0% found this document useful (0 votes)
126 views598 pages

MRV OptiSwitch 9xx User Manual

The OptiSwitch 900 Series User Manual provides comprehensive information on Metro Ethernet Demarcation Devices designed for Fast Ethernet and Gigabit Ethernet services. It includes details on standards compliance, safety requirements, installation procedures, and operational management, along with specific chapters on applications and CLI management. The document also outlines customer support options and contains proprietary information from MRV Communications, Inc.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
126 views598 pages

MRV OptiSwitch 9xx User Manual

The OptiSwitch 900 Series User Manual provides comprehensive information on Metro Ethernet Demarcation Devices designed for Fast Ethernet and Gigabit Ethernet services. It includes details on standards compliance, safety requirements, installation procedures, and operational management, along with specific chapters on applications and CLI management. The document also outlines customer support options and contains proprietary information from MRV Communications, Inc.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 598

OptiSwitch 900 Series

Metro Ethernet Demarcation Devices


For
Fast Ethernet and Gigabit Ethernet Services
Models OS904, OS906, OS910, OS910-M, OS912, and OS930

User Manual

MRV Communications, Inc. URL: http://www.mrv.com


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Standards Compliance
This equipment is designed to comply with the following standards: UL 1950; CSA 22.2 No 950;
FCC Part 15 Class B; 2004/108/EC; 2006/95/EC.
FCC Notice
WARNING: This equipment has been designed to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with the manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful
interference in which case the user will be required to correct for the interference at the user’s own
expense.
The user is cautioned that changes and modifications made to the equipment without approval of
the manufacturer could void the user’s authority to operate this equipment.
It is suggested that the user use only shielded and grounded cables when appropriate to ensure
compliance with FCC Rules.
Disclaimer
MRV® reserves the right to make changes to any technical specifications in order to improve
reliability, function, or design.
MRV reserves the right to modify the equipment at any time and in any way it sees fit in order to
improve it.
MRV provides this document without any warranty of any kind, whether expressed or implied,
including, but not limited to, the implied warranties of merchantability or fitness for a particular
purpose.
The user is advised to exercise due discretion in the use of the contents of this document since the
user bears sole responsibility.
Trademarks
All trademarks are the property of their respective holders.
Copyright © 2009 by MRV
All rights reserved. No part of this document may be reproduced without prior permission of MRV.
This document and the information contained herein are proprietary to MRV and are furnished to
the recipient solely for use in operating, maintaining, and repairing MRV equipment. The
information within may not be utilized for any purpose except as stated herein, and may not be
disclosed to third parties without permission from MRV.

Document Number: ML49175A Document Revision: Rev. 02 Release Date: January 2009

Contact Information
For customer support, you can:
• Contact your local MRV representative
• E-mail us at [email protected]
• Visit our MRV Web site at http://www.mrv.com

2 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Contents
About this Manual...............................................31
Audience.................................................................................................................................. 31

Latest Revision ....................................................................................................................... 31

Image Versions ....................................................................................................................... 31

Hardware Requirements ........................................................................................................ 31

Related Documents ................................................................................................................ 31

Organization ............................................................................................................................ 32

Typographical Conventions .................................................................................................. 34

Acronyms ................................................................................................................................ 34

Safety Requirements ..........................................39


At all Times.............................................................................................................................. 39

Before Installing...................................................................................................................... 39

During Installation/Maintenance ........................................................................................... 40

Before Powering On ............................................................................................................... 40

During Operation .................................................................................................................... 41

Servicing.................................................................................................................................. 41

Chapter 1: Overview ..........................................43


General..................................................................................................................................... 43

Highlights ................................................................................................................................ 43

Applications ............................................................................................................................ 43

Architecture............................................................................................................................. 43

Telco Compatibility................................................................................................................. 44

Optical SFP Interfaces............................................................................................................ 44

VPN Services & Protection .................................................................................................... 44

Traffic Management................................................................................................................ 44

Hierarchical QoS – CoS-Aware Rate Limit ........................................................................... 44

Denial of Service (DoS) Protection ....................................................................................... 45

System Management .............................................................................................................. 45

Ethernet OAM with IEEE 802.1ag and ITU-T Y.1731 ............................................................ 45

Ethernet OAM with IEEE 802.3ah .......................................................................................... 46

January 2009 URL: http://www.mrv.com 3


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Ethernet Loopbacks ............................................................................................................... 46

Virtual Cable Diagnostics....................................................................................................... 46

Digital Diagnostics (Optical Performance Level Monitoring)............................................. 46

Link Aggregation .................................................................................................................... 46

Per-service Performance Monitoring.................................................................................... 46

Link Fault Reflection/Propagation......................................................................................... 47

Analyzer VLAN ........................................................................................................................ 47

Multiple-instance STP............................................................................................................. 47

Models...................................................................................................................................... 47

Layout ...................................................................................................................................... 49
View ..................................................................................................................................... 49
Power Supply Switch (Only in OS910-M and OS930)......................................................... 54
Power Pushbutton................................................................................................................ 54
Reset Pushbutton (Not in OS910-M) ................................................................................... 54
External Clock Input (Only in OS910-M).............................................................................. 55
Ports..................................................................................................................................... 55
LEDs .................................................................................................................................... 55
Fans ..................................................................................................................................... 55
Earthing................................................................................................................................ 56
Power Supply....................................................................................................................... 56

Options..................................................................................................................................... 56
SFPs/XFPs .......................................................................................................................... 56
Service Modules (Only in OS910-M) ................................................................................... 56
Power Supply....................................................................................................................... 56

Chapter 2: Applications..................................... 57
General..................................................................................................................................... 57

Micro-PoP Services ................................................................................................................ 57

WAN Ethernet Manageable Services .................................................................................... 57

Business Ethernet Services................................................................................................... 58

10 Gbps Ethernet High-end Demarcation Services............................................................. 58

WAN 10 Gbps Manageable Ethernet Services ..................................................................... 59

10 Gbps Ethernet Services over WDM.................................................................................. 59

Chapter 3: Installation ...................................... 61


General..................................................................................................................................... 61

Safety ....................................................................................................................................... 61

Package Contents................................................................................................................... 61
Essentials............................................................................................................................. 61
Options................................................................................................................................. 61

4 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Requirements .......................................................................................................................... 61
Tools .................................................................................................................................... 61
Data Equipment ................................................................................................................... 61
Management Equipment ..................................................................................................... 62
Mounting .............................................................................................................................. 63
Environmental...................................................................................................................... 64
Power................................................................................................................................... 64
Grounding ............................................................................................................................ 65

Procedure ................................................................................................................................ 65
Component Insertion ........................................................................................................... 65
Mounting .............................................................................................................................. 65
Earthing ............................................................................................................................... 68
Network Connection ............................................................................................................ 68
Power Line Connection ....................................................................................................... 72

Chapter 4: Startup, Setup, and Operation.........73


Startup ..................................................................................................................................... 73

Setup ........................................................................................................................................ 73
Operation ............................................................................................................................. 73
Management........................................................................................................................ 73

Operation ................................................................................................................................. 74
Monitoring ............................................................................................................................ 74
Reset ................................................................................................................................... 75
Shutdown............................................................................................................................. 75

Chapter 5: CLI Management..............................77


General..................................................................................................................................... 77

CLI Access............................................................................................................................... 77
General ................................................................................................................................ 77
Access Levels...................................................................................................................... 77
Preparation .......................................................................................................................... 78
First Time Access – Root and Admin Passwords Configuration......................................... 78
Standard Access.................................................................................................................. 79

CLI Modes................................................................................................................................ 79

Viewing CLI Commands......................................................................................................... 80

Conventions for CLI Commands........................................................................................... 80

Symbols in CLI Commands ................................................................................................... 80

Functional Keys for CLI Commands..................................................................................... 81

Help .......................................................................................................................................... 82

Listing CLI Commands........................................................................................................... 83

Invoking a CLI Command....................................................................................................... 83


General ................................................................................................................................ 83
Procedure ............................................................................................................................ 84

January 2009 URL: http://www.mrv.com 5


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example ............................................................................................................................... 84

Quick Entry of a CLI Command ............................................................................................. 86

Negation of CLI Command..................................................................................................... 86

Viewing Methods..................................................................................................................... 86
Paging.................................................................................................................................. 86
No Paging ............................................................................................................................ 86

Pipelining a CLI Command .................................................................................................... 86

Accessing an enable Mode Command from any Mode ...................................................... 87

Alias.......................................................................................................................................... 88
Assignment .......................................................................................................................... 88
Invocation............................................................................................................................. 88
Deleting................................................................................................................................ 88
Viewing ................................................................................................................................ 89

Copy-Paste Mode.................................................................................................................... 89

Usage ....................................................................................................................................... 89

Example ................................................................................................................................... 89

Linux Mode .............................................................................................................................. 90


General ................................................................................................................................ 90
Entry..................................................................................................................................... 90
Exit ....................................................................................................................................... 91

Passwords ............................................................................................................................... 91
Changing the Root Password (and Admin Password) ........................................................ 91
Changing only the Admin Password.................................................................................... 92
Configuring/Changing the Enable Password....................................................................... 92
Removing Encryption from the Enable Password ............................................................... 93
Deleting the Enable Password............................................................................................. 93

Viewing Installed Components.............................................................................................. 93


Hardware and Software ....................................................................................................... 93
Backup Image ...................................................................................................................... 94
CPU ..................................................................................................................................... 94

Remote Management Access ................................................................................................ 95

Hostname................................................................................................................................. 95
New ...................................................................................................................................... 95
Default.................................................................................................................................. 95

Banner...................................................................................................................................... 95
Definition .............................................................................................................................. 95
Default.................................................................................................................................. 95
Viewing ................................................................................................................................ 96
Configuration........................................................................................................................ 96

Date .......................................................................................................................................... 97

Time.......................................................................................................................................... 97

Location ................................................................................................................................... 97

6 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Rebooting ................................................................................................................................ 97
Modes .................................................................................................................................. 97
Methods ............................................................................................................................... 97

Learn Table.............................................................................................................................. 98
Definition.............................................................................................................................. 98
Viewing ................................................................................................................................ 98
Aging.................................................................................................................................... 99
Limiting ................................................................................................................................ 99
Dropping ............................................................................................................................ 100
Adding Entries Manually.................................................................................................... 100
Policing .............................................................................................................................. 101
Flushing ............................................................................................................................. 101

Maximum Transmission Unit (MTU) ................................................................................... 101


General .............................................................................................................................. 101
Definition............................................................................................................................ 101
Applicability........................................................................................................................ 101
Setting for Ports ................................................................................................................. 102
Setting for VLAN Interfaces ............................................................................................... 102

Syslog .................................................................................................................................... 102


Definition............................................................................................................................ 102
File Location ...................................................................................................................... 102
Logging of Events .............................................................................................................. 102
Default Mode ..................................................................................................................... 103
No Logging of CLI Commands .......................................................................................... 103
Logging of CLI Commands................................................................................................ 103
Messages to the CLI.......................................................................................................... 103
Viewing .............................................................................................................................. 104
Clearing ............................................................................................................................. 104
Remote Syslog .................................................................................................................. 104

SNMP Management .............................................................................................................. 105


Requirements .................................................................................................................... 105
Enabling............................................................................................................................. 105
Commands ........................................................................................................................ 105
Management Functions ..................................................................................................... 105
System Identification ......................................................................................................... 105
Access Control................................................................................................................... 106
Trap Generation................................................................................................................. 110
Viewing .............................................................................................................................. 112
Deleting a User .................................................................................................................. 112

View-based Access Control Model (VACM) ....................................................................... 113


General .............................................................................................................................. 113
Definition............................................................................................................................ 113
Purposes............................................................................................................................ 113
Terminology ....................................................................................................................... 113
Viewing Access Information .............................................................................................. 114
Configuring a New User .................................................................................................... 117
Deleting an Entry from a VACM Table .............................................................................. 119
Configuration Example ...................................................................................................... 120

January 2009 URL: http://www.mrv.com 7


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Scripts .................................................................................................................................... 120


Definition ............................................................................................................................ 120
Purpose.............................................................................................................................. 120
Structure ............................................................................................................................ 121
Creating ............................................................................................................................. 121
Parameters ........................................................................................................................ 121
Lines .................................................................................................................................. 123
Viewing .............................................................................................................................. 125
Executing ........................................................................................................................... 126
Deleting.............................................................................................................................. 126
Example ............................................................................................................................. 127

Console Access Control ...................................................................................................... 128


Disabling the Console ........................................................................................................ 128
Enabling the Console......................................................................................................... 128

Layer 2 Protocol Counters ................................................................................................... 128


Viewing .............................................................................................................................. 128
Clearing.............................................................................................................................. 129

Chapter 6: Ports .............................................. 131


General................................................................................................................................... 131

Enabling/Disabling................................................................................................................ 131
Default................................................................................................................................ 131
Custom............................................................................................................................... 131

Status ..................................................................................................................................... 131


Brief.................................................................................................................................... 131
Detailed.............................................................................................................................. 132

Comment Adding .................................................................................................................. 132

Physical Interface ................................................................................................................. 133


Default................................................................................................................................ 133
Custom............................................................................................................................... 133

Speed ..................................................................................................................................... 133


Default................................................................................................................................ 133
Custom............................................................................................................................... 133
Viewing .............................................................................................................................. 134

Duplexity ................................................................................................................................ 134


Default................................................................................................................................ 134
Custom............................................................................................................................... 134
Viewing .............................................................................................................................. 134

Traffic Throughput Reading................................................................................................. 134


For User-specified Time Interval........................................................................................ 134
Of Last User-specified Time Interval ................................................................................. 135
Of Latest User-specified Time Intervals............................................................................. 135

Port SFP Reading.................................................................................................................. 136


Parameters ........................................................................................................................ 136
Diagnostics ........................................................................................................................ 137

8 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Capabilities Advertising....................................................................................................... 138


General .............................................................................................................................. 138
Applicability........................................................................................................................ 138
Requirement ...................................................................................................................... 138
Default ............................................................................................................................... 138
Custom .............................................................................................................................. 138
Viewing .............................................................................................................................. 139

Outbound Tag Mode............................................................................................................. 139


Tagged............................................................................................................................... 140
Untagged ........................................................................................................................... 140
Hybrid ................................................................................................................................ 140
Q-in-Q (Service VLAN Access Mode) ............................................................................... 141
Viewing .............................................................................................................................. 141

Multi-VLAN Membership for Untagged Ports .................................................................... 141

Link Protection...................................................................................................................... 142


Enabling............................................................................................................................. 142
Disabling ............................................................................................................................ 143
Viewing .............................................................................................................................. 143

Link Fault Reflection ............................................................................................................ 144


Enabling............................................................................................................................. 145
Disabling ............................................................................................................................ 148

Port Protection (Private VLAN)............................................................................................ 148


Definition............................................................................................................................ 148
Purpose ............................................................................................................................. 148
Advantage.......................................................................................................................... 148
Configuration ..................................................................................................................... 148
Viewing .............................................................................................................................. 149

Link Flap Guard .................................................................................................................... 149


General .............................................................................................................................. 149
Custom Setting .................................................................................................................. 149
Viewing .............................................................................................................................. 150
Default Setting ................................................................................................................... 150
Recovering Isolated Ports ................................................................................................. 150

Link Flap Dampening ........................................................................................................... 151


General .............................................................................................................................. 151
Principle of Operation ........................................................................................................ 151
Enabling............................................................................................................................. 151
Disabling ............................................................................................................................ 151
Recovering Isolated Ports ................................................................................................. 152
Parameters Setting ............................................................................................................ 152
Viewing .............................................................................................................................. 153

Dual (Internal and External) Ports....................................................................................... 154


General .............................................................................................................................. 154
Application ......................................................................................................................... 154
Bypassing Internal Ports.................................................................................................... 154
Revoking Bypass of Internal Ports .................................................................................... 155

Flow Control .......................................................................................................................... 155

January 2009 URL: http://www.mrv.com 9


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Definition ............................................................................................................................ 155


Purpose.............................................................................................................................. 155
Applicability ........................................................................................................................ 155
Effect.................................................................................................................................. 155
Principle of Operation ........................................................................................................ 155
Configuration...................................................................................................................... 155
Compliance ........................................................................................................................ 156

Statistics ................................................................................................................................ 156


Viewing .............................................................................................................................. 156
Clearing.............................................................................................................................. 158

Digital Diagnostics................................................................................................................ 158


SFP Parameters ................................................................................................................ 158
SFP Diagnostics ................................................................................................................ 159

Virtual Cable Diagnostics (VCD).......................................................................................... 160


General .............................................................................................................................. 160
Benefits .............................................................................................................................. 160
Principle of Operation ........................................................................................................ 160
Procedure .......................................................................................................................... 160
Example ............................................................................................................................. 160

XFP Port Protocol ................................................................................................................. 161


General .............................................................................................................................. 161
Setting................................................................................................................................ 161
Viewing .............................................................................................................................. 161
Clearing.............................................................................................................................. 163

XFP WAN Tx and Rx Trace................................................................................................... 163


General .............................................................................................................................. 163
Setting................................................................................................................................ 163
Viewing .............................................................................................................................. 164

Uni-Directional Link Detection Protocol (UDLD) ............................................................... 164


General .............................................................................................................................. 164
Applicability ........................................................................................................................ 165
Principle of Operation ........................................................................................................ 165
Requirements..................................................................................................................... 165
Configuration...................................................................................................................... 165
Viewing .............................................................................................................................. 168

Chapter 7: Interfaces ...................................... 171


General................................................................................................................................... 171

Purpose.................................................................................................................................. 171

Out-of-band RS-232 Interface .............................................................................................. 171

Out-of-band Ethernet Interface............................................................................................ 171


General .............................................................................................................................. 171
Remote Management ........................................................................................................ 171
TFTP Server Mode ............................................................................................................ 173
Deleting.............................................................................................................................. 174

10 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Dummy Interface................................................................................................................... 174


General .............................................................................................................................. 174
Configuration ..................................................................................................................... 174

Inband VLAN interfaces ....................................................................................................... 174


General .............................................................................................................................. 174
Number .............................................................................................................................. 175
IDs ..................................................................................................................................... 175
Configuring ........................................................................................................................ 175
Name ................................................................................................................................. 176
Description......................................................................................................................... 177
Default Forwarding VLAN Interface................................................................................... 177
Drop Tag............................................................................................................................ 179
Drop Packets ..................................................................................................................... 180
Viewing .............................................................................................................................. 181
Modifying ........................................................................................................................... 182
Disabling ............................................................................................................................ 182
Enabling............................................................................................................................. 182
Remote Management ........................................................................................................ 183
TFTP Server Mode ............................................................................................................ 184
Statistics ............................................................................................................................ 186
Ingress Counters ............................................................................................................... 186
Deleting.............................................................................................................................. 188

Chapter 8: Multiple-instance Spanning-Tree


Protocol (MSTP) ................................................189
General................................................................................................................................... 189

Definition ............................................................................................................................... 189

Purposes................................................................................................................................ 189

MSTIs ..................................................................................................................................... 189


General .............................................................................................................................. 189
Default MSTI...................................................................................................................... 190

Regions.................................................................................................................................. 191

Principle of Operation .......................................................................................................... 192


Bridge Roles ...................................................................................................................... 192
Port Roles .......................................................................................................................... 193
Physical and Active Topologies......................................................................................... 193

Rules ...................................................................................................................................... 194

Ports....................................................................................................................................... 195
Placing Restrictions ........................................................................................................... 195
Removing Restrictions....................................................................................................... 196

BPDU Storm Guard............................................................................................................... 196


Enabling............................................................................................................................. 196
Disabling ............................................................................................................................ 196

Applications .......................................................................................................................... 196

January 2009 URL: http://www.mrv.com 11


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Single MSTI ....................................................................................................................... 196


Multiple MSTIs without Load Balancing............................................................................. 198
Multiple MSTIs with Load Balancing.................................................................................. 200

Configuration Example......................................................................................................... 203

Viewing Spanning-Tree State .............................................................................................. 207

Viewing Port States .............................................................................................................. 207

BPDUs .................................................................................................................................... 208


Policing .............................................................................................................................. 208
Tagging .............................................................................................................................. 208

IEEE 802.1ag Port Forwarding............................................................................................. 208


Enabling ............................................................................................................................. 208
Disabling ............................................................................................................................ 208

Filtering Events ..................................................................................................................... 209

Transmit-Hold Count ............................................................................................................ 209


Changing............................................................................................................................ 209
Default................................................................................................................................ 209

Chapter 9: Rate Limiting of Flood Packets..... 211


Definition................................................................................................................................ 211

Purpose.................................................................................................................................. 211

Applicability........................................................................................................................... 211

Configuration......................................................................................................................... 211

Viewing................................................................................................................................... 213

Deleting .................................................................................................................................. 213

Example ................................................................................................................................. 214

Chapter 10: Provider Bridges .......................... 215


General................................................................................................................................... 215

Purpose.................................................................................................................................. 215

Number of Provider Bridges ................................................................................................ 215

Provider Bridge Ethertype ................................................................................................... 215

Provider Bridge Tag.............................................................................................................. 215

Principle of Operation .......................................................................................................... 216

Configuration......................................................................................................................... 216

Viewing................................................................................................................................... 217

Example ................................................................................................................................. 217


Application Description ...................................................................................................... 217
Packet Data Path and Processing ..................................................................................... 218

12 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Configuration ..................................................................................................................... 218


Extending the Application .................................................................................................. 218
Extended Configuration ..................................................................................................... 219

Tunneling of Layer 2 Protocols ........................................................................................... 219


General .............................................................................................................................. 219
Principle of Operation ........................................................................................................ 220
Configuration ..................................................................................................................... 220
Viewing .............................................................................................................................. 221
Deleting.............................................................................................................................. 221

Tunneling/Dropping by Hardware of STP BPDUs ............................................................. 222


Definition............................................................................................................................ 222
Advantages........................................................................................................................ 222
Terminology ....................................................................................................................... 222
Application ......................................................................................................................... 222
BPDU Tunneling Tag......................................................................................................... 222
Disabling BPDU Transmission .......................................................................................... 222
BPDU Drop Tag................................................................................................................. 222
Example............................................................................................................................. 223

Chapter 11: Tag Translation/Swapping...........225


Definition ............................................................................................................................... 225

Purpose.................................................................................................................................. 225

Advantages............................................................................................................................ 225

Application ............................................................................................................................ 225

Principle of Operation .......................................................................................................... 225

Configuration ........................................................................................................................ 226

Example ................................................................................................................................. 227

Chapter 12: IEEE 802.3ad Link Aggregation...231


Definition ............................................................................................................................... 231

Purpose.................................................................................................................................. 231

Number .................................................................................................................................. 231

Principle of Operation .......................................................................................................... 231


Frame Transfer .................................................................................................................. 231
MSTP Action...................................................................................................................... 231

Rules ...................................................................................................................................... 231

Configuration ........................................................................................................................ 232

Activation............................................................................................................................... 232
Trunk.................................................................................................................................. 232
Port .................................................................................................................................... 233

Deactivation........................................................................................................................... 234

January 2009 URL: http://www.mrv.com 13


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Trunk.................................................................................................................................. 234
Port .................................................................................................................................... 234

Viewing................................................................................................................................... 234

Deleting .................................................................................................................................. 235

Chapter 13: Quality of Service (QoS) .............. 237


DiffServ Service Levels ........................................................................................................ 237

Assigning SLs to Ingress Packets ...................................................................................... 237

Selecting an SL Criterion ..................................................................................................... 237

Original-VPT-to-SL Map........................................................................................................ 238


Default................................................................................................................................ 238
Custom............................................................................................................................... 238
View ................................................................................................................................... 239

Original-DSCP-to-SL Map..................................................................................................... 239


Default................................................................................................................................ 239
Custom............................................................................................................................... 239

Marking .................................................................................................................................. 240


General .............................................................................................................................. 240
SL-to-New-VPT Map.......................................................................................................... 240
SL-to-New-DSCP Map....................................................................................................... 242
Activation ........................................................................................................................... 243

Examples ............................................................................................................................... 243


VPT .................................................................................................................................... 243
DSCP ................................................................................................................................. 244

Statistics ................................................................................................................................ 245


General .............................................................................................................................. 245
Configuration...................................................................................................................... 245
Viewing .............................................................................................................................. 246
Clearing.............................................................................................................................. 246

Chapter 14: Extended Access Lists (ACLs).... 247


Definition................................................................................................................................ 247

Applicability........................................................................................................................... 247

Number................................................................................................................................... 247

Global Profiles....................................................................................................................... 247


General .............................................................................................................................. 247
Types ................................................................................................................................. 247
Selection ............................................................................................................................ 248
Changing............................................................................................................................ 248
Default................................................................................................................................ 248

Creating/Accessing .............................................................................................................. 248

Configuring............................................................................................................................ 249

14 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

General .............................................................................................................................. 249


Creating Rule..................................................................................................................... 249
Viewing Rule...................................................................................................................... 262
Editing Rule ....................................................................................................................... 263
Moving Rule....................................................................................................................... 264
Deleting Rule ..................................................................................................................... 264

Global Default Policy............................................................................................................ 264

Viewing .................................................................................................................................. 265

Comment Adding.................................................................................................................. 265

Binding................................................................................................................................... 266
Limitations.......................................................................................................................... 266
Ingress Ports and Ingress VLAN Interfaces ...................................................................... 266
Egress Ports ...................................................................................................................... 268

Unbinding .............................................................................................................................. 268


Ingress Ports...................................................................................................................... 268
Ingress VLAN Interface ..................................................................................................... 269
Egress Ports ...................................................................................................................... 269

Deleting.................................................................................................................................. 269

Example ................................................................................................................................. 270

Modifying an Active ACL ..................................................................................................... 271


General .............................................................................................................................. 271
Adding a New Rule ............................................................................................................ 271
Deleting an Existing Rule .................................................................................................. 271
Editing an Existing Rule..................................................................................................... 271
Example............................................................................................................................. 273

Chapter 15: Port/VLAN Mirroring.....................277


Terminology .......................................................................................................................... 277

Definition ............................................................................................................................... 277

Purpose.................................................................................................................................. 277

Applicability........................................................................................................................... 277

Ingress Traffic Mirroring ...................................................................................................... 277

Egress Traffic Mirroring ....................................................................................................... 278

Analyzer Port/VLAN.............................................................................................................. 278

Rules for Mirroring ............................................................................................................... 278

Usage ..................................................................................................................................... 278


Analyzer Port ..................................................................................................................... 278
Analyzer VLAN .................................................................................................................. 279
Mirrored Ingress Ports ....................................................................................................... 280
Mirrored Egress Ports........................................................................................................ 280
Mirrored Ingress & Egress Ports ....................................................................................... 281
Configuration ..................................................................................................................... 281

January 2009 URL: http://www.mrv.com 15


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Chapter 16: Traffic Conditioner ...................... 285


Definition................................................................................................................................ 285

Purpose.................................................................................................................................. 285

Number................................................................................................................................... 285

Action List.............................................................................................................................. 285


General .............................................................................................................................. 285
Sharing............................................................................................................................... 285
Creation/Access................................................................................................................. 285
Viewing .............................................................................................................................. 286

Functions ............................................................................................................................... 286

Metering ................................................................................................................................. 286


Model ................................................................................................................................. 286
Policing Mode .................................................................................................................... 287
Maximum Transmission Unit (MTU) for Policing ............................................................... 287
Traffic Rate ........................................................................................................................ 288

Actions on Non-Conforming (Red) Traffic ......................................................................... 289


Dropping ............................................................................................................................ 289
Service Level Remarking according to Conformance Level.............................................. 289
Default Map........................................................................................................................ 289
Custom Map....................................................................................................................... 289
View Map ........................................................................................................................... 290
Activation ........................................................................................................................... 290
Deactivation ....................................................................................................................... 290

Accounting ............................................................................................................................ 290


Counters ............................................................................................................................ 290
Assignment & Activation .................................................................................................... 291
Viewing .............................................................................................................................. 291
Clearance........................................................................................................................... 292
Aggregation........................................................................................................................ 292

Activation............................................................................................................................... 294

Dual Leaky-Bucket Policer................................................................................................... 294


General .............................................................................................................................. 294
Configuration...................................................................................................................... 295

Chapter 17: Egress-Queue Manager (EQM) .... 297


Definition................................................................................................................................ 297

Purpose.................................................................................................................................. 297

Global Configuration ............................................................................................................ 297

Port Configuration ................................................................................................................ 297

Queue Configuration ............................................................................................................ 297

Congestion Avoidance ......................................................................................................... 297

16 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Scheduling............................................................................................................................. 298
General .............................................................................................................................. 298
Scheduling Modes ............................................................................................................. 298
Configuration ..................................................................................................................... 299
Viewing .............................................................................................................................. 300

Shaping.................................................................................................................................. 301
General .............................................................................................................................. 301
Maximum Transmission Unit (MTU) for Port Shaper ........................................................ 301
Configuration ..................................................................................................................... 302
Example............................................................................................................................. 303

Memory Resource Management ......................................................................................... 303


General .............................................................................................................................. 303
Viewing a Buffer Profile ..................................................................................................... 304
Changing a Buffer Profile .................................................................................................. 304
Assigning a Buffer Profile to a Port.................................................................................... 305
Restoring the Default Buffer Profile ................................................................................... 305
Allocation of Shared Descriptors and Buffers.................................................................... 306
Disabling Buffer Sharing.................................................................................................... 306

Egress Counters ................................................................................................................... 306


Activation ........................................................................................................................... 306
Viewing .............................................................................................................................. 307

Chapter 18: IEEE 802.1ag and ITU-T Y.1731


Ethernet Service OAM ......................................309
General................................................................................................................................... 309

Definition ............................................................................................................................... 309

Purpose.................................................................................................................................. 309

Applicability........................................................................................................................... 309

Terminology .......................................................................................................................... 309

Management Functions........................................................................................................ 310


Fault Management............................................................................................................. 310
Performance Management ................................................................................................ 312

Configuration ........................................................................................................................ 312


Rules.................................................................................................................................. 312
Network.............................................................................................................................. 313
Procedure .......................................................................................................................... 313
Optional Configuration Parameters ................................................................................... 316

Viewing .................................................................................................................................. 328


Ethernet OAM Defaults...................................................................................................... 328
Selected Domain Levels.................................................................................................... 329
List of MEPs in a Domain .................................................................................................. 330
Status of All Services......................................................................................................... 330
List of MEPs in a Service................................................................................................... 331
MEP Status........................................................................................................................ 331

January 2009 URL: http://www.mrv.com 17


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OAM Configuration ............................................................................................................ 332


List of Remote MEPS Linked to a Local MEP ................................................................... 332
CC Status of a Specific Service......................................................................................... 333
Time Interval between CCM PDUs.................................................................................... 334
Defects in CCMs in a Specific MEP................................................................................... 334
Cross-Connect Defects in CCMs in a Specific MEP ......................................................... 335
Remote MEP Defects in CCMs in a Specific MEP ............................................................ 335
CCM Received Last in a Specific MEP.............................................................................. 335
Delay-Measurement/Loopback Status............................................................................... 335
CCM Status........................................................................................................................ 336

Cross-Connect Alarm Notifications .................................................................................... 336

History.................................................................................................................................... 336
Setting Number of Loopback History Entries..................................................................... 336
Viewing History Entries...................................................................................................... 337

Link Trace .............................................................................................................................. 338


Setting................................................................................................................................ 338
Viewing .............................................................................................................................. 339

Automatic Scheduling of Delay Measurement, Loopback, and Link Trace ................... 340

Clearing MEP Statistics........................................................................................................ 340

Debug ..................................................................................................................................... 340


Type of CCM Message to Send......................................................................................... 340
CCM Message Destination ................................................................................................ 340

References............................................................................................................................. 341

Chapter 19 IEEE 802.3ah OAM for Ethernet in the


First Mile........................................................... 343
Terminology........................................................................................................................... 343

General................................................................................................................................... 343

Purpose.................................................................................................................................. 343

Application............................................................................................................................. 343

Advantages............................................................................................................................ 344

OAM Functionality ................................................................................................................ 344


OAM Review ...................................................................................................................... 344

Requirement .......................................................................................................................... 345

Activation............................................................................................................................... 345

Chapter 20: Authentication, Authorization, and


Accounting (AAA) ............................................. 347
General................................................................................................................................... 347

RADIUS versus TACACS+ ................................................................................................... 347

18 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Principles of Operation ........................................................................................................ 347

Configuring the AAA Server ................................................................................................ 348

Configuring the OS900......................................................................................................... 348


General .............................................................................................................................. 348
Setting Authentication Criteria ........................................................................................... 349
Setting Authentication........................................................................................................ 351
Accounting ......................................................................................................................... 354

Configuration Examples ...................................................................................................... 355

Chapter 21: Service Assurance PING .............357


Definition ............................................................................................................................... 357

Purposes................................................................................................................................ 357

Scope ..................................................................................................................................... 357

Principle of Operation .......................................................................................................... 357

Actions................................................................................................................................... 358
Creating an SA PING Probe or Entering its Mode ............................................................ 358
Displaying the Commands in the SA PING Mode ............................................................. 358
Configuring/Reconfiguring an SA PING Probe.................................................................. 359
Running an SA PING Probe .............................................................................................. 360
Stopping an SA PING Probe ............................................................................................. 360
Viewing an SA PING Probe............................................................................................... 360
Viewing SA PING Events as CLI Traps............................................................................. 363

Chapter 22: Scheduler .....................................365


Definition ............................................................................................................................... 365

Purpose.................................................................................................................................. 365

Types of Scheduler Commands .......................................................................................... 365

Scope ..................................................................................................................................... 365

Single-Execution Scheduler Command ............................................................................. 366


Purpose ............................................................................................................................. 366
Syntax................................................................................................................................ 366

Periodic-Execution Scheduler Command .......................................................................... 367


Purpose ............................................................................................................................. 367
Syntax................................................................................................................................ 367

Extended Scheduler Command........................................................................................... 368


Purpose ............................................................................................................................. 368
Configuration ..................................................................................................................... 368

Viewing .................................................................................................................................. 370


All Configured Scheduler Commands ............................................................................... 370
Specific Configured Scheduler Command ........................................................................ 370
Run-time Configuration of Extended Scheduler Commands ............................................ 371

January 2009 URL: http://www.mrv.com 19


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OAM Operation Scheduler Command ................................................................................ 372

No-Execution Scheduler Command.................................................................................... 372


Purpose.............................................................................................................................. 372
Syntax ................................................................................................................................ 372

Show Scheduler Configuration Command......................................................................... 372


Purpose.............................................................................................................................. 372
Syntax ................................................................................................................................ 372

Chapter 23: Transparent Mode Media Cross


Connect ............................................................ 375
General................................................................................................................................... 375

Principle of Operation .......................................................................................................... 375

Examples ............................................................................................................................... 375

Chapter 24: Firmware Viewing and


Upgrading/Downloading ................................... 377
General................................................................................................................................... 377

Requirements ........................................................................................................................ 377

Downloading a New Image................................................................................................... 377

Rerunning the Previous OS900 Image................................................................................ 379


General .............................................................................................................................. 379
Procedure .......................................................................................................................... 379

FPGA ...................................................................................................................................... 380


Applicability ........................................................................................................................ 380
Firmware Versions Viewing ............................................................................................... 380
Firmware Copying.............................................................................................................. 381
Firmware Upgrading .......................................................................................................... 381
File Deleting ....................................................................................................................... 381

Chapter 25: Configuration Management......... 383


Viewing Configuration Files................................................................................................. 383
Available ............................................................................................................................ 383
Current ............................................................................................................................... 383

Selecting a New Configuration File..................................................................................... 383

Deleting a Configuration File ............................................................................................... 383

Saving Configuration............................................................................................................ 383


Method 1 ............................................................................................................................ 384
Method 2 ............................................................................................................................ 384
Method 3 ............................................................................................................................ 384

Viewing Configuration Information ..................................................................................... 384

20 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Restoration of Factory Default Configuration ................................................................... 385

Restoration of Erased Configuration.................................................................................. 385

Configuration Files Upload/Download ............................................................................... 386


General .............................................................................................................................. 386
Upload ............................................................................................................................... 386
Download........................................................................................................................... 387

Chapter 26: Dynamic Host Configuration Protocol


(DHCP)...............................................................389
General................................................................................................................................... 389

OS900 Operation Modes ...................................................................................................... 389


Server Mode ...................................................................................................................... 389
Relay Mode........................................................................................................................ 392

Chapter 27: BOOTstrap Protocol (BOOTP)......397


General................................................................................................................................... 397

Setting Timeout Time (Optional) ......................................................................................... 397


Finite .................................................................................................................................. 397
Infinite ................................................................................................................................ 397
Default ............................................................................................................................... 397

Broadcast Mode (Optional).................................................................................................. 397

Usage ..................................................................................................................................... 397


IP Address only from DHCP Server Automatically............................................................ 397
IP Address and Configuration File from DHCP Server Automatically ............................... 398
IP Address only Automatically and Configuration File Manually from DHCP Server........ 399

Chapter 28: Network Time Protocol (NTP) and


Timezone...........................................................401
General................................................................................................................................... 401

Configuration ........................................................................................................................ 401

Viewing .................................................................................................................................. 404


NTP Status ........................................................................................................................ 404
NTP Associations .............................................................................................................. 405
Time and Date ................................................................................................................... 406

Chapter 29: Network Address Translation (NAT)


..........................................................................407
Definition ............................................................................................................................... 407

Purpose.................................................................................................................................. 407

Compliance............................................................................................................................ 407

January 2009 URL: http://www.mrv.com 21


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Types...................................................................................................................................... 407

Modes..................................................................................................................................... 407

Principles of Operation ........................................................................................................ 407


Source NAT ....................................................................................................................... 407
Destination NAT................................................................................................................. 407

Data Paths.............................................................................................................................. 408


Inband Mode ...................................................................................................................... 408
Out-of-band Mode.............................................................................................................. 408

Implementation ..................................................................................................................... 409


General .............................................................................................................................. 409
Inband Mode ...................................................................................................................... 409
Out-of-band Mode.............................................................................................................. 410

Chapter 30: WDM Module ................................ 413


Purpose.................................................................................................................................. 413

Application............................................................................................................................. 413

Types...................................................................................................................................... 413

Layout .................................................................................................................................... 414

Mounting ................................................................................................................................ 414

Network Connection ............................................................................................................. 414

Operation ............................................................................................................................... 414

Data paths in Networks of Various Topologies ................................................................. 414


General .............................................................................................................................. 414
Point-to-Point Topology ..................................................................................................... 414
Multipoint Topology............................................................................................................ 416
Ring Topology.................................................................................................................... 416

Chapter 31: E1/T1 CES Module ....................... 419


Applicability........................................................................................................................... 419

Terminology........................................................................................................................... 419

Overview ................................................................................................................................ 419


Purpose.............................................................................................................................. 419
Models ............................................................................................................................... 419

Application............................................................................................................................. 420
General .............................................................................................................................. 420
Specific .............................................................................................................................. 420

Network Topologies.............................................................................................................. 421


Point-to-Point ..................................................................................................................... 421
Star .................................................................................................................................... 421

Requirements ........................................................................................................................ 421

22 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Layout .................................................................................................................................... 421

Mounting................................................................................................................................ 421

Cabling................................................................................................................................... 422

Power ..................................................................................................................................... 422

LEDs....................................................................................................................................... 422

Principle of Operation .......................................................................................................... 422


Pseudowire Modes ............................................................................................................ 422
TDM over Packet Session ................................................................................................. 423
Packet Header Formats..................................................................................................... 423

Interfaces ............................................................................................................................... 423


Names ............................................................................................................................... 423
Tags................................................................................................................................... 424
Interface Subnet ................................................................................................................ 425

Configuration ........................................................................................................................ 425


Clock Mode Setting............................................................................................................ 425
IP Address Assignment to a E1/T1 CES Module .............................................................. 425
Deleting IP Address Assigned to a E1/T1 CES Module .................................................... 426
External Clock Input Selection........................................................................................... 426
Clock Exportation............................................................................................................... 426
Transport Emulation Type Configuration........................................................................... 427
Port LIU Channel Bandwidth Configuration....................................................................... 427
Port LIU Frame Format Setting ......................................................................................... 427
Port LIU Receive Equalizer Gain Limit .............................................................................. 428
Port LIU Line Build Out Configuration ............................................................................... 428
Port LIU Line Code Configuration...................................................................................... 429
Enabling an E1/T1 Port ..................................................................................................... 429
Disabling an E1/T1 Port..................................................................................................... 429
Creating a New Session .................................................................................................... 429
Deleting a Session............................................................................................................. 429
E1/T1 Port Assignment to a Session................................................................................. 429
Setting CES Protocol Header Format and Target Address............................................... 430
Modifying the Description of an Existing Session.............................................................. 430
Setting a Session's UDP Local Port .................................................................................. 431
Setting a Session's UDP Target Port ................................................................................ 431
Setting a Session's Out-of-stream (Signaling) UDP Local Port......................................... 431
Setting a Session's Out-of-stream (Signaling) UDP Target Port....................................... 431
Setting the IP-ToS Field in the IP header of the CES Packet ........................................... 432
Setting the Local Emulation Circuit ID ............................................................................... 432
Setting the Remote Emulation Circuit ID........................................................................... 432
Setting the Max Jitter Delay for a Session ........................................................................ 432
Setting the Number of TDM Frames in Payload................................................................ 433
Enabling/Disabling Payload Suppression.......................................................................... 433
Enabling/Disabling RTP Header Enable/Disable .............................................................. 433
Enabling or Disabling a Session........................................................................................ 433
Recovery Clock.................................................................................................................. 434
Default SL .......................................................................................................................... 435
User-defined SL................................................................................................................. 435

January 2009 URL: http://www.mrv.com 23


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Viewing................................................................................................................................... 435
General Configuration and Status Information .................................................................. 435
Clock .................................................................................................................................. 437
Port .................................................................................................................................... 437
Session .............................................................................................................................. 440

Configuration Example 1...................................................................................................... 444

Configuration Example 2...................................................................................................... 446

Configuration Example 3...................................................................................................... 448

Configuration Example 4...................................................................................................... 450

Configuration Example 5...................................................................................................... 452

Configuration Example 6...................................................................................................... 454

Upgrading/Downloading ...................................................................................................... 457


Requirements..................................................................................................................... 457
Procedure .......................................................................................................................... 457

Product Specification ........................................................................................................... 459

Chapter 32: IGMP IP Multicast........................ 461


Terminology........................................................................................................................... 461

Definition................................................................................................................................ 461

Compliance............................................................................................................................ 461

Purpose.................................................................................................................................. 461

Applications........................................................................................................................... 462

Functions ............................................................................................................................... 462

Principle of Operation .......................................................................................................... 463


Port States ......................................................................................................................... 463
Leave Modes ..................................................................................................................... 464

Rules ...................................................................................................................................... 464

Usage ..................................................................................................................................... 465


Entering IGMP Mode ......................................................................................................... 465
Enabling IGMP Multicast ................................................................................................... 466
Disabling IGMP Multicast................................................................................................... 466
Enabling IGMP Multicast for a VLAN Interface.................................................................. 466
Disabling IGMP Multicast for a VLAN Interface................................................................. 466
Changing Query Interval.................................................................................................... 467
Changing Aging Time ........................................................................................................ 467
Preventing Aging................................................................................................................ 467
Selecting Fast Leave Mode ............................................................................................... 467
Selecting Regular Leave Mode.......................................................................................... 468
Creating Static Multicast Group(s)..................................................................................... 468
Deleting Static Multicast Group(s) ..................................................................................... 469
Setting Querier Port State in Dynamic Mode..................................................................... 470
Setting Server Port State in Dynamic Mode ...................................................................... 470

24 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Setting Querier Port State in Static Mode ......................................................................... 470


Setting Server Port State in Static Mode........................................................................... 471
Viewing IGMP Settings...................................................................................................... 472
Viewing Port Modes and States ........................................................................................ 472
Viewing Multicast Groups .................................................................................................. 473
Viewing Number of Multicast Groups and Entries............................................................. 474

Configuration ........................................................................................................................ 475


General .............................................................................................................................. 475
Procedure .......................................................................................................................... 475
Example............................................................................................................................. 475

Chapter 33: Static and Dynamic Routing........481


General................................................................................................................................... 481

Blackhole (Null) Routes ....................................................................................................... 481

Static Routes ......................................................................................................................... 481

Dynamic Routes.................................................................................................................... 482


Routing Information Protocol (RIP).................................................................................... 482
Open Shortest Path First (OSPF)...................................................................................... 487
Border Gateway Protocol (BGP) ....................................................................................... 513
Virtual Router Redundancy Protocol (VRRP).................................................................... 516

Chapter 34: MultiProtocol Label Switching


(MPLS) ...............................................................521
General................................................................................................................................... 521

Label Distribution Protocol (LDP) ....................................................................................... 522


General .............................................................................................................................. 522
Usage ................................................................................................................................ 522

Traffic Engineering (TE) ....................................................................................................... 523


General .............................................................................................................................. 523
CR-LDP ............................................................................................................................. 524
RSVP-TE ........................................................................................................................... 524

Virtual Circuits ...................................................................................................................... 525


Definition............................................................................................................................ 525
Configuration ..................................................................................................................... 525
Example............................................................................................................................. 528

MPLS DiffServ ....................................................................................................................... 532

Viewing Commands.............................................................................................................. 532


Cross-connect Table ......................................................................................................... 533
Forwarding Table............................................................................................................... 533
FTN Table.......................................................................................................................... 533
ILM Table........................................................................................................................... 534
In-segment Table............................................................................................................... 534
Out-segment Table ............................................................................................................ 535
L2 Circuits.......................................................................................................................... 535

January 2009 URL: http://www.mrv.com 25


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

L2 Circuit Groups ............................................................................................................... 536


LDP Parameters ................................................................................................................ 536
VC Table ............................................................................................................................ 537
Administrative Groups ....................................................................................................... 537
Mapped Routes.................................................................................................................. 537

Configuration Commands.................................................................................................... 538


MPLS Route Map............................................................................................................... 538
Upper-limit MPLS Labels ................................................................................................... 538
Lower-limit MPLS Labels ................................................................................................... 538
Creating LDP Path ............................................................................................................. 538
Creating LDP Trunk (Group).............................................................................................. 539
Creating RSVP Path .......................................................................................................... 539
Creating RSVP Trunk (Group)........................................................................................... 539
Activating MPLS................................................................................................................. 539
Defining Administrative Group ........................................................................................... 539

Hierarchical VPLS (H-VPLS) ................................................................................................ 540


General .............................................................................................................................. 540
Purpose.............................................................................................................................. 540
Advantages ........................................................................................................................ 540
Principle of Operation ........................................................................................................ 540
Dual Homing (Redundant Spoke Connection) .................................................................. 540
Application ......................................................................................................................... 540
Configuration...................................................................................................................... 541
Viewing .............................................................................................................................. 542

LSP PING ............................................................................................................................... 542


General .............................................................................................................................. 542
LSP Ping over a Regular LDP LSP ................................................................................... 542
LSP Ping over an RSVP-TE LSP ...................................................................................... 543
Stopping............................................................................................................................. 543
Replies ............................................................................................................................... 544

LSP Traceroute ..................................................................................................................... 544


