root switch.
However, in 802.1w not only Root switch but also all the other switches forward BDPU
following Hello-time. BDPU is more frequently changed than the interval Root switch
exchanges, but with 802.1w it becomes faster to be master of the situation of changing
network.

By the way, when low BDPU is received from Root switch or Designated switch, it is
immediately accepted. For example, suppose that Root switch is disconnected to
SIWTCH B. Then, SWITCH B is considered to be Root because of the disconnection
and forwards BDPU.

However, SWITCH C recognizes Root existing, so it transmits BDPU including informa-

tion of Root to Bridge B. Thus, SWITCH B configures a port connected to SWITCH C
as new Root port.

294 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

SWITCH A

ROOT

New
ROOT PORT
▼

SWITCH B SWITCH C

BPDU including
Low BPDU Root information

Fig. 8-18 In case of Receiving Low BPDU

8.3.2.3. Rapid Network Convergence

① New link ROOT

cre-
SWITCH Ad

② Transmit
BDPU at
SWITCH B SWITCH C Listen state

③ Blocking to
prevent Loop
: BPDU Flow-
SWITCH D

Fig. 8-19 Convergence of 802.1d Network

As the above picture, suppose that there is a new link connected between SWITCH A
and Root. Root and SIWTCH A is not directly connected, but indirectly through
SSIWTCH D. After SWITCH A is newly connected to Root, packet cannot be transmit-
ted between the ports because state of two switches becomes listening, and no Loop is
created.

DDJ:A-M-5212B0-01 295
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In this state, if Root transmits BDPU to SWITCH A, SWITCH A transmits new BDPU to
SWITCH A and SWITCH C, SIWTCH C transmits new BDPU to SWITCH D. SWITCH
D, which received BDPU from SWITCH C makes port connected to SWITCH C Block-
ing state to prevent Loop after new link.

This is very an epochal way of preventing Loop, the matter is that communication is
disconnected during two times of BDPU Forward-delay till a port connected to SIWTCH
D and SWITCH C is blocked.

The below picture shows the progress of 802.1w to save the time of disconnection.
There is a new link between SWITCH A and Root.

Then, right after the connection, it is possible to transmit BDPU although packet cannot
be transmitted between SIWTCH A and Root.

ROOT
① New link
SWITCH A created

② Negotiate between
SWITCH B SWITCH A and Root
SWITCH C
(Traffic Blocking)

SWITCH D

Fig. 8-20 Network convergence of 802.1w ①

SWITCH A negotiates with Root through BDPU. To make link between SWITCH A
and Root, port state of non-edge designated port of SWITCH is changed to Blocking.
Although SWITCH A is connected to Root, Loop will not be created because SWITCH A
is blocked to SWITCH Band C. In this state, BDPU form Root is transmitted to SWITCH
B and C through SWITCH A. To configure Forwarding state of SWITCH A, SWITCH A
negotiates with SWITCH B and SWITCH A does with SWITCH C.

296 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

ROOT
③ Forwarding
SWITCH A

③ Negotiate between ③ Negotiate between

SWITCH A SWITCH A and
and SWITCH B SWITCH C
(Traffic Blocking) (Traffic Blocking)
SWITCH B SWITCH C

SWITCH D

Fig. 8-21 Network convergence of 802.1w ②

SWITCH B has only edge-designated port. Edge designated does not cause Loop, so it
is defined in 802.1w to be changed to Forwarding state. Therefore, SWITCH B does
not need to block specific port to Forwarding state of SWITCH A. However since
SWITCH C has a port connected to SWITCH D, you should make Blocking sate of the
port.

ROOT

SWITCH A

④ Forwarding state ④ Forwarding state

SWITCH B SWITCH C

④ Blocking
to make Forwarding SWITCH D
state of SWITCH A

Fig. 8-22 Network convergence of 802.1w ③

It is same with 802.1d to block the connection of SWITCH D and SWITCH C. However,
802.1w does not need any configured time to negotiate between switches to make
Forwarding state of specific port. So it is very fast progressed. During progress to For-
warding sate of port, Listening and Learning are not needed. These negotiations use
BDPU.

DDJ:A-M-5212B0-01 297
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.3.2.4. Comparability with 802.1d

RSTP internally includes STP, so it has comparability with 802.1d. Therefore, RSTP
can recognize BDPU of STP. But, STP cannot recognize BDPU of RSTP. For example,
assume that SWITCH A and SWITCH B are operated as RSTP and SWITCH A is con-
nected to SWITCH C as Designated switch. Since SWITCH C, which is 802.1d ignores
RSTP BDPU, it is interpreted that SIWTCH C is not connected to any switch or seg-
ment.

SWITCH A SWITCH B SWITCH C

(802.1w) (802.1w) (802.1d)

RSTP BPDU STP BPDU

Fig. 8-23 Comparability with 802.1d ①

However, SWITCH A converts a port received BDPU into RSTP of 802.1d because it
can read BDPU of SWITCH C. Then SWITCH C can read BDPU of SWITCH A and ac-
cepts SWITCH A as Designated switch.

SWITCH A SWITCH B SWITCH C

(802.1w) (802.1w) (802.1d)

STP BPDU

Fig. 8-24 Comparability with 802.1d ②

8.3.3. PVSTP and MSTP

In order to operate the network more effectively, SURPASS hiD 6615 uses PVSTP(Per
VLAN Spanning Tree Protocol) or MSTP(Multiple Spanning Tree Protocol). It consti-
tutes the network with VLAN subdividing existing LAN domain logically and configure
the route by VLAN or VLAN group instead of existing routing protocol.

Using PVMSTP, it is possible to minimize tree reconstruction time in case of changing

Previlegedology without establishing RSTP.

298 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.3.3.1. Operation

Here explains how STP/PVSTP/MSTP differently operates on the LAN. Suppose to

configure 100 of VLAN from Switch A to B, C.

In case of STP/RSTP, there’s only a STP on all of VLAN and it does not provide multi-
ple Instances.

SWITCH A
Root

BPDU BPDU

SWITCH B SWITCH C

Fig. 8-25 STP

While existing STP is a protocol to prevent Loop in a LAN domain and PVSTP(Per
VLAN Spanning Tree Protocol) establishes STP per VLAN in order to realize Routing
suitable to VLAN environment.

In case of PVSTP/PVRSTP, each STP could be supported for a VLAN. In this case, it is
required to calculate 100 of STP from 100 of VLAN so that there’s a defect of burden-
ing on a switch.

SWITCH A

VLAN 1-50
VLAN 1-50
VLAN 51-100
VLAN 51-100

SWITCH B SWITCH C

Fig. 8-26 PVSTP

DDJ:A-M-5212B0-01 299
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In IEEE 802.1s MSTP using RSTP for rapid convergence, it is possible to classify sev-
eral VLAN with Instance unit. Each Instance operates with different Spanning Tree Pre-
vilegedology.

It does not need to calculate all STP for several VLAN so that traffic overload could be
reduced. By reducing unnecessary overload and providing multiple transmission route
for data forwarding, it realizes load balancing and provides many VLAN through In-
stances.

SWITCH A

Instance 1 Instance 1

Instnace 2 Instance 2

SWITCH B SWITCH C

Root Instance Root Instance 2

Fig. 8-27 MSTP

8.3.3.2. MSTP

In MSTP, VLAN is classified to groups with same Configuration ID. Configuration ID is

composed of Revision name, Revision, VLAN map. Therefore in order to have same
Configuration ID, all of these tree conditions should be the same. VLAN classified with
same Configuration ID is called MST Region.
In a Region, there’s only a STP so that it is possible to reduce the number of STP com-
paring to PVSTP. There’s no limitation for Region in a network environment but it is
possible to generate Instances up to 64. Therefore Instances can be generated from 1
to 64. Spanning-Tree which operates in each Region is IST(Internal Spanning-Tree).
CST is applied by connecting each Spanning-Tree of Region. Instance 0 means that
there is not any Instance generated from grouping VLAN, that is, it does not operate as
MSTP. Therefore Instance 0 exists on all the ports of the equipments. After starting
MSTP, all the switches in CST exchanges BPDU and CST Root is decided by compar-
ing their BPDU. Here, the switches that don’t operate with MSTP have Instance 0 so
that they can also join BPUD exchanges. The operation of deciding CST Root is
CIST(Common & Internal Spanning-Tree).

300 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

CST

Legacy 802.1d

Region B(IST)
Legacy 802.1d
CST Root & IST Root

*B *C
IST Root

Instance 2 Instance 1

IST Root

Instance 2

*D Instance 1
*E

Region A(IST)

Fig. 8-28 CST and IST① of MSTP

In CST, A and B are the switches operating with STP and C, D and, E are those operat-
ing with MSTP. First, in CST, CIST is established to decide CST Root. After CST Root is
decided, the closest switches to CST Root is decided as IST Root of the Region. Here,
CST Root in IST is IST Root.

DDJ:A-M-5212B0-01 301
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

CST

Legacy 802.1d

Region C(IST) Region B(IST)

CST Root & IST

*B IST Root *C

Instance 2 Instance 1

IST Root
Instance 2

Instance 1
*D *E

Region A(IST)

Fig. 8-29 CST and IST② of MSTP

In above situation, if B operates with MSTP, B will send it’s BPDU to CST Root and IST
Root in order to request itself to be CST Root. However, if any BPDU having higher pri-
ority than that of B is sent, B cannot be CST Root.

In SURPASS hiD 6615, the commands configuring MSTP are also used to configure
STP and RSTP. The commands configuring PVST are used to configure PVRSTP.

8.3.4. Configuring STP/RSTP/MSTP/PVSTP/PVRSTP mode

In SURPASS hiD 6615, in order to configure STP, fist of all, configure Force-version in
order to decide the mode. In order to decide Force-version, use the following command.

Command Mode Function

stp force-version {stpㅣrstpㅣmstpㅣpvstp

Bridge Configure Force-version in the bridge.
ㅣpvrstp }

302 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to clear STP configuration from the switch, use the following command.

Command Mode Function

no stp force-version Bridge Clears STP configuration.

8.3.5. Configuring STP/RSTP/MSTP

8.3.5.1. Activating STP/RSTP/MSTP

In order to enable STP, RSTP, MSTP in the Force-version, use the following command
in Bridge configuration mode.

Command Mode Function

stp mst enable Bridge Enables STP, RSTP or MSTP function.

With using above commands, STP, RSTP, MSTP can be enabled by the configuration.

Even though STP function does not operated, loop event does not occur in a switch
which belongs to the non-dual path LAN environment.

In order to disable configured STP, RSTP, or MSTP, use the following command.

Command Mode Function

stp mst disable Bridge Disables STP, RSTP, or MSTP in VLAN.

8.3.5.2. Configuring Root

In order establish STP, RSTP, or MSTP function, first of all, Root switch should be de-
cided. In STP or RSTP, it is Root switch and in MSTP it is IST Root switch. Each switch
has its own Bridge ID and Root switch on same LAN is decided by comparing their
Bridge ID. However, the user can change Root switch by configuring Priority for it. The
switch having lowest priority is decided as Root switch.

DDJ:A-M-5212B0-01 303
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In order to change Root switch by configuring Priority for it, use the following command..

Command Mode Function

stp mst priority mstid_range <0-

Configures the Priority of the switch.
61440> Bridge

no stp mst priority mstid_range Clears the Priority of the switch.

You should input Instance number for mstid_range. It is from 0 to 64.

In case of configuring the priority of STP and RSTP, mstid_range is 「0」.

You should input the Priority as a multiple of 4096.

In SURPASS hiD 6615, the Priority is basically configured as 32768.

8.3.5.3. Configuring Path-cost

After deciding Root switch, you need to decide to which route you will forward the
packet. To do this, the standard is path-cost.

Generally, path-cost depends on transmission speed of LAN interface in switch. The

following table shows path-cost according to transmit rate of LAN interface.

You can use same commands to configure STP and RSTP, but their path-costs are to-
tally different. Please be careful not to make mistake.

Transmit Rate Path-cost

4M 250

10M 100

100M 19

1G 4

10G 2

Tab. 8-1 STP path-cost

304 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Transmit Rate Path-cost

4M 20,000,000

10M 2,000,000

100M 200,000

1G 20,000

10G 2,000

Tab. 8-2 RSTP path-cost

When the route decided by path-cost gets overloading, you would better take another
route. Considering these situations, it is possible to configure path-cost of Root port so
that user can configure route manually.

In order to configure path-cost, use the following command.

Command Mode Function

stp mst path-cost mstid_range port-number Configures path-cost to configure

<1-200000000> Bridge route on user’s own.

no stp mst path-cost mstid_range port-number Clears the configured path-cost.

You should input Instance number for mstid_range. It is from 0 to 64.

In case of configuring the priority of STP and RSTP, mstid_range is「0」.

8.3.5.4. Configuring Port-priority

When all conditions of two routes are same, the last standard to decide route is port-
priority. It is also possible to configure port priority so that user can configure route
manually.

In order to configure port-priority, use the following command.

Command Mode Function

stp mst port-priority mstid_range port-number

Configures port-priority.
<0-240>
Bridge
no stp mst port-priority mstid_range port-
Clears the configured port-priority.
number

DDJ:A-M-5212B0-01 305
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

You should input Instance number for mstid_range. It is from 0 to 64.

In case of configuring the priority of STP and RSTP, mstid_range is「0」.

You should input Priority as a multiple of 16.

In SURPASS hiD 6615, default Priority is 128.

8.3.5.5. Configuring Edge-port

STP edge port is a bridge port where STP does not need to be enabled, which means
loop detection does not need for the bottom switches or STP neighbor does not exist in
the bottom of the port.

In case of RSTP, STP should be enabled in edge port. If RSTP is not enabled on edge
port, packets transmitting the port would cause to exceed the convergence time. Once
a port is configured as Edge port, it is immediately changed into forwarding state.

To configure Edge port in RSTP, use the following command.

Command Mode Function

stp edge-port port-number Configures the port as Edge port.

Bridge
no stp edge-port port-number Releases the Edge port.

8.3.5.6. Configuring Point-to-point-mac

In STP, Rapid transition is guranteed by 1:1 connectivity between two stations. If they
are connected as shared edge port, both stations could receive BPDU from a station. In
this case, you cannot guarantee Rapid transition in STP. To decide the link type, use
the following command.

Command Mode Function

stp point-to-point-mac port-number

Decides the link type.
{autoㅣforce-falseㅣforce-true }
Bridge
no stp point-to-point-mac port-
Releases the configured link type.
number

306 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

With “auto” , the switch automatically decides the link type between point-to-point or
shared link type.
Full-duplex is considered as point-to-point link type and half-duplex is configured as
shared link type.

“force-false” is used for the interface which is connected by more than two bridges and
the administrator compulsorily configures the link type as shared link.

“force-false” is used for the interface which is connected by 1:1.

8.3.5.7. Configuring MST Region

If MSTP is established in SURPASS hiD 6615, decide which MST Region the switch is
going to belong to by configuring MST Configuration ID. Configuration ID contains Re-
gion name, Revision, VLAN map.
In order to set Configuration ID, use the following command.

Command Mode Function

stp mst config-id name name Designate the name for the Region.

Configure the range of VLAN that is going to

stp mst config-id map <1-64> vlan-range
Bridge be grouping as a region.

Configure the switches in the same MST

stp mst config-id revision <0-65535>
boundary as same number.

There is no limitation to configure the number of MST Region in a network environment,

but it is possible to generated up to 64 instances.

In case of configuring STP and RSTP, you don’t need to configure Configuration ID. If
it is configured, error message is displayed.

In order to delete Configuration ID, use the following command.

Command Mode Function

no stp mst config-id Delete all of the configured Configuration ID.

no stp mst config-id name Deletes the name of Region.

no stp mst config-id map <1-64> [vlan- Bridge

Deletes entire VLAN-map or part of it.
range]

no stp mst config-id revision Deletes the configured revision number.

DDJ:A-M-5212B0-01 307
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

After configuring Configuration ID in SURPASS hiD 6615, you should apply the configu-
ration to the switch. After changing or deleting the configuration, you must apply it to
the switch. If not, it does not being injected into the switch.

In order to apply the configuration to the switch after configuring Configuration ID, use
the following command.

Command Mode Function

stp mst config-id commit Bridge Committing the configuration of the Region.

After deleting the configured Configuration ID, apply it to the switch using the above com-
mand.

8.3.5.8. Showing the configuration

In order to show the configuration after configuring STP, RSTP, MSTP, use the following
command.

Command Mode Function

show stp Shows the configuration of STP/RSTP/MSTP.

show stp mst mstid_range Shows the configuration of specific Instance.

Enable
show stp mst mstid_range all [de- Shows the configuration of the specific Instance
/Global
tail] for all the ports.
/Bridge
show stp mst mstid_range port- Shows the configuration of specific Instance for

number [detail] specific port.

With 「show stp」command, it is possible to show the information for STP/ RSTP/MSTP.
How to distinguish them is to check which one is marked on the「mode」.

In case STP or RSTP is configured in SURPASS hiD 6615, you should configure
mstid_range as「0」.

308 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In case of configure MSTP in switch, use the following command to show Configuration
ID.

Command Mode Function

show stp mst config-id currnet Shows the current Configuration ID.

Enable/Bridge Shows Configuration ID that is the most re-

show stp mst config-id pending
cently configured.

For example, after the user configures Configuration ID, if you apply it to the switch with
stp mst config-di commit command, you can check Configuration ID with the show stp
mst config-id currnet command and the show stp mst config-id pending command.

However, if the user didn’t use stp mst config-di commit command in order to apply to
the switch after configuration, the configuration could be showed with show stp mst
config-id pending command and you can check the configuration with the show stp mst
config-id currnet command.

8.3.6. Configuring PVSTP/PVRSTP

8.3.6.1. Activating PVST/PVRSTP

In SURPASS hiD 6615, in order to configure PVSTP or PVRSTP, fist of all, configure
Force-version in order to decide the mode. In order to decide Force-version, use the
following command.

Command Mode Function

stp pvst enable vlan-range Bridge Activates PVSTP or PVRSTP function.

PVSTP is activated after selecting PVSTP in Force-version using the above command
and PVRSTP is activated after selecting PVRSTP using the above commands.

Vlan-range can be input with VLAN name or integral. It is possible to input integral using
「-」.

In PVSTP and PVRSTP, it is possible to configure only the current VLAN. If you input
VLAN that does not exist, error message is displayed.

DDJ:A-M-5212B0-01 309
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

For the switches in LAN where dual pathdoesn’t exist, Loop does not generate even
though STP function is not configured. In order to release configured PVSTP, PVRSTP,
use the following command.

Command Mode Function

stp pvst disable Bridge Deactivates PVSTP or PVRSTP in VLAN.

8.3.6.2. Configuring Root

In order establish STP, RSTP, or MSTP function, first of all, Root switch should be de-
cided. Each switch has its own Bridge ID and Root switch on same LAN is decided by
comparing their Bridge ID. However, the user can change Root switch by configuring
Priority for it. The switch having lowest priority is decided as Root switch.

In order to change Root switch by configuring Priority for it, use the following command..

Command Mode Function

stp pvst priority vlan_range <0-61440> Configure Priority of switch.

Bridge
no stp pvst priority vlan_range Clears priority of switch

You should input VID for vlan_range.

You should input the Priority as a multiple of 4096.

In SURPASS hiD 6615, the Priority is basically configured as 32768.

8.3.6.3. Configuring Path-cost

After deciding Root switch, you need to decide to which route you will forward the
packet. To do this, the standard is path-cost. Generally, path-cost depends on trans-
mission speed of LAN interface in switch. In case the route is overload based on Path-
cost, it is better to take another route.

By considering the situation, in SURPASS hiD 6615, the user can configure Path-cost
of Root port in order to designate the route on ones own. In order to configure Path-

310 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

cost, use the following command.

Command Mode Function

stp pvst path-cost vlan_range port-number Configures path-cost to configure route

<1-200000000> on user’s own

Bridge
no stp pvst path-cost vlan_range port-
Clears path-cost configuration
number

You should input VID for vlan_range.

8.3.6.4. Configuring Port-priority

When all conditions of two routes are same, the last standard to decide route is port-
priority. It is also possible to configure port priority so that user can configure route
manually. In order to configure port-priority, use the following command.

Command Mode Function

stp pvst port-priority vlan_range port-

Configures port-priority.
number <0-240>
Bridge
no stp pvst port-priority vlan_range port-
Disables port priority configuration
number

You should input VID for vlan_range.

You should input Priority as a multiple of 16.

In SURPASS hiD 6615, Priority is configured as 128.

8.3.7. Configuring Root-Guard

Root-Guard is a feature that protects the LAN from an undesired switch becoming root.
It will be useful when integrating two LANs and want to keep the current root switch in
one LAN or VLAN from another switch becoming root switch of the network.

The switch having the lowest Bridge ID is supposed to be Root switch in STP network.
In hiD6615 switch, user can use Root-guard function to protect the Root- switch in the
STP network.

DDJ:A-M-5212B0-01 311
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

When superior message is transmitted to the root-guard enabled port on switch, the
port will be put into a blocking state, preventing the ranger switch from becoming root
for the entire VLAN and preserving the current root, block switch.

If BPDU is not transmitted to the switch while Forward Delay time, the Blocking status
is released automatically. Any switch as well as root switch can be configured as Root-
guard . That depends on the network topology.

To configure Root-Guard, use the following command.

Command Mode Function

stp pvst root-guard vlan_range port

Configures Root Guard on PVST network
number

stp mst root-guard MSTID_range port

Configures Root Guard on MST network
number

no stp pvst root-guard vlan_range port Bridge

number
Disables Root Guard
no stp mst root-guard MSTID_range port

number

show stp Shows STP configuration

8.3.8. Configuring Restarting Protocol Migration

There are two switches which configured as STP and RSTP. Usually, in this case, STP
portocol is used between two switches. But if someone configures the STP switch to
RSTP mode, what happens? Because the RSTP switch already recevied STP protocol
packet, the two switches still can work with STP mode even though RSTP is enabled at
both.
To prevent this, hiD6615 switch provides ‘stp clear-detected-recovery’ command. If
you enable this command, the switch checks STP protocol packet once again.

To clear configured Restarting Protocol Migration, use the following command.

Command Mode Function

stp clear-detected-protocol port-

Bridge Configures restarting protocol migration function
number

This command is not saved at configuration file. This means Restarting Protocol Migra-
tion should be enabled by user not by automatically.

312 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.3.9. BPDU Configuration

BPDU is a transmission message in LAN in order to configure, maintain the configura-

tion for STP/RSTP/MSTP. Switches in which STP is installed exchange their informa-
tion BDPU to find best path. For STP, user can configure the following. MSTP BPDU is
general STP BPDU having additional MST data on it’s end. MSTP part of BPDU does
not rest when it is out of Region

◆ Hello time

Hello time decides an interval time when a switch transmits BPDU. It can be configured
from 1 to 10 seconds. The default is 2 seconds.

◆ Max Age

Root switch transmits new information every time based on information from another
switches. However, if there are many switches on network, it takes lots of time to
transmit BDPU. And if network status is changed while transmitting BDPU, this informa-
tion is useless. To get rid of useless information, Max Age is identified in each informa-
tion.

◆ Forward Delay

Switches find location of another switches connected to LAN though received BDPU
and transmit packets. Since it takes certain time to receive BDPU and find the location
before transmitting packet, switches send packet at regular interval. This interval time is
named Forward Delay.

The configuration for BPDU is applied as selected in Force-version. The same commands
are used for STP, RSTP and MSTP and the same commands are used for PVSTP and
PVRSTP.

DDJ:A-M-5212B0-01 313
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.3.9.1. Hello time

Hello time decides an interval time when a switch transmits BPDU.

In order to configure Hello Time, use the following command.

Command Mode Function

Configures Hello time to transmit the message in

stp mst hello-time <1 – 10> STP, RSTP, MSTP. The default setting of the sys-

tem is 2 seconds.
Bridge
Configures Hello time to transmit the message in
stp pvst hello-time vlan-range <1
PVST, PVRST. The default setting of the system
– 10>
is 2 seconds.

The default setting of the system is 2 seconds.

In order to clear configured hello-time, use the following command.

Command Mode Function

no stp mst hello-time Clears the time configuration that is set up to

Bridge
transmit route message.
no stp pvst hello-time vlan-range

8.3.9.2. Forward Delay

It is possible to configure Forward delay, which means time to take port status from Lis-
tening to Forwarding. In order to configure Forward delay, use the following command.

Command Mode Function

Designates Forward-delay in STP, RSTP or

stp mst forward-delay <4 – 30>
MSTP.
Bridge
stp pvst forward-delay vlan-range <4 Designates Forward-delay in PVSTP or

– 30> PVRSTP.

The default is 15 seconds.

314 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to release the configured forward-delay, use the following command.

Command Mode Function

no stp mst forward-delay

Bridge Clears the configured Forward-delay.
no stp pvst forward-delay vlan-range

8.3.9.3. Max age

Max Age shows how long path message is valid. In order to configure Max Age to de-
lete useless messages, use the following command.

Command Mode Function

Configures Max age of route message in STP,

stp mst max-age <6-40>
Bridge RSTP or MSTP.

stp pvst max-age vlan-range <6-40> Configures Max age in PVST or PVRST.

The default is 20 seconds..

It is recommended that Max Age is configured less than twice of Forward Delay and
more than twice of Hello Time.

In order to release the configured Max age, use the following command.

Command Mode Function

no stp mst max-age

Bridge Release Max age of configured route message.
no stp pvst max-age vlan-range

8.3.9.4. BPDU Hop

In MSTP, it is possible to configure the number of Hop in order to prevent BPDU from
wandering. BPDU passes the switches as the number of Hop by this function.