General .............................................................................................................................. 544
Over a Regular LDP LSP................................................................................................... 545
Over an RSVP-TE LSP...................................................................................................... 545
Stopping............................................................................................................................. 545
Replies ............................................................................................................................... 546

Appendix A: Utilities ....................................... 547


General................................................................................................................................... 547

Domain Name System/Server (DNS)................................................................................... 547


General .............................................................................................................................. 547
Configuration...................................................................................................................... 547
Querying ............................................................................................................................ 548
Deleting.............................................................................................................................. 548

Traceroute.............................................................................................................................. 548
Definition ............................................................................................................................ 548
Purpose.............................................................................................................................. 548

26 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Range ................................................................................................................................ 548


Principle of Operation ........................................................................................................ 548
Usage ................................................................................................................................ 549
Example............................................................................................................................. 549

TCP Dump.............................................................................................................................. 549


Definition............................................................................................................................ 549
Purpose ............................................................................................................................. 549
Usage ................................................................................................................................ 549
Example............................................................................................................................. 549

TELNET .................................................................................................................................. 550


Definition............................................................................................................................ 550
Purpose ............................................................................................................................. 550
Sessions ............................................................................................................................ 550
Connection......................................................................................................................... 551
Example............................................................................................................................. 552

Secure Shell (SSH) ............................................................................................................... 552

Address Resolution Protocol (ARP) ................................................................................... 552


General .............................................................................................................................. 552
Principle of Operation ........................................................................................................ 552
Adding/Modifying an ARP Table Entry .............................................................................. 552
Deleting an ARP Table Entry............................................................................................. 553
Viewing the ARP Table...................................................................................................... 553

Configuration File Management .......................................................................................... 553


Configuration File Location................................................................................................ 553
Editing & Saving Configuration File ................................................................................... 554

Memory Management ........................................................................................................... 554


Viewing Memory ................................................................................................................ 554
Viewing Processes ............................................................................................................ 555

Multicast Destination MAC Addresses............................................................................... 558

Frame Generator................................................................................................................... 558


Definition............................................................................................................................ 558
Purpose ............................................................................................................................. 559
Actions ............................................................................................................................... 559

Debug Information................................................................................................................ 560


Purpose ............................................................................................................................. 560
System Events................................................................................................................... 560

Linux Tasks ........................................................................................................................... 560

Fan Control............................................................................................................................ 561


General .............................................................................................................................. 561
Setting Fan-on and Fan-off Temperatures ........................................................................ 561
Viewing Fan-on and Fan-off Temperatures....................................................................... 561
Default Fan-on and Fan-off Temperatures........................................................................ 562

Appendix B: Cable Wiring ................................563

January 2009 URL: http://www.mrv.com 27


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Appendix C: Cleaning Optical Connectors ..... 565


General................................................................................................................................... 565

Tools and Equipment ........................................................................................................... 565

Procedure .............................................................................................................................. 565

Appendix D: Troubleshooting.......................... 567

Appendix E: Packet Processing Stages.......... 569


Ingress ................................................................................................................................... 569

Egress .................................................................................................................................... 569

Appendix F: Product Specification ................. 571

Appendix G: Release Notes for Firmware Version


3.1.2 .................................................................. 583
Introduction ........................................................................................................................... 583

Models Supported................................................................................................................. 583

Software Components Versions.......................................................................................... 583

Hardware Requirements....................................................................................................... 583

Determining the Software version ...................................................................................... 584

Upgrade Procedure............................................................................................................... 584


Requirement ...................................................................................................................... 584
Procedure .......................................................................................................................... 584

Features Supported .............................................................................................................. 584

Supported MIBs..................................................................................................................... 587

New Features Introduced in this Version ........................................................................... 587

Features Introduced in Older Versions .............................................................................. 588

28 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Contents

Figures
Figure 1: Operations, Administration, and Maintenance ........................................................45
Figure 2: Layout of OS900......................................................................................................54
Figure 3: Micro-PoP Services .................................................................................................57
Figure 4: WAN Ethernet Manageable Services......................................................................58
Figure 5: Business Ethernet Services.....................................................................................58
Figure 6: 10 Gbps Ethernet High-end Demarcation Services ................................................59
Figure 7: WAN 10 Gbps Manageable Ethernet Services .......................................................59
Figure 8: 10 Gbps Ethernet Services over WDM ...................................................................60
Figure 9: Fastening Brackets for Mounting one OS900 in a 19-inch Rack ............................66
Figure 10: Fastening Brackets for Mounting two OS900s in a 19-inch Rack .........................66
Figure 11: Fastening Brackets for Mounting one OS900 + one LDP100 in a 19-inch Rack ..67
Figure 12: Fastening Brackets for Mounting one OS900 in a 23-inch Rack ..........................67
Figure 13: Fastening Bracket for Mounting the OS900 with one PS on a Wall......................68
Figure 14: ASCII Craft Terminal/Emulator Connection to OS900 ..........................................70
Figure 15: TELNET, SSH, or SNMP Station Connection to OS900.......................................72
Figure 16: Link Protection Data Path....................................................................................143
Figure 17: Link Fault Reflection between Uplink and Downlink............................................145
Figure 18: Link Fault Reflection between Two UNIs ............................................................147
Figure 19: MSTIs on a Physical Network..............................................................................190
Figure 20: CIST (Default MSTI) on a Physical Network .......................................................191
Figure 21: Regions on a Physical Network...........................................................................192
Figure 22: Network Running MSTP ......................................................................................194
Figure 23: CIST-configured Network ....................................................................................197
Figure 24: Multiple-MSTI Network without Load Balancing..................................................198
Figure 25: Multiple-MSTI Network with Load Balancing.......................................................201
Figure 26: Layer 2 Protocol Tunneling..................................................................................220
Figure 27: Tag Translation Operation Mode.........................................................................226
Figure 28: SL Assignment & VPT Marking of a Packet ........................................................244
Figure 29: SL Assignment & DSCP Marking of a Packet .....................................................245
Figure 30: Metering Operation..............................................................................................287
Figure 31: Network used for Ethernet Service OAM Configuration Procedure ....................313
Figure 32: EFM Link for Running the IEEE 802.3ah OAM Protocol .....................................344
Figure 33: Examples of Media Cross Connections in the OS900 ........................................375
Figure 34: NAT Operation.....................................................................................................408
Figure 35: WDM Module (Model 09ADCD) ..........................................................................414
Figure 36: Data Flow in a WDM Point-to-Point Topology.....................................................415
Figure 37: Data Flow in a WDM Multipoint Topology ...........................................................416
Figure 38: Data Flow in a WDM Ring Topology having Fiber Redundancy .........................417
Figure 39: E1/T1 CES over Ethernet ....................................................................................420
Figure 40: Cellular Backhaul for GSM, UMTS and GPRS Networks....................................420
Figure 41: PSTN-to-PBX and PBX-to-PBX over Ethernet....................................................421
Figure 42: E1/T1 CES module..............................................................................................421
Figure 43: Interconnection for Layer-3 Traffic and using Internal Clock...............................444
Figure 44: Interconnection for Layer-3 Traffic and using Different Subnets.........................448
Figure 45: Interconnection for Layer-2 Traffic and using IP and DHCP ...............................450
Figure 46: Interconnection using Clock Exportation .............................................................452
Figure 47: Interconnection using High DiffServ Level ..........................................................454
Figure 48: IP Multicast Application Example ........................................................................462
Figure 49: IP Multicast Principle-of-Operation Network Example.........................................463
Figure 50: IP Multicast Configuration Network Example ......................................................476
Figure 51: Basic OSPF .........................................................................................................496

January 2009 URL: http://www.mrv.com 29


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Figure 52: OSPF Topology and IP Addressing.....................................................................499


Figure 53: Area Assignments and the Virtual Link Requirement ..........................................502
Figure 54: Network on which BGP is Configured..................................................................514
Figure 55: Network on which VRRP is Configured ...............................................................517
Figure 56: Traffic Flow in an MPLS Network ........................................................................522
Figure 57: MPLS Signaling ...................................................................................................523
Figure 58: VCs running through an LSP Trunk.....................................................................525
Figure 59: A Virtual Circuit between Two OS900s ...............................................................528
Figure 60: MPLS and QoS Functionality...............................................................................532
Figure 61: H-VPLS Network..................................................................................................541
Figure 62: Null-Modem RS-232 Cable Wiring.......................................................................563
Figure 63: Ethernet Straight Cable Wiring ............................................................................563
Figure 64: Ethernet Cross Cable Wiring ...............................................................................563
Figure 65: Ingress Packet Processing Stages ......................................................................569
Figure 66: Egress Packet Processing Stages.......................................................................569

Tables
Table 1: Models of the OS900 ................................................................................................48
Table 2: Fans in OS900 Models .............................................................................................55
Table 3: SFPs Pluggable in Ports of each OS900 Model .......................................................56
Table 4: ASCII Craft Terminal/Emulator Setup for CLI Management.....................................73
Table 5: Front Panel LEDs......................................................................................................74
Table 6: Conventions for CLI Commands...............................................................................80
Table 7: Symbols in CLI Commands ......................................................................................80
Table 8: Functional Keys for CLI Commands .........................................................................81
Table 9: Default Original-VPT-to-SL Map .............................................................................238
Table 10: Default Original-DSCP-to-SL Map ........................................................................239
Table 11: Default SL-to-New-VPT Map ................................................................................241
Table 12: Default SL-to-New-DSCP Map .............................................................................242
Table 13: Default CL Remarking Map...................................................................................289
Table 14: RADIUS versus TACACS+ ...................................................................................347
Table 15: Models of the E1/T1 TDM Module ........................................................................420
Table 16: Front Panel LEDs..................................................................................................422
Table 17: OS910-M-controlled VLAN Interfaces for E1/T1 CES modules ...........................424
Table 18: VLAN Names and Associated VLAN Tags ...........................................................424
Table 19: OSPF Terminology ...............................................................................................487
Table 20: OSPF Router Types..............................................................................................500
Table 21: OSPF Commands for Monitoring, Managing, and Maintaining IP Routing Tables506
Table 22: Explanation of the show ip ospf Command Output Taken from R3......................507
Table 23: Explanation of the show ip ospf database Command .................................508
Table 24: Summary of OS™ Commands used in this Section .............................................512
Table 25: Memory Space Usage ..........................................................................................555
Table 26: Startup and Operation Troubleshooting................................................................567

30 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 About this Manual

About this Manual

Audience
This manual is intended for the use of the network administrator who wishes to apply, install,
setup, operate, manage, and troubleshoot the OptiSwitch 900. The network administrator is
expected to have working knowledge of:
− Networking
− Switches
− Routers

Latest Revision
The latest revision of the user manual can be found at:
http://kb.mrv.co.il/Knowledge/

Image Versions
This user manual applies to the following image1 versions of the OptiSwitch 900:
2.1.2 (carrier Ethernet capability)
3.1.2 (MPLS capability)
(The OptiSwitch 900 firmware information can be viewed by invoking the CLI command show
version, as described in the section Viewing Installed Components, page 93.)

Hardware Requirements
The minimum hardware requirements for running image version 3.1.2 of the OptiSwitch 900
models are as follows:
For OS904, OS906, and OS912:
CPU: FER05181, 400 MHz with 32 MB Flash and 128 MB DRAM memory.
For all other OS900 devices:
CPU: MPC8245, 266 MHz with 64 MB Flash and 256 MB DRAM memory.
Device hardware version: 1 or later for OS904, OS906, OS912-AC-2, OS912-DC-2.
Device hardware version: 3 or later for OS910.
Device hardware version: 1 or later for OS910-M and OS930.
(The OptiSwitch 900 hardware information can be viewed by invoking the CLI command show
version, as described in the section Viewing Installed Components, page 93.)

Related Documents
• Release Notes for OptiSwitch 900 (produced if warranted): Contains
information not found in the User Manual and/or overriding information.
• MegaVision User Manual: Describes how to manage the
OptiSwitch 900 and other MRV SNMP-manageable products using
MRV’s MegaVision Pro ® Network Management application.

1
Operative program firmware

January 2009 URL: http://www.mrv.com 31


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

• Outdoor Cabinets User Manual: Describes how to install equipment in


an MRV Outdoor Cabinet for protecting them in hazardous
environmental conditions.

Organization
This manual is organized into the following topics:
Safety Requirements – specifies the safety requirements that must be met all times.
Chapter 1: Overview – introduces the OS9002; noting its applications, architecture, key
features, models, layout, and options.
Chapter 2: Applications – presents typical networks built with the OS900.
Chapter 3: Installation – shows how to mount and network connect the OS900.
Chapter 4: Startup, Setup, and Operation – describes how to start, set up, and run the OS900.
Chapter 5: CLI Management – describes how its CLI can be used to manage the OS900.
Chapter 6: Ports – shows how to configure the physical ports of the OS900.
Chapter 7: Interfaces – introduces the types of OS900 communication interface, and shows
how to create, apply, manage, and obtain statistical information for them.
Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP) – describes how to configure the
OS900 so that it can participate in the spanning-tree protocols legacy STP (IEEE 802.1d), Rapid
STP (IEEE 802.1w), and Multiple-instance STP (IEEE 802.1s).
Chapter 9: Rate Limiting of Flood Packets – describes how to configure the OS900 to limit the
transmission and reception data rates for certain packet types at ports of a VLAN interface.
Chapter 10: Provider Bridges – shows how to configure the OS900 so that IEEE 802.1Q
standard VLANs can be used to interconnect remote sites of an enterprise scattered across a
service provider network.
Chapter 11: Tag Translation/Swapping – shows how to configure the OS900 so that a packet’s
source VLAN tag at one UNI is swapped with that of the destination VLAN tag at another UNI (so
that the packet can be received at the destination).
Chapter 12: IEEE 802.3ad Link Aggregation – describes how two or more ports of an OS900
can be linked in parallel to form a single logical communication channel whose bandwidth is the
aggregate of the bandwidths of the individual ports.
Chapter 13: Quality of Service (QoS) – shows how the user can set the OS900 to give
preferential treatment to each ingress packet based on Layer 2 VPT or Layer 3 DSCP and,
optionally, to change the VPT and DSCP values.
Chapter 14: Extended Access Lists (ACLs) – describes how to configure the OS900 so that it
can handle ingress and egress traffic at each OS900 interface.
Chapter 15: Port/VLAN Mirroring – describes how to configure the OS900 so that it can
replicate traffic received on one physical port or VLAN at another physical port or VLAN for the
purpose of analyses.
Chapter 16: Traffic Conditioner – describes how to configure the OS900 so that it can regulate
the flow of ingress and egress traffic according to one or more packet attributes and/or conditions.
Chapter 17: Egress-Queue Manager (EQM) – describes how to configure the OS900 so that it
can manage inbound as well as outbound traffic queues.
Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM – shows how to perform
OAM (including fault management and performance management) of multi-domain Ethernet
Services per the IEEE 802.1ag and ITU SG 13 standards.
Chapter 19 IEEE 802.3ah OAM for Ethernet in the First Mile – shows how the OS900 can be
used to perform IP-less management over an EFM link..

2
OS904, OS906, OS910, OS910-M, OS912, or OS930

32 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 About this Manual

Chapter 20: Authentication, Authorization, and Accounting (AAA) – describes the RADIUS
(UDP-based) and TACACS+ (TCP-based) client-server security services for restricting access to
the OS900 CLI agent (via TELNET or Serial/RS-232).
Chapter 21: Service Assurance PING – describes the service assurance function of the OS900
for monitoring network performance, resources, and applications.
Chapter 22: Scheduler – shows how to schedule execution of administrator-specified
commands at times pre-set by the administrator.
Chapter 23: Transparent Mode Media Cross Connect – shows how to use the intelligent
patchpanel-like functionality of the OS900.
Chapter 24: Firmware Viewing and Upgrading/Downloading – provides a detailed procedure for
upgrading/downloading firmware to the OS900.
Chapter 25: Configuration – describes how to save an OS900 configuration in a file and how to
upload and download an OS900 configuration using FTP.
Chapter 26: Dynamic Host Configuration Protocol (DHCP) – describes how the OS900 can be
configured to provide addresses to hosts on its network automatically and for a pre-specified time
duration.
Chapter 27: BOOTstrap Protocol (BOOTP) – describes how the OS900 can be set to operate
in client mode with BOOTP in order to get its IP address and/or configuration file from a DHCP
server.
Chapter 28: Network Time Protocol (NTP) and Timezone – shows how to use the Internet
standard protocol for synchronizing clocks of network devices.
Chapter 29: Network Address Translation (NAT) – shows how to set the OS900 so that it
automatically replaces an IP address of a packet with another IP address when the packet crosses
a specific network interface (port) of the OS900.
Chapter 30: WDM Module – shows how to apply and install the OS910-M WDM module.
Chapter 31: E1/T1 CES Module – shows how to apply, install, and configure the OS910-M
E1/T1 module.
Chapter 32: IGMP IP Multicast – shows how to direct selective IP multicast traffic (data, voice,
video, etc.) to ports belonging to a particular IP Multicast group.
Chapter 33: Static and Dynamic Routing – shows how static and dynamic routes can be
configured on the OS900.
Chapter 34: MultiProtocol Label Switching (MPLS) – shows how to utilize the technology that
uses labels to direct traffic (e.g., Ethernet packets) to their destination.
Appendix A: Utilities – describes and shows how to use the various network utilities of the
OS900.
Appendix B: Cable Wiring – shows the wiring for the null-modem RS-232, Ethernet straight,
and Ethernet cross cables.
Appendix C: Cleaning Optical Connectors – describes a recommended procedure for cleaning
optical connectors on the OS900.
Appendix D: Troubleshooting – is a guide for troubleshooting the OS900 on the operative level.
Appendix E: Packet Processing Stages – illustrates the processing stages through which
packets pass in the OS900 from entry to exit.
Appendix F: Product Specification – provides the general specifications of the OS900.
Appendix G: Release Notes for Firmware Version 3.1.2 – contains new and/or overriding
information relative to the previous version.

January 2009 URL: http://www.mrv.com 33


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Typographical Conventions
The typographical conventions used in this document are as follows:

Convention Explanation
Courier Bold This typeface represents information provided to the OS900.
Courier Plain This typeface represents information provided by the OS900.
Italics This typeface is used for emphasis.
Enter This format represents the key name on the keyboard/keypad.
This icon represents important information.

This icon represents risk of personal injury, system damage, or data


loss.

Acronyms
AAA Authentication, Authorization, and Accounting
ACL ACcess List (service)
ARP Address Resolution Protocol (For getting MAC address)
AWG American Wire Gage
BER Bit-Error Rate
BOOTP BOOTstrap Protocol
BPDU Bridge Protocol Data Unit
BRAS Broadband Remote Access Server
BSD Berkley Software Distribution
CBS Committed Burst Size
CC Continuity Check
CCM Continuity Check Messages
CDP Cisco Discovery Protocol
CE Customer Edge
CES Circuit Emulation Service
CFM Connectivity Fault Management
CIDR Classless Inter-Domain Routing
CIR Committed Information Rate
CIST Common and Internal Spanning Tree
CL Conformance Level
CLI Command Line Interpreter (Interface)
CoS Class of Service
CO Central Office
CPE Customer Premises Equipment
CR-LDP Constrained Routing LDP
CSPF Constrained Shortest Path First
CTS Clear To Send
CWDM Coarse Wavelength-Division Multiplexing

34 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 About this Manual

dB deciBel
DCD Data Carrier Detect
DES Data Encryption Standard (code/algorithm)
DHCP Dynamic Host Configuration Protocol
DiffServ Differentiated Services
DNS Domain Name Server/System
DoS Denial of Service
DSCP Differentiated Services Code Point
DSR Data Set Ready
DTE Data Terminal Equipment
DTR Data Terminal Ready
DWDM Dense Wavelength-Division Multiplexing
EBS Excess Burst Size
EFM Ethernet in the First Mile
EIA Electronic Industries Alliance
EPL Ethernet Private Line
ETSI European Telecommunications Standards Institute
FD Frame Delay
FEC Forwarding Equivalence Class or Fast Ethernet Channel
FLR Frame Loss Ratio
FPGA Field-Programmable Gate Array
FTN FEC To NHLFE
FTP File Transfer Protocol
FTTX Fiber To The X (Home/Business/etc.)
GMT Greenwich Mean Time
Gnd Ground
GPS Global Positioning System/Satellite
ICMP Internet Control Message Protocol
IEEE Institute of Electrical and Electronic Engineers
IGMP Internet Group Management Protocol
ILM Incoming Label Map
IP Internet Protocol
ISDN Integrated Services Digital Network
ISP Internet Service Provider
ITU International Telecommunications Union
LACP Link Aggregation Control Protocol
LAN Local Area Network
LBM Loopback Message
LBR LoopBack Reply
LDP Label Distribution Protocol
LER Label Edge Router
LIN Link Integrity NotificationF
LLC Logical Link Control

January 2009 URL: http://www.mrv.com 35


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

LM Loss Measurement
LMR Loss Measurement Reply
LOC Loss Of Continuity
LRM Loopback Reply Message
LSP Label Switch Path
LSR Label Switch Router
LT Link Trace
LTM Linktrace Message
LTR Link Trace Reply
MA Maintenance Association
MAC Medium Access Control
MAID Maintenance Association IDentifier
MAN Metropolitan Area Network
MD5 Message Digest 5 (code/algorithm)
MDI Media Dependent Interface
Pinout: 1 Tx+, 2 Tx-, 3 Rx+, 6 Rx-.
Connected to DTE with a cross-wired cable.
MDIX Media Dependent Interface X (with cross-wiring)
Pinout: 1 Rx+, 2 Rx-, 3 Tx+, 6 Tx-.
Connected to DCE with a cross-wired cable.
MD Maintenance Domain level
MDN Maintenance Domain Name
ME Maintenance Entity - service
MEF Metro Ethernet Forum
MEP Maintenance association End Point
MIB Management Information Base
ms millisecond
MSTI Multiple Spanning-Tree Instance
MTU Multi-Tenant Unit or Maximum Transmission Unit
NAS Network Access Server
NAT Network Address Translation
NEBS Network Equipment Building System
NHLFE Next-Hop Label Forwarding Entry
NMS Network Management Station
NNI Network-Network Interfaces
NOC Network Operation Center
NTP Network Time Protocol
OADM Optical Add-Drop Multiplexer
OAM Operations, Administration, and Maintenance
(Tools/utilities for installing, monitoring, and troubleshooting a network.)
OID Object IDentifier
PBS Peak Burst Size
PDU Protocol Data Unit
PE Provider Edge

36 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 About this Manual

PHB Per-Hop Behavior


PIM-SM Protocol Independent Multicast Sparse-Mode
PING Packet Inter-Network Groper
PIR Peak Information Rate
PMM Performance Management Message
PMR Performance Management Reply
PoP Point-of-Presence
PSN Packet-Switching Network
QoS Quality of Service
RADIUS Remote Authentication Dial-In User Service
RDI Remote Defect Indication
RED Random Early Discard
RIP Routing Information Protocol
RLB Remote LoopBack
RMON Remote MONitoring
RSVP-TE Resource ReSerVation Protocol – Traffic Engineering
RTR Response Time Reporter
RTS Request To Send
RxD Receive Data
SCADA Supervisory Control And Data Acquisition
SDH Synchronous Digital Hierarchy
SFP Small Form-factor Pluggable
SL (DiffServ) Service Level
SLA Service Level Agreement
SMB Sub-Miniature B-type
SNMP Simple Network-Management Protocol
SONET Synchronous Optical NETwork
SP Strict Priority
SSH Secure SHell
SST Single Spanning Tree
STM Synchronous Transfer Mode
TACACS Terminal Access Controller Access-Control System
TC Traffic Conditioner
TCO Total Cost of Operation
TCP Transmission Control Protocol
TDM Time-Division Multiplexing/Multiplexer
TDR Time-Domain Reflectometry
TELNET (dial-up) TELephone NETwork (connection protocol)
TFTP Trivial-File Transfer Protocol
TLV Time, Length, Value
TTL Time-To-Live
TxD Transmit Data
UDP User Datagram Protocol

January 2009 URL: http://www.mrv.com 37


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

UNI User-Network Interface


UPS Uninterruptible Power Supply
URL Universal Resource Location
UTC Coordinated Universal Time
VACM View-based Access Control Model
VC Virtual Circuit
VCD Virtual Cable Diagnostics
VID VLAN ID
VLAN Virtual LAN
VPLS Virtual Private LAN Service
VPN Virtual Private Network
VPT VLAN Priority Tag
VTP VLAN Trunking Protocol
WAN Wide Area Network
WDM Wavelength-Division Multiplexing
WRR Shape-deficit Weighted Round Robin
XCON-CCM cross-CONnection CCM

38 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Safety Requirements

Safety Requirements
CAUTION!
To reduce risk of physical harm, equipment damage, and fire and to
maintain proper operation, ensure that the safety requirements stated
hereunder are met!

At all Times
Do not let optical fibers come into physical contact with any bare part of the body since they are
fragile, and difficult to detect and remove from the body!
Do not look into the end of an optical fiber since it may be carrying harmful laser radiation that can
cause permanent damage to the eye and loss of sight!
Do not bend any part of an optical fiber/cable to a diameter that is smaller than the minimum
permitted according to the manufacturer’s specification (usually about 65 mm or 2.5 in)!

Before Installing
Power Ensure that all power to the OS900 is cut off. Specifically, disconnect the OS900
power cord(s) from the power source (line/mains).
Inspection By inspection, ensure that no part of the OS900 is damaged.
Covers Leave the protective covers (e.g., dust caps on optical connectors, etc.) on the
OS900 components at all times until the components are about to be connected.
Grounding For personal protection against electrostatic discharge (ESD),
ensure that the OS900 is electrically connected to ground at the
butterfly nut on screw located on the rear (and shown on the
right).
Wrist Strap For personal and equipment protection against ESD, wear an
ESD-protective wrist strap that is connected to ground. The wrist
strap must have a resistance of at least one megohm in the path
to ground.
Site Reserve one of the following sites for the OS900 allowing for, in addition, a
clearance of at least 25 mm (1 inch) between the air vents and nearby objects:
− Rack Space:
o For models OS904/AC-1, OS904/DC-1, OS906/AC-1, OS906/DC-1:
3
219.6 x 43.65 x 265 mm
3
[8.45 x 1.72 x 9.45 in ]
o For models OS906/AC-2, OS906/DC-2:
3
443 x 43.65 x 204 mm
3
[17.4 x 1.72 x 8.03 in ]
o For models OS910/AC-1, OS910/DC-1, OS910/DC-2:
214.6 x 43.65 x 240 mm 3
[8.45 x 1.72 x 9.45 in 3]
o For models OS910/AC-2:
3
316.6 x 43.65 x 240 mm
3
[12.45 x 1.72 x 9.45 in ]
o For model OS910-M:
443 x 43.65 x 315 mm 3
[17.44 x 1.72 x 12.4 in 3]
o For models OS912-AC-2, OS912-DC-2:
443 x 43.65 x 204 mm 3
[17.4 x 1.72 x 8.03 in 3]
o For models OS930:
3
443.6 x 43.65 x 290 mm
3
[17.48 x 1.72 x 11.42 in ]

January 2009 URL: http://www.mrv.com 39


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

− Wall Area:
o For models OS904/AC-1, OS904/DC-1, OS906/AC-1, and
OS906/DC-1:
3
219.6 x 265 mm
3
[8.45 x 9.45 in ]
− Desktop (Flat, stable, non-conductive, static-free
surface):
o For models OS904/AC-1, OS904/DC-1, OS906/AC-1, OS906/DC-1:
219.6 x 265 mm 3
[8.45 x 9.45 in 3]
o For models OS906/AC-2, OS906/DC-2:
3
443 x 204 mm
3
[17.4 x 8.03 in ]
o For models OS910/AC-1, OS910/DC-1, OS910/DC-2:
214.6 x 240 mm 3
[8.45 x 9.45 in 3]
o For models OS910/AC-2:
3
316.6 x 240 mm
3
[12.45 x 9.45 in ]
o For model OS910-M:
3
443 x 315 mm
[17.44 x 12.4 in 3]
o For models OS912-AC-2, OS912-DC-2:
3
443 x 204 mm
3
[17.4 x 8.03 in ]
o For models OS930:
3
443.6 x 290 mm
3
[17.48 x 11.42 in ]

During Installation/Maintenance
Avoid direct exposure to laser beams. In particular, do not look into laser ports.
Ensure that each SFP port at which laser beams are (or will be) present is occupied by an SFP
that is locked in position.

Before Powering On
Temperature Operate the OS900 only at a location where the environmental temperature is in
the range 0 to 45 oC (32 to 113 oF).
Humidity Operate the OS900 only at a location where the environmental humidity is
non-condensing and between 10 and 85%.
Dust Ensure that the site for the OS900 is dust-free. (Less than 1,000,000 particles per
cubic meter or 30,000 particles per cubic foot is OK.)
Cooling Air Ensure that the airflow around the OS900 and through the air vents is not
obstructed. In particular, ensure that there is a clearance of at least 25 mm (1
inch) between the air vents and nearby objects.
Line Voltage Ensure that the input voltage to the OS900 from the power source is as follows:
For AC power supply: 90 to 240 Vac (@ 60 to 50 Hz)
For DC power supply: -36 to -72 Vdc.
Power Cord The OS900’s AC power cord must have one of the following specifications:
115V AC Power Cord: The power cord to be used with a 115 Volt AC configuration
must be a minimum type SJT (SVT) 18/3, rated 250 Volts AC, 10 Amps with a
maximum length of 4.5 meters (15 feet). One end is terminated in an IEC 320
attachment plug, the other in a NEMA 5-15P plug.
230V AC Power Cord: The power cord to be used with a 230 Volt AC configuration
must be a minimum type SJT (SVT) 18/3, rated 250 Volts AC, 10 Amps with a
maximum length of 4.5 meters (15 feet). One end is terminated in an IEC 320

40 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Safety Requirements

attachment plug. The other end is terminated as required by the recognized safety
organization of the country in which it is to be installed.

During Operation
Ensure that each SFP port at which laser beams are present is occupied by an SFP that is locked
in position.
Do not connect or disconnect cables and/or power cords during lightning strikes or thunderstorms.

Servicing
All servicing must be carried out only by qualified service personnel.
Before servicing, ensure that all power to the OS900 is cut off!

January 2009 URL: http://www.mrv.com 41


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

42 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 1: Overview

Chapter 1: Overview

General
The OS900 is a multi-layer Telco-compliant compact carrier-class Ethernet demarcation services
platform that provides Layer 2 and 3 functionality.
It enables premium manageable Ethernet services with extensive traffic management and end-to-
end control for service-level conformance.
The OS900 functions as a demarcation device at the customer’s premises and is owned by the
service provider. It provides a carrier-to-customer User-Network Interface (UNI) that separates the
carrier’s WAN from the customer’s LAN to free the provider of the need to configure the customer’s
LAN/devices. The OS900 enables bandwidth limiting, security, and monitoring of customer and
network interfaces with clear visibility of LAN and WAN segments.
For inter-provider demarcation points, the OS900 serves as a demarcation device at the carrier-to-
carrier on-net locations, and provides Network-Network Interfaces (NNI) that separate two different
service provider networks. In such an application, the OS900 enables Ethernet service delivery
over multiple carrier transport networks with end-to-end visibility and control.

Highlights
• Service demarcation for Metro Ethernet E-Line, E-LAN, and EPL connectivity services:
- MEF 93 service conformance
- Provider bridging or MPLS L2 VPN services
- Service protection (with 50 ms recovery time)
• H-QoS according to MEF 144 Traffic Management conformance
• Ethernet Service OAM to guarantee SLAs
• Multi-purpose customer & network interfaces at lower TCO
• IPv6 future proof (hardware enabled)
• Unified Master-OS™ control plane across all models
• Circuit Emulation and MPLS Services5
• Wirespeed Routing

Applications
• Micro-PoP Services
• Business Ethernet Services
• Intra-provider and Inter-provider WAN Ethernet Manageable Services (Ports
can serve as UNIs or NNIs)

Architecture
With state-of-the-art wire-speed technology, the OS900 offers a future-proof solution for ILECs,
IXCs, MSOs, or green-field service providers to meet various business subscriber SLA
requirements. A single OS900 serving as a demarcation device can facilitate the provisioning of
revenue generating new value-added services thanks to its wide spectrum of service features.

3
Test suite for Ethernet services at the UNI
4
A standard defining the requirements and corresponding test procedures for Service Performance and Bandwidth Profile
Service Attributes that may be specified as part of a Service Level Specification (SLS) for an Ethernet Service
5
In future software upgrade

January 2009 URL: http://www.mrv.com 43


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Telco Compatibility
All models of the OS900 can be mounted in standard 19-inch and 23-inch Telco racks. Models
OS904, OS906, and OS910 with a single power supply can be mounted side-by-side in pairs in a
single 19-inch or 23-inch Telco rack frame to enable OS900 protection, high port density, as well
as easy accessibility.

Optical SFP Interfaces


SFP interfaces provide unmatched deployment flexibility to enable versatile optical extensions
from short to long-haul singlemode, single-fiber, or CWDM/DWDM connections – simply by use of
an appropriate SFP.
For service providers who build next-generation optical networks, the consolidation of xWDM
services with intelligent traffic forwarding on the same platform offers significant savings in capital
expenditure.
The integration of CWDM and DWDM SFPs eliminates the need for a transponder on the network,
and offers increased fiber optimization with physical services separation and dedicated Gigabit
rate for premium optical services based on the same concept of legacy “leased-line” services.

VPN Services & Protection


Compliant to MEF Ethernet Virtual Circuit (EVC), the OS900 offers three types of VPN service:
1. Layer 1 Optical VPN (Media Cross Connect) – a cross-connect mode with
transparent mode (without MAC address learning). This type of VPN functions like
an intelligent patch panel. In typical patch panels, wires must be physically
disconnected, moved, and reconnected to change the network configuration. In
the OS900, physical connections are left unchanged; only logical connections are
changed – purely by software control – to give the desired port-to-port
interconnections. One application of Media Cross Connect is to forward data via a
WDM technology port.
2. Layer 2 VPN – VLAN-based tunneling Q-in-Q stacking, swapping, or mapping
services.
3. Layer 2.5 VPN6 – a label-based MPLS VC for direct connection into MPLS
domains or H-VPLS MTU-s.
All the above VPN services can be fully protected using port redundancy, dual-homing, and/or ring
topology with a recovery time of less than 50 ms.
In addition to L2 VPN, the OS900 offers Layer 3 integrated IP router services to save on costs for
an external router and functions as a single demarcation platform for managed L2 VPN and IP
services.

Traffic Management
The OS900 provides for a value-added network infrastructure with end-to-end per-flow QoS.
It supports full CoS and QoS (MEF 14 model) including flow classification, rate limiting, shaping,
WFQ scheduling, and strict priority scheduling for lower delay/jitter, and guaranteed throughput in
real-time applications. In addition, it enables dynamic/adaptive buffer pools to prevent bursty traffic
starvation for buffers while ensuring effectiveness of queuing resources.
For network convergence applications that have a clear boundary between a customer’s network
and the carrier’s network, CoS layers (802.1p) can be mapped/marked to preserve priorities or
mapped into protection profiles preconfigured by the carrier.

Hierarchical QoS – CoS-Aware Rate Limit


Defining premium SLAs is a key requirement for service differentiation.
The OS900 enables traffic management based on innovative CoS-aware rate limit to dynamically
use available bandwidths. Dynamic QoS enables sharing of defined rate-limited flows controlled by

6
Future software upgrade

44 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 1: Overview

an aggregate profile configured for a UNI or an Ethernet Virtual Circuit. In the new service offering,
consolidated real-time, high-priority, and best effort require the options of differing data rates
configuration and CoS remarking. Dynamic QoS provides for sharing/borrowing bandwidths
allocated for real-time or high-priority applications at intervals when these services are in standby.
This capability optimizes bandwidth utilization at the access/demarcation point of the network
without the need for involving the aggregation layer for this purpose.

Denial of Service (DoS) Protection


The OS900 incorporates multi-layer DoS protection at the hardware level on the CPU control plane
and data-switching plane to protect service and device functionality from hostile traffic without
causing degradation of service performance or affecting the forwarding database or CPU
availability. Multiple traffic types can be policed at Layer 2 (e.g., broadcast frames, multicast
frames), Layer 3 (e.g., IP, OSPF), and Layer 4 (e.g., TCP, UDP).

System Management
The OS900 control plane incorporates a range of highly manageable features that offer assured
interaction with carriers’ OSS and NMS platforms, based on industry-standard Southbound out-of-
band or in-band interfaces. In addition, it can be managed with MRV’s MegaVision Pro NMS to
provide complete GUI and Northbound gateway (XML, TL1 & SNMP) to an entire cluster of
devices for configuration, performance analyses, and inventory control.
For the service provider, the OAM that is provided by a demarcation device determines to a
significant extent the metrics that can be used to formulate the SLA in cooperation with a service
subscriber.
The OS900 incorporates enhanced standards-compliant MEF OAM and gives the service provider
the capability to monitor the network, provision services, and promptly isolate fault locations from a
remote network operation center.

Figure 1: Operations, Administration, and Maintenance

Ethernet OAM with IEEE 802.1ag and ITU-T Y.1731


Connectivity of Ethernet bridging devices across Metro Ethernet or other transport networks
provides virtual (dedicated) Ethernet circuits. End-to-end service architecture requires
administrative domain hierarchy with corresponding OAM-enabled titles. The OS900 incorporates

January 2009 URL: http://www.mrv.com 45


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

such connectivity, discovery, and fault management along with performance statistics on delay,
jitter, and frame loss for demarcation and intermediate points of service.

Ethernet OAM with IEEE 802.3ah


IEEE 802.3ah Ethernet OAM provides reliable service assurance mechanisms for provider as well
as customer networks so as to avoid expensive time-consuming in-the-field truck rolls for isolating
faults. It includes Discovery Process, Dying Gasp, and Remote Loopback.

Ethernet Loopbacks
The OS900 offers remote loopback functionality on a physical interface or a specific VLAN that
traverses UNI or NNI interfaces. The loopback function allows for remote troubleshooting of
services, from NOC or any other manageable location without having to actually visit the customer
premises. Loopback functionality is hardware controlled to provide performance monitoring and
SLA verification at wire speed.

Virtual Cable Diagnostics


The OS900’s Virtual Cable Diagnostics (VCD) feature enables the administrator to test electrical
data cables attached to its ports for a physical fault, to identify the fault type, and to pinpoint its
location – all this with a single command. The technology used in devising VCD is Time-Domain
Reflectometry (TDR), which works on the same principle as radar.
In Ethernet networks, Layer 1 and Layer 2 elements are so closely coupled that it is often
impossible to determine at what layer the fault is present. Without VCD, isolation of the fault would
involve rollouts of burdensomely numerous cables and other equipment without knowing what or
where the fault is, thereby dramatically increasing maintenance costs and downtime!
Faults that can be detected with VCD are: opens, shorts, bad connectors, impedance mismatch,
and polarity mismatch.

Digital Diagnostics (Optical Performance Level


Monitoring)
The digital diagnostics feature of the OS900 SFPs (as per the standard SFF-8472) serve as a
powerful OPM tool that provides access to a number of real-time SFP operating parameters such
as optical Tx/Rx power, voltage, and temperature, as well as component information, such as,
vendor code, serial number, and wavelength. The information provided using digital diagnostics,
together with alarm and warning thresholds, enables the network administrator to identify potential
problems in optical transmission and take preemptive action before any service outage actually
occurs.

Link Aggregation
The IEEE802.3ad Link Aggregation Control Protocol provides a way to set up an aggregation trunk
automatically between two peers. The protocol controls bundling of several physical ports together
to form a single logical channel.
Unlike LAG which requires the configuration to be defined statically, LACP allows a switch to
negotiate an automatic bundle by sending LACP packets to the peer.
Such a channel between two switches increases traffic throughput capacity among stations
connected to the ports that are members of the trunk. For example, the interconnection of eight
full-duplex Gigabit ports of one OS900 unit to eight full-duplex Gigabit ports of another OS900 unit,
serves as an 8-Gbps full-duplex Ethernet trunk.

Per-service Performance Monitoring


The OS900 provides real-time and history reporting on various service performance metrics,
including port/VPN-EVC utilization, transmission errors, and QoS threshold exceptions.
Each service can be tracked for statistical information to help in baselining and troubleshooting
traversing services. This capability enables users to verify service guarantees and increase

46 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 1: Overview

network reliability by validating network performance. Performance monitoring uses proactive


monitoring to regulate traffic in a continuous, smooth, reliable, and predictable manner so as to
enable measurement of network performance and health.

Link Fault Reflection/Propagation


The Link Fault Reflection/Propagation mechanism provides notification on the integrity of a link
from the network interface to the user interface even if the link extends through several OS900s.

Analyzer VLAN
The OS900 incorporates the powerful Analyzer VLAN feature. This feature enables the operator to
configure a dedicated Analyzer VLAN for remote analysis by a surveillance center. It can be
activated per customer VLAN, per L2, L3, or L4 fields, or per learn table MAC address. The remote
service monitoring conforms with the interception processes according to the requirements of Law
Enforcement Monitoring.

Multiple-instance STP
Multiple-instance STP (MSTP) allows for the creation of multiple STP instances concurrently on a
network with network inter-node links that can be shared by any number of instances. The
implementation complies with the IEEE 802.1s standard and is backward compatible with the
spanning-tree protocols STP (IEEE 802.1d standard) and RSTP (IEEE 802.1w standard) so that
the OS900 can be used in a network consisting of devices operating in STP, RSTP, and MSTP.
MSTP serves to:
1. Prevent collapse of communication over a network whose topology is changed
dynamically.
2. Address the needs of increasingly faster Ethernet networks with mission-critical
applications requiring quick convergence/recovery. (The convergence/recovery time is 50
to 200 ms, the actual time depending on the network).
3. Maximize traffic flow across a network by optimizing resource utilization (for e.g., by
utilizing unused inter-node links).
4. Balance traffic flow across the network in order to increase throughput.
5. Improve fault tolerance by enabling traffic to flow unaffected in MSTIs even when failure
occurs in one or more other MSTIs.

Models
The OS900 is available in various models with flexibly selectable SFPs so that a model and SFPs
that are most suitable to an application can be selected. The models are described in Table 1,
below. The SW-UPG-9xMPLS enhanced software upgrade package (MasterOS™: MPLS VC -
LDP, RSVP-TE, CR-LDP, OSPF-TE, CSPF) option can be ordered with an OS900 model. Models
with this option are referred to with the character "S" appended to the model name, e.g., OS910-
MS.

January 2009 URL: http://www.mrv.com 47


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Table 1: Models of the OS900

Model Description
OS904/AC-1 7
Intelligent Ethernet services demarcation platform with 2 x Tri-mode ports + 2 x
100/1000Base-X SFP ports + 1 x out-of-band management RS-232 port + 1 x out-of-
band management Ethernet port. 1 AC power supply. Two OS904/AC-1s are side-by-
side mountable on a wall or in a Telco 19-inch or 23-inch rack.
OS904/DC-1 Like the OS904/AC-1 except that it has a DC power supply instead of an AC power
supply.
OS906/AC-1 Intelligent Ethernet services demarcation platform with 6 x Tri-mode ports + 1 x out-of-
band management RS-232 port + 1 x out-of-band management Ethernet port. 1 AC
power supply. Two OS906/AC-1s are side-by-side mountable on a wall or in a Telco
19-inch or 23-inch rack.
OS906/AC-2 Intelligent Ethernet services demarcation platform with 6 x Tri-mode ports + 1 x out-of-
band management RS-232 port + 1 x out-of-band management Ethernet port.
Dual AC power supply. Mountable in Telco 19-inch and 23-inch rack.
OS906/DC-1 Like the OS906/AC-1 except that it has a DC power supply instead of an AC power
supply.
OS906/DC-2 Like the OS906/AC-2 except that it has DC power supplies instead of AC power
supplies.
OS910/AC-1 Intelligent Ethernet services demarcation platform with 8 x 10/100/1000Base-T ports
(fixed) + 2 x 100/1000Base-X hot-swappable SFP ports + 1 x out-of-band
management RS-232 port + 1 x out-of-band management Ethernet port. 1 AC power
supply.
Two OS910/AC-1s are mountable on a wall or in Telco 19-inch and 23-inch racks.
OS910/AC-2 Intelligent Ethernet services demarcation platform with 8 x 10/100/1000Base-T ports
(fixed) + 2 x 100/1000Base-X hot-swappable SFP ports + 1 x out-of-band
management RS-232 port + 1 x out-of-band management Ethernet port. Dual AC
power supply.
OS910/DC-1 Like the OS910/AC-1 except that it has a DC power supply instead of an AC power
supply.
OS910/DC-2 Like the OS910/AC-2 except that it has a dual DC power supply instead of a dual AC
power supply.
OS910-M Mini multi-service modular platform with 6 x 10/100/1000Base-T ports (fixed) + 2 Tri-
mode ports + 2 x 100/1000Base-X hot-swappable SFP ports + 1 x out-of-band
management RS-232 port + 1 x out-of-band management Ethernet port + 2 optional
service modules (e.g., WDM, E1/T1).
One pluggable, hot-swappable power supply or dual pluggable, mutually redundant,
hot-swappable power supply.
Part number of AC power supply: EM9-M-PS/AC. Part number of DC power supply:
EM9-M-PS/DC.
Mountable in Telco 19-inch and 23-inch racks.
OS912-AC-2 Intelligent Ethernet services demarcation platform. 12 Tri-mode ports.
Dual AC power supply.
Brackets for mounting in a 19-inch rack included.
OS912-DC-2 Like the OS912-AC-2 except that it has a dual DC power supply instead of a dual AC
power supply.
OS930 Intelligent Ethernet services demarcation platform with 3 x 10 Gbps Ethernet hot-
swappable XFP ports + 1 x out-of-band management RS-232 port + 1 x out-of-band
management Ethernet port.
One pluggable, hot-swappable power supply or dual pluggable, mutually redundant,
hot-swappable power supply. Part number of AC power supply: EM9005-PS/AC. Part
Number of DC power supply: EM9005-PS/DC.
Mountable in Telco 19-inch and 23-inch racks.

7
Tri-mode ports can operate in either of the following Ethernet protocols: 10/100/1000Base-T, 100Base-FX, or 1000Base-
X.

48 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 1: Overview

Layout
View
The layout of the OS900 is shown in Figure 2, below.

OS904/AC-1

Front

Rear

OS906/AC-1

Front

January 2009 URL: http://www.mrv.com 49


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Rear

OS906/AC-2

Front

Rear

50 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 1: Overview

OS910/AC-1

Front

Rear

OS910/AC-2

Front

Rear

January 2009 URL: http://www.mrv.com 51


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS910/DC-2

Front

Rear

OS910-M

Front

52 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 1: Overview

Rear

OS912-AC-2

Front

Rear

OS912-DC-2

Front

January 2009 URL: http://www.mrv.com 53


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Rear

OS930/AC

Front

Rear
Figure 2: Layout of OS900

Power Supply Switch (Only in OS910-M and OS930)


Power supply switch .
I Position: Allows power into the OS900; O Position: Prevents power into the OS900.

Power Pushbutton
OS910-M Model
Pin pushbutton SW for powering ON/OFF the OS910-M system.
Other Models
Pushbutton PWR for powering ON/OFF the OS900 system.

Reset Pushbutton (Not in OS910-M)


Pin pushbutton RST for restarting the OS900 system.

54 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 1: Overview

External Clock Input (Only in OS910-M)


Jack for connecting an external clock (optional) to the EM9-CES module that may clock
transmission of E1/T1 signals with greater precision.

Ports
Each port can be independently configured to operate in any of a wide range of modes.
For detailed information on configuration of ports, refer to Chapter 6: Ports, page 131.

OS904/AC-1, OS904/DC-1
Two Tri-mode ports (Ports 1 and 2) and two 100/1000Base-X SFP ports (Ports 3 and 4).

OS906/AC-1, OS906/AC-2, OS906/DC-1, OS906/DC-2


Six Tri-mode ports (Ports 1 to 6).

OS910/AC-1, OS910/AC-2, OS910/DC-1, OS910/DC-2


Eight fixed 10/100/1000Base-T ports (Ports 1 to 8) and two 100/1000Base-X Ethernet SFP ports
(Ports 9 and 10).

OS910-M
Six fixed 10/100/1000Base-T ports (Ports 1 to 6), two Tri-mode ports (Ports 7 and 8), and two
100/1000Base-X Ethernet SFP ports (Ports 9 and 10).

OS912-AC-2, OS912-DC-2
Eight fixed 10/100/1000Base-T ports (Ports 1 to 8), two 100/1000Base-X Ethernet SFP ports
(Ports 9 and 10), and two 1000Base-X Ethernet SFP ports (Ports 11 and 12).

OS930
Three 3 x 10 Gbps Ethernet XFP ports (Ports 1 to 3).

Management
CONSOLE EIA-232
Serial/RS-232 port (with baud rate 9600 baud) for out-of-band local connection of a craft terminal.
MGT ETH
Ethernet 10/100Base-TX port for TELNET, SSH, and/or SNMP out-of-band connection. It is
directly connected to the CPU and does not affect nor is affected by inband traffic. It is an IP
interface that is used only for connecting a management LAN. Management stations on the LAN
can be used to manage the OS900 out-of-band (using a TELNET, SSH, or SNMP connection over
Ethernet). Alternately, a TFTP client can be connected to the out-of-band interface to access
configuration files stored in the OS900.

LEDs
Global and per-port status-indicator LEDs. The LEDs are described in Table 5, page 74.

Fans
The number of cooling fans in each OS900 model type is shown in Table 2, below.
Table 2: Fans in OS900 Models

Models OS904/AC-1, OS904/DC-1, OS906/AC-2, OS906/DC-2, OS930


OS906/AC-1, OS906/DC-1, OS910/AC-2, OS910/DC-2,
OS910/AC-1, OS910/DC-1, OS910-M/AC-2, OS910-M/DC-2,
OS910-M/AC-1, and OS910-M/DC-1 OS912-AC-2, and OS912-DC-2
Fans 1 2 4

January 2009 URL: http://www.mrv.com 55


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Earthing
OS906/AC-2, OS906/DC-2, OS912-AC-2, and OS912-DC-2
Metal tang at rear for earthing the OS906/AC-2, OS912-AC-2, and OS912-DC-2 chassis.

OS904, OS906/AC-1, OS906/DC-1, OS910, OS910-M, and OS930


Butterfly nut on screw at rear for earthing the OS900 chassis.

Power Supply
For details on the power supply, refer to Appendix F: Product Specification, page 571.

Options
SFPs/XFPs
OS930
Fiberoptic 10 GE XFP transceivers can be fitted to Ports 1 to 3 of the OS930.
Others
The ports of OS900 models to which fiberoptic Fast Ethernet/1GE SFP transceivers can be fitted
are shown in Table 3, below.
Table 3: SFPs Pluggable in Ports of each OS900 Model

Model OS904/AC-1, OS906/AC-1, OS906/AC-2, OS910/AC-1, OS910-M OS912-AC-2,


OS904/DC-1 OS906/DC-1, OS906/DC-2 OS910/AC-2, OS912-DC-2
OS910/DC-1,
OS910/DC-2
Ports 1 to 4 1 to 6 9 and 10 7 to 10 1 to 12

Service Modules (Only in OS910-M)


Up to two service modules may be fitted in the OS910-M model. The types of service module
available are:
WDM Module – A passive device for adding or dropping optical data carrier wavelengths.
The device can be an OADM, Multiplexer, or Demultiplexer module. For
details, refer to Chapter 30: WDM Module, page 413.
E1/T1 Module – A TDM for carrying voice on E1/T1 channels over Ethernet. For details, refer
to Chapter 31: E1/T1 CES Module, page 419.

Power Supply
OS900s with an additional universal AC or DC power supply are available. The two power supplies
operate in mutual redundancy mode. This mode of operation has two advantages:
− First, if one power supply fails, the other will supply the requisite power
for continued smooth operation of the OS900. The failure status is
recorded in the OS900. The failure status can be viewed using the
command show version.
− Second, the service provider can coordinate the downtime for OS900
maintenance with the customer.

56 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 2: Applications

Chapter 2: Applications

General
This chapter gives examples of how the OS900 can be applied.

Micro-PoP Services
Figure 3, below, shows how several customers on the same premise can be connected with an
OS900, which can be connected to a metro network via the OS9000 aggregation platform.
VLANs can be configured to isolate users from one another if required and to provide Q-in-Q
Service VLANs and security.

Figure 3: Micro-PoP Services

WAN Ethernet Manageable Services


Figure 4, below, shows how OS900s can be used to interconnect WANs of various operator
networks.
Q-in-Q (stacked VLANs) can be used to isolate different types of traffic from one another or to
bridge customers or groups of customers scattered across the operator’s network.
Uplink protection (connection of a dual 100 Mbps or 1G uplink between the OS900 and the same
WAN) and/or dual-homing (connection of a dual 100 Mbps or 1G uplink to different WANs) can be
implemented.
To provide SLA management and CFM, Traffic Conditioners (TCs) running dynamic CoS can be
set up together with ingress and egress traffic shaping.

January 2009 URL: http://www.mrv.com 57


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

MRV’s MegaVision Pro SNMP network management application can be used on various platforms
for management of the OS900 (and other SNMP-manageable devices) via a LAN or the
World-Wide Web (WWW).

Figure 4: WAN Ethernet Manageable Services

Business Ethernet Services


Figure 5, below, shows an application for providing on-premise Ethernet services while freeing the
aggregation network segment from the task of handling traffic between the hosts on the segment.
VLANs can be configured to isolate users from one another if required and to provide Q-in-Q
Service VLANs and security.
A 100 Mbps or 1 Gbps uplink can be used to connect the OS900 network to the aggregation
network segment.
In addition, digital diagnostics per the SFF-8472 standard can be performed for SFP transceivers
of the OS900. Layer 1 cable diagnostics (VCD) can be performed to identify and locate faults in
copper cables/connections.

Figure 5: Business Ethernet Services

10 Gbps Ethernet High-end Demarcation Services


Figure 6, below, shows an application for providing mission critical revenue generating 10GE
managed Ethernet services.

58 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 2: Applications

OS930 interfaces can be configured as UNI or NNI as per MEF specifications and enable the
following networking functions:
− 1:1 or 1+1 protected modes with 50 ms restoration time - Ring/Mesh, LIN, and end-to-end
protection based on OAM CCM
− Hierarchical QoS traffic management with 10GE subrates (CIR/EIR)
− Ethernet service OAM - SLA management based on CFM IEEE802.1ag and ITU-T Y.1731
PM
− 10GE WAN PHY (WIS) mode - configurable to operate at 10GE, OC192, or STM-64

Figure 6: 10 Gbps Ethernet High-end Demarcation Services

WAN 10 Gbps Manageable Ethernet Services


Figure 7, below, shows an application for providing manageable 10 Gbps Ethernet services for
intra-providers (operators) or inter-providers.
VLAN translation/mapping, H-QoS dynamic bandwidth, and SLA management can be configured
to enhance service.
In addition, digital diagnostics per the SFF-8472 standard can be performed for XFP transceivers
of the OS930.

Figure 7: WAN 10 Gbps Manageable Ethernet Services

10 Gbps Ethernet Services over WDM


Figure 8, below, shows an application for placing 10 Gbps Ethernet services via XFPs on MRV’s
LambdaDriver WDM multiplexer that provides long-haul paths, fiber-optimization, and redundancy
protection for services.
VLAN translation/mapping, H-QoS dynamic bandwidth, and SLA management can be configured
to enhance service.
In addition, digital diagnostics per the SFF-8472 standard can be performed for SFP transceivers
of the OS930. Layer 1 cable diagnostics (VCD) can be performed to identify and locate faults in
copper cables/connections.

January 2009 URL: http://www.mrv.com 59


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Figure 8: 10 Gbps Ethernet Services over WDM

60 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 3: Installation

Chapter 3: Installation

General
This chapter provides a detailed step-by-step procedure for installing the OS900.

Safety
Before installing the OS900, ensure that the requirements noted in the section Safety
Requirements, page 39, are met.

Package Contents
Essentials
• OS900s (as many as ordered by the customer)
• EIA-232 Cable (1 per OS900)
• Power Cord (1 per power supply)
• CD containing the OS900 User Manual (1)

Options
• Brackets for mounting the OS900 in a 19-inch or 23-inch rack (2 per
OS900)
• WDM and/or E1/T1 CES modules (up to 2 per OS910-M)
• SFPs (up to 2 per OS904 or OS910-M)
• A second power supply (1 per OS910-M or OS930
• MegaVision Pro ® server SNMP network management application (on
CD)
• Outdoor Cabinet (1 for up to four OS900s)

Requirements
Tools
• Philips screwdriver no. 1
• Philips screwdriver no. 2

Data Equipment
DTEs/DCEs
Compliant to IEEE 802.3, IEEE 802.3u, and/or IEEE 802.3z.

Cabling
10/100/1000Base-T Ports
Cable Type: Category 5.
Cable Connector Type: RJ45 8-pin male
Cable Length: Up to 100 m (330 ft)
Cable Impedance: 100 Ω
Cable Wiring: Straight (Figure 63, page 563) or Cross (Figure 64, page 563)

January 2009 URL: http://www.mrv.com 61


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Note
Each 10/100/1000Base-T port may be connected with a straight-wired or
cross-wired cable irrespective of whether the co-port8 is that of a DCE
(e.g., switch) or DTE (e.g., PC) since the OS900 port automatically
configures its interface to be Ethernet MDI or MDIX in order to
communicate via the co-port.

100/1000Base-X Ports
Cabling requirements are SFP dependent.
The cable length can be up to:
[Output power of SFP transmitter − Sensitivity of SFP receiver] - Path losses (in dB)
km
Cable Attenuation (in dB/km)

The path losses must include losses due to interposing devices, splices, etc. plus a
safety margin of 3 dB.
10 GE Ports (Only in OS930)
Cabling requirements are XFP dependent.
The cable length can be up to:
[Output power of XFP transmitter − Sensitivity of XFP receiver] - Path losses (in dB)
Cable Attenuation (in dB/km)
km

The path losses must include losses due to interposing devices, splices, etc. plus a
safety margin of 3 dB.
WDM Module Ports (Only in OS910-M)
For possible cabling configurations for WDM Module ports, refer to Chapter 30: WDM Module,
page 413.
E1/T1 Module Ports (Only in OS910-M)
Refer to Chapter 31: E1/T1 CES Module, section Product Specification, page 459.
Cable Fiber Marking
For each cable fiber, attach a label with the marking Tx at one end and another label with the
marking Rx at the other end.

Management Equipment
Out-of-band Management using Serial/RS-232 Connection
• Craft terminal: Asynchronous ASCII terminal, e.g., VT100 terminal
or
Craft terminal emulator: For e.g., PC with asynchronous ASCII terminal
emulation software application such as Microsoft Windows’
HyperTerminal
or
UNIX workstation
or
Linux workstation
• Operating System: For e.g., Microsoft Windows 95, 98, 2000, NT, or
XP
• Cable (supplied by MRV): Null-modem RS-232, with RJ45 8-pin male
connector and DB9 9-pin female connector, and not longer than 15 m
(50 ft) for connecting the OS900 CONSOLE EIA-232 port to the
management station. The cable wiring is shown in Figure 62 on page
563.

8
A co-port is another port that receives from or forwards to the OS900 port.

62 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 3: Installation

Out-of-band Management using TELNET, SSH, or SNMP Connection


• TELNET or SSH station: For e.g., PC with TELNET or SSH application
or
SNMP NMS: For e.g., MRV’s MegaVision Pro® network management
application running on a PC. For details, refer to the MegaVision User
Manual.
• Operating System: For e.g., Microsoft Windows 95, 98, 2000, NT, or
XP.
• Interface to the Web: Optional, required for Web-Based Management.
• Cable: Category 5, with RJ45 male 8-pin connector, up to 100 m (330
ft) long for connecting the OS900 MGT ETH port to the network via
which the management station can access the OS900. The cable must
be cross-wired as shown in
• Figure 64, page 563.
• IP Address: If an IP address is to be assigned to the OS900 for the first
time, the interconnection shown in Figure 14, page 70 must be used.

Mounting
If OS900s are installed in a closed or multi-unit rack assembly, they may require further evaluation
by certification agencies.
Installation should be such that a hazardous instability condition is not developed due to uneven
loading.
Ensure that the OS900 will be within reach of the necessary connections, namely, line/mains
power outlet, Ethernet networks, and a craft terminal/emulator or a UNIX workstation if the OS900
is to be managed via its CONSOLE EIA-232 port.
For mounting an OS900, any one of the following may be used: Rack, Wall, Outdoor Cabinet, or
Desktop. Details are given below.
Rack:
− 19-inch rack:
One OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1:
EM900-BR-1 bracket pair + four philips screws (supplied by MRV)
One OS910/AC-2 or OS910/DC-2:
EM304-BR-3 bracket pair + four philips screws (supplied by MRV)
One OS906/AC-2, OS906/DC-2, OS910-M, OS912-AC-2, OS912-DC-2, or OS930:
EM930-BR-1 bracket pair + four philips screws (supplied by MRV)
Two OS904s, OS906/AC-1s, OS906/DC-1s, OS910/AC-1s, or OS910/DC-1s
(side-by-side)
EM900-BR-D Tray + spacer D + 10 philips screws (supplied by MRV)
One OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1, and one LDP100
(side by side):
EM900-BR-E Tray + spacer E + 11 philips screws (supplied by MRV)
− 23-inch rack:
One OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1:
EM900-BR-2 bracket pair + four philips screws (supplied by MRV)
One OS910/AC-2 or OS910/DC-2:
EM304-BR-4 bracket pair + four philips screws (supplied by MRV)
One OS910-M, OS906/AC-2, OS912-AC-2, OS912-DC-2, or OS930:
EM930-BR-2 bracket pair + four philips screws (supplied by MRV)
− Space in rack:
~ 220 x 45 x 240 mm 3
[~ 8. 5 x 1U x 9.5 in 3]
Wall:
− One OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1:
EM900-WBR bracket (supplied by MRV)
The wall area must be at least:

January 2009 URL: http://www.mrv.com 63


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

~ 220 x 240 mm 3
[~ 8. 5 x 9.5 in 3]
Outdoor Cabinet:
− Up to four OS900s indoors or outdoors (supplied by MRV)
Desktop:
− One per minimum surface area:
~ 220 x 240 mm 3
[~ 8. 5 x 9.5 in 3]
The surface must be flat, stable, non-conductive, and static-free.

Environmental
Temperature: 0 to 45 oC (32 to 113 oF).
Humidity: Non-condensing, 10 to 85%.
Cooling air: Flowing around the OS900 and through the air vents unobstructed. In addition,
there must be a clearance of at least 25 mm (1 inch) between the air vents and
nearby objects.

Power
The line (mains) should be able to supply power to the OS900 as specified on the nameplate of
the OS900. Make sure there will be no overloading of supply circuits that could have an adverse
effect on overcurrent protection and supply wiring.

AC Source
The AC power source (line/mains) should be able to supply power to the OS900 according to the
section Power Consumption (Max), on page 574.
The power cord for 115 Vac input from a power source must be a minimum-type SJT (SVT) 18/3,
rated 250 Vac, 10 A with a maximum length of 4.5 m or 15 ft. One end must terminate in an IEC
320 attachment plug, the other end must terminate in a NEMA 5-15P plug.
(The power cord supplied by MRV meets these requirements.)
The power cord for 230 Vac input from a power source must be a minimum-type SJT (SVT) 18/3,
rated 250 Vac, 10 A with a maximum length of 4.5 m or 15 ft. One end must terminate in an IEC
320 attachment plug, the other end must terminate as required by the recognized safety
organization of the country in which it is installed.

DC Source
The DC power source should be able to supply power to the OS900 according to the section
Power Consumption (Max), on page 574:
DC rated equipment must be installed in the following conditions:
1. The DC supply source to which the OS900 is to be connected must be isolated
from the alternating current source and reliably connected to earth or to a DC
(SELV) source.
2. The OS900 must be installed only in restricted access areas (Dedicated
Equipment Rooms, Equipment Closets, or the like) in accordance with Articles
110-16, 110-17, and 110-18 of the National Electrical Code, ANSI/NFPA 70.
3. Input wiring to a terminal block must be routed and secured in such a manner that
it is protected from damage and stress. Do not route wiring past sharp edges or
moving parts.
4. A readily accessible disconnect device, with a 3 mm minimum contact gap shall be
incorporated in the fixed wiring.
5. A listed circuit breaker suitable for protection of the branch circuit wiring and rated
60 Vdc minimum must be provided.

64 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 3: Installation

Note
To ensure continued operation even when the line (mains) power is
cut off, it is recommended to connect the OS900 through a UPS.

Power Supplies
One power supply may be sufficient for the OS900.
A second power supply ensures continued supply of requisite power even if a power supply fails.

Grounding
Reliable earthing of the OS900 must be maintained. Particular attention should be paid to supply
connections when connecting to power strips rather than to direct connections to the branch
circuit.

Procedure
Component Insertion
SFP/XFP
1. Choose the SFP/XFP receptacle into which the SFP/XFP is to be inserted.
2. Holding the SFP/XFP with the right side up, slide it about half-way into the
SFP/XFP receptacle.
3. If the SFP/XFP has a latching mechanism, while holding the SFP/XFP with one
hand gently release the latch with the other hand. Usually, the latch handle is a
wire frame around the SFP/XFP. To release the latch, swing down the wire frame.
4. With both thumbs pressed against the face edges of the SFP/XFP, gently slide it
as far into the SFP/XFP receptacle as possible. Holding the SFP/XFP in this
position, swing up the latch handle around the SFP/XFP in order to latch it.

WDM Module (Only in OS910-M)


Refer to Chapter 30: WDM Module, section Mounting, page 414.

EM9-CES (Only in OS910-M)


Refer to Chapter 31: E1/T1 CES Module, section Mounting, page 421.

Power Supply Module, e.g., EM9-M-PS (Only in OS910-M and OS930)


1. Choose the receptacle in the OS900 into which the power supply module is to be inserted.
2. Holding the power supply module with the right side up, place the edges of the
module’s PCB between the left and right rails in the receptacle and slide it until its
panel is level with the front panel of the OS900. (This assures that the module’s
connector is inserted into place.)
3. With a philips screwdriver no. 1, fasten the module with the two captive screws that are
located on its edges.

Mounting
Rack
19-inch
One OS900
1. With four screws, fasten the two mounting brackets9 to the sides of the OS900 as
shown in Figure 9, below.
2. Mount the OS900 in a 19-inch rack.

9
Either bracket may be mounted on either side.

January 2009 URL: http://www.mrv.com 65


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1

OS910/AC-2 or OS910/DC-2

OS910-M, OS906/AC-2, OS906/DC-2, OS912-AC-2, OS912-DC-2, or OS930

Figure 9: Fastening Brackets for Mounting one OS900 in a 19-inch Rack


Two OS900s Side-by-Side (Only OS904s, OS906/AC-1s, OS906/DC-1s, OS910/AC-1s, and
OS910/DC-1s)
1. With four screws, fasten one OS900 on the left side of the tray as shown in Figure
10, below.
2. With two screws, fasten the spacer to the right side of the OS900.
3. With four screws, fasten the second OS900 on the right side of the tray as shown
in Figure 10, below.
4. Mount the tray in a 19-inch rack.

Figure 10: Fastening Brackets for Mounting two OS900s in a 19-inch Rack
One OS900 and One LDP100 (Only OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or
OS910/DC-1)
1. With four screws, fasten the OS900 on the left side of the tray as shown in Figure
11, below.

66 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 3: Installation

2. With two screws, fasten the spacer to the right side of the OS900. With one screw,
fasten the spacer to the tray.
3. With four screws, fasten the LDP100 on the right side of the tray as shown in
Figure 11, below.
4. Mount the tray in a 19-inch rack.

Figure 11: Fastening Brackets for Mounting one OS900 + one LDP100 in a 19-inch Rack
23-inch
1. With four screws, fasten the two mounting brackets10 to the sides of the OS900 as
shown in Figure 12, below.
2. Mount the OS900 in a 23-inch rack.
OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1

OS910/AC-2 or OS910/DC-2

OS910-M, OS906/AC-2, OS906/DC-2, OS912-AC-2, OS912-DC-2, or OS930

Figure 12: Fastening Brackets for Mounting one OS900 in a 23-inch Rack

10
Either bracket may be mounted on either side.

January 2009 URL: http://www.mrv.com 67


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Wall (Only OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, and OS910/DC-1)


Fasten the wall bracket by inserting two flat-head philips screws (no longer than 3 mm) at two
holes (having counter sinks) on the underside of the OS900 as shown in Figure 13. Fix two wall
screws 100 mm (4 inch) apart and hang the OS900.

Figure 13: Fastening Bracket for Mounting the OS900 with one PS on a Wall

Outdoor Cabinet
Refer to the Outdoor Cabinets User Manual, Publication No. ML46852.

Desktop
Place the OS900 on a flat, stable, non-conductive static-free surface.

Earthing
With an insulated copper wire of gage up to #18 AWG, connect the OS900 to an earthing point at
its butterfly-nut-on-screw located at the rear.

Network Connection
Service Modules
WDM Ports
Refer to the section Network Connection, page 414.
E1/T1 Ports
Connect the EM9-CES ports to the PSTNs/PBXs with the wood-pulp or plastic insulation twisted
wire-pair cables having RJ48 or RJ45 8-pin male connectors.
Make sure that an Ethernet port in each OptiSwitch is connected to the IP/Ethernet network across
which the E1/T1 traffic is to be sent.

Data Equipment (DTE or DCE)


Connect the data ports of the OS900 to the data equipment with cables as follows:
Electrical Ports
Use a straight-wired or cross-wired cable (specified in the section 10/100/1000Base-T Ports, page
61) to connect each OS900 electrical data port to a DTE or DCE.
Fiberoptic Ports
Using fiberoptic cables connect each optical data port of the OS900 to a DTE or DCE making sure
that:
A port on one device is to be connected to a port on another device as follows: The end
marked Tx11 of one fiber of a cable is connected to the Tx port of a device and the end
marked Rx to an Rx port of another device. For the other fiber of the cable, the end marked
Rx is connected to an Rx port of the first device and the end marked Tx to a Tx port of the
second device.

11
Marking of the fibers is described in the section Cable Fiber Marking, page 62.

68 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 3: Installation

Management Station
Connect at least one of the following to the OS900: Craft terminal, TELNET station, SSH station,
UNIX station, Linux station, or SNMP NMS, as described below.
Craft Terminal/Emulator (For Out-of-band Management)
With a null-modem RS-232 cable having an RJ45 8-pin male connector, connect the OS900’s
RJ45 8-pin female connector marked EIA-232 to a craft terminal/emulator serial port as shown in
Figure 14, below.

OS904

OS906/AC-1 or OS906/DC-1

OS910

January 2009 URL: http://www.mrv.com 69


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS910-M

OS906/AC-2, OS906/DC-2, OS912-AC-2, or OS912-DC-2

OS930
Figure 14: ASCII Craft Terminal/Emulator Connection to OS900
TELNET/SSH Station or SNMP NMS
As shown in Figure 15, below, connect the OS900 to a TELNET, SSH, or SNMP station in either of
the following ways:
− With a Category 5 cable (straight-wired or cross-wired) having an RJ45
8-pin male connector, at the dedicated out-of-band management port
CONSOLE EIA-232 or at a 10/100/1000Base-T port.
− With a fiberoptic cable, at a 100/1000Base-X SFP port.

70 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 3: Installation

OS904

OS906/AC-1 or OS906/DC-1

OS910

OS910-M

January 2009 URL: http://www.mrv.com 71


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS906/AC-2, OS906/DC-2, OS912-AC-2, or OS912-DC-2

OS930
Figure 15: TELNET, SSH, or SNMP Station Connection to OS900

Power Line Connection


1. Make sure that the power cord (supplied) for the OS900 is disconnected from the
power source (line/mains).
2. The following substeps are to be performed in order prevent unintentional disconnection
of the power cord. So, referring to the rear of the OS900 (for example, the picture of the
Rear of the OS904, page 49):
2.1. Plug one end of the power cord into the ‘AC Power Receptacle’.
2.2. Remove the philips screw located on the ‘Power Cord Fastener’.
2.3. Lift up the free end of the ‘Power Cord Fastener’.
2.4. Place the power cord under the free end of the ‘Power Cord Fastener’ and
against the side of the OS900.
2.5. Bring down the free end of the ‘Power Cord Fastener’ over the power
cord.
2.6. Using the philips screw (removed in Step 2.2, above), fasten the power
cord to the side of the OS900.
3. Connect the other end of the power cord to the power source (line/mains).

72 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 4: Startup, Setup, and Operation

Chapter 4: Startup, Setup, and


Operation
Startup
To start up the OS900, connect it with its power cord(s) to the power source (line/mains), and, if it
is an OS910-M or OS930 set each power supply switch ( ) to the ON (I) position.
This causes the OS900 to undergo a sequence of operationality and initialization tests. At the end
of the tests, which last a few seconds, the OS900 becomes fully operational as a basic switch that
can perform Layer 2 switching between its ports.

Setup
Operation
Default
The default setup is a collection of settings assumed by the OS900 when settings are not assigned
by the administrator. Each default setting can be changed by invoking its associated CLI
command, described in the relevant parts of the manual. The section Invoking a CLI Command,
page 83, shows how to invoke CLI commands.
If the factory default settings are changed, they can be restored as described in the section
Restoration of Factory Default Configuration, page 385.

Custom
A setup can be changed using any of the management stations described in the section
Management Equipment, page 62. The connection of management stations is described in the
section Management Station, page 69. The required setup of the craft terminal is described in the
section Local Management (Craft Terminal), page 73.
Unlike the RS-232 interface, the Ethernet interface (MGT ETH port) or a VLAN interface has to be
enabled for management in order to perform setup. The procedure for enabling management via
these interfaces is given in the section Remote Management, page 183.
Additional setup using the OS900’s CLI is required to activate specific functions of the OS900.
(Examples of such functions are: VLANs, Provider bridges, Traffic policing, and Link aggregation.)
Use of the CLI is described in Chapter 5: CLI Management, page 77. The available functions
and their activation are described in their respective sections/chapters.

Management
Local Management (Craft Terminal)
Make sure that a connection exists between the management station and the OS900 EIA-232 port.
The interconnection is shown in the section Craft Terminal/Emulator (For Out-of-band
Management), page 69.
If you are using a PC, run the emulation software application (e.g., Microsoft Window’s
HyperTerminal or TeraTermPro), and set up the craft terminal/emulator as shown in Table 4,
below.
Table 4: ASCII Craft Terminal/Emulator Setup for CLI Management

Transmit/Receive Rate Data Length Parity Stop Bits Flow Control


(Baud) (Bits)
9600 8 None 1 None

January 2009 URL: http://www.mrv.com 73


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Remote Management (TELNET/SSH/SNMP)


For remote management setup, familiarity is required with the CLI and with interface configuration.
Accordingly, setup details are given in the section Remote Management, page 183.

Operation
Monitoring
The OS900 becomes fully operational within a few seconds after being powered ON. Its operation
can be monitored by interpreting the status of its LEDs with the aid of Table 5, below, or with a
management station (e.g., craft terminal, TELNET, UNIX, or Linux station, SSH host, or SNMP
NMS).
Table 5: Front Panel LEDs

Level LED Status Significance


Global PWR ON-Green Power into the OS900 system OK.
(Power) ON-Amber Power present at the entrance to but not in the OS900
system.
(In OS900 models other than OS910-M, when pushbutton
PWR is pressed continuously for at least 2 seconds, LED
RST turns ON-Green. When power to the OS900 system is
shutdown, LED PWR turns ON-Amber.)
OFF No power at the entrance to the OS900 system.
PS1 ON-Green Power distribution to OS900 system from Power Supply 1
(Power OK. That is, power cord connecting Power Supply 1 to
Supply 1) line/mains, and (in OS910-M and OS930) Power Supply 1
switch in position I (power ON).
OFF Power distribution to OS900 system from Power Supply 1
faulty. That is, power cord disconnected or (in OS910-M and
OS930) Power Supply 1 switch in position O (power
OFF).
PS2 ON-Green Power distribution to OS900 system from Power Supply 2
(Power OK. That is, power cord connecting Power Supply 2 to
Supply 2) line/mains, and (in OS910-M and OS930) Power Supply 2
switch in position I (power ON).
OFF Power distribution to OS900 system from Power Supply 2
faulty. That is, power cord disconnected or (in OS910-M and
OS930) Power Supply 2 switch in position O (power
OFF).
RST or ON-Green In OS900 models other than OS910-M, while the OS900 was
PRP powered ON, either pushbutton RST or pushbutton PWR was
(Reset) pressed continuously for at least 2 seconds.
OFF Normal operation.
TMP or ON-Green Internal temperature of operating OS900 system OK.
TEMP ON-Amber Internal temperature of operating OS900 system too high.
(Temper (The internal temperature can be displayed by invoking the
ature) CLI command show version.)

74 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 4: Startup, Setup, and Operation

Table 5: Front Panel LEDs (Cont’d)

Level LED Status Significance


Per Port L&A ON Port link integrity to network OK, port not receiving or
(Link and transmitting data.
Activity) BLINKING Port link integrity to network OK, port receiving or transmitting
data.
Amber Port speed 10/100 Mbps.
Green Port speed 1000 Mbps.
OFF Port link integrity to network broken or faulty.
L ON-Green Port link integrity to network OK.
(Link) (Only for SFP interface type.)
ON-Amber Port link integrity to network OK.
(Only for 10/100/1000-T fixed interface type.)
OFF Port link integrity to network broken or faulty.
A ON-Green Port receiving or transmitting data.
(Activity) OFF Port neither receiving nor transmitting data.
FAN ON-Green OS900 system internal fans OK.
(Fan) ON-Amber One or more OS900 system internal fans faulty.
OFF No power into the OS900 system.

Reset
The reset function is used to restart the OS900 system without powering it OFF and ON.
To reset the OS900, press pin pushbutton RST.

Shutdown
In OS904, OS906, OS910, and OS912
To shut down system operation, simply disconnect the power cord(s) from the power source
(line/mains).
In OS910-M and OS930
To shut down system operation, set the switch of each power supply to the OFF (O)
position.

January 2009 URL: http://www.mrv.com 75


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

76 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Chapter 5: CLI Management

General
This chapter describes the following:
− Command Line Interpreter (CLI) management tools
− Generic custom setup/management of the OS900 using CLI commands.
A CLI command may be a factory CLI command or a script. (A script is a set of factory CLI
commands that the OS900 can execute in succession without user intervention. Details
are given in the section Scripts, page 120.)
For custom setup/management to operate with specific protocols (e.g., MSTP) and utilities
(e.g., DNS) refer to the relevant chapters.
The OS900 is shipped out of the factory already set up. The setup is only partial and allows basic
Layer 2 switching between the Ethernet ports. However, additional settings may be required such
as, for example, an IP address for the OS900.
For SNMP management using a PC running MRV’s Network Management application, refer to the
MegaVision® Network Management User Manual.

CLI Access
General
The CLI can be accessed via a Serial/RS-232, TELNET, SSH, or SNMP connection even while the
OS900 is under normal operation.

Access Levels
The OS900 has three CLI access levels, each appropriate to the expertise and authority of the
user. The user enters a level with the password associated with the level. The access levels are
listed below.
• Admin Level: At this level, only a limited subset of available
commands can be accessed. These commands can be used to monitor
system operation status but cannot be used to change system
operation configuration. This level is the default level for login.
• Enable Level: At this level, most of the system commands can be
accessed. These commands can be used to monitor the network,
change system operation configuration, upgrade software, save
configurations, etc. To enter this level, after login at the Admin Level,
invoke the CLI command enable, followed by an additional password if
set by the administrator. To access configuration commands, enter the
command configure terminal.
• Root Level: At this level, the OS900 operating system, Linux, is
accessible. To enter root level, login at admin level, and then enter the
command linux. To become a root user (superuser), enter the
command su followed by the root password. Details are given in the
section Linux Mode, page 90.
The procedure for configuring the root level and admin level passwords are given in the section
First Time Access – Root and Admin Passwords Configuration, page 78.
The procedure for configuring the enable level password is given in the section
Configuring/Changing the Enable Password, page 92.

January 2009 URL: http://www.mrv.com 77


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Preparation
The following information is a prerequisite for configuring the OS900:
• A map of your network topology
• A list of VLANs to be configured on ports
• The IP addressing plan for each network interface
• The protocols required by the network
• The protocols to be used
• Location and IP address of each remote management station

First Time Access – Root and Admin Passwords Configuration


Passwords are encrypted to provide added security against unauthorized access and configuration
changes. A password can contain numerical characters (e.g., 1, 2, 3, etc.), symbols (e.g., $, %, @,
etc.), hyphens (-), uppercase letters (A, B, C), and lowercase letters (e.g., a, b, c, etc.).
When accessing the OS900 CLI for the first time, both the root (superuser-level) password and the
admin (administrator-level) password should be configured.

Note
If the root or admin password is not configured, the OS900 can be
accessed simply by pressing Enter in response to the system prompt
to enter the password!

The root password is for accessing the OS900 Operating System (Linux) in order to change its
operating functions. The admin password is for accessing the OS900 CLI in order to configure
operation of the OS900.
The procedure for configuring root and admin passwords is as follows:
1. Power up the OS900.
2. When the prompt:
MRV OptiSwitch 904 version 1_3_1
OS900 login:

appears, type root and press Enter .


3. When the prompt:
You are required to change your password immediately (root enforced)
Enter new UNIX password:

appears, type a root password that is six or more characters long and press Enter .
4. When the prompt:
Retype new UNIX password:

appears, retype the root password and press Enter .


5. Type exit and press Enter .
6. When the prompt:
logout
MRV OptiSwitch 904 version 1_3_1
OS900 login:

appears, type admin and press Enter .


7. When the prompt:
You are required to change your password immediately (root enforced)
Enter new UNIX password:

appears, type an admin password that is six or more characters long and press Enter .
8. When the prompt:
Retype new UNIX password:

appears, retype the admin password and press Enter .

78 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

The system responds with:


Last login: Wed Jul 13 09:51:59 2007 on ttyS0
OS900>

indicating that CLI is ready for access.


In order to store these passwords in flash (permanent) memory, invoke the command write
file or write memory. The passwords can be changed as described in the section Passwords,
page 91.
Below is an example showing the user inputs (in bold) for configuring the root and admin
passwords and the corresponding OS900 outputs on the CLI screen. The strings of asterisks
shown as user passwords are only representations of the passwords; the passwords (including
their length) are actually hidden from view during entry.
MRV OptiSwitch 904 version 1_3_1
OS900 login: root
You are required to change your password immediately (root enforced)
Enter new UNIX password: ******
Retype new UNIX password: ******
# exit
logout
MRV OptiSwitch 904 version d0920-03-07-07
OS900 login: admin
You are required to change your password immediately (root enforced)
Enter new UNIX password: ******
Retype new UNIX password: ******
Last login: Wed Jul 13 09:51:59 2007 on ttyS0
OS900> write file
OS900>

Standard Access
To access the OS900 for regular management (e.g., monitoring the network, changing system
operation configuration, upgrading software, saving configurations, etc.), i.e., excluding access to
the Linux operating system:
1. Power up the OS900. After initialization is completed (in about one minute), the
following prompt will appear:
MRV OptiSwitch 910 version 1_3_1
OS900 login:
2. Enter the login name admin. The following prompt will appear:
Password:
3. Type in the admin password (configured as described in the section First Time
Access – Root and Admin Passwords Configuration, page 78). If no admin
password was configured, the default is no password. In such case, simply press
Enter.
The system prompt OS900> will appear to indicate that connection to the CLI is established and the
OS900 is ready for local management. For remote management, the OS900 must first be enabled
as described in the section Remote Management, page 183.

CLI Modes
A CLI mode (or node) is a stage at which a specific group of CLI commands is available to the
administrator for interacting with the OS900. To enter a mode, type its name and press Enter . The
system prompt includes the mode name to signify entry into the mode.
A mode itself may contain other modes (in addition to commands). On accessing the CLI (as
described in the section CLI Access, page 77), the modes (and commands) in each mode can be
displayed by pressing Shift ? .

January 2009 URL: http://www.mrv.com 79


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Viewing CLI Commands


On accessing the CLI (as described in the section CLI Access, page 77), the commands in a mode
together with their description can be viewed as follows:
1. Type the name of the mode containing the CLI command to be viewed.
2. Press Shift ? .

Conventions for CLI Commands


Table 6, below, describes the conventions used for CLI commands as presented in this manual.
Table 6: Conventions for CLI Commands

Convention Description
Courier Bold This typeface represents information provided to the system.
The information may include an argument, i.e, part of a CLI
command.
Courier This typeface represents information provided by the system.

Symbols in CLI Commands


Table 7, below, describes the symbols used in CLI commands.
Table 7: Symbols in CLI Commands

Symbol Significance
argument in lower Argument to be entered as is.
case (keyword)
ARGUMENT IN UPPER Argument to be replaced with a value.
CASE (VALUEWORD) To specify number values:
Type the individual numbers separated by commas
and/or
Type the lowest and highest number separated by a hyphen
(-) to specify a range of consecutive numbers.
Example: To specify numbers 1, 3, 4 to 7, and 9, type 1,3,4-
7,9
[ ] Optional command argument enclosure.
Do not type this symbol with the command argument!
(CR) Typed command (whatever it is) can be invoked by pressing
Enter .
| Process the output of a CLI command by any Linux command
(e.g., wc, grep, tail, etc.).
OS900> prompt of disable mode.
OS900# prompt of enable mode.
OS900(config)# prompt of configure terminal mode.

80 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Functional Keys for CLI Commands


Table 8: Functional Keys for CLI Commands

Key Function
Tab Used to complete a keyword after its first few letters are
typed. Tab adds letters to a partially typed keyword that
are common to all keywords beginning with the partially
typed keyword. If the partially typed keyword is unique to a
keyword, Tab completes the keyword. If the partially typed
keyword is not unique to a keyword, additional letters will
have to be typed in order for Tab to complete the keyword.
Enter After the first few letters of a command are typed:
Executes the command if these letters are a complete
command.
Displays the message
% Command incomplete
if the letters are not a complete command.
Displays the message
% Unknown command
if the first letters are not those of any command.
When the prompt --More-- appears
Displays the next line in the list
if a show command was invoked.
Displays the next batch of lines in the list
if ? was pressed immediately after a mode indication
(e.g., OS9024-4C(config)#.)
? After the system prompt:
Displays all the modes/commands selectable at the
current CLI level.
After the first few letters are typed:
Displays selectable modes/commands/arguments
beginning with these letters.
After a word (mode, command, or argument) is typed:
Displays a set of arguments from which one is
selectable.
Spacebar Scrolls displayed list.
Q Changes access to the higher mode.
Ctrl A Moves the cursor to the first character on the line.
Ctrl B or Moves the cursor back one character.
Ctrl F or Moves the cursor forward one character.
Esc B Moves the cursor back one word.
Esc F Moves the cursor forward one word.
Ctrl E Moves the cursor to the end of the current command line.
Del or Backspace Deletes the character to the left of the cursor.
Esc D Deletes all characters from the cursor position to the end of
the word.
Ctrl W Deletes the last word typed.
Ctrl U or Ctrl X Deletes all characters from the cursor position to the
beginning of the command line.

January 2009 URL: http://www.mrv.com 81


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Table 8: Functional Keys for CLI Commands (Cont’d)

Key Function
Ctrl K Deletes all characters from the cursor position to the end of
the command line.
Ctrl L or Ctrl R Repeats the current command on a new line.
Ctrl Z or Ctrl C Returns to enable mode from any other mode.
Displays earlier invoked commands.
Displays later invoked commands.

Help
By pressing Shift ? when the cursor is in differing positions in a command, different information
on the command/argument can be obtained.

Note
? does not appear in the CLI display when Shift ? is pressed.
However, it is shown in the following example (and elsewhere) for
clarity.

• CLI Help: Press Shift ? at the system prompt of any mode to see the
commands available in that mode. The following example shows the
commands available in disable mode when you press Shift ? in
disable mode.
OS900> ?
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
logout Logout from this current session
monitor Monitor
nslookup Name server query
ping Send echo messages
quit Exit current mode and down to previous mode
show Show running system information
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
OS900>
• Partial Keyword Help: To view the list of commands that begin with a
partial keyword you have typed, without inserting a space after the last
character of the partial keyword, press Shift ? . For example, when you
type de and press Shift ? , the following results are displayed:
OS900(config)# de?
debug Debugging functions (see also 'undebug')
default Negate a command or set its defaults
default-fwd Set default forwarding
OS900(config)# de
• Keyword Definition Help: To view the definition of a command or
keyword that you have typed, without inserting a space after the last
character of the keyword, press Shift ? . For example, when you type
the command port and press Shift ? , the following results are
displayed:
OS900(config)# port?
port Port configuration

82 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

OS900(config)# port
• Command Syntax Help: To view a list of valid keywords and
arguments for a command you have typed, insert a space after the last
character of the command and press Shift ? . This list contains all the
relevant commands, keywords, and arguments relating to the command
you have typed. For example, when you type port and press Shift ? ,
the following results are displayed:
OS900(config)# port ?
core-ethertype-1 Set ethertype-1 mode
core-ethertype-2 Set ethertype-2 mode
access-group Enable access lists on port
acl-binding-mode Set port acl binding mode
advertise Advertise default auto-negotiation capabilities
buffers Buffers setting
default Set port speed and duplex to default value
description Set port description
duplex Port duplex mode
egress-shaping Egress rate shaping
errdisable Disable port when a preconfigured cause is detected
flood-limiting Limit type
flow-control Port flow control mode
ingress-shaping Ingress rate shaping
l2protocol-tunnel Layer 2 protocol tunneling specification
lacp Port lacp mode
lt-learning Enable port lt learning
media-select Select media for the port
mirror Mirroring packets received to the analyzer
mtu-size Configure Maximum Transmit Unit size
priority-queuing Bind port to scheduling profile
protected Egress protected
qos-marking Set QoS marking mode
qos-trust Set QoS trust mode
rapid-lacp Port rapid lacp mode
redundancy Set redundancy mode for APS port
shaper shaper mtu size configuration
sl Port service-level
sl-account Service level port accounting
speed Port speed configuration
state Port state
tag-outbound-mode Set port outbound tag mode
trunk Create a port trunk entry
udld Uni-Directional Link Detection protocol
untagged-multi-vlans Set port to untagged with multi vlans
OS900(config)# port

Listing CLI Commands


To display the list of all CLI commands in all valid syntaxes that are available at any mode:
1. Enter the mode.
2. Invoke the command list.
The CLI commands are displayed in alphabetical order.

Invoking a CLI Command


General
A CLI command consists of a name and none, one, or several arguments. The name may be one
word (e.g., interface) or hyphenated words (e.g., radius-server). An argument must be
preceded by a blank space. It may be a keyword (identified by lowercase text) or a valueword

January 2009 URL: http://www.mrv.com 83


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

(identified by uppercase text). If a keyword is selected, it must be typed in as is. If a valueword is


selected, a value must be typed instead of it. The value may be just a number or a string
consisting of letters, number digits, and other symbols. Valid values are either displayed or can be
determined from the description of the valueword.

Procedure
To invoke a CLI command:
1. Enter the mode containing the command.
2. Type the command name.
(If you are not sure of the full name of the command, type its first few letters and
press Shift ? . Command names beginning with these letters are displayed.
Identify the command name you need, and type in one or more additional letters of
the command name until the letters are now unique to the command. To complete
the command name, press Tab .)
3. Press Shift ? to display arguments (if any) that need to be entered. Identify the
argument you need. If the argument is a keyword (identified by lowercase text),
type the first few letters that are unique to the argument and press Tab . If the
argument is a valueword, type a value for it using the description given for the
value as a guide.
4. Repeat Step 3, until the symbols (CR) and | appear.
5. Press Enter to invoke the command.

Example
The following example illustrates how a CLI command can be invoked. The procedure is described
in considerable detail to serve as a guide for invoking other CLI commands and to show how
various functional keys can be used when invoking a CLI command. These functional keys help in
producing the command in its correct syntax while minimizing typing.
Suppose the aim is to invoke the command interface vlan IFNAME. Access the CLI (as
described in the section Standard Access, page 79). When the prompt ‘OS900>’ is displayed,
press Shift ? to display the commands available at this level. The CLI response is shown below.
OS900> ?
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
logout Logout from this current session
monitor Monitor
nslookup Name server query
ping Send echo messages
quit Exit current mode and down to previous mode
show Show running system information
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
OS900>
Notice that the symbol ‘?‘ does not actually appear on the screen. Still, it is shown to indicate that
Shift ? was pressed after the CLI prompt ‘OS900>’.
Also, notice that a description appears against each command.
Type ‘e‘ and press Shift ? . The CLI response is shown below.
OS900> e?
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
OS900> e

84 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Notice that the two commands enable and exit are displayed because both these commands
begin with e. To select the command enable type ‘n‘ (after the ‘e’ to get ‘en,’ which is different
from ‘ex’ in the command exit), and press Tab . Then press Enter . The CLI response is shown
below.
OS900> enable
OS900#
Notice that the system prompt has changed from ‘OS900>‘ to ‘OS900#‘.
‘#‘indicates entry into enable mode.
Next, type ‘con‘ and press Tab . The CLI response is shown below.
OS900# configure

Press Shift ? to determine possible argument choices. The CLI response is shown below.
OS900# configure ?
<cr>
terminal Configuration terminal
| Output modifiers
OS900# configure

Type ‘t‘ for ‘terminal‘, press Tab , and then press Shift ? . The CLI response is shown below.
OS900# configure terminal
<cr>
| Output modifiers
OS900# configure terminal
Notice that only the symbols ‘<cr>‘ and ‘|‘ appear. This indicates that the command configure
terminal can be invoked.
Invoke the command configure terminal by pressing Enter . The CLI response is shown
below.
OS900(config)#
Notice that the system prompt has changed from ‘OS900#‘ to ‘OS900(config)#‘.
You now have access to configure terminal mode.
You can now press Shift ? to determine possible command choices in the mode.
Type ‘i’ and press Shift ? . The CLI response is shown below.
OS900(config)# i?
igmp IGMP specific commands
ingress-counters Ingress counters group configuration
interface Interface infomation
ip IP information
OS900(config)# i
Notice that the four commands igmp, ingress-counters, interface, and ip are displayed
because both these commands begin with ‘i‘. To select the command interface type the letters
‘nt’,so as to have ‘int‘ which distinguishes it from the other commands, and press Tab . The CLI
response is shown below.
OS900(config)# interface

Press Shift ? to display the selectable arguments. The CLI response is shown below.
OS900(config)# interface ?
IFNAME Existing interface device-name (i.e vif3,...)
out-of-band New or existing out-of-band interface configuration
vlan New or existing vlan interface configuration
OS900(config)# interface

Select ‘vlan‘ by typing v and pressing Tab . The CLI response is shown below.
OS900(config)# interface vlan

Press Shift ? to display the selectable arguments. The CLI response is shown below.
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )

January 2009 URL: http://www.mrv.com 85


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900(config)# interface vlan


Type an interface ID, e.g., vif7, and press Shift ? to display the selectable arguments. The CLI
response is shown below.
OS900(config)# interface vlan vif7 ?
<cr>
| Output modifiers
OS900(config)# interface vlan vif7
Notice that only the symbols ‘<cr>‘ and ‘|‘ appear. This indicates that there are no more arguments
to enter.
To invoke the command, press the Enter . The CLI response is shown below.
OS900(config)# interface vlan vif7
OS900(config-vif7)#
Notice that the system prompt has changed from ‘OS900(config)#‘ to ‘OS900(config-vif7)#‘,
indicating that the command was successfully executed and that the system has entered
‘interface‘ mode.