In order to configure the number of Hop of BPDU in MSTP, use the following command.

DDJ:A-M-5212B0-01 315
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

stp mst max-hops <1-40> Bridge Configures the number of Hop for BPDU.

In order to delete the configured number of Hop for BPDU, use the following command.

Command Mode Function

no stp mst max-hops Bridge Delete the number of Hop for BPDU in MSTP.

8.3.9.5. Configuring BPDU Filter

BPDU filtering allows you to avoid transmitting on the ports that are connected to an
end system. If the BPDU Filter feature is enabled on the port, then incoming BPDUs
will be filtered and BPDUs will not be sent out of the port. To set the BPDU filter on the
port, use the following command.

Command Mode Function

stp bpdu-filter (enable|disable) Sets the BPDU filter state on the port.
Bridge
port-number

By default, it is disabled.

Set vid value for X and vid range for X-Y.

The bpdu filter-enabled port acts as if STP is disabled on the port. This feature can be used for the
ports that are usually connected to an end system or the port that you don’t want to receive and
send unwanted BPDU packets. Be cautious about using this feature on STP enabled uplink or trunk
port.

If the port is removed from VLAN membership, then correspond BPDU filter will be automati-
cally deleted.

8.3.9.6. Configuring BPDU Guard

BPUD guard is designed to allow network designers to enforce the STP domain bor-
ders and keep the active topology predictable. The devices behind the ports with STP
edge-port enabled are not allowed to influence the STP topology. This is achieved by
disabling the port upon receipt of BPDU. This feature prevents Denial of Service (DoS)
attack on the network by permanent STP recalculation That is caused by the temporary
introduction and subsequent removal of STP devices with low bridge priority.

316 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To configure BPDU Guard in hiD6615 switch, use the following command.

Step 1.Configure the specific port as edge-port.

Command Mode Function

stp edge-port port-number Bridge Configures the port as Edge port.

Step 2 Configure BPDU Guard.

Command Mode Function

stp bpdu-guard Configures BPDU Guard funtion on switch

Bridge
no stp bpdu-guard Disables BPDU Guard function

However, BPDU Guard can be corrupted by unexpected cause. In this case, the edge
port is blocked immediately and remains at this state until user recovers it. To prevent
this problem, hiD6615 switch provides BPDU Guard auto-recovery function. When an
edge port is down for BPDU packet which came from other switch, the port is recov-
ered automatically after configured time.

To configure BPDU Guard auto-recovery, use the following command.

Command Mode Function

Configures BPDU Guard auto-recovery on

stp bpdu-guard auto-recovery
switch

stp bpdu-guard auto-recovery-time Configures BPDU Guard auto-recovery-time

<10-1000000> Bridge

no stp bpdu-guard auto-recovery

Disables BPDU Guard auto-recovery functon

no stp bpdu-guard auto-recovery-

time

User can also recover the down port by manually. To configure BPDU Guard err-
recovery, use the following command.

Command Mode Function

stp bpdu-guard err-recovery port-

Bridge Recovers down port by manually
number

DDJ:A-M-5212B0-01 317
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.3.9.7. Showing BPDU configuration

In order to show the configuration for BPDU, use the following command.

Command Mode Function

In STP, RSTP or MSTP, it is possible to check the

show stp Enable
configuration for BPDU.
/Global
show stp pvst vlan-range In PVSTP, PVRST, it is possible to check the con-
/Brdige
[all | port_number ] [detail] figuration for BPDU.

8.3.10. Self Loop detection

Although there is no double path in user’s equipment, Loop can be caused by network
environment and cable condition connected to equipment. To prevent this, SURPASS
hiD 6615 has Self Loop detection to perceive that outgoing packet is got back. Through
the Self Loop detection, you can prevent packet, which comes back because it blocks
the port. In order to enable Self Loop detection, use the following command.

Command Mode Function

self-loop-detect enable Bridge Enable Self Loop detection function.

In order to disable Self Loop detection, use the following command.

Command Mode Function

self-loop-detect disable Bridge Disables Self Loop detection.

In order to check Self Loop detection or the port where Loop occurred, use the follow-
ing command.

Command Mode Function

Shows status of Self Loop detection and a port where

show self-loop-detect
Loop is happed.
Bridge
show self-loop-detect Shows Self Loop detection status and Loop on specific

{port-numberㅣall} port or all the ports

318 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.3.11. Sample Configuration

[Sample Configuration 1] MSTP Configuration

The following is an example of configuring MSTP in the switch.

SWITCH(bridge)# stp force-version mstp

SWITCH(bridge)# stp mst enable
SWITCH(bridge)# stp mst config-id map 2 1-50
SWITCH(bridge)# stp mst config-id name 1
SWITCH(bridge)# stp mst config-id revision 1
SWITCH(bridge)# stp mst config-id commit
SWITCH(bridge)# show stp mst
Status enabled
bridge id 8000.00d0cb000183
designated root 8000.00d0cb000183
root port 0 path cost 0
max age 20.00 bridge max age 20.00
hello time 2.00 bridge hello time 2.00
forward delay 15.00 bridge forward delay 15.00
CIST regional root 8000.00d0cb000183 CIST path cost 0
max hops 20
name TEST
revision 1
instance vlans
-------------------------------------------------------------------
CIST 51-4094
2 1-50
-------------------------------------------------------------------
SWITCH(bridge)#

[Sample Configuration 2 ] PVSTP Configuration

The following is an example of configuring PVSTP when Default and br2, br3 is config-
ured as VLAN.

SWITCH(bridge)# stp force-version pvst

SWITCH(bridge)# stp pvst enable 1-3
SWITCH(bridge)# show stp
Spanning tree operation mode is PVSTP
self-loop-detect is disabled
-----------------------------------------------
bridge id (VID) status
-----------------------------------------------
8001.00d0cb000183 ( 1) enabled
8002.00d0cb000183 ( 2) enabled

DDJ:A-M-5212B0-01 319
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8003.00d0cb000183 ( 3) enabled
SWITCH(bridge)#

[ Sample Configuration 3 ] Changing Path-cost

The following is an example of changing Path-cost into 100 on the port number 1 in
PVSTP and showing the configuration.

SWITCH(bridge)# show stp pvst 1 1 detail

(Omitted)
port01
port id 8001
state forwarding role designated
designated root 8000.00d0cb036023 path cost 19
designated bridge 8001.00d0cb000183 message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 38
flags STP P2P Boundary

SWITCH(bridge)# stp pvst path-cost 1 1 100

SWITCH(bridge)# show stp pvst 1 1 detail
(Omitted )
port01
port id 8001
state forwarding role designated
designated root 8000.00d0cb036023 path cost 100
designated bridge 8001.00d0cb000183 message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 38
flags STP P2P Boundary

SWITCH(bridge)#

320 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 4 ] Changing BPDU Configuration

The following is an example of configuring mstp Hello time as 3 sec, Forward-delay as

15 sec, Max-age as 20 se in MSTP.

SWITCH(bridge)# stp mst hello-time 3

SWITCH(bridge)# stp mst forward-delay 15
SWITCH(bridge)# stp mst max-age 20
SWITCH(bridge)# show stp mst
Status disabled
bridge id 8000.00d0cb000183
designated root 0000.000000000000
root port 0 path cost 0
max age 0.00 bridge max age 30.00
hello time 0.00 bridge hello time 3.00

forward delay 0.00 bridge forward delay 15.00

CIST regional root 0000.000000000000 CIST path cost 0
max hops 20

name TEST
revision 1
instance vlans
-------------------------------------------------------------------
CIST 51-4094
2 1-50
-------------------------------------------------------------------

SWITCH(bridge)#

[ Sample Configuration 5 ] Configuring Self Loop

The following is an example of showing the configuration after enabling Self Loop De-
tection.

SWITCH(bridge)# stp self-loop-detect enable

SWITCH(bridge)# show stp self-loop-detect
self-loop-detect is enabled
SWITCH(bridge)# show stp self-loop-detect 1
self-loop-detect is enabled
-----------------------------------------------
PORT Self-Loop-Detected
-----------------------------------------------
01 no No Loop on the port number 1
SWITCH(bridge)#

DDJ:A-M-5212B0-01 321
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.4. Configuring ERP

ERP(Ethernet Ring Protection) is a protocol to prevent Loop in Metro Ethernet network.

It is a fast failure detection and recovery so that it decreases the time to prevent Loop
under 50ms by realizing ERP in hiD 6615.

ERP and STP can not be realized at once.

The description for ERP is as follows.

8.4.1. ERP Operation

Ethernet Ring Protection (ERP) is a concept and protocol optimized for fast failure de-
tection and recovery on Ethernet ring topologies. The Protection of fast failure detection
and recovery occurs on RM Node.

An Ethernet ring consists of two or more switches. One of the nodes on the ring is des-
ignated as redundancy manager (RM) and the two ring ports on the RM node are con-
figured as primary port and secondary port respectively.
The RM blocks the secondary port for all non-control traffic belong to this ERP domain.
Here, if Line failure occurs, the Nodes detecting Link Failure transmit Link Down mes-
sage and Link Failure port becomes Blocking status.
When the RM nodes receive this link-down message, it immediately declares failed
state, and opens the logically blocked protected VLANs on the secondary port. Then,
Ethernet Ring restarts the communication.

The following is ERP operation when Link Failure occurs.

③ Nodes detecting Link Failure ③ Nodes detecting Link Failure

transmit Link Down message. transmit Link Down message.

Normal Normal

Node Node
② Link failure

P
2.1.1. R
① Secondary Port of RM node is
Blocking status in Normal state.
Fig. 8-30 Ethernet ring operation in failure state

322 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Normal Node Normal Node

② Sends
Link Down Message

Normal Node P 2.1.2. R

② Sends MNode
① Secondary port of RM
Link Down Message
is changed as unblocking state.

Fig. 8-31 Ring Protection

When a Link Failure is recovered, a temporary loop may occur. To rectify this condition,
ERP sends a “link up” message to the RM. The RM will logically block the protected
VLANs on its secondary port and generate a “RM link up” packet to make sure that all
transit nodes are properly reconfigured. This completes fault restoration and the ring is
back in normal state.

② The Nodes detecting Link Failure ② The Nodes detecting Link Failure
Send Link Up message Send Link Up message

Normal Node Normal Node

① Link Failure Recover

Blocks the port
S
recovered from
Link Failure

Normal Node P 2.1.3.

Fig. 8-32 Link Failure Recovery

DDJ:A-M-5212B0-01 323
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Normal Node Normal Node

③ Unblocks the
② Sends
port recovered
RM Link Up message
from Link Failure
S

Normal Node P 2.1.4.

② Sends ① Blocks RM Node of
RM Link Up message Secondary Port

Fig. 8-33 Ring Recovery

8.4.2. LOTP

ERP recognizes the Link Failure using LOTP(Loss of Test Packet). RM Node regularly
sends RM Test Packet message. If the message is not retransmitted to RM Node
through Ethernet Ring, it means that Loop doesn’t occur. Therefore, RM Node unblocks
Secondary port. The condition that RM Test Packet from RM Node doesn’t return is
LOTP state.

On the other hand, if RM Test Packet is retransmitted to RM Note through Ethernet

Ring, Loop may occur. In this condition RM Node blocks Secondary port.

8.4.3. Configuring ERP

The following is how to configures ERP.

8.4.3.1. Configuring ERP Domain

To realize ERP, you should fist configure domain for ERP. To configure the domain, use
the following command.

Command Mode Function

erp domain domain-id Bridge Creates ERP Domain.

324 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

domain-id is Control VLAN ID of Domain and 1-4094.

To delete the configured domain, use the following command.

Command Mode Function

no erp domain {allㅣdomain-id} Bridge Deletes ERP Domain.

To add the description for configured domain, use the following command.

Command Mode Function

erp description domain-id description Bridge Configures Description for Domain.

8.4.3.2. Configuring RM Node

To configure RM Node, use the following command.

Command Mode Function

erp rmnode domain-id Bridge Configures RM Node of ERP Node Mode.

The following is to configure RM Node as Normal Node.

Command Mode Function

no erp rmnode domain-id Bridge Configures ERP Node Mode as Normal Node.

8.4.3.3. Configuring Port

To configure Primary Port and Secondary port of RM Node, use the following command.

Command Mode Function

erp port domain-id primary port-number

Bridge Configures Port of ERP Domain.
secondary port-number

Primary port and secondary port should be different.

DDJ:A-M-5212B0-01 325
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.4.3.4. Configuring Protected VLAN

To configure Protected VLAN of ERP domain, use the following command.

Command Mode Function

erp protections domain-id vid Bridge Configures Protected VLAN of ERP Domain.

The delete the configured Protected VLAN, use the following command.

Command Mode Function

no erp protections vid Bridge Deletes Protected VLAN OF ERP Domain.

8.4.3.5. Configuring Protected Activation

To configure ERP Protected Activation, use the following command.

Command Mode Function

erp activation domain-id Bridge Configures ERP Protected Activation.

To disable ERP Protected Activation, use the following command.

Command Mode Function

no erp activation domain-id Bridge Disables ERP Protected Activation.

8.4.3.6. Configuring Manual Switch to Secondary

To configure Manual Switch to Secondary, use the following command.

Command Mode Function

erp ms-s domain-id Bridge Configures ERP Manual Switch to Secondary.

To disable Manual Switch to Secondary, use the following command.

Command Mode Function

no erp ms-s domain-id Bridge Disables ERP Manual Switch to Secondary.

326 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.4.3.7. Configuring Wait-to-Restore Time

To configure Wait-to-Restore Time, use the following command.

Command Mode Function

erp wait-to-restore domain-id <1-720> Bridge Configures ERP Wait-to-Restore Time.

To return the configured Wait-to-Restore Time as Default, use the following command.

Command Mode Function

no erp wait-to-restore domain-id Bridge Configures ERP Wait-to-Restore Time as de-

fault.

8.4.3.8. Configuring Learning Disable Time

To configure ERP Learning Disable Time, use the following command.

Command Mode Function

erp learn-dis-time domain-id <0-500> Bridge Configures ERP Learning Disable Time.

To return the configured Learning Disable Time as Default, use the following command.

Command Mode Function

no erp learn-dis-time domain-id Bridge Configures ERP Learning Disable Time as

default.

8.4.3.9. Configuring Test Packet Interval

To configure ERP Test Packet Interval, use the following command.

Command Mode Function

erp test-packet-interval domain-id Configures ERP Test Packet Interval.

Bridge
<10-500>

DDJ:A-M-5212B0-01 327
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To return ERP Test Packet Interval as Default, use the following command.

Command Mode Function

no erp test-packet-interval domain-id Bridge Configures ERP Test Packet Interval as default.

8.4.3.10. Checking ERP Configuration

To check the configuration for ERP, use the following command.

Command Mode Function

show erp {allㅣdomain-id} Enable/Globa l/Bridge Shows the information for ERP.

328 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[ Sample Configuration 1 ]

The following is an example of configuring primary port number 1, secondary port num-
ber 2, VLAN 201-300 as protection VLAN in a Domain when tree switches are con-
nected.

SWITCH A SWITCH B

Port number1: Primary Port Port number 2: Secondary Port

RM Node
SWITCH C

Here, VID same as Domain ID should be configured before configuring ERP domain,
the port as Primary port and Secondary port should be configured as Tagged VLAN as
follows.

SWITCH(bridge)# show vlan

u: untagged port, t: tagged port
-------------------------------------------------------------------
| 1 2 3 4
Name( VID| FID) |123456789012345678901234567890123456789012
-------------------------------------------------------------------
default( 1| 1) |......uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
br101( 101| 101) |tt..tt....................................
br201( 201| 201) |tt..tt....................................
br202( 202| 202) |tt..tt....................................
br203( 203| 203) |tt..tt....................................
br204( 204| 204) |tt..tt....................................
br205( 205| 205) |tt..tt....................................
br206( 206| 206) |tt..tt....................................
br207( 207| 207) |tt..tt....................................
br208( 208| 208) |tt..tt....................................
br209( 209| 209) |tt..tt....................................
br210( 210| 210) |tt..tt....................................
br211( 211| 211) |tt..tt....................................
br212( 212| 212) |tt..tt....................................
br213( 213| 213) |tt..tt....................................
br214( 214| 214) |tt..tt....................................
br215( 215| 215) |tt..tt....................................
br216( 216| 216) |tt..tt....................................

SWITCH(bridge)#

DDJ:A-M-5212B0-01 329
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is to configure on each switch.

< SWITCH A>

SWITCH_A(bridge)# erp domain 101

SWITCH_A(bridge)# erp protections 101 201-300
SWITCH_A(bridge)# erp port 101 primary 1 secondary 2
SWITCH_A(bridge)# erp activation 101
SWITCH_A(bridge)# show running-config
!
hostname SWITCH_A
!
exec-timeout 0 0
!
syslog start
syslog output info local volatile
syslog output info local non-volatile
syslog output info console
!
bridge
vlan create 101,201-300
!
vlan add default 7-42 untagged
vlan add br101 1-2,5-6 tagged
vlan add 201-300 1-2,5-6 tagged
!
vlan pvid 1-42 1
!
erp domain 101
erp protections 101 201-300
erp port 101 primary 1 secondary 2
erp activation 101
!
interface noshutdown lo
!
end
SWITCH_A(bridge)# show erp
-------------------------------------------------------------------
Domainid Primary Port Secondary Port Protected Vlans
-------------------------------------------------------------------
101 (O) 1:Forwarding 2:Forwarding 201-300
SWITCH_A(bridge)#

330 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

< SWITCH B>

SWITCH_B(bridge)# erp domain 101

SWITCH_B(bridge)# erp protections 101 201-300
SWITCH_B(bridge)# erp port 101 primary 1 secondary 2
SWITCH_B(bridge)# erp activation 101
SWITCH_B(bridge)# show running-config
!
hostname SWITCH_B
!
exec-timeout 0 0
!
syslog start
syslog output info local volatile
syslog output info local non-volatile
syslog output info console
!
bridge
vlan create 101,201-300
!
vlan add default 7-42 untagged
vlan add br101 1-2,5-6 tagged
vlan add 201-300 1-2,5-6 tagged
!
vlan pvid 1-42 1
!
erp domain 101
erp protections 101 201-300
erp port 101 primary 1 secondary 2
erp activation 101
!
interface noshutdown lo
!
end
SWITCH_B(bridge)# show erp
-------------------------------------------------------------------
Domainid Primary Port Secondary Port Protected Vlans
-------------------------------------------------------------------
101 (O) 1:Forwarding 2:Forwarding 201-300
SWITCH_B(bridge)# show erp all
Domainid: 101 DomainName: erp_domain0101
Description:
Protected Vlans: 201-300
-----------------------------------------------------------------------------
Primary Port: 1 Secondary Port: 2 Domain Activated: Yes
Wait-to-Restore: 1(s) Test Packet: 10(ms) Learning Disable: 50(ms)
Bridge Role: Normal Node Operate Request: Clear Multiple RM: No
Erp State: Idle LOTP(Multiple Fail) State: No
-----------------------------------------------------------------------------

SWITCH_B(bridge)#

DDJ:A-M-5212B0-01 331
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

< SWITCH C >

SWITCH_C(bridge)# erp domain 101

SWITCH_C(bridge)# erp protections 101 201-300
SWITCH_C(bridge)# erp port 101 primary 1 secondary 2
SWITCH_C(bridge)# erp rm-node 101
SWITCH_C(bridge)# erp activation 101
SWITCH_C(bridge)# show running-config
(Omitted)
!
hostname SWITCH_C
(Omitted)
!
bridge
vlan create 101,201-300
!
vlan add default 7-42 untagged
vlan add br101 1-2,5-6 tagged
vlan add 201-300 1-2,5-6 tagged
!
vlan pvid 1-42 1
!
erp domain 101
erp protections 101 201-300
erp port 101 primary 1 secondary 2
erp activation 101
erp rmnode 101
!
interface noshutdown lo
!
end
SWITCH_C(bridge)# show erp
-------------------------------------------------------------------
Domainid Primary Port Secondary Port Protected Vlans
-------------------------------------------------------------------
101 (O) 1:Forwarding 2:Blocking 201-300
SWITCH_C(bridge)# show erp all
Domainid: 101 DomainName: erp_domain0101
Description:
Protected Vlans: 201-300
-----------------------------------------------------------------------------
Primary Port: 1 Secondary Port: 2 Domain Activated: Yes
Wait-to-Restore: 1(s) Test Packet: 10(ms) Learning Disable: 50(ms)
Bridge Role: RM Node Operate Request: Clear Multiple RM: No
Erp State: Idle RM LOTP(Multiple Fail) State: No
-----------------------------------------------------------------------------

SWITCH_C(bridge)#

332 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.5. Stacking

It is possible to manage several switches with one IP address by using stacking. If

there’s a limitation for using IP addresses and there are too many switches which you
must manage, you can manage a number of switches with a IP using this stacking
function.

It is named One IP Management because you can easily manage various switches and
subscribers connected to the switch with this stacking function. SURPASS hiD 6615
provides the function.

It is possible to configure stacking function for switches from 2 to 16.

The following is an example of the network where stacking is configured.

SWITCH
Internet

SWITCH A
(Master switch) SWITCH SWITCH

SWITCH B
(Slave switch)
Manage with the same IP

SWITCH C
(Slave switch)

Fig. 8-34 The example of configuring stacking

A switch, which is supposed to manage the other switches in stacking is named as

Master switch and the other switches managed by Master switch are named as Slave
switch. Regardless of installed place or connection state, Master switch can check and
manage all Slave switches.

The below steps are provided to configure stacking.

DDJ:A-M-5212B0-01 333
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.5.1. Configuring switch group

You shold configure all the switches configured with stacking function to be in the same
VLAN. In order to configure the switches as a switch group which belongs in the same
VLAN, use the following command.

Command Mode Function

stack device bridge-name Global Configure all swithes configured with stakcing

function as a same switch group.

For manging the stacking function, the port connecting Master switch and Slave switch
must be in the same VLAN.

8.5.2. Designating Master switch

Designate Mater switch using the following command.

Command Mode Function

stack master Global Configure Master switch.

8.5.3. Designating Slave Switch

After designating Master switch, register Slave switch for Master switch.

In order to register Slave switch or delete the registered Slave switch, use the following
command.

Command Mode Function

stack add mac-address [description] Register Slave switch.

Global
stack del mac-address Delets Slave switch.

To make stacking operate well, it is required to enable the interface of Slave switch.

The switches in different VLAN cannot be added to the same switch group.

You shold register Slave switch registered in Master switch as Slave switch. In order to

334 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

designate Slave switch, use the following command.

Command Mode Function

stack slave Global Designate as Slave switch.

8.5.4. Relesing Stakcing

In order to release stakcing, use the following command.

Command Mode Function

no stack Global Releasing Stacking.

8.5.5. Showing Stacking Configuration

In order to show the configuration for stakcing, use the following command.

Command Mode Function

show stack Enable/Global/Bridge Show the configuration for stakcing.

8.5.6. Accessing to Slave switch from Master switch

After configuring all stakcing configuration, it is possible to configure and mange by ac-
cessing to Slave switch from Master switch.

In order to access to Slave switch from Mater switch, use the following command in
Bridge configuration mode.

Command Mode Function

rcommand node-number Enable Access to slave switch.

node-number means “node ID” from configuring stacking in Slave switch. If you input
the above command in Mater switch, Telnet connected to Slave switch is displayed and
it is possible to configure Slave switch using DSH command. If you use “exit” command
in Telnet, the connection to Slave switch is down.

8.5.7. Sample Configuration

DDJ:A-M-5212B0-01 335
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[ Sample Configuration 1 ] Configuring stacking

The following is a stacking configuration by designating SWITCH A as a master and

SWITCH B as a slave.

SWITCH A
(Master switch)

SWITCH B Manage switches

(Slave switch) using an IP.

Step 1 Assign IP address in Interface configuration mode of Switch and enable inteface
using “no shutdown” command. In order to enter into Interface configuration mode, you
should enter into Interface configuration mode of VLAN to register as a switch group for
stacking.

The following is an example of configuring Interface of switch group as 1.

SWITCH_A# configure terminal

SWITCH_A(config)# interface 1
SWITCH_A(Interface)# ip address 192.168.10.1/16
SWITCH_A(Interface)# no shutdown
SWITCH_A(Interface)#

If there are several switches, rest of them are managed by IP address of Master switch.
Therefore you don’t need to configure IP address in Slave switch.

Step 2 Configure Switch A as Master switch. Configure VLAN to belong in the same
switch group and after registering Slave switch, configure it as a Master switch.

<Switch A – Master Switch>

SWITCH_A(config)# stack master

SWITCH_A(config)# stack device default
SWITCH_A(config)# stack add 00:d0:cb:22:00:11

336 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Step 3 Configure VLAN in order to belong to the same switch group in Switch B regis-
tered in Master switch as Slave switch and configure as a Slave switch.

<Switch B – Slave Switch>

SWITCH_B(config)# stack slave

SWITCH_B(config)# stack device default

Step 4 Show the configuration. The information you can check in Master switch and
Slave switch is different as belows.

<Switch A – Master Switch>

SWITCH_A(config)# show stack

device : default
node ID : 1
node MAC address status type name port
1 00:d0:cb:0a:00:aa active SURPASS hiD 6615 SWITCH_A 24
2 00:d0:cb:22:00:11 active SURPASS hiD 6615 SWITCH_B 24
SWITCH_A(config)#

<Switch B – Slave Switch>

SWITCH_B(config)# show stack

device : default
node ID : 2
SWITCH_B(config)#

[ Sample Configuration 2 ] Accessing from Master switch to Slave switch

The following is an example of accessing to Slave switch from Master switch config-
ured in [ Sample Configuration 1 ].. If you show the configuration of Slave switch in
[ Sample Configuration 1 ], you recognizes node-number is 2.