Quick Entry of a CLI Command


For convenience, to invoke a command it is sufficient to type only the first few letters of the
command that are different from the other commands.
Example
For e.g., if the only commands in a mode that begin with the letter ‘e’ are enable and exit, to
invoke enable it is enough to type en; to invoke exit it is enough to type ex.

Negation of CLI Command


Many commands may be prefixed with no in order to disable the feature or function enabled by the
command. By invoking the command without the prefix no, the function (not data) that you
disabled (or that was disabled) is re-enabled.
Example
The command lt aging enables aging out of entries in the Learn Table.
The command no lt aging disables aging out of entries about stations in the Learn Table.

Viewing Methods
Viewing of system information on the screen can be set to either of the following formats:
− Paging (display one full screen of information at a time)
− No paging (display all information without interruption until its end)

Paging
This is the default method.
1. Enter mode enable.
2. Invoke the command cli-paging.

No Paging
1. Enter mode enable.
2. Invoke the command no cli-paging.

Pipelining a CLI Command


The pipe | is used to process the output of a CLI command (e.g., show lt) by a Linux command
(e.g., wc, grep, tail, etc.).

86 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Example
OS900(config)# show lt | ?

.. Shell command to process the output


begin Begin with the line that matches
end End with the line that matches
exclude Exclude line that match
include Include line that match
write Write output to file
OS900(config)# show lt | begin B8 2
3 00:0F:BD:00:05:B8 1 Intern STATIC
7 FF:FF:FF:09:BD:5C 1 Intern STATIC
OS900(config)#
where,
B8 is the pattern that a line must contain in order to be displayed. 2 is the number of lines to
be displayed. 3 and 7 are the entry numbers in the Learn Table.
Example
OS900# show lt | wc
18 78 933
OS900#
where,
lt is Learn Table, wc is word count, 18 is the number of lines, 78 is the number of words, 933
is the number of characters.
Example
This example shows how to display the lines containing the string 7C:22:8A:B5:16:CE in the output
of the command show lt, and the word count of these lines.
OS900# show lt | grep 7C:22:8A:B5:16:CE
2 7C:22:8A:B5:16:CE 1 Intern STATIC
4 7C:22:8A:B5:16:CE 100 Intern STATIC
42 7C:22:8A:B5:16:CE 4095 Intern STATIC
OS900# show lt | grep 7C:22:8A:B5:16:CE | wc
3 15 150
OS900#
where,
lt is Learn Table, wc is word count. 2, 4, and 42 are the entry numbers in the Learn Table. 3
is the number of lines, 15 is the number of words, 150 is the number of characters.
Example
To display the first 10 entries of the MAC table containing the string 00:60, do:
OS900# show lt | include 00:60 | head –n 10
OS900#

Accessing an enable Mode Command from any Mode


From any mode, any command in enable mode can be accessed by prefixing the command with
do.
Example
To invoke the command show time (which is in enable mode) from the mode interface,
invoke do show time as shown below:
OS900> enable
OS900# configure terminal
OS900(config)# interface vlan vif7
OS900(config-vif7)# do show time
Tue Aug 19 21:17:15 GMT 2008
OS900(config-vif7)#

January 2009 URL: http://www.mrv.com 87


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Alias
An alias is a user-assigned alternate name for an existing CLI command.
Any CLI command (including Scripts, page 120), in any mode can be assigned an alias.
An alias serves two purposes:
− As a mnemonic (for conveniently identifying the command)
− Quickly invoking the command by entering only its name

Assignment
To assign an alias to a command, invoke the following command:
alias all|this|NODENAME NAME Command text
where,
all: In all modes
this: In current mode
NODENAME: Name of a mode in which the alias is to apply
NAME: Alias (alternate name for the command)
Command text: CLI command with argument values, if any
In the example below, although the alias is assigned in configure terminal mode it can be
used to invoke the CLI command in any mode.
Example
OS900(config)# alias
all In all nodes
this In current node
NODENAME Node name
OS900(config)# alias all
NAME Name of alias
OS900(config)# alias all INF
.. Command text
OS900(config)# alias all INF show interface vif29
OS900(config)#

Invocation
To invoke a command simply use its alias as the command.
In the example below, the alias is invoked in enable mode although it was assigned in
configure terminal mode.
Example
OS900# INF
alias(INF) => show interface vif29

Name M Device IP State MAC Tag Ports


-------------------------------------------------------------------------------
vif29 vif29 - DO 00:0F:BD:00:5E:A1 0347 5-8

OS900#

Deleting
To delete an alias, invoke the command:
no alias all|this|NODENAME NAME [Command text]
where,
all: In all modes
this: In current mode
NODENAME: Name of a mode in which the alias is to apply

88 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

NAME: Alias (alternate name for the command)


[Command text]: CLI command with argument values, if any

Viewing
To view an alias of a command, invoke the command:
show alias [all|this|NODENAME [NAME]]
where,
all: In all modes
this: In current mode
NODENAME: Name of a mode in which the alias is to apply
NAME: Alias (alternate name for the command)

Copy-Paste Mode
In Copy-Paste mode a set of CLI commands are automatically executed simply by pasting them
onto a CLI window in the appropriate commands mode (e.g., configure terminal mode).

Usage
The procedure for using the copy-paste feature is as follows:
1. Enter the mode in which the CLI commands are to be pasted and automatically
executed.
2. Paste the CLI commands onto the CLI window.

Example
The example below demonstrates how the command copy-paste can be used to configure
VLAN interfaces.

-------------------------------------------------------Viewing configured interfaces -------------------------------------------------------

OS900# show interface

INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
vif0 vif0 - DO 00:0F:BD:00:05:B8 0001 1-10

- 'vif0' is the default forwarding interface.


- drop-tag is 4094.

-------------------------Entering the mode in which the commands are to be pasted and executed-------------------------

OS900# configure terminal


OS900(config)#

---------------------------------------------------Pasted commands to be executed---------------------------------------------------

interface vlan vif1


tag 10
ip 193.218.67.55/24
ports 1-2
interface vlan vif2
tag 20
ip 193.88.67.55/24
ports 3-4

January 2009 URL: http://www.mrv.com 89


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

-----------------------------------------------------------------Executed commands-----------------------------------------------------------------

OS900(config)# interface vlan vif1


OS900(config-vif1)# tag 10
OS900(config-vif1)# ip 193.218.67.55/24
OS900(config-vif1)# ports 1-2
Interface is activated.
OS900(config-vif1)# interface vlan vif2
OS900(config-vif2)# tag 20
OS900(config-vif2)# ip 193.88.67.55/24
OS900(config-vif2)# ports 3-4
Interface is activated.
OS900(config-vif2)#

----------------------------------Viewing the results of the execution of the pasted commands----------------------------------

OS900(config-vif2)# exit
OS900(config)# show interface

INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
vif1 vif1 193.218.67.55/24 DO 00:0F:BD:00:36:67 0010 1-2
vif2 vif2 193.88.67.55/24 DO 00:0F:BD:00:36:67 0020 3-4
vif0 vif0 - DO 00:0F:BD:00:36:67 0001 5-10

- 'vif0' is the default forwarding interface.


- drop-tag is 4094.

OS900(config)#

Linux Mode
General
The OS900 MasterOS software runs over the Linux operating system. The user can access the
Linux operating system shell in order to perform advanced functions and to monitor internal
MasterOS operations and parameter values.

CAUTION!
Before accessing the Linux operating system shell, it is advisable to
consult Customer Support at MRV.
Improper use of the shell/Linux commands at the SuperUser level
may cause damage to the OS900 MasterOS software and OS900
File System!

Entry
The procedure for accessing the Linux operating system shell is as follows:
1. Enter enable mode.
2. To enter Linux mode, type linux.
3. When the prompt $ appears, invoke the command su for superuser privileges.
4. When the prompt Password: appears, type the root password. If no root password
was configured, the default is no password. In such case, simply press Enter.
Example
OS900> enable
OS900# linux
$ su

90 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Password:
#

Exit
To exit the Linux operating system shell, type exit twice.
Example
# exit
exit
$ exit
exit
OS900#

Passwords
Three passwords can be configured for the OS900, each corresponding to a different access level.
The access levels are described in the section Access Levels, page 77. The passwords are:
• Root Password
Enables access to the (Linux) operating system of the OS900
• Admin Password
Enables access to some CLI commands of the OS900
• Enable Password
Enables access to all CLI commands of the OS900
Root and Admin passwords, by default, are encrypted. Encryption of an Enable password is
optional.

Changing the Root Password (and Admin Password)


The root and admin passwords are configured at first time login as described in the section First
Time Access – Root and Admin Passwords Configuration, page 78. To change the root and admin
passwords:
1. Boot or reboot the OS900.
2. Enter enable mode.
3. Type linux12.
4. When the prompt $ appears, type su (SuperUser).
5. When the prompt password: appears, type the root password. If no root password
was configured, the default is no password. In such case, simply press Enter.
6. When the prompt # appears, type set_fb.
7. Reboot the OS900 by typing reboot.
The OS900 starts rebooting. At the end of the reboot process, the following prompt is displayed:
MRV OptiSwitch 910 version 1-0-0
OS900 login:
8. Configure new root and admin passwords as described in the section First Time
Access – Root and Admin Passwords Configuration, page 78.
Below is an example showing the user inputs (in bold) for changing the root and admin passwords
and OS900 outputs on the CLI screen. The string of asterisks shown as user password is only a
representation of the password; the password is actually hidden from view during entry.
OS900> enable
OS900# linux
$ su
Password: ******
# set_fb
# reboot

12
Entry to the linux mode is indicated by the prompt $. To exit linux mode, invoke the command exit.

January 2009 URL: http://www.mrv.com 91


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

……………………
……………………
………………..
MRV OptiSwitch 910 version 1_0_10
OS900 login:

Changing only the Admin Password


The Admin password is configured the first time the OS900 is accessed, as described in the
section First Time Access – Root and Admin Passwords Configuration, page 78. To change the
password:
1. Enter mode enable as follows:
OS900> enable
OS900#
2. Enter configure terminal mode as follows:
OS900# configure terminal
OS900(config)#

3. Type password and press Enter. The following prompt appears:


OS900(config)# password
Changing password for admin
(current) UNIX password:
4. Enter the old (current) password and press Enter. If no admin password was
configured, the default is no password. In such case, simply press Enter. The
following prompt appears:
Enter new UNIX password:
5. Enter your new password. The following prompt appears:
Retype new UNIX password:
6. Re-enter the new password. The password is authenticated and, if accepted by
the system, the following prompt appears:
OS900(config)#
7. In order to store the password in permanent memory, invoke the command write
file or write memory.

Configuring/Changing the Enable Password


1. Enter enable mode.
OS900> enable
OS900#
2. Enter configure terminal mode.
OS900# configure terminal
OS900(config)#
3. Invoke the command:
enable password PASSWORD
where,
PASSWORD: Password.
OS900(config)# enable password myEnablePass
4. To encrypt the enable password, invoke the command:
service password-encryption
5. In order to save the password to the configuration files, invoke the command:
write file
or
write memory
The command write terminal shows the password.

92 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Example
MRV OptiSwitch 910 version 1-0-0
OS900 login: admin
Password:
Last login: Thu Sep 1 06:58:43 2006 on ttyS0

OS900> enable
OS900# configure terminal
OS900(config)# enable password myEnablePass
OS900(config)# service password-encryption
OS900(config)#
OS900(config)# write terminal
Building configuration...

Current configuration:
! version 1_0_10
enable password 8 iBZPg9fiHT9RQ
service advanced-vty
service password-encryption
OS900(config)#
The example above shows the password myEnablePass encrypted as iBZPg9fiHT9RQ.

Removing Encryption from the Enable Password


To remove encryption, enter configure terminal mode and invoke the command:
no service password-encryption

Deleting the Enable Password


To delete the enable password, enter mode configure terminal and invoke the command:
no enable password
To implement deletion of enable password in permanent memory invoke the command:
write file
or
write memory.

Viewing Installed Components


Hardware and Software
To view what hardware and software components are installed in the OS900, from any mode,
invoke the command:
show version
Example
OS910> enable
OS910# show version

MRV OptiSwitch 910


=========================
Hardware
--------
Board serial number: 0647002339
CPU serial number : 0647002676

CPU: MPC8245, 266MHz with 64MB flash and 256MB Dram memory
CPU Hardware: id 3, version 1
Device Hardware version: 5

January 2009 URL: http://www.mrv.com 93


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Device temperature: 40C / 104F (normal)

Power Supplies:
unit 1 AC: INSTALLED & ACTIVE (hw-type 1)

Fans:
Fan 1: NOT ACTIVE

Valid ports: 1-10

Software
--------
MasterOS version: 2_1_1
Build time: Sun Jul 6 15:36:59 IDT 2008
Based on:
Linux OS910 2.6.15 #413 Thu Jun 26 15:18:10 IDT 2008 ppc
ZebOS 5.2 (powerpc-603-linux-gnu).
Driver v1.4 mvPp s6352 PLD 4 sHwVer 1

Base MAC address: 00:0F:BD:01:36:67

Supported features:
-------------------
MSTP - Yes
ROUTING - Yes
RIP - Yes
OSPF - Yes
ISIS - Yes
BGP - Yes
MPLS - No
LDP - No
RSVP - No
WEB - No
IPv6 - No

up 0:10, 1 user
OS910#

Backup Image
To view the version of the backup image of the OS900:
1. Enter enable or configure terminal mode
2. Invoke the command:
show version backup
Example
OS900(config)# show version backup
Wait please, while retrieving backup version...
MasterOS version: 2_1_1
OS900(config)#

CPU
To view information about the OS900 CPU:
1. Enter mode configure terminal.
2. Invoke the command show cpu.
Example
OS900(config)# show cpu
processor : 0
cpu : 82xx
revision : 16.20 (pvr 8081 1014)

94 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

bogomips : 175.71
vendor : Motorola SPS
machine : MRV SBC

Remote Management Access


Management access to the OS900 can be gained via one or more interfaces, e.g., Serial/RS-232
interface CONSOLE EIA-232, out-of-band IP interface MGT ETH, or an inband IP interface.
Remote management access to the OS900 via its IP interfaces (using an SNMP, TELNET, or SSH
connection) is, by default, disabled. Access may be enabled out-of-band and/or inband and
selectively for SNMP, TELNET, and/or SSH.
To enable out-of-band or inband remote management, refer to the section Remote Management,
page 183.

Hostname
The hostname of an OS900 is its network name.

New
To change the hostname of an OS900:
1. Enter configure terminal mode
2. Invoke the command:
hostname WORD
where,
WORD: Hostname. Only a string without any blanks in it is allowed. The
string can be built with words interconnected with underscores and/or
hyphens in order to make it more intelligible. The words may include
uppercase and lowercase letters.
Example
OS900(config)#hostname Zeus_2
zeus_2(config)

Default
The default hostname is the factory-set name. The name is usually the model of the OS900. To
change the hostname to the default:
1. Enter configure terminal mode
2. Invoke the command:
default hostname
or
no hostname
Example
Zeus_2(config)# default hostname
OS910(config)#

Banner
Definition
A banner is text indicating the OS900’s association. The banner can consist of one or more text
lines and appears on the console at login.

Default
The default banner is the factory-set banner that usually identifies the vendor name, product, and
operative software version.

January 2009 URL: http://www.mrv.com 95


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
MRV OptiSwitch 910 version os900-2-1-0-d30-07-08-0800

Viewing
To view the current banner, from configure terminal mode invoke the command show
banner.

Configuration
Method 1
To configure the first line of the banner:
1. Enter configure terminal mode.
2. Invoke the command banner TEXT
where,
TEXT: Text to be entered in the banner line.
To configure additional lines in the banner:
1. Invoke the command banner-line NUMBER TEXT
where,
NUMBER: Number of banner line.
TEXT: Text to be entered in the banner line.
2. Repeat the above command for each banner line you want.
Example
OS900(config)# banner MRV OptiSwitch 910 version 1-0-0
OS900(config)# banner-line 2 Hamelyn Town
OS900(config)# banner-line 3 Building Complex 25G
OS900(config)# show banner
Line 1 : MRV OptiSwitch 910 version d1734-22-09-05
Line 2 : Hamelyn Town
Line 3 : Building Complex 25G
OS900(config)#

Method 2
To configure a banner consisting of multiple lines:
1. Enter configure terminal mode.
2. Enter banner mode.
3. Type text to be entered in the first, second, etc. banner line making sure to press
Enter at the end of each line.
Example
OS900(config)# show banner
banner is default
OS900(config)# banner
OS900(config-banner)# MRV OptiSwitch 910 version 1-0-0
OS900(config-banner)# Hamelyn Town
OS900(config-banner)# Building Complex 25G
OS900(config-banner)# exit
OS900(config)# show banner
Line 1 : MRV OptiSwitch 910 version d1734-22-09-05
Line 2 : Hamelyn Town
Line 3 : Building Complex 25G
OS900(config)#

96 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Date
To configure/change the date, from enable mode type date and enter the month, day, and year.
Example
OS910# date sep 01 2008
OS910#

Time
To configure/change the local time, from enable mode type time and enter the time in the format
hh:mm.
Example
OS910# time 14:28
OS910#

Location
To configure/change the location/site record of the OS900:
1. Enter the following modes in succession:
enable configure terminal snmp
Example
OS900(config)#snmp
OS900(config-snmp)
2. Type location and the location description. The description can be any
alphanumeric string. The string can be a single word or several words separated
by blank spaces or interconnected with hyphens and/or underscores.
Example
OS900(config-snmp)location main_building_second_floor
OS900(config-snmp)

Rebooting
Rebooting restarts the OS900 with the new image (operative firmware) if one was downloaded.

Modes
The OS900 can be set so that at reboot it is either configured or not configured according to its
configuration file system.conf.
By default, the OS900 is configured according to its configuration file at reboot.

Without Configuration File


To set the OS900 so that it is not configured according to its configuration file at reboot:
1. Enter enable mode.
2. Invoke the command:
boot-config-file empty-configuration

With Configuration File


To set the OS900 so that it is configured according to its configuration file at reboot:
1. Enter enable mode.
2. Invoke the command:
default boot-config-file

Methods
The OS900 can be rebooted at any time using any of the following methods:

January 2009 URL: http://www.mrv.com 97


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Normal
1. Enter enable mode.
2. Invoke the command:
reboot if you want to reconsider whether to reboot.
In response to the prompt:
Would you like to reboot the system now ? (y|n)
Type y if you want to reboot now.
Type n if you do not want to reboot.
Or
reboot-force if you want rebooting to be done straightaway, i.e., without prompts.

Warm
To restart the OS900 system without powering it OFF and ON, press pushbutton PWR.

Cold
To restart the OS900 system with powering it OFF, press pin pushbutton RST.

Scheduler
Use the Scheduler utility Scheduler, page 365. This utility can be used to automatically trigger
rebooting at a preset date and time.

Learn Table
Definition
The Learn Table is a map of currently connected stations13 to ports. The Learn Table is
dynamically updated and can maintain as many as 16K unicast entries (MAC addresses) for an
OS900.

Viewing
All or selective entries of the Learn Table can be displayed according to one or more of the
following attributes: port number, tag number, interface ID.
To view Learn Table entries:
1. Enter configure terminal mode.
2. To view entries using interface ID:
Invoke the command:
show lt port PORT|all interface IFNAME|all
where,
PORT: Port number.
all: (first) All ports.
IFNAME: ID of an existing device/interface (e.g., vif3)
all: (second) All interfaces.
To view entries using interface Tag:
Invoke the command:
show lt port PORT|all tag TAG|all
where,
PORT: Port number.
all: (first) All ports.
TAG: Tag of existing device/interface (e.g., vif3)
all: (second) All tags.

13
The stations are identified by their MAC address.

98 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

To view all entries:


Invoke the command:
show lt

Aging
Aging is a mechanism that clears entries of stations that are not active, shutdown, or moved to
another location. The default aging time is 300 seconds.
To change the aging time:
1. Enter configure terminal mode.
2. Invoke the command:
lt aging <10-630>|default
where,
<10-630>: Aging time in seconds. The aging time must be a number that is a
multiple of 10 and in the range 10-630.
default: Default aging time (300 seconds).
Example
OS900(config)# lt aging 370
OS900(config)#
To disable aging:
1. Enter configure terminal mode.
2. Invoke the command:
no lt aging
Example
OS900(config)# no lt aging
OS900(config)#

Limiting
Logging of entries in the Learn Table can be limited in number with respect to pre-specified ports
of entry and VLAN tags. If the limit is reached, new MAC address will not be learned. However,
frames with new MAC addresses (i.e., MAC addresses that do not exist in the Learn Table when it
has become full) will, by default, be flooded. To cause frames with new MAC addresses to be
dropped invoke the command described in the section Dropping, page 100.
To limit entries with respect to ports:
1. Enter configure terminal mode.
2. Invoke the command:
lt limit port PORTS-GROUP entries ENTRIES-LIMIT
where,
PORTS-GROUP: Group of ports.
ENTRIES-LIMIT: Maximum number of entries in the range 0-16k that may be
logged in the Learn Table. (16k is decimal 16000). This number applies for each
individual port in the group.
To revoke limiting with respect to ports, invoke the command:
no lt limit port PORTS-GROUP
Example
OS900(config)# lt limit port 4-7 entries 6k
OS900(config)#
To limit entries with respect to VLAN tags:
1. Enter configure terminal mode.
2. Invoke the command:
lt limit tag TAGS-GROUP entries ENTRIES-LIMIT
where,

January 2009 URL: http://www.mrv.com 99


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

TAGS-GROUP: VLAN tags in the range 0-4095.


ENTRIES-LIMIT: maximum number of entries in the range 0-16k that can be
logged in the Learn Table.
To revoke limiting with respect to tags, invoke the command:
no lt limit tag TAGS-GROUP
Example
OS900(config)# lt limit tag 2-10 entries 5k
OS900(config)#
To view the limits on entries (with respect to ports and VLAN tags):
1. Enter configure terminal mode.
2. Invoke the command:
show lt limit
Example
OS900(config)# show lt limit
NO PORTS TAGS LIMIT
1 - 2-10 5120
2 4-7 6144
OS900(config)#

Dropping
To cause frames whose MAC addresses do not exist in the Learn Table when it has become full to
be dropped, invoke the command:
lt limit action drop PORTS-GROUP|all
where,
PORTS-GROUP: Group of ports.
all: All ports.
Example
OS900(config)# lt limit action drop 3-7,9
OS900(config)#

Adding Entries Manually


Entries may be added manually in the Learn Table as follows:
1. Enter configure terminal mode.
2. Invoke the command:
lt entry MAC_ADDRESS PORT TAG dynamic|static [<0-7>]
where,
MAC_ADDRESS: Learned MAC address in the format xx:xx:xx:xx:xx:xx,
where xx is a double-digit hexadecimal number.
PORT: Physical port number.
TAG: Interface VLAN tag in the range 1-4095.
dynamic: Dynamic entry, i.e., the entry can be aged out.
static: Static entry, i.e., the entry cannot be aged out.
[<0-7>]: Traffic-class priority for a packet with this destination MAC address.
Default: 0, i.e., lowest priority
To remove a logged entry, invoke the command:
no lt entry MAC_ADDRESS TAG
Example
OS900(config)# lt entry 7b:22:c9:3d:5e:ab 6 30 dynamic 4
OS900(config)#

100 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Policing
The policing action (forward or drop) can be performed on ingress packets based on the Source or
Destination MAC address and on whether the Learn Table entry is static or dynamic.
To apply the policing policy:
1. Enter configure terminal mode.
2. Invoke the command:
lt entry MAC_ADDRESS PORT TAG dynamic|static sa-action fwd|drop
[da-action fwd|drop]
where,
MAC_ADDRESS: Learned MAC address in hex format, e.g., aa:bb:cc:dd:ee:ff
PORT: Egress physical port for the packet
TAG: VLAN ID of the ingress packet
dynamic: Dynamic entry, i.e., the entry can be aged out.
static: Static entry, i.e., the entry cannot be aged out.
sa-action: For Source MAC address
da-action: For Destination MAC address
fwd: Forward packets with this source MAC
drop: Drop packets with this source MAC

Flushing
To delete all existing entries in the Learn Table:
1. Enter configure terminal mode.
2. Invoke the command:
clear lt
Example
OS900(config)# clear lt
OS900(config)#

Maximum Transmission Unit (MTU)


General
This section defines and shows how to set the Maximum Transmission Unit (MTU) for ports and
VLAN interfaces of the OS900. MTUs can also be set for Port Shaping (as described in the section
Shaping, page 301) and for Traffic Conditioners (as described in the section Policing Mode, page
287.)

Definition
MTU is the largest physical packet size (possibly jumbo packet size) that specific ports or VLAN
interfaces of the OS900 will forward.

Applicability
An MTU size can be set for each port (trunk port as well) independently. An MTU is set for a VLAN
interface by assigning an MTU profile to the VLAN interface. Up to eight MTU profiles (MTU sizes)
can be defined for assignment to VLAN interfaces. An MTU profile can be assigned to several
VLAN interfaces. Only one MTU profile can be assigned to a VLAN interface. The MTU set for a
VLAN interface will apply for all ports that are members of the VLAN interface.

Note
If different MTUs are defined for a VLAN interface and member ports, the
smallest of the MTUs will be selected by the OS900.

January 2009 URL: http://www.mrv.com 101


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Setting for Ports


To set an MTU to a group of ports:
1. Enter configure terminal mode.
2. Invoke the command:
port mtu-size PORTS-GROUP|all <64-16000>
where,
PORTS-GROUP: Group of ports.
all: All ports.
<64-16000>: Range of MTUs in bytes.
Example
OS900(config)# port mtu-size 1-3 3019
OS900(config)#

Setting for VLAN Interfaces


Before setting an MTU for a VLAN interface, a profile (number) must be defined for the MTU.
To define a profile for a VLAN interface:
1. Enter configure terminal mode.
2. Invoke the command:
vlan-mtu-profile profile <1-8> <64-16000>
where,
<1-8>: Range of MTU profiles.
<64-16000>: Range of MTUs in bytes.
Example
OS900(config)# vlan-mtu-profile profile 3 8157
OS900(config)#

To set an MTU for a VLAN interface assign an MTU profile to the VLAN interface as follows:
1. Enter the mode of the VLAN interface.
2. Invoke the command:
mtu-profile <1-8>
where,
<1-8>: Range of MTU profiles.

Syslog
Definition
Syslog is a standard logging mechanism that stores system messages and events.
Events for all processes except for the Operative Software are, by default, logged in Syslog. The
procedure for enabling the OS900 to log Operative Software events as well in the Syslog is given
in the section Logging of Events, page 102.

File Location
The internal Syslog file is stored at: /var/log/messages.
The remote Syslog file is stored on the Remote Syslog server.

Logging of Events
By default, events are logged in Syslog for all processes except for the Operative Software. To
enable logging of Operative Software events as well:
1. Enter configure terminal mode.
2. Invoke the command:

102 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

log syslog [trap


alerts|critical|debugging|disable|emergencies|errors|
informational|notifications|warnings]
where,
alerts: Log alerts, emergencies
critical: Log critical errors, alerts, emergencies
debugging: Log debugging messages, informational messages,
notifications, warnings, errors, critical errors, alerts, emergencies
disable: Do not log any event
emergencies: Log emergencies
errors: Log errors, critical errors, alerts, emergencies
informational: Log informational messages, notifications, warnings,
errors, critical errors, alerts, emergencies
notifications: Log notifications, warnings, errors, critical errors, alerts,
emergencies
warnings: Log warnings, errors, critical errors, alerts, emergencies

Default Mode
To set Syslog to the default mode:
1. Enter configure terminal mode.
2. Invoke the command:
no log syslog

No Logging of CLI Commands


To stop logging of executed CLI commands in Syslog:
1. Enter configure terminal mode.
2. Invoke the command:
no log commands

Logging of CLI Commands


By default, all executed CLI commands are logged in Syslog. To enable logging of executed CLI
commands:
1. Enter configure terminal mode.
2. Invoke the command:
log commands

Messages to the CLI


Syslog messages can be sent to the CLI as follows:
1. Enter enable mode.
2. Invoke the command:
log stderr [trap
alerts|critical|debugging|disable|emergencies|errors|
informational|notifications|warnings]
where,
alerts: Log alerts, emergencies
critical: Log critical errors, alerts, emergencies
debugging: Log debugging messages, informational messages, notifications,
warnings, errors, critical errors, alerts, emergencies
disable: Log nothing
emergencies: Log emergencies
errors: Log errors, critical errors, alerts, emergencies

January 2009 URL: http://www.mrv.com 103


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

informational: Log informational messages, notifications, warnings, errors,


critical errors, alerts, emergencies
notifications: Log notifications, warnings, errors, critical errors, alerts,
emergencies
warnings: Log warnings, errors, critical errors, alerts, emergencies

Viewing
To view Syslog messages:
1. Enter enable mode.
2. Invoke the command:
show syslog [all|debug|info|warning|error|fatal] [START_DATE]
[END_DATE]
where,
all: Show all messages
debug: Show messages in the range debug level to fatal level
info: Show messages in the range info level to fatal level
warning: Show messages on the levels warning, error, and fatal
error: Show messages on the levels error and fatal
fatal: Show only messages with level fatal
START_DATE: The start date. Format: mm-dd-hh:mm:ss, e.g., 04-01-
09:00:00 or start for messages from the beginning.
END_DATE: The end date. Format: mm-dd-hh:mm:ss, e.g., 04-01-09:00:00
or exclude for messages ending at current time.

Clearing
To clear the internal Syslog file:
1. Enter enable mode.
2. Invoke the command:
clear syslog

Remote Syslog
General
Syslog is maintained in the OS900 RAM and is erased on power off or reboot. To keep a
permanent record of the Syslog, a Remote Syslog server can be used, such as, a PC running a
Syslog application program.

Requirements
The following are required for Remote Syslog:
• Syslog Server
(For e.g., PC with the following:
− Operating System: For e.g., Microsoft Windows 95/98/2000/NT/XP
− Syslog application program: For e.g., 3Com 3CSyslog
• Connectivity of the OS900 to the Syslog server.

Setup
Enabling
To enable Remote Syslog:
1. Verify connectivity to the Syslog server, for e.g., by invoking the command ping in
enable mode
2. Enter configure terminal mode.
3. Invoke the command:

104 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

rsyslog IPV4_ADDRESS [IPV4_ADDRESS]


where,
IPV4_ADDRESS: IP address of first Syslog server
[IPV4_ADDRESS]: IP address of second Syslog server
Disabling
To disable Remote Syslog:
1. Enter configure terminal mode.
2. Invoke the command:
no rsyslog

SNMP Management
Requirements
For SNMP management of the OS900, you need to:
• Verify connectivity between the OS900 and the SNMP manager
• Enable SNMP management
• Configure SNMP parameters (e.g., SNMP NMS IP address, community
names, etc.)

Enabling
The procedure for enabling SNMP management is described in the section Remote Management,
page 183.

Commands
All SNMP commands are accessible at the snmp mode.
To access snmp mode:
1. Enter configure terminal mode.
2. Invoke the command:
snmp

Management Functions
In snmp mode, CLI commands can be invoked to perform the following SNMP management
functions:
− System Identification
− Access Control
− Trap Generation
− Display

System Identification
The following system MIB objects can be set for the OS900:
sysContact – Used to set contact information, e.g., about system administrator
sysLocation – Used to set location information, e.g., about the OS900’s location
To set the sysContact object, invoke the command:
contact ..
where,
..: Contact information text.
To set the sysLocation object, invoke the command:
location ..
where,

January 2009 URL: http://www.mrv.com 105


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

..: Location information text.


To display the sysContact and sysLocation objects, invoke the command:
show snmp system
Following is a configuration example:
MRV OptiSwitch 910 version d0907-21-07-05
OS900 login: admin
Password:
Last login: Thu Sep 1 01:26:19 2006 on ttyS0

OS900> enable
OS900# configure terminal
OS900(config)# snmp
OS900(config-snmp)# contact [email protected]
OS900(config-snmp)# location Paradise Island (P.O.B. 123)
OS900(config-snmp)# show snmp system
location location Paradise Island (P.O.B. 123)
contact [email protected]
OS900(config-snmp)#

Access Control
The OS900 can be used to perform access control with the following SNMP versions:
− SNMP version 1/2c
− SNMP version 3

SNMP Version 1/2c


General
Access control in SNMPv1/2c is based both on Community String and on Source IP Address of the
request.
Community Strings
Description
Community strings (names) function like passwords. They are used to authenticate SNMP
requests to monitor and/or configure the OS900. Each SNMP request packet that is received is
checked for a community string, the associated access privilege, and the Source IP address of the
request. Only if these present in the packet match those in the OS900 database, access is
permitted. The same community string from different administrators can mean different access
privileges (e.g., write-read, read-only, etc.), as can be seen in the examples that follow.
There are three access privileges:
− Write-read
− Read-only
− NotConfig
Configuration
Write-read
The write-read privilege permits the settings of the OS900 to be viewed and changed.
To set up a community string for the write-read privilege in the OS900 database, invoke the
command:
community [1-10000000] write-read SOURCE COMMUNITY
where,
[1-10000000]: (optional) Index of the entry. This option can be used to define several
community strings, modify an existing entry (by entering the same index and then the
other attributes, e.g., access privilege, IP source, etc.), and to provide convenience in
placing the entry in a specific position of order.
SOURCE can be:
default: Any Source IP address
localhost: From local host

106 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

A.B.C.D: Source IP address


A.B.C.D/M: Source IP prefix (address and mask)
COMMUNITY: Community string
Read-only
The read-only privilege permits the settings of the OS900 only to be viewed.
To set up a community string for the read-only privilege in the OS900 database, invoke the
command:
community [1-10000000] read-only SOURCE COMMUNITY
where,
[1-10000000]: (optional) Index of the entry. This option can be used to define several
community strings, modify an existing entry (by entering the same index and then the
other attributes, e.g., access privilege, IP source, etc.), and to provide convenience in
placing the entry in a specific position of order.
SOURCE can be:
default: Any Source IP address
localhost: From local host
A.B.C.D: Source IP address
A.B.C.D/M: Source IP prefix (address and mask)
COMMUNITY: Community string
NotConfig
The notConfig privilege permits viewing only the basic settings of the OS900, i.e., MIB-II System
objects (mib-2 1) and SNMP objects (mib-2 11).
This enables users to verify whether the OS900 is alive and to draw the network-map from the
OS900 without affecting its operation.
To set up a community string for the notConfig privilege in the OS900 database, invoke the
command:
community [1-10000000] notConfig SOURCE COMMUNITYwhere,
[1-10000000]: (optional) Index of the entry. This option can be used to define several
community strings, modify an existing entry (by entering the same index and then the
other attributes, e.g., access privilege, IP source, etc.), and to provide convenience in
placing the entry in a specific position of order.
SOURCE can be:
default: Any Source IP address
A.B.C.D: Source IP address
A.B.C.D/M: Source IP prefix (address and mask)
localhost: From local host
COMMUNITY is community string
To display the community object, invoke the command:
show snmp community
Below is an example for configuring community strings for the three access privileges write-read,
read-only, and notConfig.
OS900> enable
OS900# configure terminal
OS900(config)# snmp
OS900(config-snmp)# community write-read 153.70.131.222 public
OS900(config-snmp)# community read-only 153.70.131.0/24 private
OS900(config-snmp)# community notConfig default public

OS900(config-snmp)# show snmp community

## User Source Community Description


-- ------------- ------------------ ---------- --------------
10 write-read 153.70.131.222 public
20 read-only 153.70.131.0/24 private

January 2009 URL: http://www.mrv.com 107


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

30 notConfig default public


-- ------------- ------------------ ---------- --------------
OS900(config-snmp)#

Note
If the same community string is assigned to two (or more) Source IP
addresses belonging to the same subnet (even if different privileges are
assigned to the Source IP addresses), an SNMP request will be
processed only for the Source IP address entered first14 using one of
the community commands described above. Requests by the other
Source IP address(es) will be ignored!

The example below clarifies the note. It shows that the same community string, namely, public is
assigned to two Source IP addresses belonging to the same subnet. The Source IP address
entered first is 153.70.131.222, as indicated by a lower index value, namely, 10 in the first column.
As a result, SNMP requests from the source with this IP address will be processed. SNMP
requests from the source with the IP address 153.70.131.0/24 will be ignored!
OS900(config-snmp)# community write-read 153.70.131.222 public
OS900(config-snmp)# community read-only 153.70.131.0/24 public
OS900(config-snmp)# community notConfig default public
OS900(config-snmp)# show snmp community

## User Source Community Description


-- ------------- ------------------ ---------- --------------
10 write-read 153.70.131.222 public
20 read-only 153.70.131.0/24 public
30 notConfig default public
-- ------------- ------------------ ---------- --------------
OS900(config-snmp)#
Deletion
To delete a community string:
1. Enter configure terminal mode.
2. Invoke the command:
snmp
3. Invoke the command
no community INDEX
where,
INDEX: Index of the community entry. (The index of an entry can be viewed
by invoking the command show snmp community.)

SNMP Version 3
General
Access control in SNMPv3 is based on two security passwords that can be defined for each of the
access privileges (write-read, read-only, and notConfig) by the user.
− Authorization Password
− Privacy Password
The Authorization password entered by the user is encrypted in either MD5 or SHA code
(algorithm), per the user choice. In addition, the password can be hidden. The password must be
at least 10 characters long.

14
That is, with a lower index value in the display obtained when the command show snmp users is invoked (at the mode
snmp).

108 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

The Privacy password is optional. If entered it is encrypted in des code. The password must be at
least 10 characters long.
Configuration
To set up the passwords in the OS900 database, invoke the command:
user wruser|rouser|ncuser [8] md5|sha AUTHPASSWORD des
PRIVPASSWORDwhere,
wruser: Write-read privileged user (can access all MIBs)
rouser: Read-only privileged user (can access all MIBs)
ncuser: Basic read-only privileged user (can access only system MIB)
8: (optional) Hides the authorization password
md5: MD5 code
sha: SHA code
AUTHPASSWORD: Authorization password
des DES privacy code
PRIVPASSWORD Privacy password
Viewing SNMP Configuration
To view the SNMPv3 passwords configured by the user:
1. Enter configure terminal mode.
2. Invoke the command:
snmp
3. Invoke the command:
show snmp configuration
Viewing SNMP Users
To view the users that have been assigned SNMPv3 passwords:
1. Enter configure terminal mode.
2. Invoke the command:
snmp
3. Invoke the command:
show snmp users
Below is an example showing the user inputs, which include: SNMPv3 passwords configuration for
the access privilege write-read, SNMP configuration display command, and SNMP users display
command.
OS900(config-snmp)# user wruser md5 ZorroTheFox des CondorBird
OS900(config-snmp)# show snmp configuration
!
! SNMP configuration
snmp
contact [email protected]
location Paradise Island (P.O.B. 123)
community 10 write-read 153.70.131.222 public
community 20 read-only 153.70.131.0/24 public
community 30 notConfig default public
user rouser 8 sha 0xfc2684ca3353ec5c29fb2788aa0005c38438e1b1
user wruser 8 md5 0xd2a56a2972f6dd9719f5aa1bdf80cab5 des 0xac7aa70a22e2df6c2e74b8331
a41d5ec
!
OS900(config-snmp)# show snmp users
!
### userName Auth Priv PublicString
--- ------------ ---- ---- ------------
1 rouser sha none
2 wruser md5 des
--- ------------ ---- ---- ------------

January 2009 URL: http://www.mrv.com 109


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900(config-snmp)#

Trap Generation
General
Traps are SNMP packets sent by the OS900 agent to one or more SNMP hosts (managers) when
certain events external to the OS900 are detected or when the condition of the OS900 has
changed significantly.
A trap may be a cold reset, a warm reset, detection of an interface link status change, an SNMP
authentication failure due to an incorrect community string, or Dying Gasp (indication of time to
failure due to power outage), etc.
The OS900 can be configured to send traps to several pre-specified IP destination addresses (trap
hosts).

Trap Host Specification


To specify what hosts are to receive traps:
1. Enter configure terminal mode.
2. Invoke either of the following commands:
Command for SNMPv1/2
trapsess15 TARGET 1|2 COMMUNITY [inform]
where,
TARGET: = Hostname (IP address or DNS name).
1: SNMPv1 trap
2: SNMPv2 trap
COMMUNITY: = Community string
inform: (optional) Get acknowledgement of receipt of trap from the host
Command for SNMPv3
trapsess TARGET 3 wruser|rouser|ncuser [inform]
where,
TARGET: = Hostname (IP address or DNS name).
3: SNMPv3 trap
wruser: Write-read privileged user (can access all MIBs)
rouser: Read-only privileged user (can access all MIBs)
ncuser: Basic read-only privileged user (can access only system MIB)
inform: (optional) Get acknowledgement of receipt of trap from the host

Trap Host Display


To display specification of trap hosts:
1. Enter configure terminal mode.
2. Invoke the command:
show snmp traps

Enabling/Disabling Authentication Traps


To enable or disable sending of authentication traps to hosts:
1. Enter snmp mode.
2. Invoke the command:
authtrap enable|disable
where,
enable: Send authentication traps

15
Trapsess designates SNMPv3 traps.

110 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

disable: Do not send authentication traps

Trap Host Deletion


To delete specification of a trap host:
1. Enter configure terminal mode.
2. Invoke the command:
no trapsess TARGET
where,
TARGET: Hostname (IP address or DNS name).
Below is an example showing the user inputs (in bold) and OS900 outputs on the CLI screen. The
user inputs include:
− Specification of trap hosts for SNMPv1, 2, and 3
− The command for displaying the specifications
− Deletion of the trap host 174.59.33.88, and
− The command for redisplaying the specifications
OS900(config-snmp)# trapsess 173.57.32.104 1 ZorroTheFox inform
OS900(config-snmp)# trapsess 174.59.33.88 2 LionTheKing inform
OS900(config-snmp)# trapsess 176.58.34.249 3 wruser inform
OS900(config-snmp)# show snmp traps
!
!trap HostName Vers Community/User IsInform
!---- --------------- ---- ---------------- ------
trap 173.57.32.104 1 ZorroTheFox inform
trap 174.59.33.88 2 LionTheKing inform
trap 176.58.34.249 3 wruser inform
OS900(config-snmp)# no trapsess 174.59.33.88
OS900(config-snmp)# show snmp traps
!
!trap HostName Vers Community/User IsInform
!---- --------------- ---- ---------------- ------
trap 173.57.32.104 1 ZorroTheFox inform
trap 176.58.34.249 3 wruser inform
OS900(config-snmp)#

Trap Source Address Specification


To specify the srcIP (IP address of the OS900 interface via which traps are to be sent out):
1. Enter configure terminal mode.
2. Invoke the command:
source ip A.B.C.D
where,
A.B.C.D: IP address of the OS900 interface via which traps are to be sent out.
Below is an example showing:
− User specification of the trap source IP address
− Display of the trap source IP address.
OS900(config-snmp)# source ip 195.86.224.1
OS900(config-snmp)# show snmp srcIP
source ip 195.86.224.1
OS900(config-snmp)#

Link Trap Parameters Specification


To cause the OS900 SNMP agent to send a link trap with user-specified parameters:
1. Enter configure terminal mode.
2. Invoke the command:
snmp
3. Invoke the command:

January 2009 URL: http://www.mrv.com 111


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

link-trap-parameters (all|cisco|ietf|legacy)
where,
all: Bind parameters: ifIndex, ifAdminStatus, ifOperStatus, ifDescr, ifType
cisco: Bind parameters: ifIndex, ifDescr, ifType
ietf: Bind parameters: ifIndex, ifAdminStatus, ifOperStatus
legacy: Bind parameter ifIndex only (default)
OS900(config-snmp)# link-trap-parameters ietf
OS900(config-snmp)#

Viewing
To view SNMP information, invoke the command:
show snmp [all]|authtrapmode|community|engineID|objectID|srcIP|
system|traps|users|configuration
where,
[all]: (optional) All SNMP information (default)
authtrapmode: Authentication traps mode (enabled or disabled)
community: Community objects
engineID: Engine ID. (Needed by SNMP-enabled devices in the datapath of SNMP
traffic from a device.)
objectID: SNMP OID of OS900.
srcIP: IP address of VLAN interface in OS900 via which a trap was sent out.
system: MIB-II system data
traps: Trap hosts
users: SNMPv3 user privilege and encryption modes
configuration: = Run-time configuration
Example
OS900(config-snmp)# show snmp all
SNMP Object ID: 1.3.6.1.4.1.629.22.1.1
engineID 0x800007e503000fbd0005b8
## User Source Community Description
-- ------------- ------------------ ---------- --------------
10 write-read 153.70.131.222 public
20 read-only 153.70.131.0/24 public
30 notConfig default public
-- ------------- ------------------ ---------- --------------
### userName Auth Priv PublicString
--- ------------ ---- ---- ------------
1 wruser md5 none
--- ------------ ---- ---- ------------
!trap HostName Vers Community/User IsInform
!---- --------------- ---- ---------------- ------
trap 173.57.32.104 1 ZorroTheFox inform
trap 176.58.34.249 3 wruser inform
authtrap enabled
OS900(config-snmp)#

Deleting a User
To delete an SNMP user, invoke the command:
no user NAME|ncuser|rouser|wruser
where,
user: SNMPv3 secure user to be deleted
NAME: Secure name of any user

112 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

ncuser: Read-only user (only system MIB)


rouser: Read-only user (all MIBs)
wruser: Read-write user (all MIBs)

View-based Access Control Model (VACM)


General
The traditional SNMP method of controlling access to management information is based on so
called community strings (names). Each community string dictates the type of privilege (e.g., read-
only, read-write, etc.) given to specific users accessing the SNMP agent. For example, the
community string public may be defined to allow only read operations (GET and GETNEXT)
while the community string private may be defined to allow both read and write operations
(GET, GETNEXT, and SET).
These privileges are hard-coded (fixed) and when given they apply to all MIB trees present in the
SNMP agent, i.e., it is not possible to restrict access by users to subsets of a MIB tree or even to
specific MIB trees. To overcome this limitation, the VACM model per RFC 2575 is introduced.
The OS900 has both SNMP control capabilities: the simple traditional type as well as VACM.

Definition
VACM is an SNMPv3 access-control security model based on views (readView, writeView,
notifyView). These views are described in the section Terminology, page 113.

Purposes
VACM has two purposes:
1) To enable the administrator to restrict access by users to selectable subsets of MIB trees.
2) To provide security beyond the traditional community strings/names by imposing
additional access restrictions, such as, IP source address, security name, etc. together
with the community string type of restriction. Specifically it provides for verification:
− That each received SNMP message has not been modified during its transmission
through the network.

− Of the identity of the user on whose behalf a received SNMP message claims to
have been generated.

Terminology
securityLevel: A security level identifies the level of security that will be assumed when
checking access privileges (for members of a group). Different access privileges
can be defined for different security levels.
The SNMP architecture recognizes three security levels:
noAuth: Provides lowest security (without authentication and without
privacy).
AuthNoPriv Provides medium security (with authentication but without
privacy).
AuthPriv Provides highest security (with authentication and with
privacy).
securityModel: SNMPv1 (ID = 1), SNMPv2c (ID = 2), or user-based (ID = 3).
securityName: Human readable string representing a principal.
groupName: Name/ID of a group. A group is a set of zero or more <securityModel,
securityName> tuples on whose behalf SNMP management objects can be
accessed. A group defines the access rights afforded to all securityNames
belonging to that group. The combination of a securityModel and a
securityName maps to at most one group.

January 2009 URL: http://www.mrv.com 113


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

readView: The SNMP object vacmAccessReadViewName. The value of an instance of this


object identifies the MIB view of the SNMP context to which this conceptual row
authorizes read access.
writeView: The SNMP object vacmAccessWriteViewName. The value of an instance of this
object identifies the MIB view of the SNMP context to which this conceptual row
authorizes write access.
notifyView: The SNMP object vacmAccessNotifyViewName. The value of an instance of
this object identifies the MIB view of the SNMP context to which this conceptual
row authorizes access for notifications.
Storage: Whether for system or user storage. There are two storage units:
PERMANENT – System non-erasable storage
NONVOLATILE – User erasable storage

Viewing Access Information


System-Defined
To view the system-defined access information (privileges, etc.), invoke the command:
show snmp vacm permanent [group|access|view|all]
where,
permanent: Only permanent (system-defined) entries
group: Map (table) of a combination of securityName and securityModel into a
groupName
access: Map of a groupName + securityLevel to MIB access
view: Map of a Views table
all: All VACM tables (default)

114 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Example
OS900(config)# snmp
OS900(config-snmp)# show snmp vacm permanent

-----------------------------------------Map of securityModel + securityName groupName (user)-----------------------------------------

securityModel securityName groupName Storage


------------- ------------- -------------- -------
1 admin RWGroup PERMANENT
1 initial notConfigGroup PERMANENT
1 notConfig notConfigGroup PERMANENT
1 read-only ROGroup PERMANENT
1 write-read RWGroup PERMANENT
2 admin RWGroup PERMANENT
2 notConfig notConfigGroup PERMANENT
2 read-only ROGroup PERMANENT
2 write-read RWGroup PERMANENT
3 ncuser notCfgGrpUSM PERMANENT
3 rouser ROGrpUSM PERMANENT
3 wruser RWGrpUSM PERMANENT

---Map of groupName + securityModel securityLevel + View Names (in columns readView, writeView, and notifyView)---

groupName Model Level readView writeView notifView Storage


-------------- ----- ------------ ---------- ---------- ---------- -------
ROGroup any noauth all none all PERMANENT
RWGroup any noauth all all all PERMANENT
ROGrpUSM 3 authnopriv all none all PERMANENT
RWGrpUSM 3 authnopriv all all all PERMANENT
notCfgGrpUSM 3 authnopriv systemview none none PERMANENT
notConfigGroup any noauth systemview none none PERMANENT

---------------------------Map of View Names (all, systemview) Views (Subtrees/subsets of MIB trees) ---------------------------

Name Incl/Excl Subtree Storage


------------- --------- ------------------------------ -------
all include iso PERMANENT
systemview include system PERMANENT
systemview include snmp PERMANENT
OS900(config-snmp)#

In the example above:


The first table [marked Map of securityModel + securityName groupName (user)] shows the users (in
column securityName) and the groups to which they belong (in column groupName). For e.g., the
user admin belongs to the group RWGroup. Observe that the group RWGroup is available in
securityModel 1 (i.e., in SNMPv1) as well as in securityModel 2 (i.e., in SNMPv2c).

The second table [marked Map of groupName + securityModel securityLevel + View Names (in columns
readView, writeView, and notifyView)] shows the views (in columns readView, writeView, and
notifView) for each of the 3 types of access to the MIB tree (readView, writeView, and
notifView) and the groups to which they belong (in column groupName). For e.g., the second
line indicates that administrators belonging to group RWGroup, for any securityModel, have all 3
types of access to a MIB tree on the securityLevel noauth.
The third table marked [Map of View Names (all, systemview) Views (Subtrees/subsets of MIB trees)]
shows the possible views, namely, all and systemview. all (OID:=.1) includes all 3 types of
access to a MIB tree. systemview includes the subtree system (OID:=.1.3.6.1.2.1.1) as well as
the subtree snmp (OID:=.1.3.6.1.2.1.11).
Note that for the securityName notConfig, only the view systemview is accessible.

User-Defined
To view the user-defined access information (privileges, etc.), invoke the command:

January 2009 URL: http://www.mrv.com 115


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

show snmp vacm nonvolatile [group|access|view|all]


where,
nonvolatile: Only non-volatile (user-defined) entries
group: Map of a combination of securityModel and securityName into a groupName
access: Map of a groupName to access
view: Views table
all: (Second appearance) All VACM tables (default)
Example
OS900(config-snmp)# show snmp vacm nonvolatile

securityModel securityName groupName Storage


------------- ------------- -------------- -------
1 Tarzan JungleApes NONVOLATILE

groupName Model Level readView writeView notifView Storage


-------------- ----- ------------ ---------- ---------- ---------- -------
JungleApes 1 noauth ApesRead ApesWrite ApesNotify NONVOLATILE

Name Incl/Excl Subtree Storage


------------- --------- ------------------------------ -------
ApesRead include iso NONVOLATILE
ApesRead exclude rmon NONVOLATILE
ApesRead exclude nbSwitchG1 NONVOLATILE
ApesWrite include system NONVOLATILE
ApesWrite include dot1dBridge NONVOLATILE
ApesWrite include ifMIBObjects NONVOLATILE
OS900(config-snmp)#

All
To view the system-defined as well as the user-defined access information (privileges, etc.),
invoke the command:
show snmp vacm all [group|access|view|all]
where,
all: (First appearance) Non-volatile as well as permanent entries
group: Map of a combination of securityModel and securityName into a groupName
access: Map of a groupName to access
view: Views table
all: (Second appearance) All VACM tables (default)

116 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Example
OS900(config-snmp)# show snmp vacm all

securityModel securityName groupName Storage


------------- ------------- -------------- -------
1 admin RWGroup PERMANENT
1 Tarzan JungleApes NONVOLATILE
1 initial notConfigGroup PERMANENT
1 notConfig notConfigGroup PERMANENT
1 read-only ROGroup PERMANENT
1 write-read RWGroup PERMANENT
2 admin RWGroup PERMANENT
2 notConfig notConfigGroup PERMANENT
2 read-only ROGroup PERMANENT
2 write-read RWGroup PERMANENT
3 ncuser notCfgGrpUSM PERMANENT
3 rouser ROGrpUSM PERMANENT
3 wruser RWGrpUSM PERMANENT

groupName Model Level readView writeView notifView Storage


-------------- ----- ------------ ---------- ---------- ---------- -------
ROGroup any noauth all none all PERMANENT
RWGroup any noauth all all all PERMANENT
ROGrpUSM 3 authnopriv all none all PERMANENT
RWGrpUSM 3 authnopriv all all all PERMANENT
JungleApes 1 noauth ApesRead ApesWrite ApesNotify NONVOLATILE
notCfgGrpUSM 3 authnopriv systemview none none PERMANENT
notConfigGroup any noauth systemview none none PERMANENT

Name Incl/Excl Subtree Storage


------------- --------- ------------------------------ -------
all include iso PERMANENT
ApesRead include iso NONVOLATILE
ApesRead exclude rmon NONVOLATILE
ApesRead exclude nbSwitchG1 NONVOLATILE
ApesWrite include system NONVOLATILE
ApesWrite include dot1dBridge NONVOLATILE
ApesWrite include ifMIBObjects NONVOLATILE
systemview include system PERMANENT
systemview include snmp PERMANENT
OS900(config-snmp)#

Configuring a New User


VACM enables the administrator to configure new users (security names) that may include specific
subtrees (subsets) of a MIB tree and exclude others.
The procedure consists of four stages as follows:
− Mapping Source Name + Community String Security Name (user)
− Mapping Security Name + Security Model Group Name
− Mapping Group Name + Security Model Security Level + View Object
Names
− Mapping View Object Names Views (Subtrees/subsets of MIB trees)
Mapping Source Name + Community String Security Name (user)
Invoke the command:
community [<1-10000000>] (write-read|read-only|notConfig|NAME)
(default|localhost|A.B.C.D|A.B.C.D/M) COMMUNITY
where,
<1-10000000>: Number of Security Name

January 2009 URL: http://www.mrv.com 117


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

write-read: Security name providing write & read privileges to the whole MIB tree
(OID:=.1)
read-only: Security name providing read-only privileges to the whole MIB tree
(OID:=.1)
notConfig: Security name providing systemview privileges only, i.e., read-only
privileges to the subtrees system (OID:=.1.3.6.1.2.1.1) and snmp (OID:=.1.3.6.1.2.1.11).
NAME: Security name (user) to be defined by the administrator
default: Source name representing all source IP addresses
localhost: Source name of local host, i.e., the OS900 at which a new Security name
is being configured.
A.B.C.D: Source IP address
A.B.C.D/M: Source IP prefix (address and mask)
COMMUNITY: Community string
Example
OS900(config-snmp)# community Tarzan 192.2.2.2/24 private
OS900(config-snmp)#

Mapping Security Name + Security Model Group Name


Invoke the command:
vacm group (1|2|3) SECNAME GROUPNAME
where,
group: Set entry in VACM group table
1: SNMPv1 Security Model
2: SNMPv2c Security Model
3: User-based Security Model (USM)
SECNAME: Security Name of the user (e.g., Tarzan)
GROUPNAME: Name of the group
Example
OS900(config-snmp)# vacm group 1 Tarzan JungleApes
user 'Tarzan' has been set to 'JungleApes' with security model 1
OS900(config-snmp)#

Mapping Group Name + Security Model Security Level + View Object Names
Invoke the command:
vacm access GROUPNAME (any|1|2|3) (noauth|authnopriv|authpriv)
READVIEW WRITEVIEW NOTIFYVIEW
where,
access: Set entry in VACM access table
GROUPNAME: Name of the group
any: All security Models (any)
1: SNMPv1 Security Model
2: SNMPv2c Security Model
3: User-Based Security Model (usm)
noauth: Low Security Level (without authentication and without privacy)
authnopriv: Medium Security Level (with authentication but without privacy)
authpriv: High Security Level (with authentication and with privacy)
READVIEW: Name of view for read access object.
WRITEVIEW: Name of view for write access object.
NOTIFYVIEW: Name of view for notifications object.

118 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Example
OS900(config-snmp)# vacm access JungleApes 1 noauth ApesRead ApesWrite ApesNotify
OS900(config-snmp)#

Mapping View Object Names Views (Subtrees/subsets of MIB trees)


Invoke the command:
vacm view NAME (include|exclude) MIBNODE
where,
view: Set entry in VACM view table
NAME: Name of the view object
include: Include the view (subtree) in the object
exclude: Exclude the subtree in the view
MIBNODE: objectID of the the view (subtree), for example, system or .7.1.3.6.1.2.1.1
Example
OS900(config-snmp)# vacm view ApesRead include .1
OS900(config-snmp)# vacm view ApesRead exclude nbSwitchG1
OS900(config-snmp)# vacm view ApesRead exclude RMON
OS900(config-snmp)# vacm view ApesWrite include system
OS900(config-snmp)# vacm view ApesWrite include ifMIBObjects
OS900(config-snmp)# vacm view ApesWrite include dot1dBridge
OS900(config-snmp)#

Deleting an Entry from a VACM Table


Group Table
To delete an entry from a VACM group table (see for instance the first table in the example in the
section System-Defined, page 114) invoke the command:
no vacm group 1|2|3 SECNAME [GROUPNAME]
where,
group: VACM group table from which an entry is to be deleted
1: SNMPv1 Security Model
2: SNMPv2c Security Model
3: SNMPv3
SECNAME: Security Name of the user
GROUPNAME: Name of the group

Access Table
To delete an entry from a VACM access table (see for instance the second table in the example in
the section System-Defined, page 114), invoke the command:
no vacm access any|1|2|3 GROUPNAME noauth|authnopriv|authpriv
where,
access: VACM access table from which an entry is to be deleted
any: All security Models (any)
1: SNMPv1 Security Model
2: SNMPv2c Security Model
3: User-Based Security Model (USM)
GROUPNAME: Name of the group
noauth: Without authentication and without privacy
authnopriv: With authentication but without privacy
authpriv: With authentication and with privacy

January 2009 URL: http://www.mrv.com 119


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

View Table
To delete an entry from a VACM view table (see for instance the third table in the example in the
section System-Defined, page 114), invoke the command:
no vacm view NAME include|exclude MIBNODE
where,
view: Delete entry from VACM view table
NAME: Name of the view
include: Include the subtree in the view
exclude: Exclude the subtree in the view
MIBNODE: objectID of the the subtree, for example, system or .7.1.3.6.1.2.1.1

Configuration Example
The following example demonstrates the procedure for configuring VACM. It includes:
− The Source Name (IP prefix) 192.2.2.2/24 + Community String private mapping to the
Security Name Tarzan
− The Security Name Tarzan + Security Model 1 (SNMPv1) mapping to the Group Name
JungleApes

− The Group Name JungleApes + Security Model 1 mapping to the Security Level noauth +
View Object Names ApesRead, ApesWrite, and ApesNotify

− The View Object Names ApesRead, ApesWrite, and ApesNotify mapping to the Views
include .1, exclude nbSwitchG1, exclude RMON, include system, include ifMIBObjects,
include dot1dBridge

OS900(config-snmp)# write terminal


Building configuration...

Current configuration:
! version 2_0_10
snmp

community 10 Tarzan 192.2.2.0/24 private

vacm group 1 Tarzan JungleApes

vacm access JungleApes 1 noauth ApesRead ApesWrite ApesNotify

vacm view ApesRead include iso


vacm view ApesRead exclude rmon
vacm view ApesRead exclude nbSwitchG1
vacm view ApesWrite include system
vacm view ApesWrite include dot1dBridge
vacm view ApesWrite include ifMIBObjects
!

Scripts
Definition
A Script is a set of factory CLI commands that the OS900 can execute in succession without user
intervention. Once a script is defined, it can be used just like any other CLI command.

Purpose
The Script utility is used to make the configuration procedure for the OS900 simpler and quicker
for technicians in the field.

120 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Structure
A script consists of the following:
− Parameters (script arguments)
− Lines (a sequence of CLI commands that may include script Parameters as arguments)

Creating
To create a script, you basically need to do the following:
− Create Parameters
− Create Lines (that contain factory CLI commands) with the appropriate Parameters
A Script is created as follows:
1. Enter configure terminal mode.
2. Assign a name to the script by invoking the command:
script NAME
where,
NAME: Name of script.
String of up to thirteen alphanumeric characters.
Letter characters must be lowercase only and must not be blanks,
e.g., ipiface01.
3. Optionally, enter a textual description of the script by invoking the command:
description TEXT
where,
TEXT: Description of script. Text that can include blanks.
4. Create the parameters as described in the section Create Parameter, page 121.
5. Create the lines with CLI commands as described in the section Create Line, page
123.

Parameters
Parameters are script arguments. The user can define a list of Parameters that can be later used
in Lines of a script.
The actions that can be performed on a parameter are as follows:
− Create Parameter
− View Parameter
− Modify Parameter
− Delete Parameter

Create Parameter
To create a parameter:
1. Enter configure terminal mode.
2. Enter the mode of a script (existing or new) by invoking the command:
script NAME
where,
NAME: Name of script. String of up to thirteen alphanumeric characters. Letter
characters must be lowercase only and must not be blanks, e.g., ipiface01.
3. Invoke the command:
parameter [NUMBER] NAME type TYPE description TEXT
where,
NUMBER: (optional) Index of parameter. Set the order of the parameter.
If not specified, a number that is a multiple of 10 (e.g., 10, 20, 30,
etc.) is assigned.
NAME: Name for the parameter.
TYPE: Type for parameter.

January 2009 URL: http://www.mrv.com 121


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

TEXT: Description for parameter.


Example
OS900# configure terminal
OS900(config)# script ipiface01
OS900(script-ipiface01)# parameter 10 IFID type vifN description Vlan Interface ID
OS900(script-ipiface01)#

View Parameter
The procedures for viewing a Parameter are the same as those given for viewing a Script – see
section Viewing, page 125.

Modify Parameter
To modify the name, type, or description of a parameter:
1. Enter the mode of the script containing the parameter to be modified by invoking
the command:
script NAME
where,
NAME: Name of script.
2. Invoke the command:
parameter NUMBER NAME type TYPE description TEXT
where,
NUMBER: Number of the parameter whose name, type, or description is to be
changed.
NAME: New name for the parameter.
TYPE: New Type for parameter.
TEXT: New description for script.

Delete Parameter
To delete a parameter from an existing script:
1. Enter configure terminal mode.
2. Enter the mode of the script containing the parameter to be deleted by invoking
the command:
script NAME
where,
NAME: Name of script.
3. Invoke the command:
no parameter NUMBER
where,
NUMBER: Number of the parameter to be deleted.
Example
OS900(script-IpInterface01)# no parameter 30
OS900(script-IpInterface01)#

Renumber Parameters
To renumber all Parameters (and Lines) of a script with the sequence 10, 20, 30, etc.:
1. Enter the mode of the script by invoking the command:
script NAME
where,
NAME: Name of script. Text string of up to thirteen characters without blanks.
2. Renumber the Parameters (and Lines) by invoking the command:
renumerate

122 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Example
The example below shows that the numbers of the Parameters (and Lines) before the command
renumerate is invoked are 5, 17, and 23. The numbers after are 10, 20, and 30.

OS900(script-IpInterface01)# show

script 'IpInterface01' : Play Dome at Tensa.


Parameters
---- -------------- -------------- -----------
Num. Name Type Description
---- -------------- -------------- -----------
5 vifID vifN Param for interface ID.
17 portID ports Group of Ports
23 tagID tag ID of Tag
OS900(script-IpInterface01)# renumerate
OS900(script-IpInterface01)# show

script 'IpInterface01' : Play Dome at Tensa.


Parameters
---- -------------- -------------- -----------
Num. Name Type Description
---- -------------- -------------- -----------
10 vifID vifN Param for interface ID.
20 portID ports Group of Ports.
30 tagID tag ID of Tag.

Lines
Lines are a sequence of CLI commands that include script Parameters.
The actions that can be performed on a line are as follows:
− Create Line
− View Line
− Modify Line
− Delete Line

Create Line
To create a line:
1. Enter configure terminal mode.
2. Enter the mode of a script (existing or new) by invoking the command:
script NAME
where,
NAME: Name of script. String of up to thirteen alphanumeric characters. Letter
characters must be lowercase only and must not be blanks, e.g., ipiface01.
3. Invoke the command:
line [NUMBER] COMMAND
where,
NUMBER: (optional) Number for the line.
COMMAND: CLI command in the regular format with the exception that instead of a
value argument, a parameter preceded by $ is entered.
Example
OS900# configure terminal
OS900(config)# script ipiface01
OS900(script-ipiface01)# line 10 interface vlan vif$IFID
OS900(script-ipiface01)#

January 2009 URL: http://www.mrv.com 123


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Note
When creating a script, there is no need to use exit command in order
to return to previous CLI modes.

View Line
The procedures for viewing a Line are the same as those given for viewing a Script – see section
Viewing, page 125.

Modify Line
To modify a line re-enter it with the same line number as follows:
1. Enter the mode of the script containing the line to be modified by invoking the
command:
script NAME
where,
NAME: Name of script.
2. Invoke the command:
line NUMBER COMMAND
where,
NUMBER: Number for the line.
COMMAND: New CLI command.

Delete Line
To delete a line from an existing script:
1. Enter configure terminal mode.
2. Enter the mode of the script containing the line to be deleted by invoking the
command:
script NAME
where,
NAME: Name of script.
3. Invoke the command:
no line NUMBER
where,
NUMBER: Number of the line to be deleted.
Example
OS900(script-ipiface01)# no line 50
OS900(script-ipiface01)#

Renumber Lines
To renumber all Lines (and Parameters) of a script with the sequence 10, 20, 30, etc.:
1. Enter the mode of the script by invoking the command:
script NAME
where,
NAME: Name of script. Text string of up to thirteen characters without blanks.
2. Renumber the Lines (and Parameters) by invoking the command:
renumerate
Example
The example below shows that the numbers of the Lines (and Parameters) before the command
renumerate is invoked are 5, 17, and 23. The numbers after are 10, 20, and 30.

OS900(script-IpInterface01)# show

script 'IpInterface01' : Play Dome at Tensa.


Parameters

124 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

---- -------------- -------------- -----------


Num. Name Type Description
---- -------------- -------------- -----------
5 vifID vifN Param for interface ID.
17 portID ports Group of Ports
23 tagID tag ID of Tag
OS900(script-IpInterface01)# renumerate
OS900(script-IpInterface01)# show

script 'IpInterface01' : Play Dome at Tensa.


Parameters
---- -------------- -------------- -----------
Num. Name Type Description
---- -------------- -------------- -----------
10 vifID vifN Param for interface ID.
20 portID ports Group of Ports.
30 tagID tag ID of Tag.

Viewing
In Script Mode
To view a script in its mode:
1. Enter configure terminal mode.
2. Enter the mode of the script whose parameters are to be viewed by invoking the
command:
script NAME
where,
NAME: Name of script.
3. Invoke the command:
show
Example
OS900# configure terminal
OS900(config)# script ipiface01
OS900(script-ipiface01)# show

script 'ipiface01'
Parameters
---- -------------- -------------- -----------
Num. Name Type Description
---- -------------- -------------- -----------
10 IFID ifname Vlan Interface ID
20 POID ports Group of Ports
30 TGID tag ID of Tag
40 IPID ipv4_pref IP Prefix of Interface

Lines
---- -----------------------------------------
Num. Line
---- -----------------------------------------
10 interface vlan vif$IFID
20 ports $POID
30 tag $TGID
40 ip $IPID
OS900(script-ipiface01)#

In Enable Mode
To view one or all scripts in enable mode:

January 2009 URL: http://www.mrv.com 125


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

One Script
1. Enter enable mode.
2. Invoke the command:
show script NAME
where,
NAME: Name of script.
All Scripts
1. Enter enable mode.
2. Invoke the command:
show scripts [configuration]
where,
configuration: (optional) In the format used to configure the parameters. If this
keyword is not entered, the parameters are displayed in tabular format.

Executing
A Script can be executed like any other CLI command.
To execute a script
1. Enter enable mode.
2. Invoke the command:
NAME
where,
NAME: Name of script.
3. Press Shift ? to display the parameter value to be entered, and enter the value
prompted by the system.
4. Repeat step 3, above, until the prompt <cr> appears.

Deleting
To delete a script:
1. Enter configure terminal mode.
2. To display the list of existing scripts, type the partial command:
no script ?
3. Complete the partial command by typing the name of the script to be deleted.
Example
OS900# configure terminal
OS900(config)# no script ?
NAME
Config07 *Script*
IpInterface01 *Script* Play Dome at Tensa.
OS900(config)# no script Config07
OS900(config)#

126 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

Example
The example below shows how a script is created that can be used to configure an interface.
Custom entries are shown in the color red. Parameter names are in upper case, e.g., IFID, POID,
TGID. Notice that in each line, a regular CLI command (e.g., tag 27) is entered with the
exception that a parameter (e.g., TGID) preceded by $ is entered instead of a value (e.g., 27).
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
OS900(config)# script ?
NAME Script name

OS900(config)# script ipiface01

OS900(script-ipiface01)# parameter 10 IFID type vifN description Vlan Interface ID


OS900(script-ipiface01)# parameter 20 POID type ports description Group of Ports
OS900(script-ipiface01)# parameter 30 TGID type tag description ID of Tag
OS900(script-ipiface01)# parameter 40 IPID type ipv4_pref description IP Prefix of
Interface
OS900(script-ipiface01)# line 10 interface vlan vif$IFID
OS900(script-ipiface01)# line 20 _ports $POID
OS900(script-ipiface01)# line 30 _tag $TGID
OS900(script-ipiface01)# line 40 _ip $IPID

OS900(script-ipiface01)# show
script 'ipiface01'
Parameters
---- -------------- -------------- -----------
Num. Name Type Description
---- -------------- -------------- -----------
10 IFID vifN Vlan Interface ID
20 POID ports Group of Ports
30 TGID tag ID of Tag
40 IPID ipv4_pref IP Prefix of Interface

Lines
---- -----------------------------------------
Num. Line
---- -----------------------------------------
10 interface vlan vif$IFID
20 ports $POID
30 tag $TGID
40 ip $IPID

OS900(script-ipiface01)# exit
OS900(config)# exit
OS900# ipiface01 ?
IFNAME Vlan Interface ID
OS900# ipiface01 201 ?
PORT_GROUP_STR Group of Ports
OS900# ipiface01 201 2-4 ?
<1-4095> ID of Tag
OS900# ipiface01 201 2-4 2001 ?
A.B.C.D/M IP Prefix of Interface
OS900# ipiface01 201 2-4 2001 192.4.4.4/24 ?
<cr>
| Output modifiers
OS900# ipiface01 201 2-4 2001 192.4.4.4/24

January 2009 URL: http://www.mrv.com 127


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

execute: interface vlan vif201


execute: ports 2-4
execute: tag 2001
Interface is activated.
execute: ip 192.4.4.4/24
OS900#

Console Access Control


Disabling the Console
Local access to the OS900 [via the out-of-band RS-232 interface (CONSOLE EIA-232 port)] for
management can be disabled.

CAUTION!
Before disabling local access to the OS900, ensure that a TELNET or
SSH connection exists, otherwise the OS900 will be locked to access!

To disable local access to the OS900, from the remote management station:
1. Enter configure terminal mode.
2. Invoke the command:
console-disable [delayed]
where,
delayed: Delay access disabling for one minute

Enabling the Console


To enable local access to the OS900 [via the out-of-band RS-232 interface] a TELNET or SSH
connection is required to have existed at the time local access was disabled.
To re-enable local access to the OS900, invoke the command:
no console-disable

Layer 2 Protocol Counters


Several counters, one for each of Layer 2 protocols, count the number of ingress and egress
frames separately. These counters can be viewed and cleared.

Viewing
To view the Layer 2 protocol counters, invoke the command:
show l2cntrl-protocol-counters
Example
OS900# show l2cntrl-protocol-counters
PROTOCOL TX_COUNTER RX_COUNTER
------------ ---------- ----------
L2CNTRL_STP 3728 3728
L2CNTRL_OAM 1145 1145
L2CNTRL_EFM 293 293
DOT1X 502 502
LACP 8061 8061
DOT1AH 207 207
OS900#

The fields in the above example are described below.


L2CNTRL_STP IEEE 802.1s (MSTP) and IEEE 802.1w (RSTP) protocols
L2CNTRL_OAM IEEE 802.1ag and ITU-T SG Y.1731 Ethernet Service OAM protocols
L2CNTRL_EFM IEEE 802.3ah OAM for Ethernet in the First Mile protocol
DOT1X IEEE 802.1x Wireless LAN authentication protocol

128 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 5: CLI Management

LACP IEEE 802.3ad Link Aggregation/Trunking protocol


DOT1AH IEEE 802.1ah Provider Bridged Networks interconnection protocol
TX_COUNTER Egress frames counter
RX_COUNTER Ingress frames counter

Clearing
To clear all the Layer 2 protocol counters, invoke the command:
clear l2cntrl-protocol-counters
Example
OS900# clear l2cntrl-protocol-counters
OS900#

January 2009 URL: http://www.mrv.com 129


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

130 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Chapter 6: Ports

General
− This chapter shows how to configure and monitor the physical ports of the OS900.

Enabling/Disabling
Default
By default, each LAN/WAN port is enabled.

Custom
Each port can be enabled or disabled independently of other ports. To enable/disable one or more
ports, invoke the following command:
port state enable|disable PORTS-GROUP|all
where,
port: Port-related action
state: Port state
enable: Enable the port(s)
disable: Disable the port(s)
PORTS-GROUP: Group of Ports
all: All ports
Example
OS900(config)# port state disable 4
port 4 state set to: DISABLE
OS900(config)#

Status
Brief
To view the configuration status of one or more ports in brief, invoke the command:
show port [PORTS-GROUP|all]
where,
show: Display
port: Port-related action
[PORTS-GROUP]: Group of Ports.
(If no port number is entered, the statuses of all ports are
displayed.)
all: All ports
Example
OS910(config)# show port
PORTS CONFIGURATION
===================
PORT MEDIA MEDIA_SEL LINK SPD_SEL LAN_SPD DUPL STATE SL
----------------------------------------------------------------------
1 TP COPPER OFF AUTO N/A N/A ENABLE 1
2 TP COPPER OFF AUTO N/A N/A ENABLE 1

January 2009 URL: http://www.mrv.com 131


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

3 TP COPPER OFF AUTO N/A N/A ENABLE 1


4 TP COPPER OFF AUTO N/A N/A ENABLE 1
5 TP COPPER OFF AUTO N/A N/A ENABLE 1
6 TP COPPER OFF AUTO N/A N/A ENABLE 1
7 TP COPPER OFF AUTO N/A N/A ENABLE 1
8 TP COPPER ON AUTO 1 GBps FULL ENABLE 1
t1 --- --- ON AUTO 2 GBps FULL ENABLE 1
(9) SFP+100FX SFP ON-F AUTO 1 GBps FULL ENABLE 1
(10) SFP+100FX SFP ON-F AUTO 1 GBps FULL ENABLE 1
OS910(config)#

Detailed
To view the configuration status of one or more ports in detail, invoke the command:
show port details [PORTS-GROUP]
where,
show: Display
port: Port-related action
details: Detailed information
[PORTS-GROUP]: Group of Ports
(If no port number is entered, the statuses of all ports are
displayed.)
Example
OS910# show port details 3
Port 3 details:
-------------------
Description : N/A
Type : ETH10/100/1000
Link : OFF
Duplex state : N/A
PHY : TP
Speed selected : AUTO
Auto-Neg Advertise : Default
State : ENABLE
Priority : 1
Flow control mode : off
Ethertype : CORE1:0x8100
OutBound Tagged : untagged
Tags List :
Udld : -

Comment Adding
To enter a textual description of one or more ports, invoke the command:
port description PORTS-GROUP|all ..
where,
port: Port-related action
description: Textual description
PORTS-GROUP: Group of Ports
all: All ports
..: Textual description to be entered
Example
OS900(config)# port description 4 This port is for new customers.
OS900(config)# show port details 4
Port 4 details:
-------------------
Description : This port is for new customers.
Type : ETH100/1000

132 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Media-select mode : SFP


Link : OFF
Duplex state : N/A
PHY : SFP+100FX
Speed selected : AUTO
Auto-Neg Advertise: Advertise all.
State : ENABLE
Priority : 1
Flow control mode : off
Ethertype : CORE1:0x8100
OutBound Tagged : untagged
Tags List :

OS900(config)#

Physical Interface
Default
By default, the type of physical interface selected for an SFP port is sfp (1000Base-X).

Custom
The type of physical interface for an SFP port can be selected independently of other ports. To
select the interface medium for one or more ports, invoke the following command:
port media-select sfp|sfp100|copper|auto PORT-GROUP|all
where,
port: Port-related action
media-select: Port physical interface
sfp: Set the port to operate as a 1000Base-X interface
sfp100: Set the port to operate as a 100Base-X interface
copper: Set the port to operate with the fixed 10/100/1000Base-T interface
auto: Set the port to operate with the SFP or fixed 10/100/1000Base-T interface
automatically
PORT-GROUP: Group of Ports
all: All ports
Example
OS900(config)# port media-select copper 1,2
port 1 media mode set to: COPPER
port 2 media mode set to: COPPER
OS900(config)

Speed
Default
The default speed of an electrical LAN/WAN port is according to auto-negotiation. (LAN/WAN ports
are shown in Figure 2, page 54.)

Custom
The speed of each port can be set (forced) independently of other ports. To set a speed for one or
more ports, invoke the following command:
port speed 10|100|1000|auto PORTS-GROUP|all
where,
port: Port-related action
speed: Speed to be set

January 2009 URL: http://www.mrv.com 133


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

10: 10 Mbit/sec (Applicable to 10/100/1000Base-T ports only)


100: 100 Mbit/sec
1000: 1000 Mbit/sec
auto: Auto-Negotiation
PORTS-GROUP: Group of Ports
all: All ports
Example
OS900(config)# port speed 1000 1,2
port 1 speed set to: FORC1,000
port 2 speed set to: FORC1,000
OS900(config)#

Viewing
To view the speed configurations for ports, invoke a show command as described in the section
Status, page 131.

Duplexity
Default
The default duplexity mode of transmission of a 10/100/1000Base-T LAN/WAN port is according to
auto-negotiation.

Custom
The duplexity of each port can be set (forced) independently of other ports. To set half- or full-
duplexity for one or more ports, invoke the following command:
port duplex half|full PORTS-GROUP|all
where,
port: Port-related action
duplex: Duplexity to be set
half: Half-duplex
full: Full-duplex
PORTS-GROUP: Group of Ports
all: is all ports
Example
OS900(config)# port duplex half 1,2
port 1 duplex set to: HALF
port 2 duplex set to: HALF
OS900(config)#

Viewing
To view the speed configurations for ports, invoke a show command as described in the section
Status, page 131.

Traffic Throughput Reading


For User-specified Time Interval
To view the amount of traffic that flows through one or more ports in a user-specified time interval,
invoke the command:
show port rate (PORTS-GROUP|all) time (<10-60>)
PORTS-GROUP: Group of ports for which the traffic throughput is to be measured.

134 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

all: All ports’ traffic throughput is to be measured.


(<10-60>): Time interval during which the throughput is to be measured. The measurement
starts as soon as the command is invoked.
Example
OS910# show port rate 1,3 time 15

The answer will be ready in 15 more seconds


OS910#
Results for port 1:
Tx: 511 KBps, 999 pps, rate 0.671 Mbps
Rx: 511 KBps, 1998 pps, rate 0.831 Mbps

Results for port 3:


Tx: 511 KBps, 999 pps, rate 0.671 Mbps
Rx: 511 KBps, 1998 pps, rate 0.831 Mbps

OS910# show port rate 1,3 time 10


The answer will be ready in 10 more seconds
OS910#
Results for port 1:
Tx: 511 KBps, 998 pps, rate 0.671 Mbps
Rx: 511 KBps, 1997 pps, rate 0.830 Mbps

Results for port 3:


Tx: 511 KBps, 998 pps, rate 0.671 Mbps
Rx: 511 KBps, 1997 pps, rate 0.830 Mbps
OS910#

In the example above, KBps is kilobytes per second, pps is packets per second, and Mbps is
megabits per second.

Of Last User-specified Time Interval


To view the amount of traffic that flowed through one or more ports in the last user-specified time
interval, invoke the command:
show port rate PORTS-GROUP|all
PORTS-GROUP: Group of ports for which the traffic throughput is to be measured.
all: All ports’ traffic throughput is to be measured.
Example
OS910# show port rate 1,3

Results for port 1:


Tx: 511 KBps, 998 pps, rate 0.671 Mbps
Rx: 511 KBps, 1997 pps, rate 0.830 Mbps
Measures were taken at: Wed Jul 30 10:31:56 2008

Results for port 3:


Tx: 511 KBps, 998 pps, rate 0.671 Mbps
Rx: 511 KBps, 1997 pps, rate 0.830 Mbps
Measures were taken at: Wed Jul 30 10:31:56 2008
OS910#

Of Latest User-specified Time Intervals


To view the amount of traffic that flowed through one or more ports in the last user-specified time
intervals (up to five), invoke the command:
show port rate (PORTS-GROUP|all) time (<10-60>)
PORTS-GROUP: Group of ports for which the traffic throughput is to be measured.

January 2009 URL: http://www.mrv.com 135


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

all: All ports’ traffic throughput is to be measured.


Example
OS910# show port rate 1,3 history

Rate results for port 1:


-------------- at: Wed Jul 30 10:37:38 2008 --------------
Tx: 511 KBps, 998 pps, rate 0.671 Mbps
Rx: 511 KBps, 1997 pps, rate 0.830 Mbps
-------------- at: Wed Jul 30 10:37:24 2008 --------------
Tx: 511 KBps, 999 pps, rate 0.671 Mbps
Rx: 511 KBps, 1998 pps, rate 0.831 Mbps

Rate results for port 3:


-------------- at: Wed Jul 30 10:37:38 2008 --------------
Tx: 511 KBps, 998 pps, rate 0.671 Mbps
Rx: 511 KBps, 1997 pps, rate 0.830 Mbps
-------------- at: Wed Jul 30 10:37:24 2008 --------------
Tx: 511 KBps, 999 pps, rate 0.671 Mbps
Rx: 511 KBps, 1998 pps, rate 0.831 Mbps
OS910#
Add CLI command to calculate ports rate with a defined time between 10 to 60 Sec.
To show the last result use:
show port rate (PORTS-GROUP|all)
To show the history of the last 5 results:
show port rate (PORTS-GROUP|all) history

Port SFP Reading


Parameters
To view the SFP port internal EEPROM data, invoke the command:
show port sfp-params [PORTS-GROUP]
sfp-params: SFP port internal EEPROM data.
PORTS-GROUP: Group of ports for which the traffic throughput is to be measured. Trunk ports
may be included.

136 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Example
OS910# show port sfp-params t1

SFP ports internal EEPROM data


================================

Trunk t1, Port 9: SFP EEPROM Parameters


**************************************************************************
Identifier is SFP
Connector code is LC
Transceiver subcode is 1000Base-SX
Serial encoding mechanism is 8B10B
The nominal bit rate is 1300 Megabits/sec.
Link length using single mode (9 micron) is not supported.
Link length using 50 micron multi-mode fiber is greater than 500m.
Link length using 62.5 micron multi-mode fiber is greater than 300m.
Link length using copper cable is not supported.
Vendor name is Infineon AG
Vendor PN is V23818-K305-B57
Vendor revision is 1
Vendor SN is 30355175
Nominal transmitter output wavelength at room temperature is not specified.
**************************************************************************

Trunk t1, Port 10: SFP EEPROM Parameters


**************************************************************************
Identifier is SFP
Connector code is LC
Transceiver subcode is 1000Base-SX
Serial encoding mechanism is 8B10B
The nominal bit rate is 2100 Megabits/sec.
Link length using single mode (9 micron) is not supported.
Link length using 50 micron multi-mode fiber is greater than 300m.
Link length using 62.5 micron multi-mode fiber is greater than 150m.
Link length using copper cable is not supported.
Vendor name is MRV
Vendor PN is SFP-DGD-SX
Vendor revision is A
Vendor SN is PDL16FH
Nominal transmitter output wavelength at room temperature is 850.00 nm.
**************************************************************************

Diagnostics
To view the digital diagnostics of the SFP's internal EEPROM, invoke the command:
show port sfp-diag [PORTS-GROUP]
sfp-diag: Digital diagnostics of the SFP's internal EEPROM.
PORTS-GROUP: Group of ports for which the traffic throughput is to be measured. Trunk ports
may be included.

January 2009 URL: http://www.mrv.com 137


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910# show port sfp-diag t1

SFP ports internal EEPROM data


================================
Trunk t1, Port 9: Digital Diagnostic feature is not supported for current SFP

Trunk t1, Port 10: SFP Digital Diagnostics


****************************************************
Description Real-Time Value
-------------------- ---------------
Temperature (C)/(F): 47/116
Voltage (V): 3.3248
TX Bias (mA): 7.408
TX Power (dBm)/(mW): -4.7/0.337
RX Power (dBm)/(mW): -5.2/0.303
****************************************************
OS910#

Capabilities Advertising
General
Port capabilities advertising is the advertising of the speed(s) and duplexity with which ports can
operate.

Applicability
Port capabilities advertising applies only to 10/100/1000Base-T ports.

Requirement
For ports to be able to advertise they must be set in auto-negotiation mode. One or more ports can
be set in auto-negotiation mode by invoking the command port speed auto
PORTS-GROUP|all described in the section Speed, page 133.

Default
The default advertise mode for ports is advertise all speeds (10, 100, and 1000 Mbps) and
duplexity (half and full).

Custom
Advertising a Specific Speed and/or Duplexity
To set one or more ports to advertise a specific speed and/or duplexity, invoke the following
command:
port advertise speed (10|100|1000|all) duplex (half|full|all) (PORTS-
GROUP|all)
where,
port: Port-related action
advertise: Advertise default auto-negotiation capabilities
speed: Speed to be set
10: 10 Mbit/sec (Applicable to 10/100/1000Base-T ports only)
100: 100 Mbit/sec
1000: 1000 Mbit/sec
all: (First appearance) All speeds (10, 100, and 1000 Mbit/sec)
duplex: Duplexity to be set
half: Half-duplex

138 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

full: Full-duplex
all: (Second appearance) Both duplexities (half and full)
PORTS-GROUP: Group of Ports
all: (Third appearance) All ports
Note that this command will cause the port to advertise:
− The set speed, in addition to one or more other set speeds (if they exist for the port), and
− The set duplexity, in addition to the other set duplexity (if it exists for the port)
Example
OS910(config)# port advertise speed 100 duplex half 3,5
port 3 advertise set to speed: 100MBps, duplex: HALF
port 5 advertise set to speed: 100MBps, duplex: HALF
OS910(config)#

Default
To set one or more ports in the default mode (described in the section Default, page 138), invoke
the command:
port advertise default (PORTS-GROUP|all)
where,
PORTS-GROUP: Group of Ports
all: All ports

Preventing all Advertising


To prevent one or more ports from advertising, invoke the command:
no port advertise (PORTS-GROUP|all)
where,
PORTS-GROUP: Group of Ports
all: All ports

Preventing Advertising of a Specific Speed and/or Duplexity


To prevent one or more ports from advertising a specific speed and/or duplexity, invoke the
command:
no port advertise speed (10|100|1000|all) duplex (half|full|all)
(PORTS-GROUP|all)
where,
10: 10 Mbit/sec (Applicable to 10/100/1000Base-T ports only)
100: 100 Mbit/sec
1000: 1000 Mbit/sec
all: (First appearance) All speeds (10, 100, and 1000 Mbit/sec)
half: Half-duplex
full: Full-duplex
all: (Second appearance) Both duplexities (half and full)
PORTS-GROUP: Group of Ports
all: (Third appearance) All ports

Viewing
To view the speed configurations for ports, invoke a show command as described in the section
Status, page 131.

Outbound Tag Mode


To change the outbound tag mode for a port after an ACL has been bound to a port, unbind the
ACL (as described in the section Unbinding, page 268, change the outbound tag mode (as
described below), then rebind the ACL (as described in the section Binding, page 266).

January 2009 URL: http://www.mrv.com 139


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

One or more ports can be set to handle ingress frames with IEEE 802.1Q encapsulation in one of
the following modes:
− Tagged
− Untagged
− Hybrid
− Q-in-Q

Tagged
To set a port to handle only tagged ingress frames16 (and to forward them with the tag):
1. Enter configure terminal mode.
2. Invoke the command:
port tag-outbound-mode tagged PORTS-GROUP
where,
port: Port-related action
tag-outbound-mode: IEEE 802.1Q encapsulation of ingress/egress frames
tagged: Tagged ingress/egress frames
PORTS-GROUP: Group of Ports
(If no port number is entered, all ports are displayed.)

Untagged
This is the default mode for ports. To set a port to handle only untagged ingress frames (and to
forward them untaggged):
1. Enter configure terminal mode.
2. Invoke the command:
port tag-outbound-mode untagged PORTS-GROUP
where,
port: Port-related action
tag-outbound-mode: IEEE 802.1Q encapsulation of ingress/egress frames
untagged: Untagged ingress/egress frames
PORTS-GROUP: Group of Ports
(If no port number is entered, all ports are displayed.)

Hybrid
This mode is similar to tagged mode except for the way it handles untagged frames. In tagged
mode, ingress untagged frames are dropped. In hybrid mode, ingress untagged frames are
assigned the port’s default tag. Egress packets having the default tag are sent untagged.
To configure hybrid mode for a group of ports:
1. Enter configure terminal mode.
2. Invoke the command:
port tag-outbound-mode hybrid [PORTS-GROUP] TAG
where,
port: Port action
tag-outbound-mode: IEEE 802.1Q encapsulation of ingress/egress frames
hybrid: Tagged and untagged ingress/egress frames
[PORTS-GROUP]: Group of Ports
(If no port number is entered, all ports are displayed.)
TAG: User-selectable default tag for the interface

16
Untagged ingress frames are dropped in tagged mode.

140 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Q-in-Q (Service VLAN Access Mode)


The Q-in-Q mode is used to interconnect customer sites having the same VLAN tag across an
Ethernet metro network.
This mode applies for access (LAN) ports. In this mode both tagged and untagged frames are
allowed at ingress. All ingress frames are encapsulated with an additional tag (Service VLAN tag).
All egress frames at tagged ports are decapsulated from Service VLAN tags.
To configure Q-in-Q mode for one or more access ports:
1. Enter configure terminal mode.
2. Invoke the command:
port tag-outbound-mode q-in-q [PORTS-GROUP] TAG
where,
port: Port configuration.
tag-outbound-mode: IEEE 802.1Q encapsulation of ingress/egress frames
q-in-q: Untagging of ingress/egress frames. This argument must be selected
for Q-in-Q access ports.
[PORTS-GROUP]: Group of Ports
(If no port number is entered, all ports are selected.)
TAG: Default Service VLAN tag to be added to a packet that enters any of the
ports in the PORTS-GROUP.
This tag can be swapped using an ACL rule. For details, refer to the section
Stage 2 – Actions on Packet, page 255.