SWITCH(bridge)# rcommand 2
Trying 127.1.0.1(23)...
Connected to 127.1.0.1.
Escape character is '^]'.
SWITCH login: root
Password: vertex25

SWITCH#

DDJ:A-M-5212B0-01 337
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In order disconnect, input as belows.

SWITCH# exit
Connection closed by foreign host.
SWITCH(bridge)#

8.6. Rate Limit

User can customize port bandwidth according to user’s environment. Through this con-
figuration, you can prevent a certain port to monopolize whole bandwidth so that all
ports can use bandwidth equally. egress and ingress can be configured both to be
same and to be different.

8.6.1. Configuring Rate Limit

In order to set port bandwidth, use the following command.

Command Mode Function

Sets port bandwidth. If you input egress or ingress,

rate port-number rate [egressㅣ
you can configure outgoing packet or incoming
ingress] packet. The unit is 64 Kbps.

Bridge Clears rate configuration of a specific port

no rate port-number

no rate port-number [egressㅣ Clrears rate configuration of a specific port by trans-

mitting direction.
ingress]

Unless you input neither egress nor ingress, they are configured to be same. To switch,
egress is incoming packet. So, it is upload to PC user. On the otherhand, when the
packets over the configured bandwidth enter, Rate limit has been drop the packets un-
conditionally.

In order to check the configured bandwidth, use the following command.

Command Mode Function

show rate Enable/Global/Bridge Shows the configured bandwidth.

8.6.2. Sample Configuration

[ Sample Configuration 1 ] Configuring Rate Limit

338 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The following is an example of the configuration after setting the bandwidth of port
number 1 as 64Mbps and the bandwidth of port number 2 as 52Mbps.

SWTICH(bridge)# rate 1 64
SWTICH(bridge)# rate 2 52
SWTICH(bridge)# show rate
----------------------------------------------------------------
Port Ingress Egress | Port Ingress Egress
--------------------------------+-------------------------------
1 64( 64.000) 64( 64.000) | 2 52( 52.000) 52( 52.000)
3 N/A N/A | 4 N/A N/A
5 N/A N/A | 6 N/A N/A
(Omitted)
SWTICH(bridge)#

8.7. Flood-Guard

Flood-guard limits number of packets, how many packets can be transmitted, in config-
ured bandwidth, whereas Rate limit described in 「 8.6 Configuring Rate Limit 」
controls packets through configuring width of bandwidth, which packets pass through.
This function prevents receiving packets more than configured amount without enlarg-
ing bandwidth.

<Rate Limit> <Flood Guard>

SURPASS hiD 6615 SURPASS hiD 6615

Configure Configure Flood-guard

Rate Limit in port to allow packets as
many as ‘n’ per a sec-
ond

3
Control . ‘n’ packets
bandwidth .
. allowed for
.
a second
n

n+1 Packets over n

Bandwidth thrown away
n+2

Fig. 8-35 Rate Limit and Flood Guard

DDJ:A-M-5212B0-01 339
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.7.1. Configuring Flood-Guard

In order to limit the number of packets which can be transmitted in a second, use the
following command.

Command Mode Function

mac-flood-guard port-number <1- Limits the number of packets which can be

Bridge
2000000> transmitted to the port for 1 second.

In order to clear the configured Flood Guard, use the following command.

Command Mode Function

no mac-flood-guard port-number Bridge Clears the configured Flood Guard.

In order to check the configuration of Flood Guard, use the following command.

Command Mode Function

show mac-flood-guard Enable/Global/Bridge Shows the configured Flood Guard.

[mac-address]

8.7.2. Sample Configuration

【 Sampel Configuration 1 】Configuring Flood-Guard

The following is an example of showing the configuration after limiting the number of
packets transmitted to the port number 1 as 10,000.

SWITCH(bridge)# mac-flood-guard 1 10000

340 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

13 Unlimited | 14 Unlimited
15 Unlimited | 16 Unlimited
17 Unlimited | 18 Unlimited
(Omitted)
SWITCH(bridge)#

8.8. IP IGMP(Internet Group Management Protocol)

The Multicast packet is transmitted to a part of group request the Multicast packet.
IGMP(Internet Group Management Protocol) is the internet protocol that helps to inform
Multicast groups to Multicast router. In the Multicast Network, Multicast router sends
only IGMP Query massage that quest whether receive Multicast packet when Multicast
packet is transmitted.

If a switch sends the join massage to Multicast router, Multicast router transmits the
Multicast packet only to that switch.

Multicast Packet

Multicast Router

No packet transmission
Before join message. Sends IGMP Query Message

Fig. 8-36 IP Multicasting ①

DDJ:A-M-5212B0-01 341
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Multicst Packet

Multicast Router

2. Transmitting the Multicast

packet to the port that send
join massage

1. Requesting the Multicast packet

Muticast Join request

Muticast Packet

Fig. 8-37 IP Multicasting ②

IGMP Snooping is a function that finds port, which sends 「Join message」to join in
specific multicast group to receive multicast packet or「leave message」to get out of
the multicast group because it does not need packets.

Only when the switch is connected to multicast router, IGMP Snooping can be enabled.

8.8.1. IGMP Snooping

In order to enable IGMP Snooping, use the following command.

Command Mode Function

ip igmp snooping Enables IGMP Snooping.

Global
ip igmp snooping vlan <1-4094> Configures IGMP snooping in VLAN.

On the otherhand, in order to release IGMP snooping, use the following command in
Global Configuration Mode.

Command Mode Function

no ip igmp snooping Relese IGMP snooping function.

Global
no ip igmp snooping vlan <1-4094> Release IGMP snooping in VLAN.

342 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Since PIM-SM includes IGMP Snooping, both IGMP Snooping and PIM-SM can be en-
abled at the same time.

In order to show IGMP snooping configuration, use the following command.

Command Mode Function

show ip igmp snooping Enable

show ip igmp snooping vlan <1- /Global Show IGMP Snooping.

4094> /Brigde

8.8.2. IGMP Snooping Querier

To enable Querier in configured IGMP Snooping, use the following command.

Command Mode Function

Enables Querier in the configured IGMP

ip igmp snooping querier
Snooping.
Global
ip igmp snooping querier vlan <1- Enables Querier in IGMP Snooping in VLAN

4094> configured in VLAN.

To disable Querier in IGMP Snooping, use the following command.

Command Mode Function

no ip igmp snooping querier Disables Querier in IGMP Snooping.

no ip igmp snooping querier vlan <1- Global Disables Querier in IGMP Snooping config-

4094> ured in VLAN.

To show Querier enabled in IGMP Snooping, use the following command.

Command Mode Function

show ip igmp snooping querier Shows Querier operated in IGMP Snooping.

show ip igmp snooping querier vlan Global Shows Querier in IGMP Snooping configured

<1-4094> in VLAN.

DDJ:A-M-5212B0-01 343
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.8.3. Fast-leave

If the Multicast client sends the leave massage to leave out Multicast group, Multicast
router sends IGMP Query massage to the client again, and when the client does not
respond, delete the client from the Multicast group.

Therefore, it takes time the Multicast router to delete the client. But, you can configure
the function that the client has no sooner sent the leave massage than Multicast router
has delete it from the Multicast group by using the following command. That function is
called fast-leave.

Command Mode Function

ip igmp snooping fast-leave Configures the fast-leave.

ip igmp snooping fast-leave vlan <1- Global

Configures the fast-leave in fast-leave.
4094>

To remove fast-leave from the SURPASS hiD 6615, use the following command.

Command Mode Function

no ip igmp snooping fast-leave Deletes the fast-leave.

no ip igmp snooping fast-leave vlan <1- Global

Deletes the fast-leave in fast-leave.
4094>

In order to view IGMP snooping fast-leave configration, use the following command.

Command Mode Function

show ip igmp snooping fast-leave

Enable /
show ip igmp snooping fast-leave vlan Show IGMP Snooping fast-leave.
Global
<1-4094>

8.8.4. Time to Register in Multicast Group

If the clients in multicast group sends leave message in order to leave from multicast
group, multicast router sends IGMP Query message again. If there’s no respond about
the message, it takes some time because it deletes the host from multicast group.

In order to send IGMP Query message and configure the respond time, use the follow-
ing command.

344 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

ip igmp snooping last-member-query- Configure the time of registering in multi-

interval <100-900> cast group after sending Join message.

Global Configure the time of registering in multi-

ip igmp snooping last-member-query-
cast group after sending Join message
interval <100-900> vlan <1-4094>
from VLAN.

The time unit for <100-900> is ms.

In SURPASS hiD 6615, the respond wating time is basically configured as 1000ms.

If you configure ip igmp snooping fast-leave, it is meaningless to register time as mul-

ticast group.

In order to release the waiting time for respond after sending IGMP Query message,
use the following command.

Command Mode Function

no ip igmp snooping last-member- Release the time of registering Join message in

query-interval multicast group after sending it.

Global
no ip igmp snooping last-member- Release the time of registering Join message

query-interval vlan <1-4094> after sending it in VLAN.

In order to view the IGMP snooping last-member-query-interval configuration, use the

following command.

Command Mode Function

show ip igmp snooping

last-member-query-interval
Enable Show IGMP snooping last-member-query-
show ip igmp snooping
/Global interval configuration.
last-member-query-interval vlan

<1-4094>

DDJ:A-M-5212B0-01 345
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.8.5. Configuring Multicast Router Path

In SURPASS hiD 6615, it is possible to designate multicast router is connected to

which port. If you designate multicast router is connted to where, it is possible to trans-
mit multicast packet or message only to that port.

To designate the port connected to multicast router, use the following command.

Command Mode Function

ip igmp snooping mrouter port Designate the port where multicast router is

port-number connected to.

Global
ip igmp snooping mrouter port In VLAN, designate the port where multicast

port-number vlan <1-4094> router is connected to.

In order to release the port where multicast router is connected, use the following
command.

Command Mode Function

no ip igmp snooping mrouter port Release the port where multicast router is con-

port-number nected.
Global
no ip igmp snooping mrouter port Release the port where multicast router is con-

port-number vlan <1-4094> nected in VLAN.

In order to view IGMP snooping mrouter configuration, use the following command.

Command Mode Function

show ip igmp snooping mrouter

Enable
show ip igmp snooping mrouter Show IGMP snooping mrouter configuration.
/Global
vlan <1-4094>

8.8.6. Multicast Packet Filtering

When the Multicast packet is transmitted to the switch, the switch transmits it as IGMP
table. The packet that is registered in the IGMP group is transmitted to the interface of
the same group.

346 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

But, the unregistered Multicast packet can be transmitted from the device connected
with user’s switch, too. If the unregistered Multicast packet is transmitted to the switch,
the switch will drops or floods it as user’s decision. Therefore, you have to decide how
to do the unregistered packet.

Multicast
Packet of
Gourp A
Current IGMP Table

interface group

b, e A
Transmit to the b and
c registered in the
IGMP table

a b c d e

Fig. 8-38 Example ① The Multicast packet registered in the IGMP group

Multicast
Packet of
Group B
Current IGMP Table

interface group Drop or flood as user’s

b, e A decision because of un-
registered packet.

a b c d e

Fig. 8-39 Example ② The unregistered Multicast packet

In order to filter all unregistered multicast packet in IGMP table, use the following com-
mand.

Command Mode Function

ip igmp multicast-filter Global Enables Multicast packet filter.

DDJ:A-M-5212B0-01 347
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is an example of enabling Multicast packet filtering.

SWITCH(config)# ip igmp multicast-filter

SWITCH(config)#

In order to disable Multicast packet filtering, use the following command.

Command Mode Function

no ip igmp multicast-filter Global Disables Multicast packet filtering.

The following is an example of disabling Multicast packet filtering.

SWITCH(config)# no ip igmp multicast-filter

SWITCH(config)#

8.8.7. IGMP Packet Filtering

User can filter IGMP packet, according to packet. In order to configure the policy of
IGMP packet filtering, use the following command.

Command Mode Function

ip igmp filter {ip-address/M / interface- Global Enables Multicast packet filtering.

name}

In order to disable IGMP packet filtering, use the following command.

Command Mode Function

no ip igmp filter {ip address / interface-

Global Disables Multicast packet filtering.
name}

In order to view IGMP packet filtering configuration, use the following command.

Command Mode Function

show ip igmp filter {ip address / in- Enable

Show IGMP snooping mrouter configuration.
terface-name} /Global

348 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.8.8. Registering in Multicast Group

In the Multicast Network, it takes time that Multicast client send the join massage and
receive Multicast packet. But, SURPASS hiD 6615 can transmit Multicast packet
promptly when the client request the Multicast packet, because it receives Multicast
packets previously and keeps them.
If you want to keep the Multicast packets transmitted to do Multicasting quickly, config-
ure your switch to Multicast group by using the following command

Command Mode Function

ip igmp snooping static-group bridge- Global Adds to specified multicast group.

name ip-address port-number

After using the above command, you need to show that SURPASS hiD 6615 joins in
multicast group through multicast router. In order to do it, use the following command.

Command Mode Function

show igmp snooping static-group Enable/Global Shows multicast group registration.

The above example is a case when there is no registration. It may vary according to
registered information.

In order to delete switch from multicast group, use the following command.

Command Mode Function

no ip igmp snooping static-group bridge-

Global Deletes switch from multicast group
name/ ip-address / port-number / ip-address

8.8.9. Checking IGMP Snooping Table

User can check IGMP Snooping Table with the following command.

Command Mode Function

show ip igmp snooping state port {port-

number / cpu}
Global Shows IGMP Snooping table.
show ip igmp snooping state vlan vlan-id

{ip address}

DDJ:A-M-5212B0-01 349
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.9. PIM-SM (Protocol Independent Multicast – Sparse Mode)

IGMP is the protocol to help multicast communication between switch and host, and
PIM is the protocol for multicast communication between router and router. There are
two kinds of PIM, PIM-DM(Protocol Independent Multicast – Dense Mode) and PIM-
SM(Protocol Independent Multicast – Sparse Mode), SURPASS hiD 6615 supports
PIM-SM.

Protocol of dense mode can send information about data packet and member to inter-
face, which is not connected to multicast source or receiver, and multicast router saves
connection state to all the nodes. In this case, when most hosts are belonged to multi-
cast group and there is enough bandwidth to support flow of controlling message be-
tween constituent members, these overheads are acceptable, but the other cases are
inefficient.

Contrary to dense mode, PIM-SM receives multicast packet only when request comes
from specific host in multicast group. Therefore PIM-SM is proper when constituent
members of group are dispersed in wide area or bandwidth used for the whole is small.
Sparse mode is the most useful on WAN and can be used on LAN. For standard of
PIM-SM, you can refer to RFC 2362.

For using PIM-SM, you need a router which supports PIM-SM.

◆ RPT and SPT

RP(Rendezvous Point) works in a central role for PIM-SM. Viewing the below chart,
multicast packet is transmitted to D as RP from A as source, through B and C. And
D(RP) transmits multicast packet after receiving join message from E or F. That is, all
multicast packets are transmitted with passing through RP(Rendezvous Point). For in-
stance, even though F needs multicast packet, the packet is passed through 『A → B
→ C → D → C →F』, not 『A → B → C → F』.

Like this, route made with focusing on RP is RPT(Rendezvous Point Tree) or shared
tree. There is only one RP in one multicast group. RPT has (*, G) entry because re-
ceiver can send a message to RP without knowing source. “G” means multicast group.

350 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

1.Multicast packet
transmitted to RP

A
B
2. Asks RP for
multicast packet
D
E Source

RP 2. Asks RP for
(Rendezvous Point) multicast packet
3. RP transmits multicast
packet for the request.
C F
3. RP transmits multicast
packet for the request.

Fig. 8-40 RPT of PIM-SM

Also, routers on packet route automatically optimize route by deleting unnecessary

when traffic exceeds certain limit. After route to source and multicast group connected
to the source are constituted, all sources have route to connect to receiver directly.

In the below picture example, packets are usually transmitted through 『A → B → C

→ D』, but packets are transmitted through faster route 『A → C → F』 when traf-
fic is increased. SPT(Shortest-Path Tree) selects the shortest route between source
and receiver regardless of RP, it is called source based tree or short path tree. SPT has
(S, G) entry, “S” means source address and “G” means multicast group.

A 4.optimizes route by deleting unnecessary

when traffic exceeds certain limit 2.requests multicast
packet to RP

Source 1.multicast packet is D

transmitted to RP
B C
E

RP
(Rendezvous Point) F
3. RP transmits multicast
packet for the request.

Fig. 8-41 STP of PIM-SM

DDJ:A-M-5212B0-01 351
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In order to configure PIM-SM in SURPASS hiD 6615, you should refer to the following
sections.

• Enabling PIM-SM
• Deciding RP
• Configuring Static RP
• Configuring BSR
• Configuring RP Information
• Configuring Assert message Information
• Whole-packet-checksum
• Configuring Interval of Cache-check
• Configuring Multicast Routing Table
• Configuring Multicast Routing vid
• Configuring PIM-SM on Ethernet Interface
• Viewing PIM-SM Information

8.9.1. Enabling PIM-SM

Before configuring PIM-SM in switch, you should enable PIM-SM. In order to enable
PIM-SM, use the following command. When you enable PIM-SM by using the following
command, the system is supposed to enter into PIM configuration mode. When you en-
ter into PIM configuration mode, the system prompt is changed to
SWITCH(config_pim)# from SWITCH(config)#.

Command Mode Function

router pim Global Enables PIM-SM and enters into PIM configuration mode.

PIM-SM supports both IGMP Querier and IGMP Snooping, therefore you cannot configure
them at the same time.

The commands, “ip igmp static” and “ip igmp fast-leave” can be used when IGMP
and PIM-SM are enabled at same time.

In order to disable PIM cofiguration mode, use the following command.

Command Mode Function

no router pim Global Enables PIM-SM and enters into PIM configuration mode.

352 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[Sample Configuration 1]

The following is an example of enabling PIM-SM and entering into PIM configuration
mode from configuration mode.

SWITCH(config)# router pim

SWITCH(config_pim)#

Use “exit” command to go back to configuration mode. And use “end” command to en-
ter into Privilege Exec Enable Mode.

SWITCH(config_pim)# exit
SWITCH(config)#
SWITCH(config_pim)# end
SWITCH#

8.9.2. Deciding RP

There are two ways to decide RP as central of PIM-SM on multicast network. One is
that network administrator manually decides RP and the other way is that RP is auto-
matically decided by exchanging information between multicast routers installed on
network. The information transmitted between multicast routers in the automatic way is
called Bootstrap message and the router, which sends this Bootstrap message, is
called BSR(Bootstrap Router). All PIM routers existed on multicast network can be BSR.

Routers that want to be BSP are named candidate-BSR and one router, which has the
highest priority, becomes BSR among them. If there are routers, which have same pri-
ority, then one router, which has the highest IP address, becomes BSR. Bootstrap
message includes priority to decide BSR, hash-mark to be used in Hash, and RP in-
formation. After deciding BSR, routers, which support RP, transmit candidate-RP mes-
sage to BSR. Candidate-RP message includes priority, IP address, and multicast group.
Then BSR adds candidate-RP message to Bootstrap message and transmits it to an-
other PIM router. Through this transmitted Bootstrap message, RP of multicast group is
decided.

User’s equipment belonged in PIM-SM network can be candidate-BSR and BSR is de-
cided among them. Candidate-BSR transmits Bootstrap message to decide BSR. You
can configure priority to decide BSR among Bootstrap messages and Hash-mask in
SURPASS hiD 6615.

DDJ:A-M-5212B0-01 353
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.9.3. Configuring Static RP

In order to configure RP manually by administrator, use the following command.

Command Mode Function

static-rp group-address/M rp-ip-address PIM Configures RP of multicast group.

In order to delete RP configured by network administrator, use the following command.

Command Mode Function

Deletes RP configured by network admin-

no static-rp group-address/M rp-ip-address PIM
istrator.

The following is an example of configuring a router, which has an address 200.1.1.1 in

multicast group, which has network address 224.0.0.0/8 as RP.

SWITCH(config_pim)# static-rp 224.0.0.0/8 200.1.1.1

SWITCH(config_pim)#

8.9.4. Configuring BSR

The information transmitted between multicast routers in the automatic way is called
Bootstrap message and the router, which sends this Bootstrap message, is called
BSR(Bootstrap Router). All PIM routers existed on multicast network can be BSR.
Routers, which want to be BSP, are named candidate-BSR and one router, which has
the highest priority, becomes BSR among them. If there are routers, which have same
priority, then one router, which has the highest IP address, becomes BSR.

It is possible to configure the following messages, which are included in candidate-BSR

message.

• Candidate-BSR IP Address
• Candidate-BSR Priority
• Candidate-BSR Hash-mask

354 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.9.4.1. Candidate-BSR IP Address

Since it is possible to assign several IP addresses in SURPASS hiD 6615, the switch
may have several IP addresses assigned. User can select one IP address among sev-
eral IP addresses to be used in switch as candidate-BSR. In order to select IP address
to be used in candidate-BSR, use the following command.

Command Mode Function

cand-bsr address ip-address PIM Selects IP address to be used in candidate-BSR

In order to delete assigned IP address in candidate-BSR, use the following command.

Command Mode Function

no cand-bsr address PIM Deletes assigned IP address in candidate-BSR.

8.9.4.2. Candidate-BSR Priority

When you decide BSR among candidate-BSRs, priority in Bootstrap message is com-
pared to decide it. The highest priority of candidate-BSR becomes BSR. In order to
configure priority of Bootstrap message, use the following command.

Command Mode Function

cand-bsr priority <0-255> PIM Configures priority of Bootstrap message.

The default is “0”.

The highest priority of candidate-BSR becomes BSR.

In order to delete priority of Bootstrap message, use the following command.

Command Mode Function

no cand-bsr priority PIM Deletes priority of Bootstrap message.

DDJ:A-M-5212B0-01 355
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.9.4.3. Candidate-BSR Hash-mask

When there are same priorities to compare candidate-BSR, IP address is compared

through Hash. User can configure Hash-mask to apply Hash.

In order to configure Hash-mask included in Bootstrap message when SURPASS hiD

6615 is candidate-BSR, use the following command.

Command Mode Function

cand-bsr hash-mask <0-32> PIM Configures Hash-mask in Bootstrap message.

In order to delete Hash-mask in Bootstrap message, use the following command.

Command Mode Function

no cand-bsr hash-mask PIM Deletes Hash-mask in Bootstrap message.

The default is “30”.

[Sample Configuration 2]

The following is an example of configuring IP address, priority, Hash-mask of candi-

date-BSR and showing it.

SWITCH(config_pim)# cand-bsr address 10.1.1.1

SWITCH(config_pim)# cand-bsr hash-mask 30
SWITCH(config_pim)# cand-bsr priority 5
SWITCH(config_pim)# show running-config
(omitted)
router pim
cand-bsr address 10.1.1.1
cand-bsr priority 5
cand-bsr hash-mask 30
!
ip route 0.0.0.0/0 172.16.1.254
!
no snmp
!
SWITCH(config_pim)#

356 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.9.5. Configuring RP Information

After deciding BSR on multicast network, candidate-RP routers send RP message to

BSR. Candidate-RP message includes priority, IP address, and multicast group. Then,
BSR adds received candidate-RP information to Bootstrap message and transmit to
another PIM router. Through this Bootstrap message, RP of multicast group is decided.
All routers belonged in multicast network can become candidate-RP and routers which
generally consist candidate-BSR are supposed to consist candidate-RP. It is possible to
configure the following information, which is included in candidate-RP message.

• Candidate-RP IP Address
• Multicast Group of Candidate-RP
• Candidate-RP Priority
• Interval of Candidate-RP Information Transmit
• Blocking Candidate-RP of Another Member

8.9.5.1. Candidate-RP IP Address

It is possible to configure several IP addresses in SURPASS hiD 6615 router. Therefore,

you need to configure IP address to be used in SURPASS hiD 6615 as candidate-RP.
In order to configure IP address to be used in candidate-RP, use the following com-
mand.

Command Mode Function

cand-rp address ip-address PIM Configures IP address to be used in candidate-RP.

In order to delete configured IP address, use the following command.

Command Mode Function

no cand-rp address PIM Deletes configured IP address.

8.9.5.2. Registering Multicast Group of Candidate-RP

You should register address of multicast group as well as IP address in candidate-RP

message for service. In order to register address of multicast group in candidate-RP
message, use the following command.

DDJ:A-M-5212B0-01 357
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

Registers address of multicast group in candidate-

cand-rp group group-address/M PIM
RP message.

In order to delete registered multicast group, use the following command.

Command Mode Function

no cand-rp group group- Deletes registered multicast group.

PIM
address/M

8.9.5.3. Candidate-RP Priority

When BSR decides RP, priority of candidate-RP is compared. In order to configure this
priority, use the following command.

Command Mode Function

cand-rp priority <0-255> PIM Configures priority of candidate-RP.

Candidate-RP with higher priority is decided as RP.

The default is “0”.

In order to delete configured priority of candidate-RP, use the following command.

Command Mode Function

no cand-rp priority PIM Deletes configured priority of candidate-RP.

8.9.5.4. Interval of Candidate-RP Information Transmit

Candidate-RP transmits candidate-RP message to BSR at regular interval. User can

configure the interval to transmit candidate-RP message when SURPASS hiD 6615 is
candidate-RP.