Viewing
To view the tags of one or more ports:
1. Enter enable mode.
2. Invoke the command:
show port tag [PORT-GROUP|all]
where,
[PORT-GROUP]: is the Group of Ports
(If no port number is entered, all ports are displayed.)
all: All ports
Example
OS910# show port tag 1-3
VMAN mode is disable
Value of ethertype 1 is 0x8100 (default value)
Value of ethertype 2 is 0x8100 (default value)

PORT TAG CONFIGURATION


======================
port OUTBOUND-TAGGED DEF-TAG NUM-TAGS ETHERTYPE TAGS-LIST
---------------------------------------------------------------
1 untagged 1 0 CORE1:0x8100
2 untagged 1 0 CORE1:0x8100
3 untagged 1 0 CORE1:0x8100
OS910#
The NUM-TAGS column shows the number of VLAN interfaces of which a port is a member.
DEF-TAG is the tag that will be assigned to untagged frames entering the port.

Multi-VLAN Membership for Untagged Ports


Normally, an untagged port can be a member of only one VLAN. However, by enabling such a port
for multi-VLAN membership, the port will know how to direct each ingress packet to the right
VLAN.

January 2009 URL: http://www.mrv.com 141


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

To configure a group of multi-VLAN untagged ports:


1. Enter configure terminal mode.
2. Invoke the command:
port untagged-multi-vlans PORTS-GROUP
where,
PORTS-GROUP: Group of untagged ports to be members in several VLANs.
3. For each multi-VLAN untagged port/group, configure an ACL (see Chapter 14:
Extended Access Lists (ACLs), page 247) that specifies the VLAN to which a packet type
entering the port/group is to be sent. Then bind the ACL to each of the multi-VLAN
untagged ports/groups.

Link Protection
Referring to Figure 16, the Link Protection (dual-homing) mechanism is used to set two ports to
backup each other. When the primary port fails, the backup (secondary) port takes over the tasks
of the primary port.

Enabling
To enable Link Protection:
1. Enter configure terminal mode.
2. Ensure that the two ports to be set in Link Protection mode (i.e., primary port and
backup port) are trunked. (The procedure for trunking ports is given in the section
Configuration, page 232.)
3. Invoke any of the following commands:
link-protection primary PORT backup PORT
or
link-protection primary PORT backup PORT no-preemption
or
link-protection primary PORT backup PORT srv NUMBER dmn <0-7>
or
link-protection primary PORT backup PORT srv NUMBER dmn <0-7>
rmep <0-4095>
where,
PORT: (First appearance) Primary Port number.
PORT: (Second appearance) Backup Port number.
no-preemption: Prevent the primary port from retaking over from the
backup port when it recovers.
srv: Get IEEE 802.1ag notifications about RMEP timeout for path with
defined service ID.
NUMBER: IEEE 802.1ag Service ID value.
dmn: Get IEEE 802.1ag notifications about RMEP timeout for path with
defined domain level.
<0-7>: IEEE 802.1ag domain level value (range 0..7).
rmep: Get 802.1ag notifications only for specified RMEP. Default: all RMEPs).
<0-4095>: IEEE 802.1ag Remote MEP ID range of values. 0: all RMEPs

142 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Figure 16: Link Protection Data Path


Example
OS910(config)# link-protection primary 3 backup 4
OS910(config)#

Disabling
To disable Link Protection:
1. Enter configure terminal mode.
2. Invoke the command:
no link-protection primary PORT
where,
PORT: Primary Port number.
Example
OS910(config)# no link-protection primary 3
OS910(config)#

Viewing
To view the link-protection status invoke the command:
1. Enter configure terminal mode.
2. Invoke the command:
show port details [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports whose link-protection status is to be viewed.

January 2009 URL: http://www.mrv.com 143


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS904(config)# show port details t1
Trunk t1 details:
-------------------
Description : N/A
Link : OFF
Duplex state : N/A
Speed selected : AUTO
Auto-Neg Advertise : Default
State : ENABLE
Priority : 1
Flow control mode : off
Ethertype : CORE1:0x8100
OutBound Tagged : untagged
Tags List :
Udld : -
Link-protection : primary 3 and backup 4 with preemption. Now active is 4.
OS904(config)#

Link Fault Reflection


The link fault reflection is a protective against damage to the eyesight by a laser beam.
Referring to Figure 17, the Link Fault Reflection (LIN) mechanism downs the link at the downlink
ports (that are assigned to the uplink port) if the link at the uplink port fails due to LOS. The uplink
port can be of one OS900 while the downlink ports can be of another OS900.
The fault is propagated from the Network-Network interface (NNI) to the User-NetworkInterface
(UNI). If LIN is enabled, the fault is propagated only if both interfaces experience LOS.
LIN can be enabled for only one uplink port in the OS900. The port can be a trunk port.
Using the link fault reflection mechanism, two OS900s interconnected across a network can be
configured so that if the link to a UNI at one OS900 goes down, the link to the corresponding UNI
at the other OS900 is automatically brought down.

144 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Figure 17: Link Fault Reflection between Uplink and Downlink

Enabling
To enable Link Fault Reflection:
1. Enter configure terminal mode.
2. Invoke any of the following commands:
link-reflection uplink PORT downlink PORT symmetrical
or
link-reflection uplink PORT downlink PORTS-GROUP
or
link-reflection uplink PORT downlink PORTS-GROUP srv NUMBER dmn
<0-7>
or
link-reflection uplink PORT downlink PORTS-GROUP srv NUMBER dmn
<0-7> rmep <0-4095>
link-reflection uplink PORT downlink PORTS-GROUP inverse-state
where,
PORT: (First appearance) Uplink (usually core or provider network) port
number.

January 2009 URL: http://www.mrv.com 145


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

PORT: (Second appearance) Downlink access port number.


symmetrical: Down the link at the uplink port if the link at the downlink port
fails. (This option can be applied provided only one port is specified as the
downlink port. In such a case, Link Fault Reflection can function for both the
uplink and downlink port.)
PORTS-GROUP: Downlink access port numbers.
srv: Get IEEE 802.1ag notifications about RMEP timeout for path with
defined service ID.
NUMBER: IEEE 802.1ag Service ID value.
dmn: Get IEEE 802.1ag notifications about RMEP timeout for path with
defined domain level.
<0-7>: IEEE 802.1ag domain level value (range 0..7).
rmep: Get 802.1ag notifications only for specified RMEP. Default: all RMEPs).
inverse-state: The downlink port is to have the opposite link state from the
uplink. When uplink link is UP all the downlink ports are DOWN, and when
uplink’s link goes DOWN all the downlinks’ links go UP.
<0-4095>: IEEE 802.1ag Remote MEP ID range of values. 0: all RMEPs

Note
If the port is a trunk, Link Fault Reflection is activated only if all ports of
the trunk fail.

Example 1
OS910(config)# link-reflection uplink 1 downlink 4 symmetrical
OS910(config)#

Example 2
The following example shows Link Fault Reflection configuration with Ethernet Service OAM for
two OS900s interconnected across a network. In this configuration, if the link to a UNI at one
OS900 is broken, the link to the corresponding UNI at the other OS900 is also broken.

146 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Network

Figure 18: Link Fault Reflection between Two UNIs


Configuration
Following are the CLI commands for implementing Link Fault Reflection between two OS900s
across the network shown in Figure 18, above.
OS900 1
---------

link-reflection uplink 4 downlink 1 srv 1 dmn 1


!
interface vlan vif10
tag 10
ports 1,4
!
ethernet oam domain 1
service 1
primary-vlan 10
vlans 10
remote-meps 1
mep 2 port 1
mep 2 activate
mep 2 ccm-activate
!
ethernet oam enable

January 2009 URL: http://www.mrv.com 147


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900 2
---------

link-reflection uplink 4 downlink 1 srv 1 dmn 1


!
interface vlan vif10
tag 10
ports 1,4
!
ethernet oam domain 1
service 1
primary-vlan 10
vlans 10
remote-meps 2
mep 1 port 1
mep 1 activate
mep 1 ccm-activate
!
ethernet oam enable

Disabling
To disable Link Fault Reflection:
1. Enter configure terminal mode.
2. Invoke the command:
no link-reflection uplink PORT
where,
PORT: Uplink-port number.
Example
OS910(config)# no link-reflection uplink 1
OS910(config)#

Port Protection (Private VLAN)


Definition
Port protection is the creation of one or more private (edge) VLANs within an existing VLAN.

Purpose
Port protection is used to direct traffic entering a VLAN to user-selected egress ports in the VLAN.

Advantage
In an Ethernet network, port protection provides additional security to hosts on the same subnet by
isolating the ports (from one another) to which they are connected even if the ports are members
of the same VLAN.

Configuration
This mechanism directs traffic at one group of user-selectable source (ingress) ports to another
group of user-selectable destination (egress) ports, all ports being members of the same VLAN.
To enable Port Protection:
1. Enter configure terminal mode.
2. Invoke the command:
port protected PORTS_GROUP|all allowed-dst PORTS_GROUP
where,
protected: Egress traffic restriction.

148 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

PORTS_GROUP: (First appearance) Group of source ports.


allowed-dst: Allow traffic to destination ports.
PORTS_GROUP: (Second appearance) Group of destination ports.
Example
OS900(config)# port protected 1,2 allowed-dst 3,4
OS900(config)#

Viewing
To view the destination ports to which traffic from the associated source ports is restricted:
1. Enter configure terminal mode.
2. Invoke the command:
show port protected [PORTS_GROUP]
where,
[PORTS_GROUP]: Group of source ports.
Example 1
OS900(config)# show port protected
Port protected:
-----------------
source port destination ports
1 all
2 all
3 4,7-9
4 all
5 4,7-9
6 all
7 all
8 all
9 all
10 all
OS900(config)#

Example 2
OS900(config)# show port protected
Port protected:
-----------------
source port destination ports
1 3-4
2 3-4
3 all
4 all
OS900(config)#

Link Flap Guard


General
Link Flap Guard is a mechanism that isolates a port that changes its link state with an
unacceptably high frequency.
By default, the Link Flap Guard is disabled.

Custom Setting
In the default setting, the Link Flap Guard isolates a port when the frequency of change in its link
state reaches the value of:
− 10 link flaps per second, if the port is 10/100/1000Base-T
− 150 link flaps per second, if the port is 10GE.

January 2009 URL: http://www.mrv.com 149


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

To set a new link flap frequency at which ports are to be isolated:


1. Enter configure terminal mode.
2. Invoke the command:
link-flap guard <5-10000> port (PORTS-GROUP|all)
where,
<5-10000>: Link flap frequency (i.e., number of changes per second in the
link state of a port) for which a port is to be isolated
PORTS-GROUP: Group of ports to have the link flap frequency apply
all: All ports to have the link flap frequency apply
Example
OS900(config)# link-flap guard 1257 port 2-4
OS900(config)#

Viewing
To view the setting of the Link Flap Guard:
1. Enter enable mode
2. Invoke the command:
show link-flap guard port (PORTS-GROUP|all)
PORTS-GROUP: Group of ports for whom the setting of the Link Flap Guard is
to be viewed
all: All ports to have the setting of the Link Flap Guard for them viewed
Example
OS900# show link-flap guard port 2-4
Link Flap Guard
----------------------
Port Guard Threshold
----------------------
2 1257
3 1257
4 1257
OS900#

Default Setting
To set the link flap guard to the default setting, i.e., to disable it:
1. Enter configure terminal mode.
2. Invoke either of the following commands:
link-flap guard default port (PORTS-GROUP|all)
no link-flap guard port (PORTS-GROUP|all)
Example
OS910(config)# link-flap guard default
The default value 10 has been accepted
OS910(config)#

Recovering Isolated Ports


To recover isolated ports (i.e., to allow them to reconnect to the network):
1. Enter configure terminal mode.
2. Invoke the command:
port state enable PORTS-GROUP|all.
where,
PORTS-GROUP: Group of ports to be recovered.
all: All ports to be recovered.

150 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Example
OS910(config)# port state enable 2,3
port 2 state set to: ENABLE
port 3 state set to: ENABLE
OS910(config)#

Link Flap Dampening


General
Link Flap Dampening is a mechanism that can be used to temporarily isolate one or more ports
that change their link state with an unacceptably high frequency.

Principle of Operation
The flapping port is assigned a flap-penalty for each flap. Once the total of the
accumulated flap penalties reaches the errdisable-threshold the port is isolated. If
now the port link stops flapping, for each passing link flap interval17 the total of the
accumulated penalties is decreased by the stability-grant value. When the total
drops to zero the port will be allowed to reconnect to the network provided it is set to
recover. By default, the port is preset to recover when the Link Flap Dampening
mechanism is enabled, as described below. (In any case, the port can be set/preset to
recover using the command port errdisable recover cause link-flap
PORTS-GROUP.) If the port is isolated a second time, the errdisable-threshold is
automatically doubled. If the port is isolated a third time, the errdisable-threshold is
automatically tripled. And so on. If the port is enabled using the command port state
(enable|disable) (PORTS-GROUP|all), the user-set errdisable-threshold
value is reestablished.

Enabling
To enable the Link Flap Dampening mechanism:
1. Enter configure terminal mode.
2. Invoke the command:
port errdisable detect cause link-flap PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be handled by the Link Flap Dampening
mechanism
Example
OS910(config)# port errdisable detect cause link-flap 1,4
OS910(config)#

Disabling
To disable the Link Flap Dampening mechanism:
1. Enter configure terminal mode.
2. Invoke the command:
no port errdisable detect cause link-flap PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be freed of the Link Flap Dampening
mechanism

17
The link flap interval is displayed when the command show link-flap-dampening is invoked, as described in the
section Configuration, page 153.

January 2009 URL: http://www.mrv.com 151


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910(config)# no port errdisable detect cause link-flap 4
OS910(config)#

Recovering Isolated Ports


By default, ports are preset to be recoverable (i.e., allowed to reconnect to the network) when the
Link Flap Dampening mechanism is enabled.
To recover isolated ports when the total of the accumulated penalties drops to zero:
1. Enter configure terminal mode.
2. Invoke the command:
port errdisable recover cause link-flap PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be allowed the Link Flap Dampening
mechanism
Example
OS910(config)# port errdisable recovery cause link-flap 3
OS910(config)#

Parameters Setting
Penalty per Flap
The Penalty per Flap is a number assigned to a flap. The larger the number, the larger is the
penalty.
To set the penalty value per flap:
1. Enter configure terminal mode.
2. Invoke the command:
link-flap-dampening flap-penalty VALUE
where,
VALUE: Flap penalty value
Example
OS910(config)# link-flap-dampening flap-penalty 5
OS910(config)#

Threshold for Port Isolation


The Threshold for Port Isolation is the product of the flap penalty value and the number of link
flaps.
To set the value of the threshold:
1. Enter configure terminal mode.
2. Invoke the command:
link-flap-dampening errdisable-threshold VALUE
where,
VALUE: Threshold value for port isolation
Example
OS910(config)# link-flap-dampening errdisable-threshold 40
OS910(config)#

Stability Grant
The Stability Grant is a number by which the total of the accumulated penalties is decremented for
each minute that no flap occurs since isolation. If no flap occurs until the accumulated penalties for
a port are decremented to zero, the port can reconnect to the network provided it is allowed to be
recoverable. The section Recovering Isolated Ports, page 152 shows how to make ports
recoverable.
1. Enter configure terminal mode.

152 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

2. Invoke the command:


link-flap-dampening stability-grant VALUE
where,
VALUE: Flap penalty value
Example
OS910(config)# link-flap-dampening stability-grant 8
OS910(config)#

Viewing
Configuration
To view the Link Flap Dampening configuration
1. Enter enable mode.
2. Invoke the command:
show link-flap-dampening
Example
OS910# show link-flap-dampening
Link-flap dampening configuration:
Errdisable threshold = 10
Flap penalty = 1
Stability grant = 2
Interval = 60 seconds
OS910#

Operation Data
To view the Link Flap Dampening operation data in brief:
1. Enter enable mode.
2. Invoke the command:
show port link-flap-dampening PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be freed of the Link Flap Dampening
mechanism
Example
OS910# show port link-flap-dampening 1,4
PORT DETECT RECOVERY PENALTY FLAPS-CNT ERRDIS-CNT RECOVER-CNT STATE
========================================================================
1 ENABLE ENABLE 0 0 0 0 ENABLE
4 ENABLE ENABLE 0 0 0 0 ENABLE
OS910#

To view the Link Flap Dampening operation data in detail:


1. Enter enable mode.
2. Invoke the command:
show port link-flap-dampening long PORTS-GROUP
where,
long: Detailed information
PORTS-GROUP: Group of ports to be freed of the Link Flap Dampening
mechanism

January 2009 URL: http://www.mrv.com 153


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910# show port link-flap-dampening long 1,4
Port 1
===========
Port state is ENABLE
Link flap dampening is enabled
Recovery from errdisable state is enabled
The current penalty is 0
The total number of link flaps is 0
The port never entered errdisable state
The port never recovered from errdisable state
Port 4
===========
Port state is ENABLE
Link flap dampening is enabled
Recovery from errdisable state is enabled
The current penalty is 0
The total number of link flaps is 0
The port never entered errdisable state
The port never recovered from errdisable state
OS910#

Dual (Internal and External) Ports


General
OS900 models incorporate internal dual-port architecture to facilitate traffic management functions.
All models have dual-port architecture on all ports, except OS912-AC-2 and OS912-DC-2, which
have dual-port architecture only on ports 1 to 10, and OS930, which has dual-port architecture only
on port 1.
Each dual port has one internal port and one external port. An internal port is physically
inaccessible. An external port is physically accessible. In the user manual, the internal ports are
distinguished from the external ports only where required.

Application
The dual-port feature provides for:

− Configuring a dual leaky-bucket policer (instead of a single leaky-bucket policer) as


described in the section Dual Leaky-Bucket Policer, page 294.

− Tag translation as described in the section Chapter 11: Tag Translation/Swapping,


page 225.

− Setting of separate flood rates for up to two different traffic types for the same ingress port
as described in the section Configuration, page 211.

Bypassing Internal Ports


As a rule, the default (factory-set) setting for internal ports should not be changed. In the default
setting, internal ports are not bypassed. Before changing the default setting, it is advisable to
consult MRV’s CSO.
To bypass all the internal ports:
1. Enter boot mode.
2. Invoke the command:
no internal-ports
Example
OS900(config)# boot
OS900(config-boot)# no internal-ports
Action will come into effect after rebooting

154 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

OS900(config-boot)#

Revoking Bypass of Internal Ports


To revoke bypassing of internal ports:
1. Enter boot mode.
2. Invoke the command:
internal-ports
Example
OS900(config)# boot
OS900(config-boot)# internal-ports
Action will come into effect after rebooting
OS900(config-boot)#

Flow Control
Definition
Flow Control is a mechanism that causes a transmitting station to temporarily backoff when the
port memory of the OS900 becomes saturated.

Purpose
Flow Control is used to prevent packet-loss. It is to be invoked when it is preferable to lower the
transmission rate rather than have packets dropped due to congestion.

Applicability
Flow control can be applied per-port to full-duplex ports.
It cannot be applied to trunk ports.

Effect
Flow control may impact SLA, such as bandwidth and QoS.

Principle of Operation
Flow Control is set up between the OS900 and a transmitting station on a point-to-point link.
Whenever the OS900 becomes congested, it sends back a "pause" frame to the transmitting
station at the other end of the link, instructing it to stop sending packets for a pre-specified time
period. The transmitting station waits during the requested time period before transmitting again.

Configuration
Enabling
To enable Flow Control:
1. Enter configure terminal mode.
2. Invoke the command:
port flow-control PORTS-GROUP
where,
PORTS-GROUP: Numbers of physical ports for which flow control is to be enabled

Disabling
To disable Flow Control:
1. Enter configure terminal mode.
2. Invoke the command:
no port flow-control PORTS-GROUP
where,

January 2009 URL: http://www.mrv.com 155


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

PORTS-GROUP: Numbers of physical ports for which flow control is to be disabled

Viewing
To view whether Flow Control is enabled or disabled for a port:
1. Enter configure terminal mode.
2. Invoke the command:
show port details [PORTS-GROUP]
where,
PORTS-GROUP: Group of physical ports

Compliance
IEEE 802.3x flow control protocol for full-duplex ports.

Statistics
Viewing
To view the momentary statistical information (detailed) on one or more ports (possibly members
of a trunk):
1. Enter enable mode or configure terminal mode.
2. Invoke the command:
show port statistics PORTS-GROUP
where,
PORTS-GROUP: Group of ports.
Example
OS900# show port statistics t1

PORTS STATISTICS
================

Port t1 Ethernet counters


---------------------------
Good bytes received : 249980170703
Good packets received : 3905937622
Good unicast packets received : 3905934745
Good broadcast packets received : 0
Good multicast packets received : 2877
Bytes transmitted : 250013089300
Packets transmitted : 3906453227
Unicast packets transmitted : 3906451771
Broadcast packets transmitted : 1456
Multicast packets transmitted : 0
CRC or Alignment error received : 2
Undersize received : 0
Oversize received : 0
Fragments received : 1
Jabber received : 0
Collisions received and transmitted : 0

Port t1 RMON Packet Size Distribution Counters


------------------------------------------------
- 64 Octets : 7812379774
65- 127 Octets : 4338
128- 255 Octets : 0
256- 511 Octets : 0
512-1023 Octets : 0
1024- Octets : 0

156 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

OS900#

To view the momentary statistical information (brief) on one or more ports in tabular format:
1. Enter enable mode or configure terminal mode.
2. Invoke the command:
show port statistics table [PORTS-GROUP]
where,
PORTS-GROUP: Group of ports.
Example
OS900# show port statistics table

PO SEND SEND SEND RECV RECV RECV RECV


NO UNI BROAD MULTI UNI BROAD MULTI ERR
=============================================================================
1 0 0 157198 0 0 0 0
2 0 0 0 0 0 0 0
5 0 0 0 0 0 0 0
6 0 0 0 0 0 78582 0
7 0 0 157198 0 0 0 0
8 0 0 0 0 0 0 0
9 0 0 0 0 0 0 0
10 0 0 0 0 0 0 0
t1 0 0 0 0 0 0 0
OS900#
To view the continually updated (automatically refreshed) statistical information on one or more
ports:
1. Enter enable mode or configure terminal mode.
2. Invoke either of the following commands:
monitor port statistics PORTS-GROUP [packets]
monitor port statistics table [PORTS-GROUP]
where,
monitor: Display with refresh18
port: Port related action
statistics: Statistics related action
[PORTS-GROUP]: Group of Ports
(If no port number is entered, all ports are displayed.)
table: Tabular format
packets: Packet counters only

18
Automatic continuous update

January 2009 URL: http://www.mrv.com 157


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900# monitor port statistics 3

PORTS STATISTICS
================

Port 3 Ethernet counters


---------------------------
Good bytes received : 45198670
Good packets received : 2791284
Good unicast packets received : 1895642
Good broadcast packets received : 364301
Good multicast packets received : 531341
Bytes transmitted : 51006743
Packets transmitted : 115672
Unicast packets transmitted : 85475
Broadcast packets transmitted : 20344
Multicast packets transmitted : 65131
CRC or Alignment error received : 0
Undersize received : 0
Oversize received : 0
Fragments received : 0
Jabber received : 0
Collisions received and transmitted : 15

Port 3 RMON Packet Size Distribution Counters


------------------------------------------------
- 64 Octets : 3012
65- 127 Octets : 90258
128- 255 Octets : 248021
256- 511 Octets : 720915
512-1023 Octets : 108839
1024- Octets : 4203
OS900#

To exit monitoring (and freeze the display), press Ctrl C or Ctrl Z .

Clearing
To clear the statistical counters of one or more ports:
1. Enter enable mode.
2. Invoke the command:
clear ports statistics [PORTS-GROUP]
where,
[PORTS-GROUP]: is the Group of Ports
(If no port number is entered, all ports are cleared.)
Example
OS900# clear ports statistics 1-4
OS900#

Digital Diagnostics
SFP Parameters
To view information on the parameters of SFPs in ports, invoke the command:
1. Enter enable mode.
2. Invoke the command:
show port sfp-params [PORTS-GROUP]

158 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

where,
show: Display
port: Port related action
sfp-params: SFP parameters
[PORTS-GROUP]: Group of Ports
(If no port number is entered, all ports are displayed.)
Example
OS900# show port sfp-params 2
SFP ports internal EEPROM data
===============================

SFP EEPROM Diagnostics: (Port 2)


*************************************
Identifier is SFP.
Connector code is LC.
Transceiver subcode is 1000Base-SX.
Serial encoding mechanism is 8B10B.
The nominal bit rate is 2100 Megabits/sec.
Link length using single mode (9 micron) is not supported.
Link length using 50 micron multi-mode fiber is greater than 300m.
Link length using 62.5 micron multi-mode fiber is greater than 150m.
Link length using cooper cable is not supported.
Vendor name is FINISAR CORP.
Vendor PN is FTRJ8519P1BNL
Vendor revision is A
Nominal transmitter output wavelength at room temperature is 850.00 nm.
======================================================================

SFP Diagnostics
To view real-time diagnostic information on SFPs, invoke the command:
1. Enter enable mode.
2. Invoke the command:
show port sfp-diag [PORTS-GROUP]
where,
show: Display
port: Port related action
sfp-diag: SFP diagnostics
[PORTS-GROUP]: Group of Ports
(If no port number is entered, all ports are displayed.)
Example
OS900# show port sfp-diag 3

SFP ports internal EEPROM data


===============================
SFP Digital Diagnostics: (Port 3)
*************************************
Description Real-Time Value
-------------------- ---------------
Temperature (C)/(F): 44/111
Voltage (V): 3.2998
TX Bias (mA): 4.836
TX Power (dBm)/(mW): -5.4/0.290
RX Power (dBm)/(mW): -23.8/0.004
************************

January 2009 URL: http://www.mrv.com 159


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Virtual Cable Diagnostics (VCD)


General
Virtual Cable Diagnostics (VCD™) is a tool for testing an electrical data cable connected to a
copper port for faults at the OSI Layer 1 and to pinpoint their location. It applies for cables that are
longer than 10 meters (33 feet). To perform VCD, only one CLI command needs to be invoked.
VCD identifies an electrical data cable fault type as well as its location accurate to 2 m (6.5 ft).
Some of the fault types detectable are:
− Opens
− Shorts
− Bad connectors
− Impedance mismatch
− Polarity mismatch

Benefits
• Quick & remote analysis of the attached copper cable
• Identification of fault location and type
• Less need for visits by technical support personnel to remote sites
• Reduced network downtime

Principle of Operation
VCD uses Time-Domain Reflectometry (TDR), a method that works on the same principle as
radar. In this method, an energy pulse transmitted through the cable is partially distorted and
reflected when it encounters a fault. The VCD mechanism measures the time it takes for the signal
to travel down the cable and analyzes its reflected waveform. It then translates this time into
distance and the reflected distorted waveform into the associated fault type.

Procedure
To perform VCD:
1. Enter enable mode.
2. Invoke the command:
vct [extended] PORTS-GROUP
where,
[extended]: Detailed information.
PORTS-GROUP: Group of Ports.
as shown in the example below.

Example
Following is a test case example of an 'open' on a 100 meter long cable. One end of the cable was
connected to port 2 of the local OS900. The far end of the cable was connected to another switch
(in normal operation mode). VCD was performed. The far end of the cable was disconnected and
VCD was performed again.
The commands invoked and the test results are shown below.

160 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

MRV OptiSwitch 910 version d1659-20-06-05


OS900 login: admin
Password:
Last login: Tue Jun 28 07:02:40 2006 on ttyS0
OS900> enable
OS900# vct extended 7
Port 2:
pair#0: No problem found. Cable Length is unknown.
pair#1: No problem found. Cable Length is unknown.
pair#2: No problem found. Cable Length is unknown.
pair#3: No problem found. Cable Length is unknown.
extended status:
link GE to FE down shift status: no downshift
OS900# vct extended 7
Port 2:
pair#0: Open in Cable. Approximatly 97 meters from the tested port.
pair#1: Open in Cable. Approximatly 99 meters from the tested port.
pair#2: Open in Cable. Approximatly 100 meters from the tested port.
pair#3: Open in Cable. Approximatly 97 meters from the tested port.
extended status:
no extended data for port 2
OS900#

XFP Port Protocol


General
This section applies to the OS930 model only.

Setting
To set an OS930 port (10 Gbps XFP) to transmit frames in Ethernet protocol or SONET/SDH
protocol format:
1. Enter configure terminal mode.
2. Invoke the command:
port xfp mode lan|wan PORTS-GROUP|all
where,
lan: Ethernet format at 10.3 Gbps
wan: SONET/SDH format at 9.95328 Gbps (OC-192 or STM-64)
PORTS-GROUP: Group of XFP ports.
all: All XFP ports.
Example
OS930(config)# port xfp mode wan 13
port 13 xfp mode set to: WAN
OS930(config)#

Viewing
Protocol
To view the protocol in which the XFP ports are set to operate:
1. Enter enable mode.
2. Invoke the command:
show port details [PORTS-GROUP]
where,
PORTS-GROUP: Group of XFP ports.

January 2009 URL: http://www.mrv.com 161


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS930(config)# show port details 13
Port 13 details:
----------------
Description : N/A
Type : ETH10000
Link : ON
Duplex state : FULL
PHY : XFP
XFP mode : WAN
Speed selected : FORC10,000
Actual speed : 10 GBps
State : ENABLE
Priority : 1
Flow control mode: off
Ethertype : CORE1:0x8100

OS930(config)#

WAN Status
To view the momentary status of one XFP port that has been set in WAN mode, i.e., set to
transmit frames in SONET/SDH format:
1. Enter enable mode.
2. Invoke the command:
show port xfp wan-status PORT
where,
PORT: Number of XFP port.
To view the continually updated (automatically refreshed) statistical information on one or more
ports:
1. Enter enable mode.
2. Invoke the command:
monitor port xfp wan-status PORT
where,
monitor: Display with refresh19
PORT: Number of XFP port.

19
Automatic continuous update

162 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Example
OS930(config)# do show port xfp wan-status 1
Port 1 xfp, wan status:

Section OOF : OK
Section LOS : OK
Section LOF : OK
Section BIP (B1) : 0
Line AIS : OK
Line RDI : OK
Line REI : 9435
Line BIP (B2) : 0
Path AIS : OK
Path REI : 63
Path BIP (B3) : 1
Path LOP : OK
Path PLM : OK
Path RDI : OK
Path Remote PLM : OK
OS930(config)#

Clearing
To clear the status counters associated with an XFP port set in WAN mode, i.e., set to transmit
frames in SONET/SDH format:
1. Enter enable mode.
2. Invoke the command:
clear port xfp wan-status-counters PORT
where,
PORT: Number of XFP port.

XFP WAN Tx and Rx Trace


General
This section applies to the OS930 model only.

Setting
One Octet at a Time
To set the value of an octet in the J1 (path trace) or J0 (section trace) field in the header of
SONET/SDH frames transmitted at an OS930 port (10 Gbps XFP) that is in WAN mode:
1. Enter configure terminal mode.
2. Invoke the command:
port xfp wan-tx-trace (J1|J0) octet <0-15> VALUE (PORTS-
GROUP|all)
where,
J1: Path Trace.
J0: Section Trace.
<0-15>: Octet number.
VALUE: Octet value (2-digit hexadecimal number).
PORTS-GROUP: Group of XFP ports.
all: All XFP ports.
Example
OS930(config)# port xfp wan-tx-trace J1 octet 4 7 1
OS930(config)#

January 2009 URL: http://www.mrv.com 163


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

All Octets
To set the value of all octets in the J1 (path trace) or J0 (section trace) field in the header of
SONET/SDH frames transmitted at an OS930 port (10 Gbps XFP) that is in WAN mode:
1. Enter configure terminal mode.
2. Invoke the command:
port xfp wan-tx-trace (J1|J0) VALUE VALUE VALUE VALUE VALUE VALUE
VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE
(PORTS-GROUP|all)
where,
J1: Path Trace.
J0: Section Trace.
VALUE: Octet value (2-digit hexadecimal number).
PORTS-GROUP: Group of XFP ports.
all: All XFP ports.
Example
In the following example, the first octet in J1 path trace (of the frames to be transmited) is
assigned the value 3, the second 7, the third 4, and so on, for port 13.
OS930(config)# port xfp wan-tx-trace J1 3 7 4 8 6 9 1 5 16 14 15 13 2 10 12 11 13
OS930(config)#

Viewing
To view the values that have been set to the octets in the J1 (path trace) or J0 (section trace) field
for the header of SONET/SDH frames to be transmitted or received at an OS930 port (10 Gbps
XFP):
1. Enter enable mode.
2. Invoke the command:
show port xfp wan-trace PORTS-GROUP|all
where,
PORTS-GROUP: Group of XFP ports.
all: All XFP ports.
Example
The following example shows that the first octet in J1 (of the frames to be transmited) is assigned
the value 3, the second 7, the third 4, and so on, for port 13.
OS930(config)# do show port xfp wan-trace 13
P1 J1
Tx: 03 07 04 08 06 09 01 05 16 14 15 13 02 10 12 11
Rx: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
P1 J0
Tx: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89
Rx: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

OS930(config)#

Uni-Directional Link Detection Protocol (UDLD)


General
UDLD is a Layer 2 protocol that enables a device (e.g., OS900) having Ethernet links to LAN ports
via fiberoptic cables to:
− Monitor the physical configuration of the cables
− Detect when Ethernet links are uni-directional
− Disable LAN ports having uni-directional Ethernet links, and

164 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

− Generate an alert.
Whereas auto-negotiation (Layer 1 mechanism), for example, handles physical signaling and fault
detection, UDLD can detect the identities of neighbor devices and disable misconnected LAN
ports.
Thus running auto-negotiation and UDLD concurrently on the OS900 prevents both physical and
logical unidirectional connections and consequently malfunctioning of other protocols.

Applicability
UDLD on the OS900 applies only for 100 and 1000 Mbps fiberoptic Ethernet ports.

Principle of Operation
A uni-directional link occurs whenever traffic transmitted by the local device over a link is received
by the neighbor but traffic transmitted from the neighbor is not received by the local device. This
can occur when for instance one of the two fibers in a fiberoptic cable is disconnected.
When UDLD is enabled, the OS900 periodically transmits UDLD packets to neighbor devices on
its LAN ports. If the neighbor OS900 or any other device that supports UDLD does not receive
UDLD packets for a specific time period, the link is flagged as uni-directional and the LAN port can
be disabled.
If conditions on both fibers are OK at Layer 1, UDLD at Layer 2 determines whether the fibers are
connected correctly and whether traffic flow is bidirectional between the right neighbors. This
determination cannot be made by the auto-negotiation mechanism.

Requirements
1. For UDLD to be able to identify and break uni-directional links, the devices on both ends of the
link are required to support UDLD.
2. For the two SFP ports at the end of the link:
2.1 Set the type of physical interface to 100Base-X or 1000Base-X using the command:
port media-select sfp|sfp100 PORT-GROUP|all
where,
sfp: Set the port to operate as a 1000Base-X interface
sfp100: Set the port to operate as a 100Base-X interface
PORT-GROUP: Group of Ports
all: All ports
2.2 Set the speed to 100 Mbit/sec or 1000 Mbit/sec using the command:
port speed 100|1000 PORTS-GROUP|all
where,
100: 100 Mbit/sec
1000: 1000 Mbit/sec
PORTS-GROUP: Group of Ports
all: All ports

Configuration
By default UDLD is disabled.
The OS900 can be set in either of the following modes:
− Aggressive Mode
− Non-aggressive Mode (default)
Aggressive Mode
Enabling
UDLD Aggressive mode is to be used only on point-to-point links between network devices that
support this mode. In this mode, when a port on a bidirectional link that has a UDLD neighbor

January 2009 URL: http://www.mrv.com 165


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

relationship established stops receiving UDLD packets, UDLD attempts to reestablish the
connection with the neighbor. Following eight failed attempts, the port is disabled.
The advantage in Aggressive mode becomes evident in the following instances:
− A port on one side of a link neither transmits nor receives, or
− One side of a link is UP while the other is DOWN
In either instance it disables one of the ports on the link thereby preventing packets from being
discarded.
To enable UDLD Aggressive mode:
1. Enter configure terminal mode.
2. Invoke the command:
port udld aggressive [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports to be handled in Aggressive UDLD mode.
Example
OS910(config)# port udld aggressive 2,4
OS910(config)#port udld enable 4
OS910(config)#

Disabling
To disable UDLD Aggressive mode:
1. Enter configure terminal mode.
2. Invoke the command:
no port udld aggressive [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports to be freed from Aggressive UDLD mode.
Example
OS910(config)# no port udld aggressive 4
OS910(config)#

Non-aggressive Mode
Enabling
UDLD Non-aggressive mode does not disable the port link. With the default interval of 15 seconds
it serves satisfactorily in preventing Spanning Tree loops. In this mode, port links are not disabled.
To configure UDLD Non-aggressive mode:
1. Enter configure terminal mode.
2. Invoke the command:
port udld enable [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports to be handled in Non-aggressive UDLD
mode.
Example
OS910(config)# port udld enable 1,4
OS910(config)#

Disabling
To disable UDLD Non-aggressive mode:
1. Enter configure terminal mode.
2. Invoke the command:
no port udld enable [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports to be freed from Non-aggressive UDLD
mode.

166 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Example
OS910(config)# no port udld enable 1,4
OS910(config)#

VLAN Tag in UDLD Messages


Custom
If a port (tagged) being handled by UDLD is a member of several VLAN interfaces, by default
UDLD messages with the lowest tag of the VLAN interfaces are sent to the device at the other end
of the link.
To force inclusion of any (other) VLAN interface tag to be sent with the UDLD messages:
1. Enter configure terminal mode.
2. Invoke the command:
port udld primary-vlan <1-4095> [PORTS-GROUP]
where,
<1-4095>: VLAN tag to be sent with the UDLD messages.
[PORTS-GROUP]: Group of ports to send UDLD messages with the selected
VLAN tag.
Example
OS910(config)# port udld primary-vlan 1000 4
OS910(config)#

Default
To cause messages to be sent in default mode, i.e., with the lowest tag:
1. Enter configure terminal mode.
2. Invoke the command:
no port udld primary-vlan <1-4095> [PORTS-GROUP]
where,
<1-4095>: VLAN tag to be replaced with the lowest tag.
[PORTS-GROUP]: Group of ports to send UDLD messages with the lowest
VLAN tag.

UDLD Message Interval


For Uni-directional Ports
Custom Setting
To set the time interval between UDLD messages on one or more uni-directional ports operating in
advertisement mode to a new value:
1. Enter configure terminal mode.
2. Invoke the command:
port udld slow-message-interval <7-90> [PORTS-GROUP]
where,
<7-90>: Time interval between UDLD messages in seconds. Default: 7
[PORTS-GROUP]: Group of uni-directional ports operating in advertisement
mode.
Example
OS910(config)# port udld slow-message-interval 40 1,4
OS910(config)#
Default Setting
To set the time interval between UDLD messages on one or more uni-directional ports to the
default value (60 seconds):
1. Enter configure terminal mode.
2. Invoke the command:
no port udld slow-message-interval [PORTS-GROUP]

January 2009 URL: http://www.mrv.com 167


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

where,
[PORTS-GROUP]: Group of uni-directional ports operating in advertisement
mode.
Example
OS910(config)# no port udld slow-message-interval 1,4
OS910(config)#

For Bi-directional Ports


Custom Setting
The default time interval between UDLD messages is 15 seconds.
To set the time interval between UDLD messages on one or more bi-directional ports operating in
advertisement mode to a new value:
1. Enter configure terminal mode.
2. Invoke the command:
port udld message-interval <7-90> [PORTS-GROUP]
where,
<7-90>: Time interval between UDLD messages in seconds.
[PORTS-GROUP]: Group of uni-directional ports operating in advertisement
mode.
Example
OS910(config)# port udld message-interval 35 1,3
OS910(config)#
Default Setting
To set the time interval between UDLD messages on one or more bi-directional ports to the default
value (60 seconds):
1. Enter configure terminal mode.
2. Invoke the command:
no port udld message-interval [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of bi-directional ports operating in advertisement
mode.
Example
OS910(config)# no port udld message-interval 1,3
OS910(config)#

Reset
To reset specific ports that have been disabled by UDLD:
1. Enter configure terminal mode.
2. Invoke the command:
port udld reset [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports disabled by UDLD that are to be reset.

Viewing
UDLD Status
To view UDLD status on specific ports, invoke the command:
1. Enter enable mode.
2. Invoke the command:
show port udld [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports whose configuration is to be viewed.

168 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 6: Ports

Example
OS904# show port udld 4
Port 4
---
Port configuration setting: Enabled
Current link state: UDLD bidirectional link
Current operational state: Advertisement
Message interval: 15
Time out interval: 7
Entry 1
---
Device ID: 0725000211
Current neighbor state: Bidirectional
Device name: OptiSwitch 910
Port ID: 10
Neighbor echo:
Neighbor echo 1 device: 0823001245
Neighbor echo 1 port: 4
Message interval: 15
Timeout interval: 7
Sequence number: 45
----------------------------------------
OS904#
‘Entry 1’ is a list of the data received from the neighbor device.

Port Status
To view the UDLD status of one or more ports, invoke the command:
1. Enter enable mode.
2. Invoke the command:
show port details [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports whose configuration is to be viewed.
Example
OS904# show port details 4
Port 4 details:
-------------------
Description : N/A
Type : ETH100/1000
Media-select mode : SFP
Link : ON Sfp
Duplex state : FULL
PHY : SFP+100FX
Speed selected : AUTO
Actual speed : 1 GBps
Auto-Neg Advertise : Default
State : ENABLE
Priority : 1
Flow control mode : off
Ethertype : CORE1:0x8100
OutBound Tagged : untagged
Tags List :
Udld : Bidirectional link
OS904#

January 2009 URL: http://www.mrv.com 169


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

170 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

Chapter 7: Interfaces

General
This chapter introduces the three types of interface of the OS900. They are:
− Out-of-band RS-232 Interface
− Out-of-band Ethernet Interface
− Dummy Interface
− Inband VLAN interface
Since a considerably wider range of operations can be performed on and with an inband VLAN
interface, this chapter is devoted almost exclusively to this type of interface.

Purpose
Interfaces are needed for VLANs, Access Lists, management, and protocols of various OSI layers,
such as, Layer 2.

Out-of-band RS-232 Interface


The out-of-band RS-232 interface (CONSOLE EIA-232 Port – see Front Panel of OS900) is used
for local management only and is described in the section CONSOLE EIA-232, page 55. The
connection of a craft terminal to the RS-232 interface is described in the section Craft
Terminal/Emulator (For Out-of-band Management), page 69. The required setup of the craft
terminal is described in the section Local Management (Craft Terminal), page 73.

Out-of-band Ethernet Interface


General
The out-of-band Ethernet interface (MGT ETH Port – see Front Panel of OS900) is used for
remote management only and is described in the section MGT ETH, page 55. The connection of a
management station is described in the section TELNET/SSH Station or SNMP NMS, page 70.
Unlike the RS-232 interface, management via the out-of-band Ethernet interface is, by default,
disabled for security reasons. The procedure for enabling management via the out-of-band
Ethernet interface is given in the section Remote Management, just below.

Remote Management
Enabling
To enable remote management (SNMP, TELNET, SSH, or TFTP) via the out-of-band Ethernet
interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Enter the out-of-band Ethernet interface (MGT ETH Port on Front Panel of OS900)
mode by invoking the command:
interface out-of-band eth0
Example
OS900(config)# interface out-of-band eth0

January 2009 URL: http://www.mrv.com 171


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900(config-eth0)#
3. Assign an IP address to the out-of-band interface by invoking the command:
ip A.B.C.D/M
where,
A.B.C.D/M: is the IP address/Mask of the interface.
Example
OS900(config-eth0)# ip 193.07.222.11/24
OS900(config-eth0)#
4. Enable a management protocol (SNMP, TELNET, SSH, or TFTP) for a specific
host/subnet by invoking the command:
management snmp|telnet|ssh|tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address of the management host or
management subnet (IP address/mask).
Example
OS900(config-eth0)# management snmp 192.2.2.2/24
OS900(config-eth0)#

Notes
1. More than one of the management protocols (SNMP, SSH, TELNET,
and TFTP) may be selected with which the OS900 will be accessible
by repeating the command:
management snmp|telnet|ssh|tftp
[SOURCE_IPV4_ADDRESS]
2. The command:
management snmp|telnet|ssh|tftp
(i.e., without the IP address)
enables management from any IP host.
3. The command:
management
(i.e., without the protocol and without the IP address)
enables SNMP, TELNET, SSH, and TFTP management from any IP
host.

Disabling
To disable remote management (SNMP, TELNET, SSH, or TFTP) via the out-of-band Ethernet
interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Enter the out-of-band Ethernet interface mode by invoking the command:
interface out-of-band eth0
Example
OS900(config)# interface out-of-band eth0
OS900(config-eth0)#
3. Disable a management protocol (SNMP, TELNET, SSH, or TFTP) by invoking the
command:
no management snmp|telnet|ssh|tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address of the management host.

172 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

Example
OS900(config-eth0)# no management snmp 192.2.2.2/24
OS900(config-eth0)#

TFTP Server Mode


A TFTP client can be connected to an OS900 interface in order to back up the configuration files
stored in the OS900.
Another way to back up IP configuration files is to first set the OS900 as an FTP client and then to
invoke the command:
copy ftp startup-config FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
as described in the section Download, page 387.
The OS900 operates as a TFTP server.

Enabling
To enable access via the out-of-band Ethernet interface for a TFTP client:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Select the out-of-band Ethernet interface via which access is to be enabled for a
TFTP client by invoking the command:
interface out-of-band eth0
Example
OS900(config)# interface out-of-band eth0
OS900(config-eth0)#
3. Enable access for a TFTP client by invoking the command:
management tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address (with or without mask) of the TFTP client.
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# management tftp 193.222.48.105/24
OS900(config-vif2)#

Disabling
To disable access via the out-of-band Ethernet interface for a TFTP client:
1. Enter configure terminal mode.
2. Select the out-of-band Ethernet interface via which access is to be disabled for a
TFTP client by invoking one of the following commands:
interface out-of-band eth0
Example
OS900(config)# interface out-of-band eth0
OS900(config-eth0)#
3. Disable access for a TFTP client by invoking the command:
no management tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address (with or without mask) of the TFTP
client.
Example
OS900# configure terminal

January 2009 URL: http://www.mrv.com 173


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900(config)# interface vif2


OS900(config-vif2)# no management tftp 193.222.48.105/24
OS900(config-vif2)#

Deleting
To delete the existing out-of-band Ethernet interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Delete the existing out-of-band Ethernet interface by invoking the command:
no interface out-of-band eth0
Example
OS900(config)# no interface out-of-band eth0
OS900(config-eth0)#

Dummy Interface
General
A dummy interface is a software-only loopback interface. It emulates an interface that is always up
and has connectivity to all VLAN interfaces of the OS900.
Up to 4095 dummy interfaces can be configured.