358 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to configure interval to transmit candidate-RP message, use the following

command.

Command Mode Function

cand-rp interval <1-65535> PIM Configures interval to transmit candidate-RP message.

The default is “60 seconds”.

In order to delete interval to transmit candidate-RP message, use the following com-
mand.

Command Mode Function

no cand-rp interval PIM Deletes interval to transmit candidate-RP message.

[Sample Configuration 3]

The following is an example of configuring things about candidate-RP message and

showing it.

SWITCH(config_pim)# cand-rp address 20.1.1.1

SWITCH(config_pim)# cand-rp group 224.0.0.0/8
SWITCH(config_pim)# cand-rp interval 10
SWITCH(config_pim)# cand-rp priority 3
SWITCH(config_pim)# show running-config
(omitted)
router pim
cand-bsr address 100.1.1.1
cand-bsr priority 5
cand-bsr hash-mask 32
cand-rp address 20.1.1.1
cand-rp priority 3
cand-rp interval 10
cand-rp group 224.0.0.0/8
(omitted)
SWITCH(config_pim)#

DDJ:A-M-5212B0-01 359
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.9.5.5. Blocking Candidate-RP Message of Another Member

One network may include different multicast groups and routers that are not members
of multicast group. Therefore it can happen that routers, which are members of another
network or not members of multicast group, apply for RP and transmit candidate-RP
message.

In order to prevent this case, user can block candidate-RP message of another router
by making only candidate-RP in multicast group communicate. In order to block candi-
date-RP message from routers which are not members, perform the below tasks.

Step 1 Block all packets transmitted on network.

Command Mode Function

cand-rp access deny network-address PIM Blocks all packets transmitted on specified

network.

Step 2 Allow only packets transmitted by routers that will exchange candidate-RP
message.

Command Mode Function

cand-rp access permit ip-address/M PIM Allows only packets transmitted by routers

that will exchange candidate-RP.

In order to release the above configuration, use the following commands.

Command Mode Function

no cand-rp access deny network-address Releases blocked packet.

PIM
no cand-rp access permit ip-address/M Releases allowed packet.

8.9.5.6. Deleting Candidate-RP information

User can delete registered RP information with below commands.

Command Mode Function

clear rp-mapping rp-ip-address Deletes specific RP information.

PIM
clear rp-mapping all Deletes all RP information.

360 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[Sample Configuration 4]

The following is an example of allowing only packets transmitted by routers that will ex-
change candidate-RP message and showing it.

SWITCH(config_pim)# cand-rp access deny 172.16.209.0/24

SWITCH(config_pim)# cand-rp access permit 172.16.209.5/32
SWITCH(config_pim)# cand-rp access permit 172.16.209.10/32
SWITCH(config_pim)# show running-config
Building configuration...
(omitted)
cand-rp access deny 172.16.209.0/24
cand-rp access permit 172.16.209.5/32
cand-rp access permit 172.16.209.10/32
!
ip route 0.0.0.0/0 172.16.1.254
!
SWITCH(config_pim)#

DDJ:A-M-5212B0-01 361
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.9.6. Configuring Assert Message Information

When there are several PIM-SM routers on same LAN, they may exchange packets are
not needed. In order to prevent this problem, you need to assign one PIM-SM router to
transmit multicast packet. In this case, assigned router is named Assert.

In the below example, there are router B, C which can transmit multicast packet in case
of receiving Join message from receiver. D and E, which send Join message, cannot
decide which router to receive.

And C may transmit same packet to B belonged in multicast group. In this case, if As-
sert is decided, multicast group is well organized because D and E transmit Join
message only to Assert.

Multicast packet from

Source

A
B C
Unnecessary
same packet sent

D Join Message Join Message E

Fig. 8-42 Network which needs Assert

When Assert is decided, Metric and Preference in Assert message are compared.
Lower Metric has priority and higher Preference has priority.

• Configuring Metric
• Configuring Preference

362 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.9.6.1. Configuring Metric

In order to configure Metric of Assert message, use the following command.

Command Mode Function

metric <1-2,147,483,647> PIM Configures Metric of Assert message.

Lower Metric has priority.

In order to delete configured Metric of Assert message, use the following command.

Command Mode Function

no metric PIM Deletes configured Metric of Assert message.

8.9.6.2. Configuring Preference

In order to configure Preference of Assert message, use the following command.

Command Mode Function

preference <1-2,147,483,647> PIM Configures Preference of Assert message.

Higher Preference has priority.

In order to delete configured Preference of Assert message, use the following com-
mand.

Command Mode Function

no preference PIM Deletes configured Preference of Assert message.

DDJ:A-M-5212B0-01 363
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[Sample Configuration 5]

SWITCH(config_pim)# metric 1
SWITCH(config_pim)# preference 1
SWITCH(config_pim)# show running-config
Building configuration...
(Omitted)
router pim
preference 1
metric 1
(Omitted)
SWITCH(config_pim)#

8.9.7. Whole-packet-checksum

Although source of multicast is not connected to multicast group, multicast communica-

tion is possible. In the below picture, First-Hop router directly connected to source can
receive packet from source without (S,G) entry about source. The First-Hop router en-
capsulates the packet in Register message and unicasts to RP of multicast group. RP
decapsulates capsule of Register message and transmits it to members of multicast
group.

Source

Multicast Packet

First-Hop Router

Encapsulates the packet

in Register message and
Decapsulates capsule
unicasts
of Register message
and transmits it

Fig. 8-43 Network that multicast source are not directly connected to multicast group

364 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

When the Register message is transmitted, range of Checksum in header conforms to

header part as RFC standard, but whole packet is included in range of Checksum in
case of Cisco router. For comparability with Cisco router, you should configure range of
Checksum of Register message as whole packet.

In order to configure range of Checksum of Register message as whole packet for

comparability with Cisco router, use the following command.

Command Mode Function

Configures range of Checksum of Register message as

whole-packet-checksum PIM
whole packet for comparability with Cisco router.

In order to follow RFC standard by deleting comparability with Cisco router, use the fol-
lowing command.

Command Mode Function

Deletes comparability with Cisco router and follows

no whole-packet-checksum PIM
RFC standard.

The default has no comparability with Cisco router.

8.9.8. Configuring Interval of Cache-check

RP receives packet from multicast source and transmits it to receiver. However, it there
is no packet received from source for certain period, it is not necessary to keep multi-
cast item. Therefore, RP checks whether packet is received from source at regular in-
terval and this function is named Cache-check. In order to configure the interval of
Cache-check, use the following command.

Command Mode Function

cache-check interval <1-128> PIM Configures interval of Cache-check.

In order to delete configured interval of Cache-check, use the following command.

Command Mode Function

no cache-check interval PIM Deletes configured interval of Cache-check.

The default is “20 seconds”.

DDJ:A-M-5212B0-01 365
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.9.9. Configuring Multicast Routing Table

There is RPF(Reverse Path Forwarding) on route of transmitting multicast packet. RPF

is, a former router that transmits multicast packet. In the below picture, ROUTER B is
RPT of ROUTER E and ROUTER C is RPF of ROUTER E.

Source

B(RP) A C

SPT
RPT

Fig. 8-44 RPF

However, user can configure ROUTER D as RPF by configuring multicast routing table
manually. It is possible for users to configure router as RPF by configuring multicast
routing table manually.

In order to configure multicast routing table manually to configure RPF, use the follow-
ing command.

Command Mode Function

mroute multicast group-address/M ip- Configures RPF about packet of specified

PIM
address multicast group.

366 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to delete configured multicast routing table, use the following command.

Command Mode Function

no mroute multicast group-address/M [ip-

Deletes configured multicast routing table.
address] PIM

no mroute all Deletes all configured multicast routing table.

8.9.10. Configuring PIM-SM on Ethernet Interface

It is possible to configure PIM-SM on Ethernet interface. You need to be able to do the

following to do it.

• Activating PIM-SM on Ethernet Interface

• Blocking Multicast Packet
• Prohibiting Bootstrap Message
• Configuring Assert Message Information

8.9.10.1. Activating PIM-SM on Ethernet Interface

You need to enter into Interface configuration mode of specified interface for activating
PIM-SM on Ethernet Interface. In order to enter into Interface configuration mode, use
the following command.

Command Mode Function

Enters into Interface configuration mode of specified

interface interface-name Global
interface.

In order to release Interface configuration mode, use the following command.

Command Mode Function

Enters into Interface configuration mode of specified

no interface interface-name Global
interface.

In order to activate PIM-SM after entering into the Interface configuration mode, use the
following command.

DDJ:A-M-5212B0-01 367
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

ip pim sparse-mode [passive] Interface Activates PIM-SM on specified interface.

In order to release PIM-SM, use the following command.

Command Mode Function

no ip pim sparse-mode Interface Releases PIM-SM from specified interface.

8.9.10.2. Blocking Multicast packet

It may happen that some of receivers in multicast group cannot receive packet because
of not satisfying terms to receive multicast packet. It is possible to configure not to re-
ceive multicast packets that cannot be sent to receiver.

In order to block transmitting packet to specified multicast group, use the following
command.

Command Mode Function

Blocks transmitting packet to specified

ip pim access-list group-address-prefix Interface
multicast group.

In order to release blocked multicast group, use the following command.

Command Mode Function

no ip pim access-list group-addres/M Interface Releases blocked multicast group.

8.9.10.3. Prohibiting Bootstrap Message

When all equipments configured PIM are considered as one big PIM domain, it may
cause that unnecessary Bootstrap messages can be transmitted between group mem-
bers which are operated as different service, and then it results to confuse to decide
RP.

To prevent this problem, you can prohibit transmitting Bootstrap message between mul-
ticast groups, which are operated as different service.

368 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Source A Source B

Multicast Packet
Multicast Packet

Bootstrap Message
Mutlcast Domain A blocked

Fig. 8-45 Network in case of Prohibiting transmitting Bootstrap Message

In order to prohibit transmitting Bootstrap message between multicast groups, which

are operated as different service, use the following command.

Command Mode Function

Ip pim border Interface Blocks Bootstrap message transmitted.

In order to release blocked Bootstrap message, use the following command.

Command Mode Function

no ip pim border Interface Releases blocked Bootstrap message.

8.9.10.4. Configuring Assert Message Information

As explained at “8.9.6 Configuring Assert Message Information”, when there is a net-

work environment that needs Assert, Assert message is compared to decide Assert. It
is possible to configure Assert message information owned only by Ethernet interface in
which PIM-SM is configured.

DDJ:A-M-5212B0-01 369
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Unless you configure Assert message information on Ethernet interface, value config-
ured at “7.6.6 Configuring Assert Message Information” is used on all interfaces.

In order to configure Assert message interface on Ethernet interface, use the following
commands.

Command Mode Function

Configures metric of Assert message of specific

ip pim metric <1-127>
interface.

Configures preference of Assert message of

ip pim preference <1-255> Interface
specific interface.

Configures threshold of Assert message of

ip pim threshold <1-255>
specific interface.

Lower Metric has priority and higher Preference has priority.

In order to delete configured Assert message information on Ethernet interface, use the
following commands.

Command Mode Function

Deletes configured metric of Assert message of spe-

no ip pim metric
cific interface.

Deletes configured preference of Assert message of

no ip pim preference Interface
specific interface.

Deletes configured threshold of Assert message of

no ip pim threshold
specific interface.

370 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

[Sample Configuration 6]

The following is an example of configuring PIM-SM and showing it.

SWITCH(config)# interface 1
SWITCH(config-if)# ip pim sparse-mode
SWITCH(config-if)# ip pim border
SWITCH(config-if)# ip pim metric 5
SWITCH(config-if)# ip pim preference 10
SWITCH(config-if)# ip pim threshold 100
SWITCH(config-if)# show running-config
Building configuration...
(omitted)
interface 1
no shutdown
ip address 172.16.209.1/16
ip pim sparse-mode
ip pim threshold 100
ip pim preference 10
ip pim metric 5
ip pim border

!
router pim
preference 1
metric 1
!
ip route 0.0.0.0/0 172.16.1.254
(omitted)
!

no snmp
!
SWITCH(config-if)#

8.9.11. Viewing PIM-SM Information

It is possible to view PIM-SM information of user’s switch as follow.

• Multicast Routing Table

• Checking PIM Neighbor Router
• RP Table
• PIM-SM on Ethernet Interface
• Static IP Multicast Routing Table

DDJ:A-M-5212B0-01 371
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.9.11.1. Multicast Routing Table

In order to view multicast routing table, use the following commands.

Command Mode Function

show ip pim mrt detail Shows multicast routing table in detail.

Enable Shows routing table of specific multicast

show ip pim mrt group group-address
/Global group.

show ip pim mrt summary Shows summary of multicast routing table.

8.9.11.2. Checking PIM Neighbor Router

In order to check PIM neighbor router, use the following command.

Command Mode Function

show ip pim neighbor Enable/Global Checks PIM neighbor router.

8.9.11.3. RP Table

In order to view RP table recorded in switch, use the following command.

Command Mode Function

show ip pim rp View/ En- Shows RP table recorded in switch.

show ip pim rp group ip- address able/Global Shows RP table recorded in switch.

8.9.11.4. PIM-SM on Ethernet Interface

In order to view PIM-SM configured on Ethernet interface, use the following command.

Command Mode Function

Shows PIM-SM information configured on

show ip pim interface Enable/Global
Ethernet interface.

372 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.9.11.5. Static IP Multicast Routing Table

In order to view static IP multicast routing table, use the following command.

Command Mode Function

show ip pim mroute Enable/Global Shows static IP multicast routing table

8.9.11.6. PIM Statistics

In order to view IP PIM packet statistics, use the following command.

Command Mode Function

View / Enable Shows IP PIM packet statistic.

show ip pim statistics
/Global /Bridge

In order to clear IP PIM packet statistics, use the following command.

Command Mode Function

Enable /Global Shows IP PIM packet statistic.

clear ip pim statistics
/Bridge

DDJ:A-M-5212B0-01 373
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.10. VRRP (Virtual Router Redundancy Protocol)

VRRP(Virtual Router Redundancy Protocol) is configuring Virtual router(VRRP Group)

consisted of VRRP routers to prevent network failure caused by one dedicated router.
You can configure maximum 255 VRRP routers in VRRP group of SURPASS hiD 6615.
First of all, decide which router plays a roll as Master Virtual Router. The other routers
will be Backup Virtual Routers. After you give priority to these backup routers, the
router serves for Master Virtual Router when there are some problems in Master Virtual
router. When you configure VRRP, configure all routers in VRRP with unified Group Id
and assign unified Associated IP to them. After that, decide Master Virtual Router and
Backup Virtual Router. A router which has the highest priority is supposed to be Master
and Backup Virtual Routers also get orders depending on priority.

Internet

Virtual Router
Associate IP : 10.0.0.5/24

Backup Router 1 Backup Router 2 Master Router

IP : 10.0.0.1/24 IP : 10.0.0.2/24 IP : 10.0.0.3/24

Default Gateway : 10.0.0.5/24

Fig. 8-46 VRRP Operation

In case routers have same priorities, then a router, which has lower IP address, gets
the precedence. The below picture shows an example of configuring three routers
which have IP addresses, 10.0.0.1/24, 10.0.0.2/24 and 10.0.0.3/24 for each one as Vir-
tual router by Associated IP,10.0.0.5/24. If theses three routers have same Priority, a
router, which has the smallest IP, address, 10.0.0.1/24 is decided to be Master Router.
Also, switches and PCs connected to the Virtual Router are to have IP address of Vir-
tual Router, 10.0.0.5/24 as default gateway.

374 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.10.1. Configuring VRRP

In order to configure SURPASS hiD 6615 as device in Virtual Router, use the following
command on configuration mode. Then you can configure VRRP by entering into
VRRP configuration mode.

Command Mode Function

router vrrp interface-name group-id Global Configures Virtual Router(VRRP Group).

group-id can be configured between 1 and 255.

The following is an example of entering into VRRP configuration mode by using the
above command. When you enter into VRRP configuration mode, the system prompt
will be changed for SWITCH(config-vrrp)# from SWITCH(config)#.

SWITCH(config)# router vrrp 1 1

SWITCH(config-vrrp)#

In order to view the configuration of VRRP, use the following command.

Command Mode Function

show vrrp Shows current configuration of VRRP.

show vrrp interface inter- Enable/Global Shows current configuration of specified inter-

face-name face VRRP.

Enable/Global

/Bridge
show running-config Shows switch’s configuration.
/Interface

/VRRP

In order to return into configuration mode, or to enter into Privilege Exec Enable Mode,
use the following commands.

Command Mode Function

exit Returns to Global Configuration Mode.

Interface
end Goes back right to Privilege Exec Enable Mode.

DDJ:A-M-5212B0-01 375
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.10.1.1. Assigning Associated IP Address

After configuring Virtual Router, you need to assign Associated IP address in Virtual
Router. Assign unified IP address to routers in one Group.

In order to assign Associate IP address to routers in Virtual Router or delete configured

Associate IP address, use the following command.

Command Mode Function

associate ip-address Assigns Associated IP address to Virtual Router.

VRRP
no associate ip-address Deleted assigned Associated IP address to Virtual Router.

The following is an example of assigning IP address, 10.0.0.5 to Virtual Router of

SURPASS hiD 6615.

SWITCH(config-vrrp)# associate 10.0.0.5

SWITCH(config-vrrp)#

8.10.1.2. Accessing Associated IP address

If you configure the function of accessing Associated IP address , you can access As-
sociated IP address by the commands such as ping.

To configure the function of accessing Associated IP address, use the following com-
mand.

Command Mode Function

vip_access [enable | disable] VRRP Configures the function of accessing Associated

IP address.

8.10.1.3. Configuring Master Router and Backup Router

Siemens, Inc. products configure Master Router and Backup Router by comparing Pri-
ority and IP address of devices in Virtual Router. First of all, it compares Priority. A de-
vice, which has higher Priority, is to be higher precedence. And when devices have
same Priority, then it compares IP address. A device, which has lower IP address, is to
be higher precedence. In case of trouble with Master Router, when there are more than
two routers, one of them is selected according to their precedence.

376 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to configure Priority of Virtual Router or delete the configuration, use the follow-
ing commands.

Command Mode Function

vr-priority <1-254> Configures Priority of Virtual Router.

VRRP
no vr-priority Deletes configured Priority of Virtual Router.

In order to set Vrrp timers or delete the configuration, use the following commands.

Command Mode Function

vr-timer advertisement <1-10> Sets VRRP timers

VRRP
no vr-timer advertisement <1-10> Clears the configured VRRP time.

By default, Priority of SURPASS hiD 6615 is configured as “100”.

Priority of Virtual Backup Router can be configured from 1 to 254.

The following is an example of configuring Master Router and Backup Router by com-
paring their Priorities: Virtual Routers, Layer 3 SWITCH 1 – 101 and Layer 3 SWITCH 2
– 102. Then, regardless of IP addresses, one that has higher Priority, Layer 3 SWITCH
2 becomes Master Router.

DDJ:A-M-5212B0-01 377
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

<Layer 3 SWITCH1 : IP Address - 10.0.0.1/24>

SWTICH1(config)# router vrrp default 1

SWITCH1(config-vrrp)# associate 10.0.0.5
SWITCH1(config-vrrp)# vr_priority 101
SWITCH1(config-vrrp)# exit
SWITCH1(config)# show vrrp

default - virtual router 1

----------------------------------------------
state backup
virtual mac address 00:00:5E:00:01:01
advertisement interval 1 sec
preemption enabled
priority 101
master down interval 3.624 sec
[1] associate address : 10.0.0.5

<Layer 3 SWITCH 2 : IP Address - 10.0.0.2/24>

Layer 3 SWITCH 2 with higher

SWTICH2(config)# rotuer vrrp default 1
SWITCH2(config-vrrp)# associate 10.0.0.5 Priority is configured as Master.
SWITCH1(config-vrrp)# vr_priority 102
SWITCH2(config-vrrp)# exit
SWITCH2(config)# show vrrp

default - virtual router 1

----------------------------------------------
state master
virtual mac address 00:00:5E:00:01:01
advertisement interval 1 sec
preemption enabled
priority 102
master down interval 3.620 sec
[1] associate address : 10.0.0.5

By default, Priority of SURPASS hiD 6615 is configured as “100”. So, unless you con-
figure specific Priority, this switch becomes Master Router because a device, which has
lower IP address, has higher precedence.

Also, when there are more than two Backup Routers, IP addresses are compared to
decide order. The following is an example of configuring Master Router and Backup
Router by comparing IP addresses: Virtual Routers, Layer 3 SWITCH 1 – 10.0.0.1 and
Layer 3 SWITCH 2 – 10.0.0.2.

378 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

<Layer 3 SWITCH1 : IP address - 10.0.0.1/24>

SWTICH1(config)# router vrrp default 1

SWITCH1(config-vrrp)# associate 10.0.0.5
SWITCH1(config-vrrp)# exit
SWITCH1(config)# show vrrp

default - virtual router 1

----------------------------------------------
state master
virtual mac address 00:00:5E:00:01:01
advertisement interval 1 sec
preemption enabled
priority 100
master down interval 3.624 sec
[1] associate address : 10.0.0.5

<Layer 3 SWITCH 2 : IP Address - 10.0.0.2/24>

In case of same Priorities,

Layer 3 SWITCH 1 with

SWTICH2(config)# router vrrp default 1
SWITCH2(config-vrrp)# associate 10.0.0.5
lower IP address is config-
SWITCH2(config-vrrp)# exit ured as Master .
SWITCH2(config)# show vrrp

default - virtual router 1

----------------------------------------------
state backup
virtual mac address 00:00:5E:00:01:01
advertisement interval 1 sec
preemption enabled
priority 100
master down interval 3.620 sec
[1] associate address : 10.0.0.5

8.10.2. Configuring VRRP Track function

When the link connected to Master Router of VRRP is off as below, if link of Master
Router is not recognized, the users on the interface are not able to communicate be-
cause the interface is not able to access to Master Router.

In the condition that Link to VRRP's master router is link down as the figure shown be-
low, if the link of Master Router cannot be recognized, the communication would be im-
possible..

DDJ:A-M-5212B0-01 379
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In SURPASS hiD 6615, you can configure Master Router to be changed by giving lower
Priority to Master Router when the link of Mater Router is disconnected. This function is
VRRP Track.

Internet

Virtual Router
Associate IP : 10.0.0.5/24

Master Router Backup Router 1 Backup Router 2

IP : 10.0.0.3/24 IP : 10.0.0.2/24 IP : 10.0.0.1/24

① Link down

Default Gateway : 10.0.0.5/24

② If the interface doesn’t recognize to be
Link down, it is supposed to be inacces-
sible to Master Router. Therefore the us-
ers on the interface are not able to com-
municate.
Counter
measure

③ If” Link down “ happens, by giving low

priority automatically to Master Router,
Master Router will be changed at the
same time with Link down.

Fig. 8-47 VRRP Track

In order to configure VRRP Track in SURPASS hiD 6615, use the following command.

Command Mode Function

track interface interface-name prior- Configures VRRP Track. The Priority becomes
VRRP
ity <1-254> lower as the configured value.

If the user configures priority value as less than 1, the priority will be 1.

380 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

If you configure VIP as your IP address, so priority becomes 255, the priority does not
become lower by Track function.

In order to release VRRP Track configuration, use the following command.

Command Mode Function

no track interface interface-name VRRP Releases VRRP Track configuration.

8.10.3. Configuring Authentication Password

After user configures Virtual Router, if anyone knows Group ID And Associated IP ad-
dress, it is possible to configure another devices as Virtual Router. To prevent it, user
needs to configure a password, named authentication password that can be used only
in Virtual Router user configured. In order to configure an authentication password for
security of Virtual Router, use the following command on VRRP configuration mode.

Command Mode Function

authentication clear_text password Configures an authentication password.

VRRP
no authentication Deletes a configured authentication password.

Authentication password can be configured with maximum 7 digits.

The following is an example of configuring Authentication password in Virtual Router as

network and showing it.

DDJ:A-M-5212B0-01 381
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.10.4. Configuring Preempt

Preempt is a function that an added device with the highest Priority user gave is auto-
matically configured as Master Router without rebooting or specific configuration when
you add an other device after Virtual Router is configured. In order to configure Pre-
empt, use the following command on VRRP configuration mode.

Command Mode Function

preempt {enable | disable} VRRP Enables or disables Preempt.

The following is an example of disabling Preempt.

SWITCH(config-vrrp)# preempt disable

SWITCH(config-vrrp)# exit
SWITCH(config)# show vrrp

default - virtual router 1

----------------------------------------------
state master
virtual mac address 00:00:5E:00:01:01
advertisement interval 1 sec
preemption disabled
priority 100
master down interval 3.624 sec
[1] associate address : 10.0.0.5

SWITCH(config)#

Also, in order to make Preempt “enable” as default setting, use the following command
on VRRP configuration mode.

Command Mode Function

no preempt VRRP Deletes the former configuration of Preempt to enable it.

By default, Preempt is configured as “enable” in SURPASS hiD 6615.

382 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.10.5. Configuring Advertisement Time

Master Router in Virtual Router transmits its data to the other routers in VRRP group at
regular interval. The interval is named as Advertisement Time. User can configure Ad-
vertisement Time in SURPASS hiD 6615. In order to configure Advertisement Time, use
the following command on VRRP configuration mode.

Command Mode Function

vr_timers advertisement time VRRP Configures Advertisement Time.

The following is an example of configuring Advertisement Time as 10 seconds and

showing it.

SWITCH(config-vrrp)# vr_timers advertisement 10

SWITCH(config-vrrp)# exit
SWITCH(config)# show vrrp

default - virtual router 1

----------------------------------------------
state master
virtual mac address 00:00:5E:00:01:01
advertisement interval 10 sec
preemption disabled
priority 100
master down interval 30.624 sec
[1] associate address : 10.0.0.5

SWITCH(config)#

In order to delete configured Advertisement Time for default setting, use the following
command.

Command Mode Function

Deletes configured Advertisement time to return

no vr_timers advertisement VRRP
default setting.

By default, Advertisement Time is configured as 1 second in SURPASS hiD 6615.

For SURPASS hiD 6615, Advertisement Time can be configured for 1 second to 10
seconds.

DDJ:A-M-5212B0-01 383
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.10.6. Viewing VRRP Statistics

In order to view statistics that packets have bees sent and received, use the following
command.

Command Mode Function

show vrrp stat View/ Enable/Global Shows statistics of packets in Virtual Router Group.

The following is an example of viewing statistics of packets in Virtual Router Group.

SWITCH(config)# show vrrp stat

VRRP statistics :
VRRP packets rcvd with invalid TTL 0
VRRP packets rcvd with invalid version 0
VRRP packets rcvd with invalid VRID 0
VRRP packets rcvd with invalid size 0
VRRP packets rcvd with invalid checksum 0
VRRP packets rcvd with invalid auth-type 0
VRRP packets rcvd with interval mismatch 0

SWITCH(config)#

8.10.7. Clearing VRRP Statistics

In order to clear statistics that packets have bees sent and received, use the following
command.

Command Mode Function

Clears statistics of packets in Virtual Router

clear vrrp stat Global/ VRRP
Group.

384 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.11. Bandwidth

Routing protocol uses bandwidth information to measure routing distance value. In or-
der to configure bandwidth of interface, use the following command.

Command Mode Function

bandwidth kilobits Interface Configures bandwidth of interface.

The bandwidth can be from 1 to 10,000,000Kbits. This bandwidth is for routing information
implement and it does not concern physical bandwidth.

The following is an example of configuring bandwidth as 1000Kbits and showing it.

SWITCH(config-if)# bandwidth 1000

SWITCH(config-if)# show running-config
(omitted)
interface default
no shutdown
bandwidth 1000
(omitted)

In order to delete configured bandwidth, use the following command.

Command Mode Function

no bandwidth [kilobits] Interface Deletes configured bandwidth of interface.

8.12. DHCP

DHCP(Dynamic Host Control Protocol) makes DHCP server assign IP address to

DHCP clients automatically and manage the IP address. In the environment that all
PCs may be not connected to network at the same time, all of they do not need to have
IP addresses. When some of they need IP address, it can be automatically assigned. In
this case, DHCP server is the one that assigns IP address automatically and DHCP cli-
ents are those, which PCs are. DHCP provides the following benefits.

◆ Saving COST
With limited IP source, many users can connect to internet. So, it can save IP source
and the cost.

DDJ:A-M-5212B0-01 385
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

◆ Effective Network Management

Anyone can configure DHCP server and DHCP clients belonged to network managed
by DHCP server access to network without professional knowledge such as configuring
TCP/IP on network environment..

DHCP Server
IP Request
(Broadcast)

DHCP Pack
(Unicast)

PC PC PC
Subnet

※ PC=DHCP Client

Fig. 8-48 DHCP Service Construction

SURPASS hiD 6615 can be the DHCP server or the DHCP Relay agent according to
user’s configuration. The DHCP Relay agent’s function is to connect the DHCP server
to the DHCP client.You need to know the following functions.

• Activating DHCP Server

• IP Pool
• Blocking the Fixed IP
• DHCP Packet Filtering
• Registering DNS Server that is common to all IP Pools
• Configuring IP Available Time that is common to all IP Pools
• Configuring DHCP Relay Agent
• DHCP Snooping
• DHCP Option-82
• Showing DHCP Configuration

8.12.1. Activating DHCP server

In order to provide DHCP server to DHCP client by configuring the switch as DHCP
server, configure as switch as DHCP server mode.

386 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to configure the user’s switch as DHCP server, use the following command in
Configuration mode.

Command Mode Function

ip dhcp active server Global Configures the user’s switch as DHCP server.

Meanwhile, SURPASS hiD 6615 supports special function that prohibits assigning plu-
ral IP address to one MAC address. Usually, SURPASS hiD 6615 assigns IP address to
equipment, which already has assigned IP address because it may need more than
one IP address.

However, although personal computer does not need plural IP addresses, it gets them.
This function prevents that case. In other words, it is possible for SURPASS hiD 6615
both to assign plural IP address to equipments and also prohibit assigning plural IP ad-
dress to one MAC address. In order to prohibit assigning plural IP address to one MAC
address, use the following command.

Command Mode Function

ip dhcp database-key Prohibits assigning plural IP address to one equipment.

Global
{client-idㅣhardware-address} Recognize a client with a client or hardware address.

When you do not need the function to prohibit assigning IP address to one MAC address,
activate DHCP server with the command, “ip dhcp server”.

In order to disable the DHCP server, use the following command.

Command Mode Function

no ip dhcp active server Global Disable the user’s switch as DHCP server.

8.12.2. IP Pool

8.12.2.1. Making IP Pool

The assembly place for IP address which DHCP server assign to clients is called IP
Pool. The manager can configure the name for their IP Pool. If you configure the name
for IP Pool, you will enter DHCP IP Pool configuration mode. After that, system prompt

DDJ:A-M-5212B0-01 387
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

changes form SWITCH(config)# to SWITCH(config-dhcp[pool-name])#. The following is

to enter IP Pool configuration mode by configuring the name of DHCP IP Pool.

Command Mode Function

Enters into IP Pool configuration by configuring the

ip dhcp pool pool-name Global
name of DHCP IP Pool.

The following is an example of making IP Pool as the name TEST.

SWITCH(config)# ip dhcp pool TEST

SWITCH(config-dhcp[TEST])#

In IP Pool configuration mode, you can configure subnet, the range of IP address, de-
fault gateway of subnet. In order to enter from IP Pool configuration mode to configura-
tion mode, input the command “exit” and in order to enter Privilege Exec Enable Mode
immediately, input the “end” command. In order to delete configured IP Pool , use the
following command in Global Configuration Mode.

Command Mode Function

no ip dhcp pool pool-name Global Deletes IP Pool.

8.12.2.2. Configuring DHCP Subnet

After making IP Pool, designate subnet in IP Pool.

In order to designate the subnet, use the following command in IP Pool configuration
mode.

Command Mode Function

subnet ip-address/m IP Pool Designate subnet in IP Pool.

In SURPASS hiD 6615, it is possible to designate several subnet in IP Pool.

The following is an example of deleting subnet.

Command Mode Function

no subnet ip-address/m IP Pool Deletes the subnet.

388 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Subnet mask should be configured as network ID.

8.12.2.3. Configuring Subnet Default Gateway

You have to configure default gateway all IP addresses can be allowed so that DHCP
server can communicate with unspecified IP address. In order to configure default
gateway of subnet, use the following command.

Command Mode Function

default-gateway gateway-address IP Pool Configures default gateway of subnet.

In order to delete the configured default-gateway, use the following command.

Command Mode Function

no default-gateway gateway- Deletes default-gateway of subnet.

address IP Pool

no default-gateway all Deletes all the configured default-gateway.

8.12.2.4. Configuring IP Address Range

After configuring DHCP subnet, you need to configure IP address range used in the
subnet.

In order to configure IP address range, use the following command.

Command Mode Function

range start-address end-address IP Pool Configures IP address range.

It is possible to configure inconsecutive subnets in same IP address range. For exam-

ple, you can configure subnet from 192.168.1.10 to 192.168.1.20 and from
192.168.1.30 to 192.168.1.40 in IP address range 192.168.1.0/24.

In order to delete the configured IP address range, use the following command.

Command Mode Function

no range start-address end-address IP Pool Deletes the configured IP adder range.

DDJ:A-M-5212B0-01 389
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.12.2.5. Configuring the Available Time to Use IP address

DHCP server administrator can configure the available time to use IP address assigned
to DHCP client. This time is named IP address lease time. The default is one-hour and
the system asks if DHCP client wants to extend it by the end of the time. In order to
configure IP address lease time, use the following command.

Command Mode Function

Configures default IP address lease time in

lease-time default <120-2147483637>
seconds.
IP Pool
Configures maximum IP address lease time
lease-time max <120-2147483637>
in seconds.

The default is one hour(3600 seconds), and the maximum is two hours.

In order to release the configured time, use the following command.

Command Mode Function

no lease-time {defaultㅣmax} IP Pool Deletes the configured using time.

In SURPASS hiD 6615, the default time is 1 hour (3600 sec).

The information is applicable only to appropriate IP Pool.

8.12.2.6. Registering DNS Server

DHCP server basically informs IP address, default gateway, IP address lease time ,and
available DNS server when DHCP client is accessed. Therefore, you should register
DNS server that can be used in DHCP server. You can register up to two servers.

In order to register DNS server, use the following command.

Command Mode Function

dns-server ip-address 1 [ip-address 2] Registers DNS server.

IP Pool
[ip-address 3]

390 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The information is applicable only to appropriate IP Pool.

In order to delete the configured DNS server, use the following command.

Command Mode Function

no dns server { ip-addressㅣall } IP Pool Deletes the configured DNS server.

8.12.2.7. Assigning IP address manually

In SURPASS hiD 6615, the administrator can manually configure IP addresses. It is

assigning an IP address to DHCP client who has specific MAC address. In order to as-
sign IP address manually, use the following command.

Command Mode Function

Assign the IP address to DHCP client who

fixed-address ip-address mac-address IP Pool
has the designated MAC address.

In order to release the fixed-address, use the following command.

Command Mode Function

no fixed-address ip-address IP Pool Release the fixed-adress.

8.12.2.8. Chekcing Lease Data

In order to check lease data of IP address which is assigned to the IP Pool, use the fol-
lowing command.

Command Mode Function

show ip dhcp lease {allㅣboundㅣ

abandonㅣofferㅣfixedㅣfree} pool-
Global Check the list of assigned IP address.
name

show ip dhcp lease detail [ip-address]

fixed shows fixed-IP addresses and bound shows IP addresses assigned from the
server by Discover-Offer-Request-Ack when a clinet requests IP address to the server
and offer shows IP address that the server presented to the client in offer stage. free

DDJ:A-M-5212B0-01 391
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

shows the addresses that the clients can currently use and abandon shows IP ad-
dresses that have been requested from the clients even the server did not present
them and you can check all of the IP addresses with the command all.

8.12.2.9. Chekcing IP Pool Configuration

In order to check IP Pool configuration, use the following command.

Command Mode Function

show ip dhcp pool pool-name IP Pool Check IP Pool configuration.

[Sample Configuration 1]

The following is an example of configuring DHCP server ; network range

192.168.1.0/24 as subnet and 192.168.1.10 ~ 192.168.1.20 and 192.168.1.30 ~ 192.
168.1.40 as IP address range.

The default gateway of subnet is configured as 192.168.1.254 and DHCP server is ac-
tivated.

SWITCH(config)# ip dhcp pool test5

SWITCH(config-dhcp[test5])# subnet 192.168.1.0/24
SWITCH(config-dhcp[test5])# range 192.168.1.50 192.168.1.70
SWITCH(config-dhcp[test5])# default-gateway 192.168.1.254
SWITCH(config-dhcp[test5])# exit
SWITCH(config)# show ip dhcp pool test5
show dhcp pool start3j.
POOL : test5

SUBNET 192.168.1.0/24 from 192.168.1.50 to 192.168.1.70

Total Leases 21
Allocated 0 (0.00% used)
- Fixed 0
- Offered 0
- Bound 0
- Abandoned 0
Available 21 (100.00% free)

Supported informations:
Lease time (default) 3600
Lease time (Maximum) 3600
Default gateway
192.168.1.254
SWITCH(config)#

392 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.12.2.10. Checking Lease Data of each IP Pool

In order to check the assigned IP addresses of each IP Pool, use the following com-
mand.

Command Mode Function

Check the IP addresses assigned from

show ip dhcp pool summary pool-name Global
DHCP.

8.12.3. Blocking the Fixed IP

In SURPASS hiD 6615, it is possible to block to use IP Pool resources as fixed by us-
ing the assigned IP addresses without renewing them.

The following is the commands of blocking the user who uses IP address as fixed.

Command Mode Function

ip dhcp authorized-arp
Use IP address for lease-time. Blok the
{default-lease-timeㅣhalf-lease-timeㅣ
Global fixed IP.
max-lease-time}

no ip dhcp authorized-arp Release to block the fixed IP.

You can check the information of valid IP and invalid IP after enabling “ blocking the
fixed IP” function using the following commands.

Command Mode Function

Shows the assigned IP addresses through

show ip dhcp authorized-arp valid
the proper process.

Global Shows MAC address using the fixed IP

show ip dhcp authorized-arp invalid and the used IP address and the time of

blocking IP address.

DDJ:A-M-5212B0-01 393
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In order to deleted the data of fixed IP, use the following command.

Command Mode Function

clear ip dhcp authorized-arp inva-

Global Deletes the data of fixed IP.
lid

8.12.4. DHCP Packet Filtering

In SURPASS hiD 6615, it is possible to block the specific client with MAC address. If
the blocked MAC address by an administrator requests IP address, the server does not
assign IP. This function is to strength the security of DHCP server.

The following is the function of blocking to assign IP address to the port.

Command Mode Function

ip dhcp filter-port port-number Global Configure the port in order not to assign IP.

In order to release DHCP packet filtering, use the following command.

Command Mode Function

no ip dhcp filter-port port-number Global Release DHCP packet filtering.

The following is to designate MAC address which IP address is not assigned.

Command Mode Function

ip dhcp filter-address mac-address Global Block MAC-address in case of requesting

IP address.

In order to release DHCP mac-filtering, use the following command.

Command Mode Function

no ip dhcp filter-address mac-address Global Release DHCP mac-filtering.

394 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.12.5. Registering DNS Server that is common to all IP Pools

In order to register DNS server that is common to all IP Pools, use the following com-
mand in IP Pool mode.

Command Mode Function

ip dhcp default-config dns-server Register DNS server that is common to all

Global
ip-address 1 [ip-address 2] [ip-address 3] of IP Pools.

In order to delete the registered DNS server, use the following command.

Command Mode Function

no ip dhcp default-config dns-server ip- Delete DNS server.

address
Global
no ip dhcp default-config dns-server ip- Delete all registered DNS server..

address

8.12.6. Configuring IP Available Time that is common to all IP Pools

DHCP server administrator can configure IP available time that is common to all IP
Pools. This time is applied to all IP Pools if you don’t configure DNS server for IP Pools
seperately. The default time is an hour and the server sends Request Packet in order to
ask if DHCP clinet prolongs the time of using IP.

To configure available time of using IP, use the following command in Global Configura-
tion Mode.

Command Mode Function

ip dhcp default-config lease-time defalut Configure default time of using IP. The

<120-2147483637> time uint is second.

Global
ip dhcp default-config lease-time max Configure maximum time of using IP. The

<120-2147483637> time uint is second..

DDJ:A-M-5212B0-01 395
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In SURPASS hiD 6615, the default time for using IP address is 1 hour (3600 sec).

In order to release the the configured time, use the following command.

Command Mode Function

no ip dhcp default-config lease-time de- Release default attributes of pool.

fault Global

no ip dhcp default-config lease-time max maximum time of using IP.

8.12.7. Configuring DHCP Relay Agent

You can configure the system to forward IP address that is requested from DHCP cli-
ents in hiD 6615. It called the DHCP Relay agent. The DHCP Relay agent is of avail to
manage a wide DHCP subnet.

DHCP Server

Relay agent 1 Relay agent 2

※ PC=DHCP Client

PC PC PC PC PC PC

Subnet 1 Subnet 2

Fig. 8-49 An example of the Relay agent

The following is how to configure SURPASS hiD 6615 as DHCP Relay agent.

• Registering DHCP server

8.12.7.1. Registering DHCP server

After configuring SURPASS hiD 6615 as Relay agent, register DHCP server. In order to
register DHCP server, use the following command in Global Configuration Mode.

396 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

ip dhcp active relay server-address Register DHCP server and configure the user’s
Global
[server-address2] [server-address 3] switch as Relay agent.

The following is how to delete the registered DHCP server and configuring the user’s
switch as Relay agent.

Command Mode Function

Release the registered DHCP server and Relay

no ip dhcp active relay server-address
agent.
Global
Release all of the registered DHCP server and
no ip dhcp active relay all
Relay agent.

It is possible to register DHCP server up to 3. DHCP client can select IP address

among many IP addresses assigned from each server.

[ Sample Configuration 1 ]

The following is an example of configuring DHCP Relay and register DHCP server.

SWITCH(config)# ip dhcp mode relay 172.16.100.10

SWITCH(config)# show running-config
(Omitted)
ip dhcp mode relay 172.16.100.10
ip dhcp default-config dns-server 200.1.1.1
ip dhcp pool test

!
SWITCH(config)#

8.12.8. Configuring DHCP Snooping

hiD6615 switch offers an enhanced DHCP security feature, called DHCP snooping, that
allows Network Administrator to be able to utilize and configure the certain ports in or-
der to restrict access to only authorized traffic.
Enabling DHCP Snooping on the port will only permit authorized traffic and filter out all
other traffics which are not recorded in DHCP snooping table. For instance, once a user
gets DHCP address from the server, his IP address, MAC address and Lease Time are
stored in the DHCP snooping table. Only this IP address traffic is permitted and all
other users who have static IP address or don’t have dynamic assigned IP address will
be denied.

DDJ:A-M-5212B0-01 397
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

This feature is designed for isolating malicious activity and disallowing possible attacks
from unauthorized users.

8.12.8.1. Configuring DHCP Snooping on the Switch

When you configure DHCP snooping on your switch, use the following command

Command Mode Function

ip dhcp snooping Enables DHCP snooping function

Global
no ip dhcp snooping Disables DHCP snooping function

8.12.8.2. Removing IP Address of Entry from DHCP Snooping table

You are able to delete certain IP address in the DHCP snooping table. Once the entry is
removed from the table, the user must be re-authorized in order to continue to use the
network services.

Command Mode Function

clear ip dhcp snooping port-number ip-

address/m
Global Removes IP address of Entry.
clear ip dhcp snooping port-number

subnet-address/m

8.12.8.3. Designating DHCP Snooping port

To desinate DHCP Snooping port, use following command.

Command Mode Function

ip dhcp verify source port port-nuber Designates DHCP Snooping port

Global
no ip dhcp verify source port port-nuber Disables DHCP Snooping port

8.12.8.4. Displaying DHCP Snooping table

The DHCP snooping table contains IP address, MAC address and Lease Time that cor-
respond to the authorized IP address.

398 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To display DHCP snooping table, use the following command.

Command Mode Function

show ip dhcp snoop [port-number] Global Displays DHCP Snooping table.

8.12.9. Displaying DHCP Packet Statistics

In hiD6615 switch, user can check and delete DHCP packet statistics which transmitted
to other switches with below command.

Command Mode Function

show ip dhcp statistics Shows DHCP packet statistics.

Global
clear ip dhcp statistics Delets DHCP packet statistics information.

8.12.10. DHCP Option-82

As subscriber network is getting enlarged, DHCP server should assign IP addresses to

many subscribers. User can manage subscribers efficiently using DHCP Option-82. In
DHCP Option-82, DHCP Relay sends DHCP Request packets attaching Option-82 in-
formation and it authenticates the subscriber through this information. Through Option-
82, DHCP not only assigns IP address but also restricts access to server. Moreover it
provides differentiated service and enhances the security.

SURPASS hiD 6615 transmits port number and Remote ID with Option-82 to DHCP
server. The priority of port number is higher than that of Remote ID. When it receives
Request packet without Option-82 information, it attaches its information. In case Re-
mote ID recorded in Option-82 is same with MAC address of its system, it transmits
packets after removing Option-82 by designated port number.

DDJ:A-M-5212B0-01 399
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

The following is to show packet’s flow.

DHCP Server

④ DHCP Rspond+Option-82
② DHCP Request+Option-82

DHCP Relay Agent

(Option-82)

⑤ DHCP Respond
① DHCP Request

Fig. 8-50 Packet Flow in case of Using DHCP Option-82

8.12.10.1. Enabling DHCP Option-82

In order to enable DHCP Option-82 in hiD 6615, use the following command.

Command Mode Function

ip dhcp option82 Global Enables DHCP Option-82 function.

In order to disable DHCP Option-82, use the following command.

Command Mode Function

no ip dhcp option82 Global Disables DHCP Option-82 function.

In order to return into configuration mode, or to enter into Privilege Exec Enable Mode,
use the following commands.

Command Mode Function

exit Returns to Configuration mode.

Option-82
end Goes back right to Privilege Exec Enable Mode.

400 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

8.12.10.2. Configuring Option-82 Packet Policy

User can configure how to process the packets when DHCP Option-82 packets come
to DHCP server or DHCP relay agent. In order to configure the policy for Option-82
packet, use the following command in Option-82 configuration mode.

Command Mode Function

policy {dropㅣkeepㅣreplace} Option-82 Configures the policy for Option-82 packet.

In order to configure the policy for Option-82 packet, use the following command in Op-
tion-82 configuration mode. “drop” means to throw away Option-82 packet. “keep”
means that Relay agent transmits packets preserving Option-82 which the agent sends,
“replace” means to transmit by changing into it’s Option-82 information.

DHCP Server

④ DHCP Rspond+Option-82
② DHCP Request+Option-82

DHCP Relay Agent

(Option-82)

⑤ DHCP Respond
① DHCP Request

Fig. 8-51 Facket flow in cse of DHCP Option-82

It is possible to configure the rule for Option-82 packets when hiD 6615 is DHCP server
or DHCP Relay agent.

Basically the rule for Option-82 packet is configured as “keep”..

DDJ:A-M-5212B0-01 401
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.12.10.3. Configuring Remote-ID and the Number of Assigning IP Address

In order to configure remote-ID and designate the number of assigning IP address to

the remote-ID, use the following command. Remote-ID can be IP address or MAC ad-
dress.

Command Mode Function

remote-id ip ip-address lease-limit

<0-2147483637>

remote-id hex hexstring lease-limit Configures remote-ID and the num-

Option-82
<0-2147483637> ber of assigning IP address.

remote-id text Remote-id lease-limit

<0-2147483637>

To delete remote-ID and designate the number of assigning IP address for the remote-
ID, use the following command.

Command Mode Function

no remote-id ip ip-address lease-limit

no remote-id hexhexstring lease-limit Deletes remote-ID and the number of

Option-82
no remote-id text remote-id lease-limit assigning IP address.

no remote-id all lease-limit

8.12.10.4. Configuring Remote-ID and Pool

When the administrator configures the remote-id, he can also configure from where ip
addresses are assigned. To configure Remote-ID and IP Pool, use the following com-
mands.

Command Mode Function

remote-id ip ip-address pool pool-name

remote-id hex hexstring pool pool-name Option-82 Configures remote-ID and pool.

remote-id text remote-id pool pool-name

402 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To delete Remote-ID and IP Pool, use the following commands.

Command Mode Function

no remote-id ip ip-address pool pool-name

no remote-id binary hexstring pool pool-

name Option-82 Deletes remote-ID and pool.

no remote-id text remote-id pool pool-name

no remote-id all pool

8.12.10.5. Remote-ID, Circuit-ID and the Number of Assigning IP Address

In SURPASS hiD 6615, you can assign IP addresses by Remote-ID and Circuit-ID. If
you configure Remote-ID and Circuit-ID, the server assigns IP addresses for the pack-
ets having the designated Remote-ID and Circuit-ID. And you can also limit the number
of assigning IP address in this configuration. To assign IP address with Remote-ID and
Circuit-ID and limit the number of IP address, use the following commands.

Command Mode Function

remote-id ip ip address circuit-id hex hexstring lease-limit

<0-2147483637>

remote-id ip ip address circuit-id text circuit-id lease-limit

<0-2147483637>

remote-id ip ip address circuit-id index <0-65535> lease-

limit <0-2147483637>

remote-id hex hexstring circuit-id hex hexstring lease-limit

Assigns IP address
<0-2147483637>
with Remote-ID and
remote-id hex hexstring circuit-id text circuit-id lease-limit Option-
Circuit-ID and limits
<0-2147483637> 82
the number of IP ad-
remote-id hex hexstring circuit-id index <0-65535> lease-
dress
limit <0-2147483637>

remote-id text remote-id circuit-id hex hexstring lease-limit

<0-2147483637>

remote-id text remote-id circuit-id text circuit-id lease-limit

<0-2147483637>

remote-id text remote-id circuit-id index <0-65535> lease-

limit <0-2147483637>

DDJ:A-M-5212B0-01 403
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

To delete Remote-ID and Circuit-ID and the number of IP address, use the following
commands.

Command Mode Function

no remote-id ip ip address circuit-id hex hexstring lease-

limit

no remote-id ip ip address circuit-id text circuit-id lease-limit

no remote-id ip ip address circuit-id index <0-65535> lease-

limit

no remote-id ip ip address circuit-id all lease-limit

no remote-id hex hexstring circuit-id hex hexstring lease-

limit
Assigns IP address
no remote-id hex hexstring circuit-id text circuit-id lease-
with Remote-ID and
limit Option-
Circuit-ID and limits
no remote-id hex hexstring circuit-id index <0-65535> 82
the number of IP ad-
lease-limit
dress.
no remote-id hex hexstring circuit-id all lease-limit

no remote-id text remote-id circuit-id hex hexstring lease-

limit

no remote-id text remote-id circuit-id text circuit-id lease-

limit

no remote-id text remote-id circuit-id index <0-65535>

lease-limit

no remote-id text remote-id circuit-id all lease-limit

8.12.10.6. Remote-ID, Circuit-ID and Pool

In SURPASS hiD 6615, you can assign IP addresses by Remote-ID and Circuit-ID. If
you configure Remote-ID and Circuit-ID, the server assigns IP addresses for the pack-
ets having the designated Remote-ID and Circuit-ID. And you can also configure IP
Pool in this configuration.To assign IP address with Remote-ID and Circuit-ID and con-
figure IP Pool, use the following commands.