Configuration
To configure a dummy interface:
1. Enter configure terminal mode.
2. Invoke the command:
interface dummy IFNAME
where,
IFNAME: ID of interface/device. (The ID must have the format dummyX, where
X can be any integer in the range 1-4095, e.g., dummy3000.)
Example
OS900(config)# interface dummy dummy3000
OS900(config-dummy3000)#

Inband VLAN interfaces


General
Inband VLAN interfaces are user-creatable VLANs, each of which can be assigned an IP address.
A VLAN is a user-configurable logical grouping of one or more ports to form an isolated
communication domain. Communication between ports of the same VLAN occurs as if the ports
are connected to the same physical LAN. VLAN interfaces are used for data communication but
can concurrently be used also for inband management. The management station can be
connected to any of the LAN or WAN ports (indicated in Figure 2, page 54). Unlike the RS-232
interface, management via a VLAN interface is, by default, disabled for security reasons. The
procedure for enabling management via a VLAN interface is given in the section Remote
Management, page 183.

174 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

Number
The maximum number of VLAN interfaces that can be configured is 4K.

IDs
When configuring a VLAN interface, an Interface ID must be assigned to it using the format vifX,
where X is a decimal number in the range 1-4095. Examples of Interface IDs are: vif1, vif2,
vif3, … vif4095. vif0 is reserved for the Default Forwarding VLAN interface – described in the
section Default Forwarding VLAN Interface, page 177.

Configuring
To configure a VLAN interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Assign an Interface ID to the VLAN interface by invoking the command:
interface vlan IFNAME
where,
vlan: VLAN
IFNAME: Interface ID having the format vifX, where X is a decimal number in
the range 1-4095
Example
OS900(config)# interface vlan vif2005
OS900(config-vif2005)#
3. Assign ports to the VLAN interface by invoking the command:
ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be members of the VLAN interface.
Example
OS900(config-vif2005)# ports 2-4
OS900(config-vif2005)#
4. Define a tag (VID) for the VLAN interface by invoking the command:
tag TAG
where,
TAG: User-selectable tag (VID) for the VLAN interface. The tag can have any
value in the range 1-4095.
Example
OS900(config-vif2005)# tag 3000
Interface is activated.

Note
When valid ports and a tag are assigned to an interface, the VLAN
interface becomes active as shown in the example above.

A VLAN interface can be in either one of the following three states:


NA: Not Active, possibly because port or tag is not assigned to the VLAN interface
UP: Active and link exists on one or more ports that are members of the VLAN
interface
DO: Active and no link on any of the ports that are members of the VLAN interface

January 2009 URL: http://www.mrv.com 175


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

5. (Optional) For inband management, assign an IP address to the VLAN interface


by invoking the command:
ip A.B.C.D/M
where,
A.B.C.D/M: IP address/Mask of the VLAN interface.
Valid values are up to 223.255.255.254.
223.255.255.255 is the broadcast value.
224.0.0.0 to 239.255.255.255 is the multicast range.
Several IP addresses can be assigned to a VLAN interface by repeatedly invoking the
above command ip A.B.C.D/M.
Example
OS900(config-vif2005)# ip 193.86.205.47/24
OS900(config-vif2005)#
6. (Optional) Set the modes of the ports (that are to be included in the interface) as
described in the section Outbound Tag Mode, page 139.
To include a port in two or more VLAN interfaces, one of the following must be done:
− The port must first be set as tag or hybrid type in outbound tag
mode (as described in the section Outbound Tag Mode, page
139).
− The port must be set as untagged in outbound tag mode (as
described in the section Outbound Tag Mode, page 139) and
enabled for multi-VLAN membership (as described in the section
Multi-VLAN Membership for Untagged Ports, page 141). This is
so because it is not possible to create overlapping VLANs with
untagged ports since an untagged port can be a member of only
one VLAN interface.
Example
OS900(config)# port tag-outbound-mode tagged 1,4
OS900(config)#
7. (Optional) Set the bandwidth limit for Layer 3 protocols by invoking the command:
bandwidth BANDWIDTH
where,
BANDWIDTH: Bandwidth in the range <1-10000000000 bits> (valid units are: k
(kilo), m (Mega), g(Giga). Example: 200m.
Example
OS910(config-vif249)# bandwidth 10g
OS910(config-vif249)#

Name
The default name of a VLAN interface is the same as its Interface ID.
To change the default name of an interface:
1. Enter the configure terminal mode.
2. Access the mode of an existing VLAN interface by invoking the command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Change the name of the VLAN interface by invoking the command:
name NAME
where,
name: Name.
NAME: Name for VLAN interface.

176 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

Example
OS900# configure terminal
OS900(config)# interface vif7
OS900(config-vif7)# show

Name M Device IP State MAC Tag Ports


-------------------------------------------------------------------------------
vif7 vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3

OS900(config-vif7)# name Tiger


OS900(config-vif7)# show

Name M Device IP State MAC Tag Ports


-------------------------------------------------------------------------------
Tiger vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3

OS900(config-vif7)#

Description
To enter a textual description of an interface:
1. Enter configure terminal mode.
2. Access the mode of an existing VLAN interface by invoking the command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Enter a textual description of the interface by invoking the command:
description ..
where,
description: Textual description.
..: Textual description.
Example
OS900(config-vif2005)# description This interface is for Customer 10
OS900(config-vif2005)# show detail

vif2005 is DOWN (No state changes have occurred)


Description: This interface is for Customer 10
Active: Yes
Ports: 6-8,10
Interface type is Vlan
Encapsulation: 802.1Q, Tag 3000
MAC address is 00:0F:BD:02:05:B8
IP address is 193.86.205.47/24
Cpu-membership is enable
Management access is denied
TFTP access is denied.
Access-group is not defined

OS900(config-vif2005)#

Default Forwarding VLAN Interface


General
The Default Forwarding VLAN interface is a broadcast domain for all ports not included in user-
defined VLAN interfaces. That is, any packet entering one such port is flooded to all other such
ports.
In the factory default setting, only the default VLAN interface (vif0) exists and all the physical
data ports of the OS900 are untagged members of it. The default VLAN interface cannot be

January 2009 URL: http://www.mrv.com 177


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

deleted. However, any of its (member) ports can be assigned to a user-defined VLAN interface
(thereby removing the port from ‘Default Forwarding VLAN interface’). The default tag (VID) for
vif0 is 1.

Viewing
To view the default forwarding status and the default tag:
1. Enter enable mode.
2. Invoke the command:
show default-fwd
Example
OS900> enable
OS900# show default-fwd
default forwarding tag : 1
OS900#

Tag Modification
The default tag (or any other tag assigned to vif0) can be changed as follows:
1. Enter configure terminal mode.
2. Change the default VID of the VLAN interface by invoking the command:
default-fwd tag TAG
where,
TAG: VID. It can be any number in the range 1-4095.
Below is an example showing:
− Display of the tag of vif0 using the command show interface. The tag ID is shown in
the Tag column. In the example, the tag ID is 0001.
− Change of the default tag to 2007 using the command default-fwd tag 2007.
− Display of the new tag of vif0 using the command show interface. The system
shows that it is 2007.
OS900(config)# show interface

INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
vif0 vif0 - DO 00:0F:BD:00:05:B8 0001 1-10

- 'vif0' is the default forwarding interface.


- drop-tag is 4094.

OS900(config)# default-fwd tag 2007


OS900(config)# show interface

INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
vif0 vif0 - DO 00:0F:BD:00:05:B8 2007 1-10

- 'vif0' is the default forwarding interface.


- drop-tag is 4094.

OS900(config)#

Disabling
The Default Forwarding VLAN Interface is by default enabled. To disable it:
1. Enter configure terminal mode.
2. Disable the Default Forwarding VLAN Interface by invoking the command:

178 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

no default-fwd
Below is an example showing:
− That the Default Forwarding VLAN Interface is initially enabled (by default) as indicated by
the response ‘default forwarding tag : 1’ to the command do show default-fwd. (The
prefix do is used with show default-fwd because the command show default-fwd, which
belongs in the enable mode, is invoked in another mode, namely, configure terminal
mode.)
− Disabling the Default Forwarding VLAN Interface by invoking the command no default-
fwd.
− Verifying that the Default Forwarding VLAN Interface is disabled as indicated by the
response ‘default forwarding is disabled’ to the command do show default-fwd.
OS900(config)# do show default-fwd
default forwarding tag : 1
OS900(config)# no default-fwd
OS900(config)# do show default-fwd
default forwarding is disabled
OS900(config)#

Enabling
The Default Forwarding VLAN Interface is by default enabled. To enable it:
1. Enter configure terminal mode.
2. Enable the Default Forwarding VLAN Interface by invoking the command:
default-fwd tag TAG
where,
TAG: VID. It can be any number in the range 1-4095.
Below is an example showing:
− That the Default Forwarding VLAN Interface is initially disabled as indicated by the
response ‘default forwarding is disabled’ to the command do show default-fwd. (The
prefix do is used with show default-fwd because the command show default-fwd, which
belongs in the enable mode, is invoked in another mode, namely, configure terminal
mode.)
− Enabling the Default Forwarding VLAN Interface by invoking the command default-fwd
tag 1.
− Verifying that the Default Forwarding VLAN Interface is enabled as indicated by the
response ‘default forwarding tag : 1’ to the command do show default-fwd.
OS900(config)# do show default-fwd
default forwarding is disabled
OS900(config)# default-fwd tag 1
OS900(config)# do show default-fwd
default forwarding tag : 1
OS900(config)#

Drop Tag
Drop Tag is a VLAN interface tag for internal use of the OS900. It cannot be assigned to another
VLAN interface. However, it can be changed. Its default value is 4094.

Viewing
To view the (current) Drop Tag:
1. Enter configure terminal mode
2. Display the drop tag by invoking the command:
show interface
Below is an example showing the (current) Drop Tag.
OS900(config)# show interface

INTERFACES TABLE

January 2009 URL: http://www.mrv.com 179


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
Tiger vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3
vif0 vif0 - DO 00:0F:BD:00:05:B8 0001 4-10

- 'vif0' is the default forwarding interface.


- drop-tag is 4094.

OS900(config)#

Changing
To change the (current) Drop Tag:
1. Enter configure terminal mode
2. Change the value of the Drop Tag VLAN interface by invoking the command:
drop-tag TAG
where,
TAG: VID. It can be any number in the range 2-4095. The number ‘1’ is, by default,
the tag of the Default Forwarding VLAN interface vif0.
To change the value of the Drop Tag VLAN interface to the default value, i.e., 4094, invoke
either of the following commands:
no drop-tag
default drop-tag
Below is an example showing how to change the current Drop Tag (displayed in the above
example as 4094) and the changed Drop Tag (38).
OS900(config)# drop-tag 38
OS900(config)# show interface

INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
Tiger vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3
vif0 vif0 - DO 00:0F:BD:00:05:B8 0001 4-10

- 'vif0' is the default forwarding interface.


- drop-tag is 38.

OS900(config)#

Drop Packets
To cause the OS900 to drop any one or more ingress packet types at a VLAN:
1. Enter the mode of the interface at which one or more ingress packet types are to
be dropped by invoking the command:
interface vlan IFNAME
where,
IFNAME: Interface ID having the format vifX, where X is a decimal number in the
range 1-4095.
2. Invoke the command:
drop ipv4-broadcast|ipv4-multicast|ipv6-multicast|non-ip-
broadcast|non-ip-multicast|unknown-unicast
where,
drop: Drop packets
ipv4-broadcast: Drop IPv4 broadcast packets
ipv4-multicast: Drop IPv4 multicast packets (Mac DA = 01:00:5E:XX:XX:XX)

180 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

ipv6-multicast: Drop ipv6 multicast packets (Mac DA = 33:33:XX:XX:XX:XX)


non-ip-broadcast: Drop non-IP broadcast packets
non-ip-multicast: Drop non-IP multicast packets
unknown-unicast: Drop unknown unicast packets
Example
OS900(config)# interface vlan vif7
OS900(config-vif7)# ports 3,4
OS900(config-vif7)# tag 100
Interface is activated.

OS900(config-vif7)# drop ipv6-multicast


OS900(config-vif7)#

Viewing
To view an existing interface:
1. Enter enable mode or configure terminal mode.
2. Display information on the interface by invoking the command:
show interface [INTERFACE|configuration|detail|statistics]
where,
INTERFACE: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
configuration: Run-time configuration of interface
detail: Details on interfaces
statistics: Statistics on interface
Below is an example showing display of a specific interface.
OS900(config)# show interface vif2005

Name M Device IP State MAC Tag Ports


-------------------------------------------------------------------------------
vif2005 vif2005 193.86.205.47/24 DO 00:0F:BD:02:05:B8 3000 3-5
OS900(config)#

Below is an example showing display of details on a specific interface.


OS900(config)# show interface detail vif8

vif8 is DOWN (No state changes have occurred)


Active: Yes
Ports: 3-6
Interface type is Vlan
Encapsulation: 802.1Q, Tag 200
MAC address is 00:0F:BD:02:05:B8
IP address is 192.2.3.4/24
Cpu-membership is enable
Management access is denied
TFTP access is denied.
Access-group is active:
ACL2 Ports: 5-6

OS900(config)#

Below is an example showing display of statistics of a port that is a member of a specific interface.
The display applies to packets received or sent by the CPU.
OS900(config)# show interface statistics vif7 3

vif7 Link encap:Ethernet HWaddr 00:0F:BD:00:05:B8


inet addr:192.2.2.2 Bcast:192.2.2.255 Mask:255.255.255.0
BROADCAST MULTICAST MTU:1500 Metric:1

January 2009 URL: http://www.mrv.com 181


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

RX packets:0 errors:0 dropped:0 overruns:0 frame:59


TX packets:0 errors:0 dropped:0 overruns:0 carrier:17
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
OS900(config)#

Modifying
To modify any one or more characteristics (e.g., port membership, tag, IP address, etc.) of an
existing VLAN interface:
1. Enter configure terminal mode.
2. Access the mode of the VLAN interface by invoking the command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Set the new characteristic(s).

Below is an example showing the current member ports of a specific interface, e.g., vif7, how
ports can be added and deleted, and the final member ports of the interface.
OS900(config-vif7)# show

Name M Device IP State MAC Tag Ports


-------------------------------------------------------------------------------
Tiger vif7 192.88.22.234/24 DO 00:0F:BD:15:05:B8 0100 1

OS900(config-vif7)# ports add 2-4


OS900(config-vif7)# ports del 1
OS900(config-vif7)# show

Name M Device IP State MAC Tag Ports


-------------------------------------------------------------------------------
Tiger vif7 192.88.22.234/24 DO 00:0F:BD:15:05:B8 0100 2-4

OS900(config-vif7)#

Disabling
An existing VLAN interface can be disabled for administrative reasons or in order to be able to
modify several of its characteristics together. A VLAN interface is enabled by default when
member ports and a tag is defined for the interface. To disable an existing interface:
1. Enter configure terminal mode.
2. Enter the mode of the VLAN interface that is to be disabled by invoking the
command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Disable the VLAN interface by invoking the command no enable.
Example
OS900# configure terminal
OS900(config)# interface vif2005
OS900(config-vif2005)# no enable
OS900(config-vif2005)#

Enabling
To enable an existing interface:
1. Enter configure terminal mode.

182 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

2. Enter the mode of the VLAN interface that is to be enabled by invoking the
command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Enable the VLAN interface by invoking the command enable.
Example
OS900# configure terminal
OS900(config)# interface vif2005
OS900(config-vif2005)# enable
OS900(config-vif2005)#
4. Verify that the VLAN interface is active in the interface mode by invoking the
command show detail.
Example
OS900(config-vif7)# show detail

vif7 is DOWN (No state changes have occurred)


Name: Tiger
Active: Yes
Ports: 1-3
Interface type is Vlan
Encapsulation: 802.1Q, Tag 10
MAC address is 00:0F:BD:00:05:B8
IP address is 192.2.2.2/24
Cpu-membership is enable
Management access is denied
TFTP access is denied.
Access-group is not defined
OS900(config-vif7)#

Remote Management
Enabling
To enable remote management (using any of the protocols SNMP, TELNET, SSH, or TFTP) via a
specific VLAN interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Select the existing VLAN interface via which management is to be enabled by
invoking the command:
interface IFNAME
where,
IFNAME: ID of an existing VLAN interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# interface vif2
OS900(config-vif2)#
3. Enable a management protocol (SNMP, TELNET, SSH, or TFTP) for a specific
host/subnet by invoking the command:
management snmp|telnet|ssh|tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address of the management host or
management subnet (IP address/mask).

January 2009 URL: http://www.mrv.com 183


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# management snmp 193.222.48.105/24
OS900(config-vif2)#

Notes
1. More than one of the management protocols (SNMP, SSH, TELNET,
and TFTP) may be selected with which the OS900 will be accessible
by repeating the command:
management snmp|telnet|ssh|tftp
[SOURCE_IPV4_ADDRESS]
2. The command:
management snmp|telnet|ssh|tftp
(i.e., without the IP address)
enables management from any IP host.
3. The command:
management
(i.e., without the protocol and without the IP address)
enables SNMP, TELNET, SSH, and TFTP management from any IP
host.
4. Up to 20 instances (protocols together with IP addresses) can be
configured per VLAN interface.

Disabling
To disable remote management (using any of the protocols SNMP, TELNET, SSH, or TFTP) via a
specific VLAN interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Select the existing VLAN interface via which management is to be disabled by
invoking the command:
interface IFNAME
where,
IFNAME: ID of an existing VLAN interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# interface vif2
OS900(config-vif2)#
3. Disable a management protocol (SNMP, TELNET, SSH, or TFTP) by invoking the
command:
no management snmp|telnet|ssh|tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address of the management host.
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# no management snmp 193.222.48.105/24
OS900(config-vif2)#

TFTP Server Mode


The OS900 operates as a TFTP server.

184 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

A TFTP client can be connected to an OS900 interface in order to back up the configuration files
stored in the OS900.
Another way to back up IP configuration files is to first set the OS900 as an FTP client and then to
invoke the command:
copy ftp startup-config FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
as described in the section Download, page 387.

Enabling
To enable access via a specific VLAN interface for a TFTP client:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Select the existing VLAN interface via which access is to be enabled for a TFTP
client by invoking the command:
interface IFNAME
where,
IFNAME: ID of an existing VLAN interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# interface vif2
OS900(config-vif2)#
3. Enable access for a TFTP client by invoking the command:
management tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address (with or without mask) of the TFTP
client.
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# management tftp 193.222.48.105/24
OS900(config-vif2)#

Disabling
To disable access via a specific VLAN interface for a TFTP client:
1. Enter configure terminal mode.
2. Select the existing VLAN interface via which access is to be disabled for a TFTP client by
invoking the command:
interface IFNAME
where,
IFNAME: ID of an existing VLAN interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# interface vif2
OS900(config-vif2)#
3. Disable access for a TFTP client by invoking the command:
no management tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address (with or without mask) of the TFTP client.
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# no management tftp 193.222.48.105/24
OS900(config-vif2)#

January 2009 URL: http://www.mrv.com 185


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Statistics
To view the statistics on one or more interfaces:
1. Enter enable mode or configure terminal mode.
2. Invoke the command:
monitor interface statistics INTERFACE
where,
monitor: Display with refresh
interface: Interface-related action
statistics: Statistics-related action
INTERFACE: Interface ID having the format vifX, where X is a decimal number
in the range 1-4095
Example
OS900# monitor interface statistics vif7

The following counters count only frames received and transmitted by the CPU !!!

vif7 Link encap:Ethernet HWaddr 00:0F:BD:00:05:B8


inet addr:192.28.173.56 Bcast:192.83.173.255 Mask:255.255.255.0
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:348209 errors:0 dropped:0 overruns:0 frame:0
TX packets: 348209 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:72045813 (0.0 B) TX bytes: 72045813 (0.0 B)
OS900#

To exit monitoring, press Ctrl C or Ctrl Z .

Ingress Counters
An ingress counter is used to count packets in an ingress queue according to one or more of the
following attributes:
− Physical ports
− VLAN tag (Interface ID)
There are two sets of four ingress counters, identified as ‘set1’ and ‘set2’. The ingress counters in
a set are:
− REC PACKETS (counts the number of received packets)
− DROP VLAN-FILTER (counts the number of packets dropped due to VLAN ID [tag]
mismatch, i.e., the VLAN ID of the packets are different from the tag of the ingress VLAN)
− DROP SECURITY (counts the number of packets dropped due to security screening.
Security screening includes Learn Table limits, e.g., by port or VLAN tag – see Limiting,
page 99, – and invalid source address)
− DROP OTHER (counts the number of packets dropped due to drop conditions other than
those described for the counters DROP VLAN-FILTER and DROP SECURITY.
These drop conditions are: Spanning Tree state change and rate limit of flood packets –
see Chapter 9: Rate Limiting of Flood Packets, page 211.)

Activation
To activate a set of ingress queue counters:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Invoke the command:
ingress-counters set1|set2 port PORT|all tag <1-4096>|all

186 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 7: Interfaces

where,
set1: First ingress counters set
set2: Second ingress counters set
port: Ingress port
PORT: Range of port numbers from which one can be selected
all: (first) All ports
tag: VLAN interface tag
<1-4096>: Range of VLAN Interface IDs from which one can be selected. If a
value that is the same as the VLAN tag of an existing VLAN is selected, the
DROP VLAN-FILTER counter will show zero counts since packets with this
VLAN tag (ID) are valid and are therefore not dropped!
all: (second) All VLAN Interface IDs. (To enable the DROP VLAN-FILTER
counter to count all packets who’s VLAN IDs are different from the tag of the
ingress VLAN, select this option instead of a single tag value in the range <1-
4096>.)
To revoke the above command, invoke the command:
no ingress-counters set1|set2
where,
set1: First ingress counters set
set2: Second ingress counters set
Example
OS900(config)# ingress-counters set2 port 3 tag all
OS900(config)#

Viewing
To view the ingress queue counters
1. Enter configure terminal mode.
2. Invoke either of the following commands:
show ingress-counters set1|set2
monitor ingress-counters set1|set2
where,
show: Display without refresh.
monitor: Display with refresh.
set1: First ingress counters set
set2: Second ingress counters set
Example
OS900(config)# show ingress-counters set2
Ingress counters group set2 is active for port 3, tag all

REC DROP DROP DROP


PACKETS VLAN-FILTER SECURITY OTHER
7809153 21 48 67
OS900(config)#

Viewing
To view the ingress queue counters
1. Enter configure terminal mode.
2. Invoke either of the following commands:
show ingress-counters set1|set2
monitor ingress-counters set1|set2
where,
show: Display without refresh.
monitor: Display with refresh.

January 2009 URL: http://www.mrv.com 187


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

set1: First ingress counters set


set2: Second ingress counters set
Example
OS900(config)# show ingress-counters set2
Ingress counters group set2 is active for port 3, tag all

REC DROP DROP DROP


PACKETS VLAN-FILTER SECURITY OTHER
7809153 21 48 67
OS900(config)#

Clearing
To clear an ingress queue counters
1. Enter configure terminal mode.
2. Invoke either of the following commands:
clear ingress-counters (set1|set2)
where,
set1: First ingress counters set
set2: Second ingress counters set
Example
OS900(config)# clear ingress-counters set2
OS900(config)#

Deleting
To delete an existing VLAN interface:
1. Enter configure terminal
Example
OS900# configure terminal
OS900(config)#
2. Delete the existing VLAN interface by invoking the command:
no interface IFNAME
where,
IFNAME: ID of the existing interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# no interface vif1
interface vif1 was deleted
OS900(config)#

188 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

Multiple-instance
Chapter 8:
Spanning-Tree Protocol (MSTP)
General
The newest spanning-tree protocol MSTP (IEEE 802.1s standard) is implemented in the OS900.
MSTP is backward compatible with the spanning-tree protocols STP (IEEE 802.1d standard) and
RSTP (IEEE 802.1w standard) so that the OS900 can be used in a network consisting of devices
operating in STP, RSTP, and MSTP.

Definition
MSTP allows for the creation of multiple MSTIs on a network with network inter-node links that can
be shared by any number of MSTIs. An MSTI is a mechanism that creates traffic bridges between
devices on a network in the spanning-tree topology20 while permitting redundant links that it may
use as new bridges in the event of a change in the network’s topology.

Purposes
To:
1. Prevent collapse of communication over a network whose topology is changed
dynamically.
2. Address the needs of increasingly faster Ethernet networks with mission-critical
applications requiring fast convergence/recovery. (The convergence/recovery time
is 50 to 200ms, the specific time depending on the network).
3. Maximize traffic flow across a network by optimizing resource utilization (for e.g.,
by utilizing unused inter-node links).
4. Balance traffic flow across the network.
5. Improve fault tolerance by enabling traffic to flow unaffected in MSTIs even when
failure occurs in one or more of the other MSTIs.
6. To identify and exclude each port looped on itself, i.e., each port whose Tx output
is connected to its Rx input.

MSTIs
General
An MSTI consists of a grouping of VLANs. Up to 64 MSTIs can be created by the user. Each MSTI
has the functionality, capabilities, and advantages of RSTP. Traffic belonging to the VLANs of an
MSTI flow through the MSTI path, which is constructed by MSTP. Traffic streams of MSTIs flow
independently of one another. Accordingly, if, for example, a specific port is in the blocking state
for MSTI I1 and not for MSTI I2, traffic with tags of I1 will be blocked at the port while traffic with
tags of I2 will be forwarded at the same port.
Figure 19, below, shows three active MSTIs on a network. The MSTI paths may be changed by
MSTP when a port is blocked for certain VLANs or when a link in the path is broken.

20
A tree topology ensures that only one path exists between any two endstations on the network. Closed loops are opened
and a redundant standby path is made available to traffic in the event that the primary (active) path is disrupted.

January 2009 URL: http://www.mrv.com 189


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Figure 19: MSTIs on a Physical Network


RSTP switches are able to process MSTP BPDUs as if they are RSTP BPDUs. Also, MSTP
switches are able to process RSTP BPDUs as if they are MSTP BPDUs. Accordingly, MSTP
switches send MSTP BPDUs to RSTP switches, and RSTP switches send RSTP BPDUs to MSTP
switches.
However, if an MSTP switch is connected to an STP switch, the MSTP switch sends STP BPDUs
to the STP switch.

Default MSTI
The default MSTI is called CIST (Common and Internal Spanning Tree). This MSTI is pre-
configured and cannot be deleted. All VLANs that are not members of other MSTIs, are members
of CIST. Its ID is 0. When VLANs are created, they are automatically included in the CIST. To
remove a VLAN from the CIST another MSTI must be created by the user, and the VLAN tag must
be moved to this MSTI.
In addition to its role as the default MSTI, CIST interconnects regions and single-instance
spanning-tree entities (such as STP and RSTP switches), relating to each region (described in the
section Regions, page 191) and STP/RSTP device as a single virtual bridge.
MSTP uses CIST in creating a spanning tree path interconnecting MST regions and SST21 entities.
In a network of regions and SST entities, each region or SST entity views another region or SST
entity that is directly connected to it as a single spanning-tree bridge. In a region, the SST entity
that directly connects to another region is the CIST regional root bridge. One of the CIST regional
root bridges is set by MSTP as the CIST root bridge.

21
SST is STP or RSTP.

190 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

Figure 20: CIST (Default MSTI) on a Physical Network

Regions
A region is a set of interconnected switches all of which have the same values for the following
MST parameters:
• Name of the MST region
• Revision number of the current MST configuration (default 0)
• Digest, i.e., VLANs-to-MSTI mappings

Note
A region may include one or more MSTIs as shown in Figure 21, page
192.
Each region is seen as a single bridge by other regions.
In configuring multiple regions, it must be noted that any MSTI in one
region is completely independent of any MSTI in another region – even
if the MSTIs have the same ID! That is, traffic in one region is directed
independently of traffic in another region.

January 2009 URL: http://www.mrv.com 191


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Figure 21: Regions on a Physical Network

Principle of Operation
Bridge Roles
In MSTP, a switch can have one of the following roles:
Root Bridge The bridge that is at the root of a logical tree-topology
interconnection of bridges created by the MSTP. The bridge that

192 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

has the lowest bridge ID in the network is selected as the Root


Bridge.
Designated Bridge The bridge that can provide the best route to the Root Bridge.

Port Roles
In MSTP, a port (of a bridge) can have one of the following roles:
Root Port The port via which the best route (having the lowest path-cost) is taken to
the Root Bridge. The Root Port can be in any of the following states:
Forwarding, Learning, or Discarding.
Designated Port A port that internally sends/receives to/from the Root Port of the same
bridge. Several Designated Ports may exist in an active MSTP
configuration. The Designated Port can be in any of the following states:
Forwarding, Learning, or Discarding.
Alternate Port A port that serves as a standby to the Root Port. In discarding state, the
port to which it is linked is always Designated Port. Several Alternate
Ports may exist in an active MSTP configuration. The Alternate Port can
be only in the following state: Discarding.
Backup Port A port that serves as a Backup to the Designated Port. The Backup Port
and Designated Port are connected to a device (e.g., hub) that provides
traffic sharing on a LAN media segment. The Backup Port can be only in
the following state: Discarding.
Disabled Port A port that does not participate in MSTP.

Physical and Active Topologies


Figure 22, below, shows a network of interconnected bridges (physical topology) participating in
MSTP. The active topology excludes the direct connection between bridge B and C and between
the Hub and Backup Port.
If any one of the four physical links interconnecting B, C, D, and E, fails MSTP will activate the
other three to maintain the requisite spanning-tree bridging topology.

January 2009 URL: http://www.mrv.com 193


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Figure 22: Network Running MSTP

Rules
The following rules apply to MSTP.
1. Up to 64 MSTIs can be created per region.
2. A port can be included in any number of MSTIs.
3. A VLAN can be included in only one MSTI.
4. Regions are automatically created if the values of the three region parameters
(specified in the section Regions, page 191) are not identical on all the OS900s in
the network.
5. A region can include several MSTIs.
6. Traffic in one region is directed independently of traffic in another region.
7. The ID of CIST (default MSTI) is 0 and cannot be changed.
8. A user-created MSTI may be assigned any ID in the range 1 to 255.
9. All VLANs assigned to the same instance will have the same active topology.
10. A network including STP-activated or RSTP-activated switches (in addition to
MSTP-activated switches) must use CIST.

194 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

Ports
Placing Restrictions
To place an MSTP-related restriction on specific ports of the OS900:
1. Enter spanning-tree mode (from configure terminal mode).
2. Invoke the command:
port PORTS-GROUP (admin-edge|auto-edge|non-stp|root-
restricted|tcn-restricted)
where,
PORTS-GROUP: Group of Ports to be configured.
admin-edge: adminEdge port(s).
An adminEdge configured port goes directly into the forwarding state upon link
establishment.
For a port participating in STP, AdminEdge = Y causes OperEdge = Y
immediately. However, the port starts Forwarding only if no BPDU is received
for a period of 2 seconds.
If a BPDU is received at any time after AdminEdge = Y, OperEdge = N and
the port stays in the non-edge mode unless link down/up is performed,
whereupon the port reverts to the state for which the whole description above
applies again.
A shortcoming of this method of operation is in the case the following
conditions apply: 1) OperEdge = N, 2) the port becomes a Designated port; 3)
no agreement is received in response to the proposal within 5 seconds. In this
case, the port will forward after a long delay; about 3 x Forward Delay time,
i.e., 45 seconds.
auto-edge: autoEdgePort, per IEEE Std. 802.1D-2004, 14.8.2.3.2.e
An auto-edge configured port goes directly into the forwarding state upon link
establishment.
For a port participating in STP, AdminEdge = Y causes OperEdge = Y
immediately and, unlike in the previous version, the port starts Forwarding
immediately. Accordingly, this setting should be used only if it is certain that
the port is connected only to an end station.
If it is not connected only to an end station, the port could start forwarding
while still in a physical loop with other STP ports, thereby possibly causing
broadcast storms.
In the present version, a new parameter, AutoEdge22, has been made
available. Its purpose is to speed up recovery/convergence of STP bridging
that includes a Designated port for which OperEdge = N. As a designated
non-edge port, wanting to start forwarding, it sends a proposal flag. If it does
not receive an agreement within 5 seconds (2 seconds + migration time), and
AutoEdge = Y, it decides, that it is OperEdge = Y and starts forwarding
immediately. If AutoEdge = N, the delay in
forwarding could be as much as 3 x Forwarding Delay Time.
non-stp: Port(s) not to participate in MSTP
root-restricted:A Boolean value set by management. If TRUE causes
the Port not to be selected as Root Port for the CIST or any MSTI, even it has
the best spanning tree priority vector. Such a Port will be selected as an
Alternate Port after the Root Port has been selected. This parameter should
be FALSE by default. If set, it can prevent full spanning tree connectivity. It is
set by the network administrator to prevent bridges external to a core region of
the network influencing the spanning tree active topology, for possibly the
reason that the bridges are not under the full control of the administrator.

22
According to the bridge-detection machine Draft 802.1D-2400.

January 2009 URL: http://www.mrv.com 195


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

tcn-restricted: A Boolean value set by management. If TRUE causes the


Port not to propagate received topology change notifications and topology
changes to other Ports, e.g., TCNs and TCs. This parameter should be
FALSE by default. If set it can cause temporary loss of connectivity after
changes in a spanning trees active topology as a result of persistent
incorrectly learnt station location information. It is set by a network
administrator to prevent bridges external to a core region of the network
causing address flushing in that region, possibly because those bridges are
not under the full control of the administrator or MAC_Operational for the
attached LANs transitions frequently.

Removing Restrictions
To remove the administrator-imposed MSTP-related restriction on specific ports of the OS900:
1. Enter spanning-tree mode.
2. Invoke the command:
no port PORTS-GROUP (admin-edge|auto-edge|non-stp|root-
restricted|tcn-restricted)

BPDU Storm Guard


Enabling
To enable the storm guard, i.e. to limit the number of BPDUs per port per second:
1. Enter spanning-tree mode.
2. Invoke the command:
bpdu-storm-guard <0-4294967295> (inform|isolate)
<0-4294967295>: Range of numbers of BPDUs from which one number
is to be selected. The number selected designates the maximum number
of BPDUs that can be transmitted per port per second. Default: 25 BPDUs
per second. 0 means no limit.
inform: Notify which ports transmit BPDUs in excess of the set limit.
isolate: Notify which ports transmit BPDUs in excess of the set limit and
isolate them (default).

Disabling
To revoke the the storm guard:
1. Enter spanning-tree mode.
2. Invoke the command:
no bpdu-storm-guard

Applications
This section presents three typical MSTI applications in networks to show the scope of MSTP.
They are:
− Single MSTI
− Multiple MSTIs without Load Balancing
− Multiple MSTIs with Load Balancing

Single MSTI
General
In this application, the default MSTI (CIST) is used to interconnect the whole network. Only the
single command enable needs to be invoked to actively sustain the spanning tree topology for
the entire network.

196 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

Example
Figure 23, below, shows a network using CIST to interconnect OS900s. A network with a simple
topology has been intentionally selected to make it easier to understand the application. In one of
several possible active CIST configurations, port blocking prevents traffic flow on the link between
OS900 C and OS900 D . However, traffic can flow on all the other links. OS900 A is shown as
the current CIST Root Bridge.
If any inter-node link (other than that between OS900 C and OS900 D ) fails, the port at OS900
C changes its state from ‘blocking’ to ‘forwarding’ in order to rebridge all four nodes.

Figure 23: CIST-configured Network

Configuration Procedure
To use CIST to interconnect the switches of a network, simply invoke the following command:
enable
Example
OS900> enable
OS900# configure terminal
OS900(config)# spanning-tree
OS900(config-mstp) enable

The command enables MSTP, which prevents traffic flow between OS900 C and OS900 D . A
spanning tree is configured on the network according to default values (e.g., bridge priority, port
pathcost, etc.). CIST is the only active MSTI and includes all VLANs.

View
To view which ports are blocking and which are forwarding, invoke the command:
show spanning-tree port 1-2
To view which OS900 is the root bridge, invoke the command:
show spanning-tree instance 0

January 2009 URL: http://www.mrv.com 197


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Note
By default, the port on the OS900 that has the longest distance to the
root is blocked.

Multiple MSTIs without Load Balancing


General
In this application, multiple MSTIs (each having several VLANs) are applied to a network without
utilizing the traffic load balancing capability of multiple MSTIs.

Example
Figure 24, below, shows a network built with four OS900s:
OS900 A , OS900 B , OS900 C , and OS900 D .
On each OS900, four interfaces (VLANs) are configured: vif1, vif2, vif3, and vif4.
vif1 is assigned tag 110. vif2 is assigned tag 120. vif3 is assigned tag 130. vif4 is assigned
tag 140.
Two MSTIs are configured on each of the OS900s: 1 and 2.
MSTI 1 contains the interfaces vif1 and vif2, and serves as a pathway for traffic on these
interfaces. MSTI 2 contains the interfaces vif3 and vif4, and serves as a pathway for traffic on
these interfaces.
By default, the OS900 with lowest MAC address is set as the root bridge by MSTP. Since the two
MSTIs 1 and 2 are configured on all the OS900s in the network, the OS900 with the lowest MAC
address is set as the common root bridge for the MSTIs. OS900 A is shown as the common root
bridge. In one of several possible active MSTI 1 or MSTI 2 configurations, the link between OS900
A and OS900 D is blocked for all traffic. As a result, both MSTI 1 and MSTI 2 traffic entering
OS900 A is directed over the same link (between OS900 A and OS900 B ).

Figure 24: Multiple-MSTI Network without Load Balancing

198 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

Configuration Procedure
The procedure for configuring multiple MSTIs on OS900s without traffic load balancing is
described using the network in Figure 24 as an example.
Perform the procedure for each OS900.

1. Create the interfaces (VLANs, i.e., vif1, vif2, vif3, and vif4) to be included
in MSTIs using either of the following commands, once for each interface:
For Tag-based, Non-IP type interfaces23
interface vlan IFNAME
where,
vlan: VLAN
IFNAME: Interface ID having the format vifX, where X is a decimal number in
the range 1-4095
Example
OS900> enable
OS900# configure terminal

OS900(config)# interface vlan vif1


OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif1)# exit

OS900(config)# interface vlan vif2


OS900(config-vif2)# ports 2
OS900(config-vif2)# tag 120
Interface is activated.
OS900(config-vif2)# exit

OS900(config)# interface vlan vif3


OS900(config-vif3)# ports 3
OS900(config-vif3)# tag 130
Interface is activated.
OS900(config-vif3)# exit

OS900(config)# interface vlan vif4


OS900(config-vif4)# ports 4
OS900(config-vif4)# tag 140
Interface is activated.
OS900(config-vif4)#

2. Enter the spanning-tree mode using the command:


spanning-tree
Example
OS900(config-vif4)# exit
OS900(config)# spanning-tree
OS900(config-mstp)#
3. Create MSTIs using the command:
instance <0-64> vlan TAGS-LIST
where,
instance: MSTI
<0-64>: Range of valid MSTI IDs from which one ID is to be selected.
vlan: VLANs are to be mapped to the MSTI.
TAGS-LIST: List of VLAN tags to be members of the specific MSTI.

23
A tag-based interface has a unique IEEE 802.1Q VLAN ID. A Non-IP type interface has no IP address.

January 2009 URL: http://www.mrv.com 199


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900(config-mstp)# instance 1 vlan 110,120
OS900(config-mstp)# instance 2 vlan 130,140
OS900(config-mstp)#
4. Enable MSTP for the OS900 using the command:
enable
Example
OS900(config-mstp) enable
OS900(config-mstp)#

View
To view which ports are blocking and which are forwarding, invoke the command:
show spanning-tree port 1-2
To view which OS900 is the root bridge, invoke the commands:
show spanning-tree instance 1
show spanning-tree instance 2

Note
By default, the port on the OS900 that has the longest distance to the
root is blocked.

Multiple MSTIs with Load Balancing


General
In this application, multiple MSTIs (each having several VLANs) are applied to a network utilizing
the traffic load balancing capability of multiple MSTIs.

Example
Figure 25, below, shows a network built with four OS900s:
OS900 A , OS900 B , OS900 C , and OS900 D .
On each OS900, four interfaces (VLANs) are configured: vif1, vif2, vif3, and vif4.
vif1 is assigned tag 110. vif2 is assigned tag 120. vif3 is assigned tag 130. vif4 is assigned
tag 140.
Two MSTIs are configured on each of the OS900s: 1 and 2.
MSTI 1 contains the interfaces vif1 and vif2, and serves as a pathway for traffic on these
interfaces. MSTI 2 contains the interfaces vif3 and vif4, and serves as a pathway for traffic on
these interfaces.
Bridge priority is configured for each instance on the OS900s (using the command instance
INSTANCE_ID priority NUMBER in the mode spanning-tree). The two OS900s with the
lowest bridge priority in each MSTI are set as the root bridge by MSTP. OS900 B is shown as the
root bridge in MSTI 1. OS900 D is shown as the root bridge in MSTI 2. In one of several possible
active MSTI 1 or MSTI 2 configurations, vif1 and vif2 traffic entering OS900 A is directed on
the link between OS900 A and OS900 B while vif3 and vif4 traffic entering OS900 A is
directed on the link between OS900 A and OS900 D . That is, MSTI 1 and MSTI 2 traffic is
divided between links. Thus, load balancing of traffic entering OS900 A is achieved.

200 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

Figure 25: Multiple-MSTI Network with Load Balancing

Configuration Procedure
The procedure for configuring multiple MSTIs on OS900s with traffic load balancing is described
using the network in Figure 25 as an example.

Perform the procedure for each OS900.


1. Create the interfaces (VLANs, i.e., vif1, vif2, vif3, and vif4) to be included
in MSTIs as follows, noting that the assignment of IP address is optional since it is
not required for MSTIs:

a. Invoke the commands: interface vlan vif1, ports 1, tag


110, and ip 20.30.30.34/24.

b. Invoke the commands: interface vlan vif2, ports 2, tag


120, and ip 60.10.10.10/24.

c. Invoke the commands: interface vlan vif3, ports 3, tag


130, and ip 70.30.30.34/24.

d. Invoke the commands: interface vlan vif2, ports 4, tag


140, and ip 80.30.30.34/24.

January 2009 URL: http://www.mrv.com 201


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900> enable
OS900# configure terminal

OS900(config)# interface vlan vif1


OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif4)# ip 20.30.30.34/24
OS900(config-vif1)# exit

OS900(config)# interface vlan vif2


OS900(config-vif2)# ports 2
OS900(config-vif2)# tag 120
Interface is activated.
OS900(config-vif4)# ip 60.10.10.10/24
OS900(config-vif2)# exit

OS900(config)# interface vlan vif3


OS900(config-vif3)# ports 3
OS900(config-vif3)# tag 130
Interface is activated.
OS900(config-vif4)# 70.30.30.34/24
OS900(config-vif3)# exit

OS900(config)# interface vlan vif4


OS900(config-vif4)# ports 4
OS900(config-vif4)# tag 140
Interface is activated.
OS900(config-vif4)# ip 80.30.30.34/24
OS900(config-vif4)#

2. Enter the spanning-tree mode using the command:


spanning-tree
Example
OS900(config-vif4)# exit
OS900(config)# spanning-tree
OS900(config-mstp)#
3. Create MSTIs using the command:
instance <0-64> vlan TAGS-LIST
where,
instance: MSTI
<0-64>: Range of valid MSTI IDs from which one ID is to be selected.
vlan: VLANs are to be mapped to the MSTI.
TAGS-LIST: List of VLAN tags to be members of the specific MSTI.
Example
OS900(config-mstp)# instance 1 vlan 110,120
OS900(config-mstp)# instance 2 vlan 130,140
OS900(config-mstp)#
4. Set the bridge priority using the command:
instance <0-64> priority NUMBER
where,
instance: MSTI
<0-64> Range of valid MSTI IDs from which one ID is to be selected.
priority: Bridge priority of the OS900.
NUMBER: Value of the priority. Any value in the range <0-61440> may be
selected provided it is a multiple 4096.

202 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

Example
OS900(config-mstp)# instance 1 priority 4096
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)#
5. Option: Set the port priority using the command:
instance <0-64> port PORTS-GROUP priority NUMBER
where,
instance: MSTI
<0-64> Range of valid MSTI IDs from which one ID is to be selected.
port: Port configuration.
PORTS-GROUP: Group of Ports.
priority: Bridge priority of the OS900.
NUMBER: Value of the priority. Any value in the range <0-240> may be selected
provided it is a multiple 16.
Example
OS900(config-mstp)# instance 1 port 1-3 priority 80
OS900(config-mstp)#
6. Option: Set the port path cost24 using the command:
instance <0-64> port PORTS-GROUP path-cost NUMBER|auto
where,
instance: MSTI
<0-64> Range of valid MSTI IDs from which one ID is to be selected.
port: Port configuration.
PORTS-GROUP: Group of Ports.
path-cost: Port path cost of the OS900.
NUMBER: Value of the priority. Any value in the range 1-200000000 may be
selected.
auto: Automatic setting of port path cost.
Example
OS900(config-mstp)# instance 1 port 1-3 path-cost 800000
OS900(config-mstp)#

Note
To make OS900 B the root bridge of MSTI 1, set its bridge priority to
the lowest among the other OS900s for MSTI 1.
To make OS900 D the root bridge of MSTI 2, set its bridge priority to
the lowest among the other OS900s for MSTI 2.

7. Enable MSTP for the OS900 using the command:


enable
Example
OS900(config-mstp) enable
OS900(config-mstp)#

Configuration Example
The following example shows how to configure the OS900s in the network of Figure 25 for traffic
load balancing.

24
A port having a higher speed has a lower pathcost. Accordingly, as a rule, a port trunk (see Chapter 12: , page 231)
has a lower pathcost than a single port.