404 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

remote-id ip ip address circuit-id hex hexstring pool pool-name

remote-id ip ip address circuit-id text circuit-id pool pool-name

remote-id ip ip address circuit-id index <0-65535> pool pool-

name

remote-id hex hexstring circuit-id hex hexstring pool pool-

name
Assigns IP address
remote-id hex hexstring circuit-id text circuit-id pool pool-name
Option- with Remote-ID and
remote-id hex hexstring circuit-id index <0-65535> pool pool-
82 Circuit-ID and config-
name
ure IP Pool
remote-id text remote-id circuit-id hex hexstring pool pool-

name

remote-id text remote-id circuit-id text circuit-id pool pool-

name

remote-id text remote-id circuit-id index <0-65535> pool pool-

name

To delete Remote-ID and Circuit-ID and IP Pool, use the following commands.

Command Mode Function

no remote-id ip ip address circuit-id binary hexstring pool

no remote-id ip ip address circuit-id text circuit-id pool

no remote-id ip ip address circuit-id index <0-65535> pool

no remote-id ip ip address circuit-id all pool

no remote-id hex hexstring circuit-id hex hexstring pool Assigns IP address

no remote-id hex hexstring circuit-id text circuit-id pool Option- with Remote-ID and

no remote-id hex hexstring circuit-id index <0-65535> pool 82 Circuit-ID and config-

ure IP Pool.
no remote-id hex hexstring circuit-id all pool

no remote-id text remote-id circuit-id hex hexstring pool

no remote-id text remote-id circuit-id text circuit-id pool

no remote-id text remote-id circuit-id index <0-65535> pool

no remote-id text remote-id circuit-id all pool

DDJ:A-M-5212B0-01 405
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.12.10.7. Configuring System Remote-ID

In option-82 environment, the packet from the switch is transmitted with remote ID or
circuit ID. In SURPASS hiD 6615, remote ID is MAC address by default and circuit ID is
port number by default. Here, it is possible to change the form for remote ID and circuit
ID of the switch in easier way to recognize.

To change the form of Remote ID of the switch, use the following commands.

Command Mode Function

system-remote-id hex hexstring

system-remote-id ip ip-address Option-82 Configures remote-ID.

system-remote-id text remote-id

To change the form of Circuit ID of the switch,use the following command.

Command Mode Function

system-circuit-id port-number hex hex-

string

system-circuit-id port-number index <0- Option-

Configures circuit-ID.
65535> 82

system-circuit-id port-number text re-

mote-id

To disable to change the form fo Remote ID and Circuit ID, use the following command.

Command Mode Function

no system-remote-id Option-
Configures remote-ID.
no system-circuit-id port-number 82

8.12.10.8. DHCP Option 82 Trust

This feature prevents to be exhausted DCHP pool’s IP addresses from DHCP packet
with unexpected Option82 field information.
After issue ‘trust default deny’ command, you can control which Option82 field informa-
tion is valid or not.

406 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

To configure DHCP Option82 Trust, use the following commands.

Command Mode Function

trust default {deny l permit}

trust port port-number

DHCP
trust remote-id hex hexstring Configures DHCP Option82 Trust function
Option82
trust remote-id ip ip address

trust remote-id text remote-id

To diable DHCP Option82 Trust, use the following commands.

Command Mode Function

no trust port port-number

no trust remote-id hex hexstring DHCP

Disables DHCP Option82 Trust function
no trust remote-id ip ip address Option82

no trust remote-id text remote-id

8.12.11. Back-up DHCP lease database

In hiD 6615, it is possible to save DHCP lease data base. To Back-up DHCP lease da-
tabase,use the following command.

Command Mode Function

ip dhcp leasedb backup ip- address <1- Back-up DHCP lease database and config-

2147483637> Global ure the interval.

no ip dhcp leasedb backup Deletes Back up lease database.

8.12.12. DHCP Lease Database Reset

To reset the DHCP lease database, use the following commands.

Command Mode Function

clear ip dhcp leasedb ip-address/M Resets the DHCP lease database per subnet.
Enable/
clear ip dhcp leasedb pool pool-name Resets the DHCP lease database per IP pool.
Global
clear ip dhcp leasedb all Resets all the DHCP lease database .

DDJ:A-M-5212B0-01 407
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

8.13. Broadcast Storm Control

SURPASS hiD 6615 supports Broadcast Storm Control for Broadcast packet. Broad-
cast Storm is overloading situation of broadcast packets since they need major part of
transmit capacity. Broadcast storm may be often occurred because of difference of ver-
sions.For example, when there are mixed 4.3 BSD and 4.2 BSD, or mixed Appletalk
Phase I and Phase II in TCP/IP, Storm may be occurred.

Also, when information of routing protocol regularly transmitted from router is wrong
recognized by system, which does not support the protocol, Broadcast Storm may be
occurred.

Broadcast Storm Control is operated by system counts how many Broadcast packets
are there for a second and if there are packets over configured limit, they are discarded.

SURPASS hiD 6615 provides not only broadcast storm but also control of multicast and
DLF(Destination Lookup Fail) storm. In order to use control of muticast and DLF storm,
use the following commands. Then all configurations of Broadcast storm control will be
equally applied to all VLANs.

To enable multicast storm control and DLF storm control, use the following commands.

Command Mode Function

Enables broadcast, multicast, or dlf storm con-

storm-control {broadcast | multicast | trol respectively in a port with a user defined

Bridge
dlf} rate [port-number] rate. Rate value is from 1 to 262142 for FE, and

from 1 to 2097150 for GE

The default is enabled DLF storm control and disabled multicast storm control.

In order to disable multicast storm control and DLF storm control, use the following
commands.

Command Mode Function

no storm-control {broadcast | multi- Disables broadcast, multicast, or dlf storm con-

Bridge
cast | dlf} rate [port_number] trol respectively.

408 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to show Storm Control configuration, use the following command.

Command Mode Function

show storm-control Enable/Bridge Shows Storm Control configuration.

8.14. Jumbo-frame Capacity

The packet range that can be capable to accept is from 64 Bytes to 1,518 bytes. There-
fore, packets not between this range will not be taken. However, SURPASS hiD 6615
can accept Jumbo-frame larger than 1,518 bytes through user’s configuration.

In order to configure to accept Jumbo-frame larger than 1,158 bytes, use the following
command.

Command Mode Function

configures to accept Jumbo-frame between

jumbo-frame port-number <1518-9000> Bridge
specified range.

The maximum range it up to 10,000 bytes.

In order to disable configuration to accept Jumbo-frame, use the following command.

Command Mode Function

Disables configuration to accept Jumbo-

no jumbo-frame port-number Bridge
frame in specified port.

In order to view configuration of Jumbo-frame, use the following command.

Command Mode Function

show jumbo-frame Enable/Global/Bridge Shows configuration of Jumbo-frame.

DDJ:A-M-5212B0-01 409
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

[Sample Configuration 1]

The following is an example of configuration to accept Jumbo-frame under 2500 bytes

in port 1~10.

SWITCH# configure terminal

SWITCH(config)# bridge
SWITCH(bridge)# jumbo-frame 1-10 2500
SWITCH(bridge)# show jumbo-frame
port 1 : 2500 / 1522 (current/default)
port 2 : 2500 / 1522 (current/default)
port 3 : 2500 / 1522 (current/default)
port 4 : 2500 / 1522 (current/default)
port 5 : 2500 / 1522 (current/default)
port 6 : 2500 / 1522 (current/default)
port 7 : 2500 / 1522 (current/default)
port 8 : 2500 / 1522 (current/default)
port 9 : 2500 / 1522 (current/default)
port 10 : 2500 / 1522 (current/default)
port 11 : 1522 / 1522 (current/default)
port 12 : 1522 / 1522 (current/default)
port 13 : 1522 / 1522 (current/default)
port 14 : 1522 / 1522 (current/default)
port 15 : 1522 / 1522 (current/default)
port 16 : 1522 / 1522 (current/default)
(Omitted)
SWITCH(bridge)#

8.15. Blocking Direct Broadcast

RFC 2644 recommends that system blocks broadcast packet of same network band-
width with interfaceof equipment, namely Direct broadcast packet. Hereby, SURPASS
hiD 6615 supposed to block Direct broadcast packet by default setting. However, you
can enable or disable it in SURPASS hiD 6615. In order to block Direct broadcast
packet, use the following command.

Command Mode Function

no ip forward direct-broadcast Global Enables blocking Direct broadcast packet.

The default is enabled.

In order to disable blocking Direct broadcast packet, use the following command.

410 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

ip forward direct-broadcast Global Disables blocking Direct broadcast packet.

In order to view configuration about blocking Direct broadcast packet, use the following
command.

Command Mode Function

show running-config Enable/Global/Bridge/Interface Shows switch configuration.

The following is an example of blocking Direct broadcast packet and showing it.

SWITCH(config)# ip forward direct-broadcast

SWITCH(config)# show running-config
Building configuration...
(omitted)
!
ip forward direct-broadcast
!
no snmp
!
SWITCH(config)#

8.16. MTU

Different maximum value for the length of the data payload can be transmitted. User
can control Maximum Transmission Unit with below command.

Command Mode Function

mtu <64-1500> Configures different MTU size.

Interface
no mtu Return to the default MTU size

DDJ:A-M-5212B0-01 411
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9. IP Routing Protocol
This chapter describes on layer 3 switching and how to configure the switch for sup-
ported IP routing protocols. It is intended to provide enough information for a network
administrator to get the protocols up and running.

9.1. BGP Routing Protocol

BGP(Border Gateway Protocol) is, as defined in RFC 1163, 1267, EGP(Exterior Gate-
way Protocol) to connect to exterior Network. BGP manages routing information in net-
work so that AS(Autonomous System) can transmit and receive routing information.
BGP consists of network number, which packet is passed through and autonomous
system number.
SURPASS hiD 6615 supports BGP version 4 defined in RFC 1771. BGP version 4 pro-
vides Aggregate route by using CIDR(classless interdomain routing) to reduce size of
routing table. CIDR provides IP prefix, which is network address instead of IP address
on BGP network.

OSPF and RIP can also transmit CIDR path.

Switch, which takes BGP protocol, is intended to exchange AS(autonomous system)

and path reaching to AS between BGP equipments. By doing it, user can prevent rout-
ing Loop and take the most effective AS information.

User can configure MED(Multi Exit Discriminator) by using route map. When new rout-
ing information is transmitted to neighbor BGP, MED is passed without any change.
Thus, BGP routers located in same AS can select path with same standard.

9.1.1. Basic Configuration

BGP configuration is roughly divided into basic configuration and advanced configura-
tion. Basic configuration includes the following.

• Activating BGP
• Configuring BGP Neighbor Router
• Changing Routing Policy
• Configuring BGP Weights
• BGP Route Filtering
• AS Route Filtering
• BGP Route Filtering through Prefix Lists
• Blocking information Transmission to Next Destination

412 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

• Configuring BGP Version

9.1.1.1. BGP Routing

In order to activate BGP, perform the following steps.

Step 1 Enter into BGP router configuration mode by using the following command.
Then BGP will be activated.

Command Mode Function

router bgp <1-65535> BGP Config Assigns AS number to configure BGP routing.

AS number is an identification of autonomous system used for detecting the BGP con-
nection. AS number is a digit between 1 and 655367. AS number 65512 through 65535
are defined as private AS number. Private number cannot be advertised on the Config
Internet.

Step 2 Configure BGP network and register it in BGP routing table by using the fol-
lowing commands.

Command Mode Function

Configures backdoor route to reach to border

network prefix backdoor
Router router, which receives BGP information.

network prefix nlri [multicast | unicast] Decides where to send routing information.

9.1.1.2. Configuring BGP Neighbor Router

EGP should know neighbor router. Therefore BGP, as one of EGP, has to configure
neighbor router.
BGP neighbor router includes internal neighbor router, which is located in same AS and
external neighbor router, which is located in different AS. Usually, internal neighbor
router in same AS is not directly connected, but external neighbor router is directly con-
nected to share partner’s sub network.

In order to configure BGP neighbor router, use the following command.

Command Mode Function

neighbor ip-address remote-as number Router Configures BGP Neighbor router.

DDJ:A-M-5212B0-01 413
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9.1.1.3. Changing Routing Policy

Routing policy is to decide which information to receive and which information to pro-
vide through route-map, distribute-list and prefix-list when exchanging routing informa-
tion with neighbor router. When you change routing policy, you should modify routing
information to follow new policy by deleting routing information of old policy or resetting
default route.

In order to receive routing information of new policy, you need to configure inbound
reset, and in order to provide the information, you need to configure outbound reset.
When BGP router provides routing information of new policy, neighbor routers are sup-
posed to receive the information.

If both BGP router and neighbor router support route refresh capability, it is possible to
renew routing information by using inbound reset. This way has the following advan-
tages.

• No optional configuration of administrator

• No additional memory for changing routing information

In order to check if neighbor router supports route refresh capability, use the following
command.

Command Mode Function

Informs whether neighbor router supports route

neighbor {ip-addressㅣneighbor-tag} refresh capability. If neighbor router supports
Router
capability route-refresh the function, “Received route refresh capability
from peer.” will be displayed.

If all BGP routers support route refresh capability, user can receive route information by
using soft reset.

In order to configure routing information to follow new policy, use the following com-
mand.

Command Mode Function

Receives routing information of new policy. You

clear ip bgp [* | AS | address ] can configure network address to receive the

Enable information or AS. When you select asterisk(*), the
soft in
routing information will be received from all ad-
dresses.

414 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

No previous configuration is required for outbound reset. Routing information is resent

by using command, soft.

In order to provide routing information again, use the following command.

Command Mode Function

Operates route refresh capability in where routing

information is provided. You can configure net-

clear ip bgp [* | AS | address]
Enable work address or AS to send the information. When
soft out
you select asterisk(*), the routing information will

be sent to all addresses.

When administrator recoveries default routing policy from configured one, route refresh
capability is used. You do not have to delete configured policy one by one in case of
this function.

Meanwhile, if a router does not support route refresh capability, you should delete old
routing information by using “neighbor soft-reconfiguration”. However, you would
better take another way as possible because it may cause network problem.

If you do not want to reconfigure BGP information but create new information, you have
to save all incoming information to BGP network in BGP router without processing rout-
ing information in order. Please note that this way may cause overloading of memory.

Therefore you would better avoid it. On the other hand, memory is not required to pro-
vide changed information. After BGP router transmits new information, neighbor router
receives the information.

In order to change BGP configuration through saved routing policy, follow the below
steps.

Step 1 After reconfiguring BGP router, configure to save received information from
neighbor router. And then, all incoming information to BGP router will be saved.

Command Mode Function

neighbor ip-address soft-reconfiguration After reconfiguring BGP router, saves all

Router
inbound information from neighbor router.

DDJ:A-M-5212B0-01 415
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Step 2 Register new information in table by using saved information.

Command Mode Function

Registers new information in table by using

saved information. You can configure network

clear ip bgp [* | as-address] soft in Enable
address, AS, or all(*) for where to receive the

information.

In order to check it routing information is correctly changed through routing table and
BGP neighbor router, use the following command.

Command Mode Function

show ip bgp neighbors ip-address

Enable/ Shows information to transmit to neighbor
[advertised-routes | received-routes |
Global router or to receive from neighbor router.
routes]

9.1.1.4. Configuring BGP Weights

Weight is number assigned to route to decide route. It is available from 0 to 65534 only
in BGP. If you want to give priority to information from specific router, you can assign
higher weight to the information to do it. In order to configure BGP weight, use the fol-
lowing command.

Command Mode Function

Assigns weight to information from

neighbor ip-address weight <0-65534> Router
neighbor router.

9.1.1.5. Aborting AS Route

By default setting, SURPASS hiD 6615 uses AS to decide route. However, you can
change it to decide route as IETF.

In order to disregard length required to reach to AS in case of deciding route, use the
following command.

416 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

Disregards length required to reach to AS in

bgp bestpath as-path ignore Router
case of deciding route

9.1.1.6. BGP Route Filtering

If you want to block specific routing information in system, you can optionally receive in-
formation, which is transmitted to and received from neighbor router. In this case, user
should configure access list and prefix list. Then routing information will be filtered with
configured standard.
In order to filter BGP routing information, use the following command.

Command Mode Function

neighbor ip-address distribute-list Filters incoming or outgoing information through

Router
access-list-name {in | out} specific network by using Access list.

Distribute list can be used on only BGP internal network.

9.1.1.7. AS Route Filtering

As filtering information with network address on BGP network, it is possible to filter in-
formation going through AS. Policies applied to decide route are registered in access
list. In order to filter routing information with AS standard, configure filtering policy in
access list and apply the policy to neighbor router.

The following steps are instruction to filter routes in AS.

Step 1 Define specific AS in access list.

Command Mode Function

ip as-path access-list access-list-number

Global Defines specific AS in access list.
{permit | deny} expression

Step 2 Enter into Router configuration mode.

DDJ:A-M-5212B0-01 417
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Step 3 Apply defined access list to filter routing information, which AS transmits or re-
ceives.

Command Mode Function

neighbor ip-address filter-list Applies defined access list to filter routing in-
Router
access-list-number {in | out} formation, which AS transmits or receives.

Step 4 Define specific AS in access list.

Command Mode Function

ip as-path access-list access-list- Global Defines specific AS in access list.

number {permit | deny} expression

9.1.1.8. BGP Filtering through Prefix Lists

When you restrict BGP route, prefix list is preferred than access list because of the fol-
lowing reasons;

• saves time to search and apply data in case of massive filter lists.
• unlimited registration in filter lists.
• easy to use

Before applying prefix list, user should configure prefix list. User can assign number to
each policy registered in prefix list.

◆ Traffic Filtering Operation through Prefix Lists

Filtering through prefix list processes routing information in specific order by applying
policy defined in filter list. It is similar to access list but there are more detail rules as
follow;

• Allows all network information if there is no defined policy in prefix list.

• Rejects specified network information unless policy applied to network is defined in
prefix list.
• Distinguishes each policy with the assigned number and applies policy which has
the lowest number when there are more than one policy applied to one network.

Routers search policy in prefix list from the top in order. When they find required policy,

418 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

they sPrevileged searching. For faster operation, user can make quick search list on
the top of the list by using seq provided from ip prefix-list. In order to view assigned
number to policy, use the command, show ip prefix-list. Policies configured by user are
automatically assigned number. If you do not configure it, you should assign number to
each policy by using the command, ip prefix-list SEQ-VALUE.

◆ Making Prefix List

In order to create prefix list, use the following commands.

Command Mode Function

ip prefix-list name {deny|permit} [description Configures list name when creating

description] [seq value] prefix [ge value] [le value] prefix list.

ip prefix-list name {deny|permit} [description Creates prefix list to be applied to all

Global
description] [seq value] any networks.

Makes additional description to prefix

ip prefix-list name description description
list.

To create prefix list, you should select permit or deny..

◆ Creating Prefix List Policy

You can add policy to prefix list one by one. Use the following command.

Command Mode Function

ip prefix-list name seq value {deny|permit} any | Global Configures policy of prefix list and

prefix [ge value] [le value] } assigns number to the policy.

You can input ge and le optionally, and they are used when you configure more than
one network. If you do use neither ge nor le, network range is more clearly configured.
When only ge attribute us configured, network range is configured from ge-value, and
when only le attribute is configured, network range is configured from netmask to le-
value.

◆ Viewing Prefix List Policy

In order to view information about prefix table, use the following command.

DDJ:A-M-5212B0-01 419
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

show ip prefix-list [detail | summary] Shows prefix lists in detail or briefly.

show ip prefix-list [detail|summary] name Shows prefix list of specified name.

show ip prefix-list name [seq number] Shows policy of specified number.

Enable/
show ip prefix-list name [prefix] Shows policy applied to specified network.
Global
Shows all policies of prefix list applied to
show ip prefix-list name [prefix] longer
specified network.

show ip prefix-list name [prefix] first- Shows policy first applied to specified

match network.

◆ Deleting Number of Inquiring Prefix List

By default system records number how many times prefix list is inquired. In order to de-
lete the number, use the following command.

Command Mode Function

Deletes the number how many times prefix

clear ip prefix-list name [prefix] Enable
list is inquired.

9.1.1.9. Blocking information Transmission to Next Destination

It is possible to block new routing information transmitting to next destination. This func-
tion is useful when system is not connected to same IP network like Frame Relay.
There are two ways to bock new routing information transmitting to next destination as
follow;

• Configures another address instead of neighbor router address

• Receives information from neighbor through route map and local BGP router dis-
tributes information

◆ Blocking Routing Information through Another Address

In order to block routing information transmitting to next destination by configuring an-

other address instead of destination address, use the following command.

Command Mode Function

Blocks routing information transmitting to next

neighbor ip-address next-hop-self Router
destination.

420 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

This command informs router’s address instead of neighbor router address and makes
BGP routers transmit information with the address. It is more effective than assigning
specific address which to receive routing information.

◆ Blocking Routing Information through Routing Map

To make the next destination of BGP be neighbor router, use the command, set ip next-
hop. In order to configure neighbor router as the next destination of BGP, use the fol-
lowing command.

Command Mode Function

Specifies user’s BGP router connected neighbor router

set ip next-hop ip-address Route-map as the next destination of BGP and configure neighbor

router address as the next destination.

9.1.1.10. Configuring BGP Version

By default, system supports BGP version 4. It is also possible to change the version as
user needs.

In order to make a connection to neighbor router with specified BGP version, use the
following command.

Command Mode Function

neighbor ip-address version {4 | 4-} Router Configures BGP version to be used when

communicating with neighbor router..

9.1.2. Advanced Configuration

After finishing basic configuration, it is possible to do advanced configuration. It con-

tains the following sections.

• Changing Route through Route Map

• Configuring Aggregate Address
• Configuring BGP Community Filtering
• Assigning ID Number for Router
• Distributing Route to BGP

DDJ:A-M-5212B0-01 421
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

• Configuring Confederation of Routing Domain

• Configuring Route Reflector
• Configuration through Neighbor Commands
• Deactivating Neighbor Router
• Configuring Backdoor Route
• Deciding NLRI Type
• Configuring Distance Value
• Configuring BGP Timer
• Checking Import Network
• Configuring the First AS
• Changing Priority of Local Network
• Deciding Route based on Router ID
• Considering Route without MED as the Worst Route
• Deciding AS Route based on MED from ASs
• Deciding Confederation Route based on MED
• Deciding Route in Confederation based on MED
• Restoring Reflected Route
• Route Dampening
• Checking and Managing BGP

9.1.2.1. Changing Route through Route Map

You can process routes in specific order or change various attributes through route
map. It is possible for route map to apply both received information and distributed in-
formation.

Define route map and then it is possible to receive or distribute only matched routes to
route map. Routing information is processed in order; AS route first, then community,
and network number last.

To prescribe process term, AS route uses as-path access-list, community uses com-
munity-list and network uses ip access-list. In order to define route map, use the fol-
lowing command.

Command Mode Function

neighbor ip-address route-map Applies route map to route which to receive or

Router
route-map-name {in | out} distribute.

422 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

9.1.2.2. Configuring Aggregate Address

CIDR(Classless interdomain routing) has user create aggregate route or supernet to

minimize size of routing table. User can transmit aggregate route to BGP router or con-
figure aggregate route by using aggregate function. When there are more than one
route in BGP table, aggregate address is added to BGP table.

In order to configure aggregate address to routing table, use the following commands.

Command Mode Function

Creates aggregate address in BGP

aggregate-address prefix
Router routing table.

aggregate-address prefix summary-only Distributes only aggregated address.

9.1.2.3. Configuring BGP Community Filtering

BGP supports transmit policy distributing routing information. Distributing routing infor-
mation is operated based on not only community list but also IP address and AS route.
Community list makes community according to each destination and routing policy is
applied based on community standard. It helps configure BGP speaker that distributes
routing information.

Community is destination group that shares some common attributes. One destination
can be belonged to more than one community. As administrator can configure to which
community destination is belonged. By default, all destinations are configured to be in
internet community.

The other defined and well-known communities are as the below.

• no-export: Do not distribute this route to exterior BGP neighbor router

• no-advertise: (Either exterior or interior) Do not distribute this route to neighbor
router.
• local-as: Distribute this information to neighbor routers of low level AS located on
BGP united network. Do not distribute it to exterior router.

In order to create community list, use the following command.

Command Mode Function

ip community-list name {permit | deny} {community |

Global Creates community list.
local-AS | no-advertise | no-expert}

DDJ:A-M-5212B0-01 423
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

“community” is notated with a form, AA:NN as defined in RFC. AA is AS number and

NN is number of 2 bytes. In order to transmit community name to IP address of
neighbor router, use the following command.

Command Mode Function

Transmits community name to IP address of

neighbor ip-address send-community
Router neighbor router, which has specified IP ad-
[extended]
dress or specified neighbor-tag.

9.1.2.4. Assigning ID Number for Router

User can assign router ID number for BGP router, which transmits BGP route. If you
want delete this function and change to default ID number, use “no”.

Command Mode Function

bgp router-id address Router Assigns ID number for BGP router.

9.1.2.5. Distributing Route to BGP

It is possible to register route made in another place in BGP routing table. For instance,
it is possible to transmit connected route, kernel route, static route and route made by
routing protocol to BGP. This function is applied to all IP routing protocol.

In order to distribute route made in another place to BGP, use the following command.

Command Mode Function

redistribute {connected | kernel | static | Distributes routing information to BGP

Router
ospf | rip} [route-map TAG] table.

9.1.2.6. Configuring Confederation of Routing Domain

One way to reduce complicate multi-connection of BGP network is to divide one AS into
several small ASs and to group them into one confederation. To the outside, the con-
federation looks like a single AS. All systems in each AS are connected to each other,
but all they are not directly connected to another AS in same confederation. In this case,
communicating with neighbor router in another AS is considered as communicating with
interior BGP router. Especially, next destination, MED, and priority value in network
are applied as they are. In order to configure BGP confederation, you should configure
ID number for confederation. To the outside, a series of AS group looks like a single AS
which has each different confederation number.

424 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to configure BGP confederation, use the following command.

Command Mode Function

bgp confederation identifier as Router Configures BGP confederation.

In order to configure neighbor AS in confederation, use the following command.

Command Mode Function

bgp confederation peers as [as...] Router Configures neighbor AS in confederation.

9.1.2.7. Configuring Route Reflector

BGP requires that all of speaker routers in network be connected to each other. How-
ever, it is impossible when there are many speaker routers.

Instead of configuring a confederation, another way to reduce complicate multi-

connection of BGP network is to configure a route reflector.

By using route reflector, all BGP speaker routers do not need to be fully connected to
each other because it is possible to distribute transmitted route to neighbor route. Inte-
rior neighbor router distributes route to next destination.

In order to configure route reflector and client router, which receives the route, use the
following command.

Command Mode Function

neighbor ip-address route-reflector-client Router Configures local router as BGP route

router and neighbor router as client
router.

9.1.2.8. Configurations through Neighbor

To provide BGP routing information to lots of neighbors, you can configure BGP to re-
ceive information from neighbors by using access list. In order to configure BGP route
through neighbor, use the following commands.

DDJ:A-M-5212B0-01 425
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

Allows BGP communication although neighbor router is

neighbor ip-address ebgp-multihop
not connected to BGP network.

neighbor ip-address Configures how many BGP networks can be connect to

maximum-prefix maximum neighbor router.

neighbor ip-address weight weight Configures each weight of all routes.

neighbor ip-address distribute-list Assorts information exchanged to neighbor router ac-

access-list-name {in | out} cording to policy defined in access list.

neighbor ip-address filter-list

Configures BGP filter.
access-list-name {in | out}

neighbor ip-address next-hop-self Blocks BGP information to the next destination.

Configures BGP version to communicate with neighbor

neighbor ip-address version VALUE
router.

neighbor ip-address route-map

Applies route map to transmitted information.
name {in | out}

neighbor ip-address
Saves received information.
soft-reconfiguration inbound
Router
neighbor ip-address
Configures peer not to reflect changed route.
dont-capability-negotiate

Forces to configure route refresh capability, if neighbor

neighbor ip-address
router does not have it. When user configures override
strict-capability-match
capability, it is impossible to use strict capability match.

Does not configure AS number of neighbor router al-

neighbor ip-address transparent-as
though the neighbor router is external BGP network.

neighbor ip-address Configures not to display the next hop although peer is

transparent-nexthop external BGP network.

neighbor ip-address Makes peer to override another route on received

override-capability route.

neighbor ip-address port Assigns TCP port number to BGP network.

neighbor ip-address
Configures interface of neighbor router.
interface interface-name

neighbor ip-address route-server-

Configures neighbor router as route server.
client

426 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

Enables the exchange of information with BGP

neighbor ip-address activate
neighbor router.

neighbor ip-address remote-as Blocks routing information from specified

NUMBER passive neighbor router.

neighbor ip-address description

Describes relation of neighbor router.
text
Router
neighbor ip-address Forwards default route 0.0.0.0 from BGP router

default-originate to neighbor router.

neighbor ip-address send- Sends community attribute to specified

community neighbor router .

neighbor ip-address update-source Forwards internal BGP information to interface,

interface which is able to do TCP communication.

9.1.2.9. Deactivating Neighbor Router

In order to deactivate BGP neighbor router, use the following command.

Command Mode Function

neighbor ip-address shutdown Router Deactivates BGP neighbor router.

In order to activate BGP neighbor router again, use the following command.

Command Mode Function

no neighbor ip-address shutdown Router Activates BGP neighbor router.

9.1.2.10. Configuring Backdoor Route

You can configure which networks are reachable by using a backdoor route that the
border router should use. In order to configure border router, use the following com-
mand.

Command Mode Function

network ip-address backdoor Router Configures network available to be connected

through backdoor route.

DDJ:A-M-5212B0-01 427
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9.1.2.11. Deciding NLRI Type

In order to decide type of route for sending to neighbor router, use the following com-
mand.

Command Mode Function

network ip-address /m nlri

Router Decide type of route to send to neighbor router.
[ multicast | unicast multicast ]

9.1.2.12. Configuring Distance Value

Administrative distance is a measure of priority of each routing protocol. BGP uses

three kinds of administrative distance; external, internal and local.

Routes through exterior BGP are given exterior distance, routes through interior BGP
are given interior distance and routes through local BGP are given local distance.

In order to configure BGP distance, use the following commands.

Command Mode Function

distance bgp external internal local Router Configures BGP distance value.

Since it may be risky to change BGP distance, it is not recommended. The exterior dis-
tance should be lower than any other routing protocol, and the interior distance and lo-
cal distances should be higher than any other dynamic routing protocol.

9.1.2.13. Configuring BGP Timer

You need to configure BGP timer so that BGP can transmit keepalive message at regu-
lar interval and control it when there is no response from its destination. Keepalive
timer configured by BGP system is 60 seconds and holdtimer is 180 seconds. It is pos-
sible to configure monitor timer in all neighbor router.

In order to configure BGP timer for all neighbor routers, use the following command.

Command Mode Function

Configures time to check BGP router in regular interval

bgp scan-time seconds Router
for saving time to transmit routing information.

428 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to adjust BGP timer for specified neighbor router, use the following command.

Command Mode Function

neighbor ip-address Configures keepalive timer and holdtimer for specific

timers keepalive holdtimer peer.

Router
neighbor ip-address
Configures connection timer with neighbor router.
timers connect time

To delete time value configured in BGP neighbor router, use no neighbor timers com-
mand.

9.1.2.14. Checking Import Network

In order to check imported information from remote network, use the following com-
mand.

Command Mode Function

Checks imported information from remote network

bgp network import-check Router
on BGP network.

9.1.2.15. Configuring the First AS

In order to configure neighbor router as the first AS, use the following command.

Command Mode Function

bgp enforce-first-as Assigns number of the first AS to neighbor router. Checks im-
Router
number ported information from remote network on BGP network.

9.1.2.16. Changing Priority of Local Network

It is possible to make high preference low preference by changing priority of local net-
work. The default setting of priority is 100. In order to change priority of local network,
use the following command.

Command Mode Function

bgp default local-preference value Router Changes default priority of local network.

DDJ:A-M-5212B0-01 429
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9.1.2.17. Deciding Route based on Router ID

In order to select route of the lowest number as the optimized route among similar
routes from exterior BGP router, use the following command. If you recovery default
setting, use “no”.

Command Mode Function

bgp bestpath compare- Compares router ID numbers for AS to select proper

Router
routerid route among imported router from neighbor router.

9.1.2.18. Considering Route without MED as the Worst Route

In order to configure route without MED attribute as the worst route, use the following
command.

Command Mode Function

bgp bestpath med missing-as- Configures the router to consider a missing MED as
Router having a value of infinity, choosing a path among
worst
confederation paths.

9.1.2.19. Deciding AS Route based on MED from ASs

MED is one of the parameters that is considered when deciding the best route among
many alternative routes. Route with a lower MED is preferred over route with a higher
MED. By default, MED is compared just in same AS to decide the best route. To do it,
use the following command.

Command Mode Function

bgp always-compare-med Router Compares MED from other ASs.

9.1.2.20. Deciding Confederation Route based on MED

To configure router to consider MED value when deciding route, use the following
command.

Command Mode Function

Compares MED to decide the best route among

bgp bestpath med confed Router
routes from each different confederations.

430 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

9.1.2.21. Deciding Route in Confederation based on MED

In order to configure router to use MED to decide the best route among routes distrib-
uted by a single sub-AS in a confederation, use the following command.

Command Mode Function

Compares MED to decide the best route among

bgp deterministic-med Router
routes from ASs in confederation.

9.1.2.22. Restoring Reflected Route

In order save route reflection from BGP route reflector to clients, use the following
command.

Command Mode Function

Saves route reflection from BGP route reflector to

bgp client-to-client reflection Router
clients.

9.1.2.23. Route Dampening

Route dampening is designed not to distribute routes, which repeat being available and
unavailable. A route is considered to be flapping when it is repeatedly available, then
unavailable, then available, then unavailable, and so on.

1) Syntax Description of Route Dampening

The following descriptions are syntax descriptions of route dampening.

• Flap — Route repeats being available and unavailable.

• History state — Whenever a route flaps, it assigns a penalty and configure as "his-
tory state," meaning the router does not have the best path, based on historical in-
formation.
• Penalty — Each time a route flaps, the router configured for route dampening in
another AS assigns the route a penalty of 1000. Penalties are cumulative. The
penalty for the route is stored in the BGP routing table until the penalty exceeds the
suppress limit. At that point, the route state changes from "history" to "damp."
• Damp state — In this state, the route has flapped so often that the router will not

DDJ:A-M-5212B0-01 431
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

advertise this route to BGP neighbors.

• Suppress limit — A route is suppressed when its penalty exceeds this limit. The
default value is 2000.
• Half-life — Once the route has been assigned a penalty, the penalty is decreased
by half after the half-life time, which is 15 minutes by default. The process of reduc-
ing the penalty happens at 5 seconds interval.
• Reuse limit — As the penalty for a flapping route decreases and falls below this
reuse limit, the route is unsuppressed. That is, the route is added back to the BGP
table and once again used for forwarding. The default reuse limit is 750. The proc-
ess of unsuppressing routes occurs at 10-second increments. Every 10 seconds,
the router finds out which routes are now unsuppressed and advertises them to the
world.
• Maximum suppress limit — This value is the maximum amount of time a route
can be suppressed. The default value is 4 times the half-life.

2) Configuring Route Dampening

In order to configure BGP route dampening, use the following command.

Command Mode Function

bgp dampening Router Activates BGP route dampening.

In order to change the default values of various dampening factors, use the following
command.

Command Mode Function

Configures various factors for route dampening. Half-

bgp dampening half-life –
Router life time can be from 1 second to 45 seconds. And,
time [reuse-limit-value]
reuser limit can be from 1 to 2,000.

9.1.2.24. Checking and Managing BGP

User can delete all factors of cache, table and database. Also it is possible to display
specific statistics.

432 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

1) Deleting Cache, Table and Database

You can delete all contents of specific cache, table, and database when some factors
are invalid or unreliable. In order to delete cache, table or database, use the following
commands.

Command Mode Function

clear ip bgp { *ㅣ ip-address ㅣas- Reconfigures information about BGP neighbor

Enable
number} [in | outㅣsoft [inㅣout]] router, AS group, all(*) BGP connections.

2) Displaying System and Network Statistics

You can display specific statistics such as contents of BGP routing table, cache, and
database. Information provided can be used to determine resource utilization and solve
network problems. You can also display information about node reachability and dis-
cover the routing path your device's packets are taking through the network. In order to
display various routing statistics, use the following commands.

Command Mode Function

Shows peers to which the prefix has been ad-

show ip bgp prefix-list name
vertised.

Displays all BGP routes including subnetwork

show ip bgp cidr-only
and upper network.

show ip bgp community

Displays route belonged in specific community.
[number|local-AS|no-advertise Enable/
Community Number is formed as AA:NN.
| no-export] Global/

show ip bgp community-list Bridge

Shows all routes that are permitted by the
community-list-name [exact-
community list.
match]

show ip bgp community-info Displays all information of BGP community.

show ip bgp filter-list Shows routes that are matched by the specified

access-list-name autonomous system route in access list.

DDJ:A-M-5212B0-01 433
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

show ip bgp regexp Shows routes that match the specified regular

regular-expression expression entered on the command line.

show ip bgp attribute-info Shows all information of BGP attributes.

show ip bgp network Shows BGP routing table.

show ip bgp [network] Shows BGP routing table. longer-prefix pre-

[network -mask [longer-prefix]] sents more detail route.

show ip bgp neighbors Shows detail information on TCP and BGP

[ip-address] connections to individual neighbors.

Enable/ Shows information about the TCP and BGP

Global connections to neighbors. The advertised-

routes option displays all the routes the router

show ip bgp neighbors
has advertised to the neighbor. The received-
ip-address [advertised-routes |
routes option displays all received routes (both
received-routes | routes]
accepted and rejected) from the specified

neighbor. The routes option displays all routes

that are received and accepted.

show ip bgp paths Shows all BGP routes in database.

show ip bgp summary Shows all BGP connections.

9.2. OSPF Protocol

OSPF(Open shortest path first) is ) is an interior gateway protocol developed by the

OSPF working group of IETF(Internet Engineering Task Force). OSPF designed for IP
network supports IP subnetting and marks on information from exterior network.

Moreover, it supports packet authorization and transmits/receives routing information

through IP multicast. It is most convenient to operate OSPF on layered network.

The first thing you should do on OSPF network is to configure border router and AS
boundary router. And then, you need to configure basic setting to operate OSPF router
and interface in area.

When you customize OSPF router for user’s environment, you have to show that all
configurations are same in each router.

434 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

9.2.1. Enabling OSPF

In order to configure routing protocol in router, you need to enter into Router configura-
tion mode by taking the following steps.

Step 1 Enter into Router configuration mode.

Command Mode Function

router ospf Global Enters into Router configuration mode.

Step 2 Configure network ID of OSPF. Network ID decides IPv4 address of this net-
work.

Command Mode Function

router-id router-id Router Configures network ID of OSPF.

Step 3 Configures an interface on which OSPF runs and specifies the area ID or IP
address for that interface.

Command Mode Function

Configures OSPF area ID. OSPF Area-ID can

network ip-address /m area
Router be configured from 0 to 4294967295 or one of
{<0-4294967295> | Ip-address}
Ipv4 addresses.

After enabling OSPF, you can select the following items to configure.

• Configuring ABR Type

• Configuring Comparability
• Configuring OSPF Interface
• Configuring OSPF Network Type
• Configuring Non-broadcast Network
• Configuring Areas
• Configuring Representative Route between OSPF Areas
• Configuring Virtual Link
• Configuring Default Metric
• Configuring Interval to Calculate Route

DDJ:A-M-5212B0-01 435
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

• Configuring Interval to Transmit Route

• Route Transmit to OSPF Network
• Configuring Default Route
• Configuring OSPF Distance Value
• Blocking Information Transmit
• Blocking Renewed Information
• OSPF Monitoring and Management

9.2.2. Configuring ABR Type

As there are various OSPF versions, there are various OSPF configurations according
to equipments. In order to configure OSPF protocol of equipment, configure equipment
type named ABR by using the following command. Please note that SURPASS hiD
6615 is complied with RFC 2328.

Command Mode Function

abr-type {cisco | ibm | shortcut | standard} Router Configures ABR type.

9.2.3. Configuring Compatibility

Compatibility configuration enables the switch to be compatible with a variety of RFCs

that deal with OSPF. Perform the following task to support many different features
within the OSPF protocol.

Command Mode Function

compatible rfc1583 Router Supports function defined in RFC 1583.

9.2.4. Configuring OSPF Interface

You can alter certain interface-specific OSPF parameters as needed. You are not re-
quired to alter any of these parameters, but some interface parameters must be consis-
tent across all routers in an attached network.

Those parameters are controlled by “ip ospf hello-interval”, “ip ospf dead-interval”, and
“ip ospf authentication-key” commands.

Therefore, be sure that if you configure any of these parameters, the configurations for
all routers on your network have compatible values.

436 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Use the following commands to configure user’s environment.

Command Mode Function

Configures cost to transmit packets on OSPF inter-

ip ospf cost cost face. It is recorded as metric value3 of LSA and

used to calculate SPF.

Configures time to transmit route information to

ip ospf retransmit-interval
router connected to ODPF interface. The default is 5
second
seconds.

Configures time to provide route information from

OSPF interface. Max-age of LSA meaning available

ip ospf transmit-delay second
time increases in proportion to the time to transmit

information. The default is 1 second.

Configures priority of OSPF router. When high prior-

ip ospf priority number ity is configured, the router becomes destination

router of network. The default is 1.

Configures interval to transmit hello packet from

Interface
OSPF interface. All routers on same network should
ip ospf hello-interval second
have same interval value. The default is 10 sec-

onds.

Configures number of how many time hello packets

are not received to be considered as freezing of

ip ospf dead-count count OSPF router in neighbor routers. All routers on

same network should have same value. The default

is 4.

Configures password for OSPF routers’ authentica-

ip ospf authentication-key
tion on same networks. It can be configured up to 8
key
alphabet letters.

Configures password to be encrypted to MD5 by

ip ospf message-digest-key
OSPF routers. It can be configured up to sixteen
keyed md5 key
characters.

DDJ:A-M-5212B0-01 437
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9.2.5. Configuring Network OSPF Type

OSPF network is divided into three types as follow.

• Broadcast Network
• NBMA(Nonbroadcast multi-access) Network
• Point-to-point Network

It is possible to configure OSPF network as broadcast type or non-broadcast type. For

example, if user’s network does not support multicasting, it is possible to configure
broadcast network as non-broadcast type. Conversely, it is also possible to configure
NBMP network such as frame relay as broadcast type. To operate network as NBMA
type, all routers should be connected through virtual circuit. However, it is possible to
connect to some part of OSPF network with using virtual circuit through point-to-
multipoint function so that network management cost can be saved. Two routers that
are not directly connected should transmit and receive routing information through in-
termediate router. So, you do not have to configure neighbor router anymore.

The followings are features of OSPF point-to-multipointing type.

IP source is economized because you do not have to assign Neighbor router and there
is no additional process to configure designated router.
• Management cost is saved because it does not need to be linked with all router on
network like a spider's thread.
• It can provide more stable network service since it can communicate even when
virtual circuit is disconnected.

In order to configure OSPF network type, use the following command.

Command Mode Function

ip ospf network {broadcast | non-broadcast Configures OSPF network type in OSPF

Interface
| (point-to-multipoint | point-to-point)} interface.

9.2.6. Configuring Non-broadcast Network

As there might be many routers attached to an OSPF network, a designated router is

selected for the network. It is necessary to select designated router to transmit routing
information if broadcast capability is not configured. To configure router communicated
by non-broadcast type, use the following command.

438 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

neighbor ip-address [priority <0-255>ㅣ Configures router communicated by non-

Router
poll-interval <1-65535>] broadcast type.

9.2.7. Configuring Area

You can configure several area parameters including authentication, defining stub ar-
eas, and assigning specific costs to the default route. Authentication allows password-
based protection against unauthorized access to an area. Stub areas are areas into
which information on external routes is not sent. Instead, there is a default external
route generated by the area border router, into the stub area for destinations outside
the autonomous system. To further reduce the number of link state advertisements sent
into a stub area, “no-summary” configuration on the ABR is allowed to prevent it from
sending summary link advertisement into the stub area.

Use the following commands as you need. The parameter, “area-id” can be formed as
IP address or from 0 to 4,294,967,295.

Command Mode Function

area area-id authentication Enables authentication for an OSPF area.

area area-id authentication

Enables MD5 authentication for an OSPF area.
message-digest

area area-id stub [no-summary] Defines an area to be a stub area.

Assigns a specific cost to the default summary

area area-id default-cost cost
route used for the stub area.
Router
Configures which policy will be transmitted to
area area-id export-list access-list
another area.

Configures a policy used in the other area to

area area-id import-list access-list
be received.

area area-id shortcut {default Configures the shortest route to go through

|disable |enable} specified area.

9.2.8. Configuring Representative Route between OSPF Areas

Through route summarization, you can configure ABR to transmit single summarized
route to other areas. In OSPF, ABR transmits network information of an area to other
areas. When the networks’ addresses are in consecutive range, you can configure a
representative address including each network as network route.

DDJ:A-M-5212B0-01 439
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

In order to configure network’s address, use the following commands.

Function Mode Function

Configures network range that can be adver-

area area-id range {ip-addressㅣip-
tised as a representative route. arid-id can be
address/m} not-advertised
Router from o to 4,294,967,295.

area id-id range ip-address {suppress | Configures network range that does not

substitute ip-address} transmit route information.

9.2.9. Configuring Virtual Link

In OSPF, all areas must be connected to a backbone area. If there is a break in back-
bone continuity, or the backbone is purposefully portioned, you can establish a virtual
link.

The virtual link must be configured in both routers. The configuration information in
each router consists of the other virtual endpoint, and the nonbackbone area that the
two routers have in common (called the transit area). Note that virtual link cannot be
configured through stub areas.

In order to create a virtual link, perform the following task in router configuration mode.
The parameter, “area-id” can be formed as IP address or from 0 to 4,294,967,295.

Command Mode Function

Creates virtual link. hello-interval can be

area area-id virtual-link router-id-
configured from 1 to 65535 seconds, re-
address hello-interval time retransmit-
Router transmit-interval is from 3 to 65535 seconds,
interval time transmit-delay time
transmit-delay is from 1 to 65535 seconds,
dead-interval time
and dead-interval is from 1 to 255 seconds.

9.2.10. Configuring Default Metric

OSPF calculates metric based on interface bandwidth. For example, default metric of
T1 link is 64, but default metric of 64K line is 1562.

If there are plural lines in the bandwidth, you can view costs to use line by assigning
metric to each line. In order to classify costs to use line, use the following command.

440 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

auto-cost reference-bandwidth Classifies bandwidth provided by each line.

reference-bandwidth Router It can be configured from 1Mbit/s to

4,294,967Mbir/s.

9.2.11. Configuring Interval to Calculate Route

After notice of OSPF network organization changed, you can configure interval to cal-
culate route, which starts calculating ‘the shortest path first’. In order to configure the in-
terval, use the following command.

Command Mode Function

Configures interval to calculate route. Delay Time and

timers spf spf-delay spf-hold Router
Hold Time can be configured from 0 to 4294967295.

9.2.12. Configuring Route Transmit Interval

The originating router keeps track of LSAs and performs refreshing LSAs when a re-
fresh timer is reached. You can configure the refresh time when OSPF LSAs gets re-
freshed and sent out. In order to do this, use the following command.

Command Mode Function

refresh timer <10-1800> Router Configures interval to renew routing information.

9.2.13. Route Transmit to OSPF Network

Redistributing routes into OSPF from other routing protocols, static, kernel or from con-
nected devices will cause these routes to become OSPF external routes.
In order to redistribute routes into OSPF, use the following tasks associated with route
redistribution.

Command Mode Function

redistribute {kernel | connected | static

| rip | bgp} [metric value] [metric-type Transmits external route to OSPF network.

(1|2)][route-map tag] Router

Configures same route from 0 to 16777214

default-metric number
for all external route transmitted to OSPF.

DDJ:A-M-5212B0-01 441
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9.2.14. Configuring Default Route

You can configure Autonomous System Boundary router to transmit default route to
OSPF network. Autonomous System Boundary router transmits route created exter-
nally to OSPF network. However, it does not create system default route.
In order to have autonomous System Boundary router create system default route, use
the following command.

Command Mode Function

default-information originate Makes Autonomous System Boundary router

Router
[metric value] [metric-type (1|2)] create system default route in OSPF.

9.2.15. Configuring OSPF Distance

An administrative distance is a rating of the trustworthiness of a routing information

source, such as an individual router or a group of routers. Numerically, an administra-
tive distance is an integer between 0 and 255. In general, the higher the value is, the
lower the trust rating is. An administrative distance of 255 means the routing informa-
tion source cannot be trusted at all and should be ignored.
OSPF uses three different administrative distances: intra-area, inter-area, and external.
Routes learned through other domain are external, routes to another area in OSPF
domain are inter-area, and routes inside an area are intra-area. The default distance for
each type of route is 110.

In order to change any of the OSPF distance values, use the following commands.

Command Mode Function

distance ospf {external distance 1 | inter-area distance Changes OSPF distance

Router
2 | intra-area distance 2} value.

9.2.16. Blocking Information Transmit

Interface configured as passive in OSPF network is operated like stub network. There-
fore, it is impossible to transmit and receive OSPF routing information in passive inter-
face. In order to block routing information in interface, use the following command.

Command Mode Function

passive-interface interface-name Router Configures not to transmit routing information in

specified interface.

442 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

9.2.17. Blocking Renewed Information

To block OSPF routing information to other routers, you should configure to block re-
newed routing information. Please note that this function can be configured only for ex-
ternal routes.

In order to block renewed routing information, use the following command.

Command Mode Function

distribute-list name out {bgp | Distributes or blocks renewed routing information

Router
connected | kernel | rip | static} according to policy configured in Access list.

9.2.18. OSPF Monitoring and Management

You can view all kinds of statistics and database recorded in IP routing table. These in-
formation can be used to enhance system utility and solve problem in case of trouble.

You can check network connection and routes that data went through when transmitting
data also.In order to view routing statistics, use the following commands.

Command Mode Function

Shows overall information about OSPF routing

show ip ospf
operation.

show ip ospf database option Shows information about OSPF database.

Shows OSPF routing information to ABR(Area

show ip ospf border-routers Border Router) and ASBR(Autonomous System

Enable/ Boundary Router).

Global Shows routing information recorded in OSPF

show ip ospf route
routing table.

show ip ospf interface

Shows OSPF interface information.
interface-name

show ip ospf neighbor Shows information of neighbor router communi-

[neighbor id | interface-name] cated with OSPF router.

When network trouble is occurred, you can find what the cause is by using debugging
command.In order to view OSPF information, use the following commands.

DDJ:A-M-5212B0-01 443
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

Command Mode Function

debug ospf packet {hello | dd | ls-

Shows information of each packet. The informa-
ack | ls-request | ls-update | all}
tion includes OSPF packet and the data.
[send | recv [detail]]

Shows information about OSPF operation such as

OSPF neighbor router, transmitted information,

debug ospf event
deciding destination router, calculating the short-

est route, and so on.

debug ospf ism Shows information transmitted in OSPF internal

[events | status | timers] area and the shortest route.

Global
debug ospf packet {hello | dd | ls-
Shows information transmitted by OSPF and cal-
ack | ls-request | ls-update | all}
culating the shortest route.
[send | recv [detail]]

debug ospf event Shows information about OSPF neighbor router.

debug ospf ism

Shows OSPF NSSA information.
[events | status | timers]

debug ospf packet {hello | dd | ls-

ack | ls-request | ls-update | all} Shows debugging message about OSPF.

[send | recv [detail]]

9.3. RIP Protocol

RIP(Routing Information Protocol) is a relatively old, but still commonly used,

IGP(Interior Gateway Protocol) created for use in small, homogeneous networks. It is a
classical distance-vector routing protocol with using hop count. RIP is documented in
RFC 1058.

RIP uses broadcast UDP(User Datagram Protocol) data packets to exchange routing
information. The OS software sends routing information updates every 30 seconds.
This process is termed advertised. If a router does not receive an update from another
router for 180 seconds or more, it marks the routes served by the nonupdating router
as being unusable. If there is still no update after 120 seconds, the router removes all
routing table entries for the nonupdating router.

The metric that RIP uses to rate the value of different routes is hop count. The hop
count is the number of routers that can be traversed in a route. A directly connected
network has a metric of zero; an unreachable network has a metric of 16. This small
range of metrics makes RIP an unsuitable routing protocol for large networks.

444 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

A router that is running RIP can receive a default network via an update from another
router that is running RIP, or the router can source (generate) the default network itself
with RIP. In both cases, the default network is advertised through RIP to other RIP
neighbors.

RIP sends updates to the interfaces in the specified networks. If an interface's network
is not specified, it will not be advertised in any RIP update. The system supports RIP
version 1and 2.

9.3.1. Enabling RIP

To use RIP protocol, you should enable RIP.

Step 1 Enter into Router configuration mode by using the following command.

Command Mode Function

router rip Global Enters into Router configuration mode and operates

RIP routing protocol.

Step 2 Configure network to operate as RIP.

Command Mode Function

network {ip-address | interface-name} Router Configures network to operate as RIP.

The command “network ip-address” enables RIP interfaces between certain numbers
of a special network address. For example, if the network for 10.0.0.0/24 is RIP en-
abled, this would result in all the addresses from 10.0.0.0 to 10.0.0.255 being enabled
for RIP. RIP packet is transmitted to port specified with the command, “network inter-
face-name”.

• Configuring RIP Neighbor Router

• Configuring RIP Version
• Creating Static Route available only for RIP
• Transmitting Routing Information

DDJ:A-M-5212B0-01 445
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

• Configuring Metrics for Redistributed Routers

• Configuring Administrative Distance
• Configuring Default Route
• Routing Information Filtering
• Configuring Time
• Activating and Deactivating Split-horizon
• Managing Authentication Key
• Monitoring and Managing RIP

9.3.2. Configuring RIP Neighbor Router

Since RIP is broadcast protocol, routers should be connected to transmit routing infor-
mation of RIP to non-broadcast network. In order to configure neighbor router to trans-
mit RIP information, use the following command.

Command Mode Function

neighbor ip-address Configure neighbor router to transmit routing

Router
information.

You can block routing information to specific interface by using passive-interface

command.

9.3.3. Configuring RIP Version

Siemens’ routers basically support RIP version 1 and 2. However, you can configure to
receive only version 1 type packet or only version 2 type packet. In order to configure
RIP version, use the following command.

Command Mode Function

version {1 | 2} Router Configures version to transmit one of RIP 1 type packet and

RIP 2 type packet.

The preceding task controls default RIP version settings. You can override the routers
RIP version by configuring a particular interface to behave differently. To control which
RIP version an interface sends, perform one of the following tasks after entering into
RIP interface configuration mode.

446 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

Command Mode Function

ip rip send version 1 Transmits only RIP version 1 type packet in the interface.

ip rip send version 2 Interface Transmits RIP version 2 type packet on the interface.

ip rip send version 1 2 Transmits RIP version 1 and 2 type packets.

Similarly, to control how packets received from an interface are processed, perform one
of the following tasks.

Command Mode Function

ip rip receive version 1 Receives only RIP version 1 type packet in the interface.

ip rip receive version 2 Interface Receives only RIP version 2 type packet on the interface.

ip rip receive version 1 2 Receives RIP version 1 and 2 type packets.

9.3.4. Creating Static Route available only for RIP

This feature is provided only by Siemens’ route command creates static route available
only for RIP. If you are not familiar with RIP protocol, you would better use redistribute
static command.

Command Mode Function

route ip-address/m Router Creates static route available only for RIP.

9.3.5. Transmitting Routing Information

SURPASS hiD 6615 can redistribute routing information from a source route entry into
the RIP tables. For example, you can instruct the router to re-advertise connected, ker-
nel, or static routes as well as routing protocol-derived routes. This capability applies to
all the IP-based routing protocols.

In order to redistribute routing information from a source route entry into the RIP table,
use the following command.

Command Mode Function

redistribute {connected | kernel | static

Registers transmitted routing information
| ospf | bgp} [metric value | route-map Router
in another router’s RIP table.
tag]

DDJ:A-M-5212B0-01 447
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

You may also conditionally control the redistribution of routes between the two domains
using “route map” command. In order to define a route map for redistribution, use the
following command.

Command Mode Function

route-map tag {deny | permit} sequence-number Global Creates route map.

One or more match and set commands typically follow a route-map command. If there
are no match commands, then everything matches. If there are no set commands,
nothing is done. Therefore, you need at least one match or set command. To define
conditions for redistributing routes from a source route entry into the RIP tables, per-
form at least one of the following tasks in route-map configuration node.

Command Mode Function

match interface interface-name Transmits information to only specified interface.

match ip address {access-list-name| Transmits information matched with access-list or

prefix-list ip-address-name} prefix-list.

match ip next-hop {access-list- Transmits information to only neighbor router in

Route
name | prefix-list ip-address-name} access-list or prefix-list.
-map
match metric metric-value Transmits information matched with specified

metric.

ip next-hop ip-address Configures Neighbor router address.

metric <1-2147483647> Configures metric value.

9.3.6. Configuring Metrics for Redistributed Routes

The metrics of one routing protocol do not necessarily translate into the metrics of an-
other. For example, the RIP metric is a hop count and the OSPF metric is a combina-
tion of five quantities. In such situations, an artificial metric is assigned to the redistrib-
uted route. Because of this unavoidable tampering with dynamic information, carelessly
exchanging routing information between different routing protocols can create routing
loops, which can seriously degrade network operation.

In order to set metrics for redistributed routes, use the following command.

Command Mode Function

default-metric value Configures same metric for all route transmitted

Router
by routing protocol.

448 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The metric of all protocol can be configured from 0 to 4294967295. It can be configured
from 1 to 16 for RIP.

9.3.7. Configuring Administrative Distance

Distance value represents confidence of routing information created by router. In large

scaled network, some routing protocols or routing information may be more confident
than other protocols or routers. Therefore, although a router has many routing protocols,
the most confident route can receive routing information. When user configures dis-
tance value, router can find where routing information is created. Router always selects
route created by routing protocol of the smallest distance value . Each network has its
own features. So, there is no general rule for distance configuration. You should con-
sider overall network to configure distance value.

In order to configure distance value, use the following command.

Command Mode Function

distance value [ip-address/M [access-list-name]] Router Configures distance value.

9.3.8. Creating Default Route

You can force an autonomous system boundary router to generate a default route into
an RIP routing domain. Whenever you specifically configure redistribution of routes into
an RIP routing domain, the router automatically becomes an autonomous system
boundary router. However, an autonomous system boundary router does not, by default,
generate a default route into the RIP routing domain.

In order to force the autonomous system boundary router to generate a default route,
use the following command.

Command Mode Function

Forces the autonomous system boundary router to

default-information originate Router
generate a default route into the RIP routing domain.

DDJ:A-M-5212B0-01 449
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9.3.9. Routing Information Filtering

You can filter routing protocol information by performing the following tasks.

• Suppress sending of routing updates on a particular router interface. This is done

to prevent other systems on an interface from learning about routes dynamically.
• Apply an offset to routing metrics. This is done to provide a local mechanism for in-
creasing the value of routing metrics.

9.3.9.1. Blocking Outgoing Routing Information to Interface

To prevent other routers on a local network from learning about routes dynamically, you
can keep routing update messages from being sent through a router interface. This fea-
ture applies to all IP-based routing protocols except BGP.

Command Mode Function

passive-interface interface-name Router Blocks routing information from interface

of router.

9.3.9.2. Configuring Offset List

An offset list is the mechanism for increasing incoming and outgoing metrics to routes
learned via RIP. You can limit the offset list with an access list.

In order to increase the value of routing metrics, use the following command.

Command Mode Function

offset-list access-list-name {in | out} metric

Router Applies an offset to routing metrics.
[interface]

9.3.10. Configuring Time

Routing protocols use several timers that determine such variables as the frequency of
routing updates, the length of time before a route becomes invalid, and other parame-
ters. You can adjust these timers to tune routing protocol performance to better suit
your internet needs. The default settings for the timers are as follows.

450 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

The update timer is 30 seconds. Every update timer seconds, the RIP process is
awakened to send an unsolicited response message containing the complete routing
table to all neighboring RIP routers.
The timeout timer is 180 seconds. Upon expiration of the timeout, the route is no longer
valid; however, it is retained in the routing table for a short time so that neighbors can
be notified that the route has been dropped.
The garbage collect timer is 120 seconds. Upon expiration of the garbage-collection
timer, the route is finally removed from the routing table.

In order to adjust the timers, use the following command.

Command Mode Function

timers basic update timeout garbage Router Adjusts routing protocol timers.

9.3.11. Activating and Deactivating Split-horizon

Normally, routers that are connected to broadcast-type IP networks and that use dis-
tance-vector routing protocols employ the split horizon mechanism to reduce the possi-
bility of routing loops. Split horizon blocks information about routes from being adver-
tised by a router out any interface from which that information originated. This behavior
usually optimizes communications among multiple routers, particularly when links are
broken. However, with nonbroadcast networks, such as Frame Relay, situations can
arise for which this behavior is less than ideal. For these situations, you might want to
disable split horizon.

If an interface is configured with secondary IP addresses and split horizon is enabled,

updates might not be sourced by every secondary address. One routing update is
sourced per network number unless split horizon is disabled.

In order to activate or deactivate or disable split horizon, perform the following tasks in
interface configuration mode.

Command Mode Function

ip split-horizon Activates Split horizon.

Interface
no ip split-horizon Deactivates Split horizon.

DDJ:A-M-5212B0-01 451
UMN:CLI User Manual
SURPASS hiD 6615 R1.0

9.3.12. Managing Authentication Key

RIP Version 1 does not support authentication. If you are sending and receiving RIP
Version 2 packets, you can enable RIP authentication on an interface.

The key chain determines the set of keys that can be used on the interface. If a key
chain is not configured, plain text authentication can be performed using string com-
mand.

We support two modes of authentication on an interface for which RIP authentication is

enabled: plain text authentication and MD5 authentication. The default authentication in
every RIP Version 2 packet is plain text authentication.

Do not use plain text authentication in RIP packets for security purposes, because the
unencrypted authentication key is sent in every RIP Version 2 packet. Use plain text au-
thentication when security is not an issue, for example, to ensure that misconfigured
hosts do not participate in routing.

In order to configure RIP authentication, use the following commands.

Command Mode Function

ip rip authentication key-chain

Activates RIP authentication.
name

Configures the interface to use MD5 digest

ip rip authentication mode
authentication or let it default to simple pass-
{text | md5} Interface
word authentication.

Configures the interface with plain text authen-

ip rip authentication string string tication. The string must be shorter than 16

characters.

9.3.13. Monitoring and Managing RIP

You can display specific router statistics such as the contents of IP routing tables, and
databases. Information provided can be used to determine resource utilization and
solve network problems. You can also discover the routing path your router’s packets
are taking through the network.

452 DDJ:A-M-5212B0-01
User Manual UMN:CLI
SURPASS hiD 6615 R1.0

In order to display various router statistics, use the following commands.

Command Mode Function

show ip rip Shows RIP information being used in router.

show ip route rip Shows routing table information concerned with RIP.
Enable/Global
Shows current status of using RIP protocol and the
show ip protocols
information.

To quickly diagnose problems, the command, “debugging” is meaningful and useful to

customers. Use the following commands to display information on RIP routing transac-
tions.

Command Mode Function

Shows RIP event such as packet transmit and

debug rip events
sending and changed RIP information.

Shows more detail information about RIP packet.

debug rip packet [recv | send]
Global The information includes address of packet
debug rip packet [recv | send] detail
transmission and port number.

Shows all information configured for RIP debug-

show debugging rip
ging.

DDJ:A-M-5212B0-01 453

1400 Programmers Manual
100% (1)
1400 Programmers Manual
694 pages
Programming PABX SV308 Guide
0% (2)
Programming PABX SV308 Guide
5 pages
User Manual6610
No ratings yet
User Manual6610
471 pages
User Manual of TEM912 Digital Test Hammer-2023
No ratings yet
User Manual of TEM912 Digital Test Hammer-2023
26 pages
Dax Router Guide
100% (4)
Dax Router Guide
508 pages
Windows Kernel Programming (1st Edition) by Pavel Yosifovich
100% (2)
Windows Kernel Programming (1st Edition) by Pavel Yosifovich
392 pages
Vi30208 User Manual
No ratings yet
Vi30208 User Manual
215 pages
BIOLOGIA Lumbreras
100% (1)
BIOLOGIA Lumbreras
382 pages
ManualOperacion SerialCommunicationsUnits PDF
No ratings yet
ManualOperacion SerialCommunicationsUnits PDF
739 pages
Hi Com 150 Prog Guide
No ratings yet
Hi Com 150 Prog Guide
1,436 pages
Dax Router Guide PDF
100% (1)
Dax Router Guide PDF
508 pages
Microsoft Excel - Wikipedia
No ratings yet
Microsoft Excel - Wikipedia
28 pages
Of 1000 MM
No ratings yet
Of 1000 MM
254 pages
Data Science - Sem6
100% (3)
Data Science - Sem6
118 pages
PWM Micrologix1100 - 1763-rm001 - En-P PDF
No ratings yet
PWM Micrologix1100 - 1763-rm001 - En-P PDF
618 pages
Load Line 2
No ratings yet
Load Line 2
55 pages
3EM23956ALAATQZZA02 - V1 - 9500 MPR-A R4.1.0 Maintenance and Trouble Clearing
No ratings yet
3EM23956ALAATQZZA02 - V1 - 9500 MPR-A R4.1.0 Maintenance and Trouble Clearing
402 pages
9500 MPR-A R4 2 0 Maintenance - TroubleClearing 3EM23956AMAA - 01 PDF
100% (2)
9500 MPR-A R4 2 0 Maintenance - TroubleClearing 3EM23956AMAA - 01 PDF
432 pages
DGS-3100-48 User Manual 2.30 en
No ratings yet
DGS-3100-48 User Manual 2.30 en
244 pages
Operating Manual
No ratings yet
Operating Manual
109 pages
DGS-1100-06ME CLI Guide v1.0
No ratings yet
DGS-1100-06ME CLI Guide v1.0
275 pages
Cr30 Allen Bradley
No ratings yet
Cr30 Allen Bradley
190 pages
Setpointps Configuration Software: Programming Manual
No ratings yet
Setpointps Configuration Software: Programming Manual
98 pages
Manikandan-Software Testing Engineer
No ratings yet
Manikandan-Software Testing Engineer
1 page
DGS-3100 Series User Manual v1.00
No ratings yet
DGS-3100 Series User Manual v1.00
181 pages
CP10G 04 0045 Operator Panel Uniop Manual
100% (1)
CP10G 04 0045 Operator Panel Uniop Manual
70 pages
Chapter 1 - The Importance of MIS
100% (1)
Chapter 1 - The Importance of MIS
47 pages
TM-1202 AVEVA Plant 12.1 Piping Catalogues & Specifications 2.0
No ratings yet
TM-1202 AVEVA Plant 12.1 Piping Catalogues & Specifications 2.0
254 pages
BSPLCML
No ratings yet
BSPLCML
762 pages
Sdffsadadsf
No ratings yet
Sdffsadadsf
226 pages
DT 3808 Fulcrum PDF
No ratings yet
DT 3808 Fulcrum PDF
110 pages
Lesson Plan # 9: Subject: Computer Science Grade: 10 Time: 30 Min
No ratings yet
Lesson Plan # 9: Subject: Computer Science Grade: 10 Time: 30 Min
3 pages
DGS-3100 Series - User - Manual - v3.6 (WW) PDF
No ratings yet
DGS-3100 Series - User - Manual - v3.6 (WW) PDF
295 pages
Etn21 Card Manual
No ratings yet
Etn21 Card Manual
290 pages
AirPrime EM75XX AT Command Reference r2 PDF
No ratings yet
AirPrime EM75XX AT Command Reference r2 PDF
140 pages
AirPrime EM75XX AT Command Reference r2 PDF
No ratings yet
AirPrime EM75XX AT Command Reference r2 PDF
140 pages
p4m800p7mb Manual User en v1.0
No ratings yet
p4m800p7mb Manual User en v1.0
81 pages
Ethernet User Guide DTC1000-DTC1000M-DTC4000-DTC4500: 15370 Barranca Parkway Irvine, CA 92618-2215
No ratings yet
Ethernet User Guide DTC1000-DTC1000M-DTC4000-DTC4500: 15370 Barranca Parkway Irvine, CA 92618-2215
59 pages
MVI56E MCMMCMXT User Manual PDF
No ratings yet
MVI56E MCMMCMXT User Manual PDF
199 pages
MANUAL DGS-3100 Series User Manual v3.6
No ratings yet
MANUAL DGS-3100 Series User Manual v3.6
295 pages
ServiceManual S100en
No ratings yet
ServiceManual S100en
358 pages
1763 rm001 - en P
No ratings yet
1763 rm001 - en P
618 pages
Data Max
No ratings yet
Data Max
160 pages
Check Point 1200R Appliance: Getting Started Guide Centrally Managed
No ratings yet
Check Point 1200R Appliance: Getting Started Guide Centrally Managed
85 pages
EmpoTech Module 3
No ratings yet
EmpoTech Module 3
17 pages
D-Link DGS-3100 CLI Manual v2.00
No ratings yet
D-Link DGS-3100 CLI Manual v2.00
194 pages
Ethernet Units. Construction of Networks
No ratings yet
Ethernet Units. Construction of Networks
289 pages
Ebox-3350dx2 M
No ratings yet
Ebox-3350dx2 M
39 pages
00-Ruijie RG-S6120 Series Switches Hardware Installation and Reference Guide (V1.2)
No ratings yet
00-Ruijie RG-S6120 Series Switches Hardware Installation and Reference Guide (V1.2)
56 pages
User Manual: D-Link™ DGS-3100 SERIES Gigabit Stackable Managed Switch
No ratings yet
User Manual: D-Link™ DGS-3100 SERIES Gigabit Stackable Managed Switch
201 pages
DTAM Plus Manual 0300210 1A
No ratings yet
DTAM Plus Manual 0300210 1A
176 pages
Oracle Applications - Oracle Cloud (Fusion) Technical Training Manual
No ratings yet
Oracle Applications - Oracle Cloud (Fusion) Technical Training Manual
3 pages
Manual
No ratings yet
Manual
228 pages
Swich Hikvision Poe
No ratings yet
Swich Hikvision Poe
86 pages
ZHONE 6519-W1-NA v1 - 0 User Manual
No ratings yet
ZHONE 6519-W1-NA v1 - 0 User Manual
125 pages
Pci334 A
No ratings yet
Pci334 A
90 pages
The Lekha'S Waevguru Is An Ideal Tool For Realizing Networks Starting From 2G To 4G and Extension To 5G Concepts and Other Radio Applications
No ratings yet
The Lekha'S Waevguru Is An Ideal Tool For Realizing Networks Starting From 2G To 4G and Extension To 5G Concepts and Other Radio Applications
3 pages
How To Create Display Ad in Google Ads: Meaning
No ratings yet
How To Create Display Ad in Google Ads: Meaning
4 pages
Alcatel Omnistack Ls 6200 GSG
No ratings yet
Alcatel Omnistack Ls 6200 GSG
60 pages
Time Server
No ratings yet
Time Server
148 pages
Cam Lap
No ratings yet
Cam Lap
14 pages
The Advanced Encryption Standard (AES)
No ratings yet
The Advanced Encryption Standard (AES)
61 pages
Ultrasonic Thickness Gauge NOVOTEST UT-1М-ST
No ratings yet
Ultrasonic Thickness Gauge NOVOTEST UT-1М-ST
4 pages
Especificaciones PDF
No ratings yet
Especificaciones PDF
71 pages
MicroLogix Ethernet Interface (ENI) User Manual 1761-Um006 - En-P
No ratings yet
MicroLogix Ethernet Interface (ENI) User Manual 1761-Um006 - En-P
144 pages
DrayTek QS Vigor2915 Wired V1.3
No ratings yet
DrayTek QS Vigor2915 Wired V1.3
17 pages
1000 Park Drive - Lawrence, PA 15055-1018 - 724-746-5500 - Fax 724-746-0746
No ratings yet
1000 Park Drive - Lawrence, PA 15055-1018 - 724-746-5500 - Fax 724-746-0746
18 pages
Public Relation 1
No ratings yet
Public Relation 1
104 pages
MODEL 226 / 426 Direct Thermal Printer User'S Guide: PART NUMBER 880018-0110
No ratings yet
MODEL 226 / 426 Direct Thermal Printer User'S Guide: PART NUMBER 880018-0110
70 pages
Hart Protocol User Manual: For Use With Procomm Converter
No ratings yet
Hart Protocol User Manual: For Use With Procomm Converter
15 pages
KT Internship Report
No ratings yet
KT Internship Report
16 pages
Lab3 Identity - SSO Integration of Test SAML App in AAD
No ratings yet
Lab3 Identity - SSO Integration of Test SAML App in AAD
12 pages
6GK75425DX100XE0 Datasheet en
No ratings yet
6GK75425DX100XE0 Datasheet en
3 pages
Iat 1-Cloud Computing Question Paper
No ratings yet
Iat 1-Cloud Computing Question Paper
4 pages
37578-Distribute Binary Information Over CAN
No ratings yet
37578-Distribute Binary Information Over CAN
7 pages
Software Architecture Design - L01
No ratings yet
Software Architecture Design - L01
13 pages
Atop EHG7508&04 Datsheet
No ratings yet
Atop EHG7508&04 Datsheet
2 pages
Wa0045.
No ratings yet
Wa0045.
4 pages
Datasheet RX-series RX300 (En) 760529
No ratings yet
Datasheet RX-series RX300 (En) 760529
2 pages
IdeaPad 3 15ADA05
No ratings yet
IdeaPad 3 15ADA05
5 pages
Mobile Commerce Global 2016
No ratings yet
Mobile Commerce Global 2016
5 pages
Galaxy G1 Plus (IMU) Brochure
No ratings yet
Galaxy G1 Plus (IMU) Brochure
2 pages
AI Assignment 2
No ratings yet
AI Assignment 2
1 page
Operator Guide: 7133 Models D40 and T40 Serial Disk Systems
No ratings yet
Operator Guide: 7133 Models D40 and T40 Serial Disk Systems
0 pages
Plain JavaScript: Learning the Front-End
From Everand
Plain JavaScript: Learning the Front-End
Roger Beans-Rivet
No ratings yet
Advanced Process Control: Beyond Single Loop Control
From Everand
Advanced Process Control: Beyond Single Loop Control
Cecil L. Smith
No ratings yet
Mastering Windows Automation with AHK 2.0
From Everand
Mastering Windows Automation with AHK 2.0
John Nunez
No ratings yet
Advanced Multiplayer Game Development with Ureal Engine 5: A Comprehensive Guide to C++ Scripting
From Everand
Advanced Multiplayer Game Development with Ureal Engine 5: A Comprehensive Guide to C++ Scripting
Vladimir Kiselev
No ratings yet
Safe Use of Smart Devices in Systems Important to Safety in Nuclear Power Plants
From Everand
Safe Use of Smart Devices in Systems Important to Safety in Nuclear Power Plants
IAEA
No ratings yet
Practical, Made Easy Guide To Building, Office And Home Automation Systems - Part One
From Everand
Practical, Made Easy Guide To Building, Office And Home Automation Systems - Part One
Kerwin Mathew
No ratings yet