January 2009 URL: http://www.mrv.com 203


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900 A Configuration
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )
OS900(config)# interface vlan vif1
OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif1)# ip 20.30.30.35/24
OS900(config-vif1)# name Jojo1
OS900(config-vif1)# exit

OS900(config)# interface vlan vif2


OS900(config-vif2)# ports 2
OS900(config-vif2)# tag 120
Interface is activated.
OS900(config-vif2)# ip 60.10.10.11/24
OS900(config-vif2)# name Jojo2
OS900(config-vif2)# exit

OS900(config)# interface vlan vif3


OS900(config-vif3)# ports 3
OS900(config-vif3)# tag 130
Interface is activated.
OS900(config-vif3)# ip 70.30.30.35/24
OS900(config-vif3)# name Jojo3
OS900(config-vif3)# exit

OS900(config)# interface vlan vif4


OS900(config-vif4)# ports 4
OS900(config-vif4)# tag 140
Interface is activated.
OS900(config-vif4)# ip 80.30.30.35/24
OS900(config-vif4)# name Jojo4
OS900(config-vif4)# exit

OS900(config)# spanning-tree
OS900(config-mstp)# instance 1 priority 16384
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)# instance 2 priority 20480
accepted: dec=8192 or hex=0x2000
OS900(config-mstp)# instance 1 port 1 priority 64
OS900(config-mstp)# instance 1 port 2 priority 80
OS900(config-mstp)# instance 1 port 1-4 path-cost auto
OS900(config-mstp)# instance 2 port 1-4 path-cost auto
OS900(config-mstp)# enable
OS900(config-mstp)#

OS900 B Configuration
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )

204 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

OS900(config)# interface vlan vif1


OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif1)# ip 20.30.30.34/24
OS900(config-vif1)# name Zorro1
OS900(config-vif1)# exit

OS900(config)# interface vlan vif2


OS900(config-vif2)# ports 2
OS900(config-vif2)# tag 120
Interface is activated.
OS900(config-vif2)# ip 60.10.10.10/24
OS900(config-vif2)# name Zorro2
OS900(config-vif2)# exit

OS900(config)# interface vlan vif3


OS900(config-vif3)# ports 3
OS900(config-vif3)# tag 130
Interface is activated.
OS900(config-vif3)# ip 70.30.30.34/24
OS900(config-vif3)# name Zorro3
OS900(config-vif3)# exit

OS900(config)# interface vlan vif4


OS900(config-vif4)# ports 4
OS900(config-vif4)# tag 140
Interface is activated.
OS900(config-vif4)# ip 80.30.30.34/24
OS900(config-vif4)# name Zorro4
OS900(config-vif4)# exit

OS900(config)# spanning-tree
OS900(config-mstp)# instance 1 priority 4096
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)# instance 2 priority 8192
accepted: dec=8192 or hex=0x2000
OS900(config-mstp)# instance 1 port 1 priority 16
OS900(config-mstp)# instance 1 port 2 priority 32
OS900(config-mstp)# instance 1 port 1-4 path-cost auto
OS900(config-mstp)# instance 2 port 1-4 path-cost auto
OS900(config-mstp)# enable
OS900(config-mstp)#

OS900 C Configuration
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )
OS900(config)# interface vlan vif1
OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif1)# ip 20.30.30.33/24
OS900(config-vif1)# name Lupo1
OS900(config-vif1)# exit

OS900(config)# interface vlan vif2


OS900(config-vif2)# ports 2

January 2009 URL: http://www.mrv.com 205


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900(config-vif2)# tag 120


Interface is activated.
OS900(config-vif2)# ip 60.10.10.9/24
OS900(config-vif2)# name Lupo2
OS900(config-vif2)# exit

OS900(config)# interface vlan vif3


OS900(config-vif3)# ports 3
OS900(config-vif3)# tag 130
Interface is activated.
OS900(config-vif3)# ip 70.30.30.33/24
OS900(config-vif3)# name Lupo3
OS900(config-vif3)# exit

OS900(config)# interface vlan vif4


OS900(config-vif4)# ports 4
OS900(config-vif4)# tag 140
Interface is activated.
OS900(config-vif4)# ip 80.30.30.33/24
OS900(config-vif4)# name Lupo4
OS900(config-vif4)# exit

OS900(config)# spanning-tree
OS900(config-mstp)# instance 1 priority 20480
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)# instance 2 priority 24576
accepted: dec=8192 or hex=0x2000
OS900(config-mstp)# instance 1 port 1-3 priority 80
OS900(config-mstp)# instance 1 port 4 priority 96
OS900(config-mstp)# instance 1 port 1-4 path-cost auto
OS900(config-mstp)# instance 2 port 1-4 path-cost auto
OS900(config-mstp)# enable
OS900(config-mstp)#

OS900 D Configuration
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )
OS900(config)# interface vlan vif1
OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif1)# ip 20.30.30.33/24
OS900(config-vif1)# name Lupo1
OS900(config-vif1)# exit

OS900(config)# interface vlan vif2


OS900(config-vif2)# ports 2
OS900(config-vif2)# tag 120
Interface is activated.
OS900(config-vif2)# ip 60.10.10.9/24
OS900(config-vif2)# name Lupo2
OS900(config-vif2)# exit

OS900(config)# interface vlan vif3


OS900(config-vif3)# ports 3
OS900(config-vif3)# tag 130
Interface is activated.

206 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

OS900(config-vif3)# ip 70.30.30.33/24
OS900(config-vif3)# name Lupo3
OS900(config-vif3)# exit

OS900(config)# interface vlan vif4


OS900(config-vif4)# ports 4
OS900(config-vif4)# tag 140
Interface is activated.
OS900(config-vif4)# ip 80.30.30.33/24
OS900(config-vif4)# name Lupo4
OS900(config-vif4)# exit

OS900(config)# spanning-tree
OS900(config-mstp)# instance 1 priority 8192
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)# instance 2 priority 4096
accepted: dec=8192 or hex=0x2000
OS900(config-mstp)# instance 1 port 1-3 priority 16
OS900(config-mstp)# instance 1 port 4 priority 32
OS900(config-mstp)# instance 1 port 1-4 path-cost auto
OS900(config-mstp)# instance 2 port 1-4 path-cost auto
OS900(config-mstp)# enable
OS900(config-mstp)#

Viewing Spanning-Tree State


To display information on the ports participating in a specific MSTI, invoke the command:
show spanning-tree instance <0-64>
where,
<0-64>: Range of valid MSTI IDs from which one ID is to be selected.
Example
OS900(config-mstp)# show spanning-tree instance 1

Instance: id=1 name='MSTi1'


Ports:
Tags: 999
BridgeId: 1001-000fbd0005b2 Bridge Priority: 4096 (0x1000)
Designated Root: 1001-000fbd0005b2
Root Port: none (RootBridge)
Designated Brdg: 1001-000fbd0005b2
remainingHops: 14 Instance MaxHops: 14
Topology Change Count: 0
Time Since Topology Change: 00:06:28
OS900(config-mstp)#

Viewing Port States


To display information on the ports participating in a specific MSTI, invoke the command:
show instance <0-64> [ports PORTS-GROUP]
where,
<0-64>: Range of valid MSTI IDs from which one ID is to be selected.
Ports: Keyword which must be typed in if information is to be displayed on selective
ports participating in the specific MSTI.
PORTS-GROUP: Group of ports participating in the specific MSTI.
Example
OS900(config-mstp)# show instance 1 port 3

Instance: 1 Tags: 110,120


Stp Port: 3 PortId: 1003 in 'MSTi1'

January 2009 URL: http://www.mrv.com 207


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Priority: 16 Uptime: 00:30:45


State: Disabled
Int. PortPathCost: admin: Auto oper: 20000000
Point2Point: admin: ForceYes oper: Yes
Partner: oper: MSTP
Edge: admin: N auto oper: N
MSTI msgs: rx: 0 tx: 0

OS900(config-mstp)#

BPDUs
Policing
To drop BPDUs or flood their VLANs with them, invoke the command:
port PORTS-GROUP tagged-bpdu rx TAG-LIST (drop|flood)
where,
PORTS-GROUP: Group of Ports.
tagged-bpdu: Spanning Tree tagged-BPDU ports definition.
rx: Configure recieved BPDUs.
TAG-LIST: TAG's to drop off/flood on.
drop: Drop the BPDUs.
flood: Flood the BPDUs.

Tagging
For interoperability it is sometimes necessary to accept and transmit BPDUs after tagging them.
To tag and transmit BPDUs, invoke the command:
port PORTS-GROUP tagged-bpdu tx TAG
where,
PORTS-GROUP: Group of Ports.
tagged-bpdu: Spanning Tree tagged-BPDU ports definition.
tx: Configure BPDUs to be transmitted.
TAG: Tag for transmitted BPDUs.
By default, the tagged BPDUs will be received and treated as untagged BPDUs so that they are
transmitted rather than dropped.

IEEE 802.1ag Port Forwarding


In some scenarios, spanning-tree port forwarding decisions based on IEEE 802.1ag will reduce
convergence (recovery) time.

Enabling
To enable port forwarding decisions based on IEEE 802.1ag:
1. From configure terminal mode, enter spanning-tree mode.
2. Invoke the command:
port PORTS-GROUP oam-based-force-edge
where,
PORTS-GROUP: Group of ports to be enabled to forward based on IEEE 802.1ag
decisions.

Disabling
To disable port forwarding decisions based on IEEE 802.1ag:
1. From configure terminal mode, enter spanning-tree mode.

208 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP)

2. Invoke the command:


no port PORTS-GROUP oam-based-force-edge
where,
PORTS-GROUP: Group of ports to be disabled from forwarding based on IEEE
802.1ag decisions.

Filtering Events
Events can be filtered per the IEEE 802.1ag standard as follows:
1. From configure terminal mode, enter spanning-tree mode.
2. Invoke the command:
oam-filter all|NUMBER all|NUMBER all|NUMBER all|NUMBER
where,
all: (First Appearance) Accept events from all domains.
NUMBER: (First Appearance) Accept events from a specific domain.
all: (Second Appearance) Accept events from all services.
NUMBER: (Second Appearance) Accept events from a specific service.
all: (Third Appearance) Accept events from all MEPs.
NUMBER: (Third Appearance) Accept events from a specific MEP.
all: (Fourth Appearance) Accept events from all RMEPs.
NUMBER: (Fourth Appearance) Accept events from a specific RMEP.

Transmit-Hold Count
The Transmit-Hold Count parameter controls the number of BPDUs that can be sent before
pausing for 1 second. Setting a higher value than that of the default can significantly impact CPU
utilization. A lower value may slow down convergence (recovery).

Changing
To change the Transmit-Hold Count parameter value:
1. From configure terminal mode, enter spanning-tree mode.
2. Invoke the command:
tx-hold-count <1-10>|infinite
where,
<1-10>: Range of transmit-hold counts. A number from this range designates the
number of BPDUs that will be sent per 1-second pause. Default: 6.
infinite: No pause for any number of BPDUs.

Default
To set the Transmit-Hold Count parameter value to the default value (6 BPDUs per 1-second
pause):
1. From configure terminal mode, enter spanning-tree mode.
2. Invoke the command:
no tx-hold-count

January 2009 URL: http://www.mrv.com 209


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

210 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 9: Rate Limiting of Flood Packets

Chapter 9:Rate Limiting of


Flood Packets
Definition
Rate Limiting of Flood Packets is a service for limiting the rate of ingress packets at ports that tend
to flood the network. (To limit the rate of egress packets, the traffic shaping function, described in
the section Shaping on page 301, can be used.)

Purpose
Rate Limiting is used to prevent excessively high packet rates at ports that are potentially
hazardous to the operation of bridged networks.

Applicability
Rate Limiting can be applied to flood packets such as unknown-unicast, multicast, broadcast, and
TCP-SYN. It can be set to any value in the range 46.08 Kbps to 1 Gbps with 46.08 Kbps
granularity.
Applying Rate Limiting to flood packets in effect also prevents traffic storms. Flood packets that
exceed the set rate limit are discarded.

Note
Rate Limiting of flood packets is configured in bits-per-second and the
rate calculation takes into account all the packet bytes (including
Ethernet framing overhead consisting of preamble + SFD + IPG). This
means that the rate limitation is done at the Layer 1 level.

Configuration
To limit the rate of flood packets at one or more ports:
1. Enter configure terminal mode.
2. Select the types of flood packets whose rate is to be limited by invoking one or
more of the following command:
port flood-limiting unknown-unicast PORTS-GROUP|all
port flood-limiting multicast PORTS-GROUP|all
port flood-limiting broadcast PORTS-GROUP|all
port flood-limiting tcp-syn PORTS-GROUP|all
port flood-limiting extra unknown-unicast PORTS-GROUP|all
port flood-limiting extra multicast PORTS-GROUP|all
port flood-limiting extra broadcast PORTS-GROUP|all
port flood-limiting extra tcp-syn PORTS-GROUP|all
where,
port: Action on port.
flood-limiting: The flood/rate limiting mechanism.
unknown-unicast: Unknown unicast packets.
multicast: Multicast packets.
broadcast: Broadcast packets.
tcp-syn: TCP SYN (OSI Layer 4) packets
PORTS-GROUP: Group of ports (to which rate-limiting is to be applied).
all: All ports (to which rate-limiting is to be applied).

January 2009 URL: http://www.mrv.com 211


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

extra: This argument is used to distinguish a second packet type for the same
port (or group of ports). For instance, suppose that for a specific port (e.g., Port
3) a packet type is defined (e.g., unknown-unicast) and the rate is set (e.g.,
10m). To define a different packet type and to set a rate for it for the same port
use the argument extra. The example at the end of this chapter demonstrates
its use. Note that the same packet type must not be included in two commands
that differ only in the argument extra.
Example
OS900> enable
OS900# configure terminal
OS900(config)# port flood-limiting tcp-syn 1-3
OS900(config)#
3. Set the rate limit for the types of flood packets selected in step 2 by invoking one
or both of the following command:
port flood-limiting rate VALUE PORTS-GROUP|all
port flood-limiting extra rate VALUE PORTS-GROUP|all
where,
port: Action on port.
flood-limiting: Without the keyword extra, the flood/rate limiting
mechanism to be applied to the packet type selected using any of the first four
commands in Step 2, above.
extra: Extra flood-limit. The flood/rate limiting mechanism to be applied to the
packet type selected using any of the last four commands in Step 2, above. This
option is needed when for the same port (or group of ports) one rate is to be
applied to one set of packet types while another rate is to be applied to another
set of packet types. Note that the same packet type may not be included in both
sets. See the example below demonstrating use.
rate: Permitted rate per port.
VALUE: Rate to which the selected set of packet types are to be limited at each
port in the group to be subjected to rate limiting of flood packets. The minimum
rate selectable is as follows:
If the argument ‘extra’ is included in the command: 2.03m bps
If the argument ‘extra’ is not included in the command:
For a 10/100 Mbps port: 202.75k bps
For a 1000 Mbps port: 2.03m bps
The maximum rate selectable is 1 Gbps.
If a value that is not an integral multiple of 46.08k bps is entered, the OS900
automatically sets the rate to an integral multiple of the granularity 46.08k bps
that is closest to the value entered by the user. Examples of values that can be
entered are: 800k, 50m, and 1g. The rate applies to the packet types collectively.
PORTS-GROUP: Group of ports (to which rate-limiting is to be applied).
all: All ports (to which rate-limiting is to be applied).
Example
This example demonstrates configuration of rate limiting of flood packets.
Suppose the following are required:
− Application of rate limiting of flood packets to Port 3 and
Port 4.
− The rate for broadcast packets and multicast packets
(collectively) are to be limited to 600k bits/sec.
− The rate for unknown unicast packets and TCP SYN (OSI
Layer 4) packets (collectively) are to be limited to 3m
bits/sec.
Note that a specific packet type (broadcast, etc.) is not included for both rates.

212 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 9: Rate Limiting of Flood Packets

OS900(config)# port flood-limiting multicast 3,4


OS900(config)# port flood-limiting broadcast 3,4
OS900(config)# port flood-limiting rate 600k 3,4
Set rate to 599.04k bit/sec

OS900(config)# port flood-limiting extra unknown-unicast 3,4


OS900(config)# port flood-limiting extra tcp-syn 3,4
OS900(config)# port flood-limiting extra rate 3m 3,4
Set rate to 3m bit/sec
OS900(config)#

In the above example, the rate entered by the user is 17m. However, the OS900 sets the rate to
16.96m because it is an integral multiple of the granularity 46.08 Kbps that is closest to the rate 17m.

Viewing
To view the rate limit configured for one or more ports, invoke the command:
show port flood-limiting [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports for which rate limit is configured.
Example
OS900# show port flood-limiting 1-3
port flood-limiting rate 16.96m 1-3
port flood-limiting multicast 1-3
OS900#

Deleting
To cancel rate limiting of flood packets, enter configure terminal mode and invoke one or
more of the following commands:
no port flood-limiting PORTS-GROUP|all
no port flood-limiting [rate] PORTS-GROUP|all
no port flood-limiting [unknown-unicast] PORTS-GROUP|all
no port flood-limiting [multicast] PORTS-GROUP|all
no port flood-limiting [broadcast] PORTS-GROUP|all
no port flood-limiting [tcp-syn] PORTS-GROUP|all
where,
no: Cancel.
port: Action on port.
flood-limiting: The flood/rate limiting mechanism.
[unknown-unicast]: Unknown unicast packets.
[multicast]: Multicast packets
[broadcast]: Broadcast packets
[tcp-syn]: TCP SYN (OSI Layer 4) packets
[rate]: Rate set for port(s).
PORTS-GROUP: Group of ports (for which rate-limiting is to be cancelled).
all: All ports (for which rate-limiting is to be cancelled).
If only the type(s) of packet is used in the above commands, rate-limiting will be cancelled for the
selected type(s) on the port. However, the rate configured for the port is retained.
If only the rate for a port is used in the above commands, rate-limiting will be cancelled for the port.
However, the type(s) of packet configured for the port is retained.
If neither the type(s) of packet nor the rate for a port is used in the above commands, rate-limiting
will be cancelled for the port. In addition, the type(s) of packet as well as the rate configured for the
port are deleted.

January 2009 URL: http://www.mrv.com 213


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900(config)# no port flood-limiting rate 1,3
OS900(config)#

Example
The following example is provided to show the scope of the ‘Rate Limiting of Flood Packets’
mechanism.
Suppose the following are required:
− Rate Limiting of Flood Packets is to be applied to Port 3.
− Two sets of packet types are to be distinguished. The first set is to contain the types
unknown-unicast and multicast. The second set is to contain only the type tcp-
syn.
− The rate limit to be applied to the first set is 10 Mbps.
− The rate limit to be applied to the second set is 20 Mbps.

--------------------------Setting the Flood Packet Types and Rate Limits for Port 3--------------------------

OS910> enable
OS910# configure terminal
OS910(config)# port flood-limiting unknown-unicast 3
OS910(config)# port flood-limiting multicast 3
OS910(config)# port flood-limiting extra tcp-syn 3
OS910(config)# port flood-limiting rate 10m 3
Set rate to 10m bit/sec
OS910(config)# port flood-limiting extra rate 20m 3
Set rate to 20m bit/sec

---------------------------------------------------Viewing the Setting---------------------------------------------------

OS910(config)# do show port flood-limiting


port flood-limiting rate 10m 3
port flood-limiting unknown-unicast 3
port flood-limiting multicast 3
port flood-limiting extra rate 20m 3
port flood-limiting extra tcp-syn 3
OS910(config)#

214 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 10: Provider Bridges

Chapter 10: Provider Bridges

General
A Provider Bridge (Service VLAN, VMAN, Stacked VLAN, or Q-in-Q) is an IEEE 802.1ad standard
mechanism that uses an extra service provider tag as part of the Ethernet frame header in order to
provide IEEE 802.1Q standard VLAN interconnectivity between remote sites of a customer
scattered across a service provider network.
Provider Bridges provide separate instances of MAC services to multiple independent users of a
carrier network (shared service provider network). Each instance is an interconnection of several
sites of the same customer that are distributed across a carrier network. The interconnection is
made possible using the same VLAN ID for the sites. The VLAN ID encapsulates the customer
VLAN frames. The carrier network is utilized as a completely transparent transport medium
between the sites so that the sites appear to be directly interconnected.
In order to enable transparency for customer services, described above, a provider bridge should
be able to tunnel Layer 2 control protocol packets across the carrier network. This feature of a
provider bridge is described in detail in the section Tunneling of Layer 2 Protocols, page 219. For
example, a group of sites can be bridged into one VLAN under a single MSTP domain.

Purpose
The purpose of Provider Bridges is twofold:
1) To isolate different types of traffic from one another (on the basis of service and/or
customer) in a manner that is transparent to traffic of the same customer VLAN.
2) To bridge customers or groups of customers scattered across the service provider
network
A Provider Bridge fulfills these purposes without interfering with the client VLAN structure while
“hiding” the internal VLAN structure of the customer network from others.

Number of Provider Bridges


The maximum number of Provider Bridges that can be configured is 4K.

Provider Bridge Ethertype


A Provider Bridge Ethertype (TPID25) is a value in the hex range 0 to FFFF. Two Provider Bridge
Ethertype values can be set for the OS900. Either Provider Bridge Ethertype can be set for each
OS900 core port26 independently. If no Ethertype is set for a core port, by default, the OS900 uses
the IEEE 802.1Q standard Ethertype 0x8100 for the port. The default Ethertype for 802.1ag CCM
packets is 0x8902.

Provider Bridge Tag


A Service VLAN (Provider Bridge) tag is a second (outer) IEEE 802.1Q standard VLAN tag and
has a value in the decimal range 0 to 4095.

25
The IEEE 802.1ad standard refers to a Service VLAN Ethertype as TPID (Tag Protocol IDentification).
26
Core port is also known as provider network port.

January 2009 URL: http://www.mrv.com 215


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Principle of Operation
A packet (tagged or untagged) entering an access port is directed to a core port or to another
access port. At the core port, the packet is pushed with another VLAN header that includes the
Service VLAN Ethertype (pre-assigned by the user to the core port) and Service VLAN tag (VLAN
interface tag assigned to the packet) and then forwarded on the provider network to the other
access ports of the same customer.
A packet entering a core port from the provider network is forwarded to the access port whose
VLAN tag matches Service VLAN tag of the packet. The access port pops the Service VLAN
header (Service VLAN Ethertype and Service VLAN tag) and forwards the packet on the access
network.

Configuration
To configure access and core ports to operate in Service VLAN mode:
1. Enter configure terminal mode.
2. Ensure that the ports are members of a VLAN interface. (Configuring, page 175,
shows how to configure a VLAN interface. The configuration example at the end of
this chapter also shows how to configure a VLAN interface.) This VLAN interface
is the Service VLAN.
3. Set each core (provider network) port of the OS900 that is to participate in the
Service VLAN, using the following command:
port tag-outbound-mode tagged PORTS-GROUP
where,
port: Port configuration
tag-outbound-mode: Mode for egress packets
tagged: Tagged egress packets. (This setting is required for Service VLAN
core ports.)
PORTS-GROUP: Group of Ports
Example
OS900(config)# port tag-outbound-mode tagged 3-4
OS900(config)#
4. Set each access (provider edge) port of the OS900 that is to participate in the
Service VLAN, using the following command:
port tag-outbound-mode q-in-q PORTS-GROUP TAG
where,
port: Port configuration.
tag-outbound-mode: Mode for egress packets
q-in-q: Untagging of egress packets. (This setting is required for Service
VLAN access ports.)
PORTS-GROUP: Group of Ports
TAG: The default Service tag to be set for all packets entering the port
Example
OS900(config)# port tag-outbound-mode q-in-q 2 92
OS900(config)#
An access port can be a member of several Service VLANs. Packets entering the access port will be
assigned, by default, the Service VLAN tag set in the above command. In the above example,
packets entering port 2 will be assigned, by default, Service VLAN tag 92. Packets entering the port
can be switched to another Service VLAN instead of the default Service VLAN by the action action
tag swap <0-4095> in an ACL rule. For details, refer to the section Stage 2 – Actions on
Packet, page 255.
5. [If only the default Service VLAN Ethertype (0x8100) is to be used, skip this step.]
Define the Service VLAN Ethertypes using the command:
vman core-ethertype-1 ETHERTYPE core-ethertype-2 ETHERTYPE
where,

216 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 10: Provider Bridges

vman: Service VLAN configuration.


core-ethertype-1: First Service VLAN Ethertype.
ETHERTYPE: (first) First Service VLAN Ethertype value in hexadecimal code.
core-ethertype-2: Second Service VLAN Ethertype.
ETHERTYPE: (second) Second Service VLAN Ethertype value in hexadecimal
code.
Example
OS900> enable
OS900# configure terminal
OS900(config)# vman core-ethertype-1 9100 core-ethertype-2 8c5a
OS900(config)#
6. [If only the default Service VLAN Ethertype (0x8100) is to be used, skip this step.]
To each OS900 port connected to the provider network, assign either of the two
Service VLAN Ethertypes by invoking the command:
port core-ethertype-1|core-ethertype-2 PORTS-GROUP
where,
port: Port configuration.
core-ethertype-1: First Service VLAN Ethertype value.
core-ethertype-2: Second Service VLAN Ethertype value.
PORTS-GROUP: Group of ports.
Example
OS900(config)# port core-ethertype-1 1,2
OS900(config)#

Viewing
To view Service VLAN Ethertype configuration:
1. Enter enable mode.
2. Invoke the command show vman
Example
OS900# show vman
Value of ethertype 1 is 0x8100 (default value)
Value of ethertype 2 is 0x8100 (default value)
Core ports with ethertype=1 (default port ethertype): 1-4
OS900#

Example
The purpose of the example here is to show how Service VLANs, in general, can be configured.
For simplicity, only three Service VLANs are configured. However, this number should be sufficient
to indicate the scope of Service VLAN configuration.

Application Description
Ports 1 and 2 are access ports belonging to customers 1 and 2, respectively. Ports 3 and 4 are
core ports.
Two Service VLANs are configured: 91 and 92 (A Service VLAN is actually configured in the same
way as any VLAN interface.) Customer 1 will be assigned to Service VLAN tag 91, Customer 2 will
be assigned to Service VLAN tag 92.

January 2009 URL: http://www.mrv.com 217


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Packet Data Path and Processing


Packets from the access port 1 are assigned to Service VLAN 91 and forwarded to the core ports
7 and 8. Here, each packet (whether tagged or untagged) is pushed27 with the Service VLAN tag
91 and forwarded on the provider network.
Packets from the access port 2 are assigned to Service VLAN 92 and forwarded to the core ports
7 and 8. Here, each packet (whether tagged or untagged) is pushed with the Service VLAN tag 92
and forwarded on the provider network.
Packets entering core port 3 or 4 from the provider network are checked. If the Service VLAN tag
(outer tag) is 91, the packet is directed to access port 1. (Actually, the packet is forwarded as a
tagged packet on Service VLAN 91.) If the Service VLAN tag is 92, the packet is directed to
access port 2. Otherwise, the packet is dropped. At ports 1 and 2, the Service VLAN header
(Ethertype and tag) is popped and the packet is forwarded to the network of customers 1 and 2,
respectively.

Configuration
Below is an example showing the user inputs (in bold) and OS900 outputs on the CLI screen. The
user inputs include:
− Setting core ports 3 and 4 to tagged mode
− Specification of Service VLAN interface containing Ports 1, 3 and 4 (tag 91, default
Service VLAN for access port 1)
− Specification of Service VLAN interface containing Ports 2, 3 and 4 (tag 92, default
Service VLAN for access port 2)
− Setting access ports 1 and 2 to q-in-q mode, and setting its default Service VLANs (91 and
92).
MRV OptiSwitch 910 version d1320-22-08-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
OS900(config)# port tag-outbound-mode tagged 3,4
OS900(config)# interface vlan vif91
OS900(config-vif1)# ports 1,3,4
OS900(config-vif1)# tag 91
Interface is activated.
OS900(config-vif1)# exit
OS900(config)#
OS900(config)# interface vlan vif92
OS900(config-vif2)# ports 2,3,4
OS900(config-vif2)# tag 92
Interface is activated.
OS900(config-vif2)# exit
OS900(config)#
OS900(config)#
OS900(config)# port tag-outbound-mode q-in-q 1 91
OS900(config)# port tag-outbound-mode q-in-q 2 92
OS900(config)# exit
OS900#

Extending the Application


Packets entering access Port 2, in the above example, can be assigned to a Service VLAN based
on the customer VLAN tag. In the extended example below, a packet entering Port 2 with

27
Pushing the Service VLAN packet means adding another 802.1Q header that includes the default Service VLAN
Ethertype 0x8100 and the Service VLAN tag. The Ethertype added to this header may be set to a value that is different
from the default by assigning a different core ethertype to the core ports using the commands vman core-ethertype
and port core-ethertype.

218 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 10: Provider Bridges

customer tag 10 will be assigned to a new Service VLAN 102. All other packets will still be
assigned to the port’s default Service VLAN 92.
Such an application is useful when a single access port receives traffic from more than one
customer (e.g., when a DSLAM is connected on the access port), or when the customer connected
to the access port requires several Service VLANs and not just one (e.g., a Service VLAN per
service type, such as, for e.g., voice, video, or data).

Extended Configuration
The extended configuration includes:
− Specification of another Service VLAN interface containing Ports 2, 3, and 4 (service tag
102).
− Defining an ACL that classifies packets according to the customer tag 10 and swaps the
tag with the new Service VLAN tag 102.
− Binding the ACL to the access port as described in the section Binding, page 266.
MRV OptiSwitch 910 version d1320-22-08-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
OS900(config)# interface vlan vif102
OS900(config-vif1)# ports 2,3,4
OS900(config-vif1)# tag 102
Interface is activated.
OS900(config-vif1)# exit
OS900(config)#
OS900(config)# access-list extended svlan102
OS900(config-access-list)# rule 10
OS900(config-rule)# tag eq 10
OS900(config-rule)# action tag swap 102
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)#
OS900(config)# port acl-binding-mode by-port 2
OS900(config)# port access-group svlan102 2
OS900(config)#

Tunneling of Layer 2 Protocols


General
Tunneling of Layer 2 Protocols uses Service VLANs (see Chapter 10: Provider Bridges, page
215) to tunnel protocol packets across a provider network without affecting the provider itself, e.g.,
without network reconfiguration by customer MSTP packets.

Note
STP traffic (BPDUs) from ports configured as tunnel ports do not
participate in the OS900 MSTP, but are tunneled through the service
VLAN.

There are currently two models for implementing Tunneling of Layer 2 Protocols:
− Cisco Layer 2 Protocol Tunneling
− IEEE 802.1ad Provider Bridges Tunneling
The OS900 uses Cisco’s model and is, therefore, compatible with Cisco devices.

January 2009 URL: http://www.mrv.com 219


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Principle of Operation
The principle of operation is based on Cisco’s L2PT.
Layer 2 PDUs entering an Edge switch from its access (customer) side have their Destination
MAC address changed to a special MAC address. This new MAC address makes the PDUs
appear as ordinary data packets to the carrier network. The PDUs are then forwarded on the
carrier network using their VLAN ID. Core switches in the carrier network forward these PDUs to
the Edge switches at the other sites of the customer without processing them. The PDUs at these
switches have their Destination MAC address changed back to the previous Destination MAC
address, and identical copies are delivered to all customer ports in the same VLAN.

Figure 26: Layer 2 Protocol Tunneling

Configuration
The procedure for configuring edge OS900s (that have ports connected to the sites of a customer)
to provide Layer 2 tunneling over a carrier network is as follows:
At each customer site (OS900 site):
1. Connect the customer 802.1Q VLAN trunk ports to the Edge OS900 ports (called
tunnel ports).
2. Create a VLAN (as described in the Chapter 7: Interfaces, page 171) on the
Edge OS900 that includes the tunnel ports.
3. In configure terminal mode, invoke the command:
port l2protocol-tunnel all|cdp|pvst+|stp|vtp PORTS-GROUP [drop]
where,
cdp: Cisco discovery protocol datagrams
pvst+: Cisco Per VLAN Spanning Tree Plus discovery protocol datagrams.
(PVST+ provides the same functionality as PVST. PVST uses ISL
trunking technology whereas PVST+ uses IEEE 802.1Q trunking
technology.
PVST functionality is as follows:
It maintains a spanning tree instance for each VLAN configured in
the network. It allows a VLAN trunk to be forwarding for some
VLANs while blocking for other VLANs. Since PVST treats each
VLAN as a separate network, it has the ability to load balance
traffic (at OSI Layer 2) by enabling forwarding for some VLANs on
one trunk and enabling forwarding for other VLANs on another
trunk, without causing a Spanning Tree loop.

220 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 10: Provider Bridges

stp: IEEE 802.1w or IEEE 802.1s spanning-tree protocol datagrams


vtp: IEEE 802.3ad VLAN trunk protocol datagrams
all: All protocol datagrams, i.e., cdp, stp, and vtp
PORTS-GROUP: Group of ports to be configured as tunnel ports
[drop]: Drop packets
Example
OS900(config)# port l2protocol-tunnel cdp 3
OS900(config)#

Viewing
To display the tunneling configuration:
1. Enter enable mode.
2. Invoke the command:
show port l2protocol-tunnel
Example
OS900(config)# do show port l2protocol-tunnel
STP tunnel-ports:
CDP tunnel-ports: 3
VTP tunnel-ports:
OS900(config)#

Deleting
To delete tunneling on one or more ports:
1. Enter configure terminal mode.
2. Invoke the command:
no port l2protocol-tunnel (all|cdp|pvst+|stp|vtp) [PORTS-GROUP]
where,
cdp: Cisco discovery protocol datagrams
pvst+: Cisco Per VLAN Spanning Tree Plus discovery protocol datagrams.
stp: IEEE 802.1w or IEEE 802.1s spanning-tree protocol datagrams
vtp: IEEE 802.3ad VLAN trunk protocol datagrams
all: All protocol datagrams, i.e., cdp, stp, and vtp
Example
OS900(config)# no port l2protocol-tunnel cdp 3
OS900(config)#

January 2009 URL: http://www.mrv.com 221


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Tunneling/Dropping by Hardware of STP BPDUs


Definition
Tunneling by hardware of STP BPDUs is the transparent transmission of BPDUs between
customer sites across the provider’s network at the hardware layer.

Advantages
In this method, the OS900’s CPU is not involved. This has the following advantages:
1. CPU is freed to perform other tasks.
2. Whatever the load on the CPU, BPDUs will not be dropped.
3. Processing is done at wire-speed

Terminology
C-STP – Spanning tree domain/traffic of a Customer
S-STP – Spanning tree domain/traffic of a Service Provider
Access Port – A port in a Provider’s bridge that is dedicated to a single Customer only
Uplink Port – A port in a Provider’s bridge that is connected to another Provider’s bridge
Edge Bridge (for a customer) – A Provider’s bridge directly connected to the Customer device
through an access port
BPDU – Bridge Protocol Data Unit (STP)

Application
Tunneling/dropping by hardware of STP BPDUs is applied when:
− A high rate of C-STP BPDUs is received on the bridge access port, and
− The provider does not want to isolate this access port using the BPDU storm guard feature
(described in the section Storm Guard, page 328).

BPDU Tunneling Tag


To make the bridge transparent to BPDUs with tags (from the TAGS-LIST), invoke the command:
[no] bpdu-tunnel-tag TAGS-LIST [uplink-ports PORTS-GROUP]
where,
TAGS-LIST: Group of vlan-tags
PORTS-GROUP: Group of ports
If the optional parameter ‘uplink-ports PORTS-GROUP’ is used, the specified ports still participate
in the S-STP in order to prevent loops. The other ports are flooded with BPDUs according to the
VLAN as regular multicast frames.

Disabling BPDU Transmission


To disable sending of S-STP BPDUs to the C-STP domain, invoke the command:
[no] port PORTS-GROUP disable-bpdu-tx
where,
PORTS-GROUP: Group of ports
It is a good policy to define this mode on access ports.

BPDU Drop Tag


If the provider wants to drop C-STP BPDUs, invoke the following two commands:
[no] bpdu-drop-tag TAGS-LIST
bpdu-tunnel-tag
where,

222 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 10: Provider Bridges

TAGS-LIST: Group of vlan-tags

Example
The following example shows OS900s connected to access-side switches C1 and C2 (possible
also OS900s). The blue links are customer side downlinks. The red links are provide side uplinks.
The settings at provider-side switches S1 (OS900) and S2 (OS900) are as follows:
S1
BPDUs with tag 10 will be transparent at uplink ports 3 and 4. Ports 1 and 2 are prevented from
sending BPDUs to the provider’s spanning-tree domain. BPDUs with tag 10 in the customer’s
spanning-tree domain are set to be dropped.
S2
BPDUs with tag 10 will be transparent at uplink ports 1 to 4.

bpdu-tunnel-tag 10 uplink-ports 3-4


port 1-2 disable-bpdu-tx
C1
bpdu-drop-tag 10 (if the provider wants to drop)

1 S1 (OS900) 2
3 4

1 S2 (OS900)
2
3 4

bpdu-tunnel-tag 10 uplink-ports 1-4


C2

January 2009 URL: http://www.mrv.com 223


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

224 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 11: Tag Translation/Swapping

Chapter 11: Tag


Translation/Swapping
Definition
Tag-translation/swapping is the translation & swapping of a packet’s source VLAN tag at one UNI28
with that of the destination VLAN tag at another UNI (so that the packet can be received at the
destination).

Purpose
Tag- translation/swapping, unlike tag-nesting (service provider bridges q-in-q operation per IEEE
802.1ad), is used to interconnect two LANs/CPEs, that are located at different UNIs and do not
have the same VLAN tag29, across an Ethernet metro network.

Advantages
− VLAN tags at different UNIs can be assigned independently of each other
− Non-IP as well as IP packets can be delivered across an Ethernet metro network

Application
Interconnection of the LANs/CPEs is done per ACL. This means that traffic flow between the CPEs
can also be fully controlled (by the packet filtering capability of ACLs).
Both tagged and untagged frames are allowed at ingress. Packets received from the customer site
are encapsulated with an additional tag (Service VLAN tag) before being forwarded over the
Ethernet metro network. Packets received from the Ethernet metro network are decapsulated from
the Service VLAN tag before they are forwarded to the customer site.
Following are application scenarios in which tag-translation/swapping is used:
− Interconnection of two LANs/CPEs of one customer that are located at different
UNIs
− Tying two LANs/CPEs of two organizations that have merged across an Ethernet
metro network
− Connecting different customers to the same Internet Service Provider (ISP)

Principle of Operation
The principle of operation of tag translation mode is explained with the aid of the example in Figure
27, below. At customer site A, VLAN Tag 10 of a packet entering an OS900 port that is a member
of the VLAN is translated into Tag 20, encapsulated with the service tag 700, and sent over the
network to the OS900 connecting customer site B. At the OS900, the packet is decapsulated from
the service tag 700, and sent to customer site B.
At customer site B, VLAN Tag 20 of a packet entering an OS900 port that is a member of the
VLAN is translated into Tag 10, encapsulated with the service tag 700, and sent over the network
to the OS900 connecting customer site A. At the OS900, the packet is decapsulated from the
service tag 700, and sent to customer site A.

28
User-to-Network Interface. The type of network considered here is Ethernet metro network.
29
It is possible that the VLAN tags are different or that one CPE has a VLAN tag while the other does not.

January 2009 URL: http://www.mrv.com 225


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Figure 27: Tag Translation Operation Mode

Configuration
To configure tag translation/swapping in order to interconnect one pair of LANs/CPEs, perform the
following steps for each of the two OS900s (one at Customer Site A, the other at B):
1. Enter configure terminal mode.
2. Select a port to be set in untagged mode by invoking the command:
port tag-outbound-mode untagged PORTS-GROUP
where,
PORTS-GROUP: Customer port
3. Set untagged customer port to be a member of Multiple VLANs by invoking the
command:
port untagged-multi-vlans PORTS-GROUP
where,
PORTS-GROUP: Customer port
4. Make the Customer Port and the Service Port members of an inband VLAN
interface as described in the section Configuring, page 175.

Note
Assign the same tag to the two inband VLAN interfaces, one in the
Customer Site A OS900 and the Customer Site B OS900!

5. Set VLAN Tag Swap Mode in an Access List by invoking the command:
action tag swap-ctag <0-4095> stag <0-4095>
where,
<0-4095>: (First appearance) Range of customer VLAN tags from which one tag is
to be selected.
<0-4095>: (Second appearance) Range of service VLAN tags from which one tag
is to be selected.
6. Binding the ACL to the customer port by invoking the commands:
port acl-binding-mode by-port PORTS-GROUP
port access-group WORD PORTS-GROUP
where,
PORTS-GROUP: Customer port
WORD: Name of Access List
7. Set VLAN Tag Nesting Mode in a second Access List by invoking the command:
action tag nest <0-4095>
where,
<0-4095>: Range of service VLAN tags from which the same tag as in Step
4, above, is to be selected. (Note that nest tag can be assigned to an
internal port, external port, or VLAN.)

226 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 11: Tag Translation/Swapping

8. Bind the second Access List to the internal customer port having the same number
as the port selected in Step 2, above, by invoking the command:
port access-group extra WORD PORTS-GROUP
where,
WORD: Name of second Access List
PORTS-GROUP: Customer port, other than port 11 or 12 of the OS912. The
customer port can be a trunk port. (A trunk port is required to have the
format tX where, X is a number in the range 1 to 9.)
9. Select the OS900 Service Port (UNI) connecting the Customer Site A by invoking
the command:
port tag-outbound-mode tagged PORTS-GROUP
where,
PORTS-GROUP: Service port
Note
For each additional pair of LANs/CPEs to be interconnected, a different
Service VLAN tag must be assigned.

Example
The following example shows how to configure two OS900s to operate in Tag Translation mode
across a network. Although port pairs with different numbers (namely, 1,3 and 2,4) are shown in
the example, port pairs with the same numbers can be selected, e.g., 1,3 and 1,3.

Configuring OS900 at Site A

--------------------------------------Setting Customer Port 1 in Untagged Mode-------------------------------------

OS900(config)# port tag-outbound-mode untagged 1


OS900(config)#

--------------------Setting untagged Customer Port 1 to be a member of Multiple VLANs--------------------

OS900(config)# port untagged-multi-vlans 1


OS900(config)#

----------Making Customer Port 1 and Service Port 3 members of Inband VLAN Interface 700----------

OS900(config)# interface vlan vif83


OS900(config-vif83)# ports 1,3
OS900(config-vif83)# tag 700
Interface is activated.
OS900(config-vif83)#

--------------------------------Setting VLAN Tag Swap Mode in Access List ACL1--------------------------------

OS900(config)# access-list extended ACL1


OS900(config-access-list)# rule
OS900(config-rule)# action tag swap-ctag 20 stag 700
OS900(config-rule)#

--------------------------------------------Binding ACL1 to Customer Port 1--------------------------------------------

OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port acl-binding-mode by-port 1
OS900(config)# port access-group ACL1 1
OS900(config)#

January 2009 URL: http://www.mrv.com 227


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

------------------------------Setting VLAN Tag Nesting Mode in Access List ACL2-------------------------------

OS900(config)# access-list extended ACL2


OS900(config-access-list)# rule
OS900(config-rule)# action tag nest 700
OS900(config-rule)#

--------------------------------------Binding ACL2 to Internal Customer Port 1--------------------------------------

OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port access-group extra ACL2 1
OS900(config)#

-----------------------Selecting Service Port 3 at OS900 Connecting Customer Site A-----------------------

OS900(config)# port tag-outbound-mode tagged 3


OS900(config)#

Configuring OS900 at Site B

-------------------------------------Setting Customer Port 2 in Untagged Mode-------------------------------------

OS900(config)# port tag-outbound-mode untagged 2


OS900(config)#

--------------------Setting untagged Customer Port 2 to be a member of Multiple VLANs--------------------

OS900(config)# port untagged-multi-vlans 2


OS900(config)#

---------Making Customer Port 2 and Service Port 4 members of Inband VLAN Interface 700---------

OS900(config)# interface vlan vif83


OS900(config-vif83)# ports 2,4
OS900(config-vif83)# tag 700
Interface is activated.
OS900(config-vif83)#

--------------------------------Setting VLAN Tag Swap Mode in Access List ACL3--------------------------------

OS900(config)# access-list extended ACL3


OS900(config-access-list)# rule
OS900(config-rule)# action tag swap-ctag 10 stag 700
OS900(config-rule)#

--------------------------------------------Binding ACL3 to Customer Port 2--------------------------------------------

OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port acl-binding-mode by-port 2
OS900(config)# port access-group ACL3 2
OS900(config)#

------------------------------Setting VLAN Tag Nesting Mode in Access List ACL4-------------------------------

OS900(config)# access-list extended ACL4


OS900(config-access-list)# rule
OS900(config-rule)# action tag nest 700
OS900(config-rule)#

228 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 11: Tag Translation/Swapping

--------------------------------------Binding ACL4 to Internal Customer Port 2--------------------------------------

OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port access-group extra ACL4 2
OS900(config)#

-----------------------Selecting Service Port 4 at OS900 Connecting Customer Site A-----------------------

OS900(config)# port tag-outbound-mode tagged 4


OS900(config)#

It is not required to select different customer port numbers and different service port numbers as in
the example above. For instance, the customer port number at both OS900s could be selected as
1 and the service port number at both OS900s could be selected as 3.
As such, for the OS900 at site B ACL1 could be used instead of ACL3 and ACL2 could be used
instead of ACL4.

January 2009 URL: http://www.mrv.com 229


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

230 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 12: IEEE 802.3ad Link Aggregation

Chapter 12:IEEE 802.3ad Link


Aggregation
Definition
Link Aggregation (Port Trunking) is the parallel interconnection of two or more ports to form a
single logical communication channel whose bandwidth is the sum total of the bandwidths of the
individual ports. Implementation is compliant to IEEE 802.3ad Link Aggregation Control Protocol
(LACP) standard so that ports are automatically included or excluded at either end of a trunk so
that the bandwidths of the two port groups at either end of the trunk are the same.

Purpose
A Port Trunk between two switches increases traffic throughput capacity among stations
connected to the members ports of the trunk. For example, the interconnection of eight full-duplex
Gigabit ports of one OS900 to eight full-duplex Gigabit ports of another OS900, serves as an 8-
Gbps full-duplex Ethernet trunk.
In addition to increased link capacity, link aggregation results in higher link availability. It prevents
the failure of any single link from leading to a disruption of communication between two OS900s.

Number
The maximum number of port trunks that can be configured is by including just two ports per trunk.
For example, for the OS904 up to two port trunks can be configured and for the OS912 up to six
port trunks can be configured.

Principle of Operation
Frame Transfer
When LACP is enabled at both OS900s of the trunk, the OS900s dynamically exchange
configuration information (e.g., presence and capabilities of the group members) between them.
The OS900s compares the information it receives from the peer OS900 with its own setup, and
accordingly dictates which ports are to be aggregated.
The LACP always tries to aggregate the maximum number of compatible ports in a trunk allowed
by the hardware.
When LACP is not able to aggregate all the ports that are compatible (for example, the peer allows
a smaller number of ports in a trunk), then all the ports that are not actively included in the
aggregation are set in standby state.
A member port is excluded from a trunk when, for example, the Tx output of a port fails. In such
case the Rx of the port at the other end of the trunk will not receive. As a result, the LACP will
detect the failure and will reconfigure the trunk to exclude the port with the failed Tx output.
Traffic is distributed among the ports of a trunk according to the L2 addresses and L3 addresses of
packets.
A Port Trunk transmits all unknown, broadcast, and multicasts packets, including BPDUs (which
are multicast frames), via one port only.

MSTP Action
All ports of a Port Trunk participate as one port in MSTP. A Port Trunk functions as a single port.

Rules
The following rules must be used when configuring a Port Trunk:

January 2009 URL: http://www.mrv.com 231


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

1. Each Port Trunk must be formed with two or more ports.


2. A Port Trunk may consist of fixed ports and pluggable (SFP) ports.
3. A port that has been configured as an analyzer port cannot be a member of a Port
Trunk.
4. A port may be a member of only one Port Trunk.
5. Each port to be included in the trunk must be untagged.
6. A trunk port may be connected only to a trunk port of another switch.
7. One trunk port on one OS900 may be connected to any one (and only one) trunk
port on another OS900.
8. To be able to modify or delete a Port Trunk of an OS900 participating in MSTP, all
member ports that have an active link must first be disconnected.

Configuration
To configure a Port Trunk:
1. Enter configure terminal mode.
2. To create a port trunk, invoke the command:
port trunk NAME PORTS-GROUP
where,
port: Port action.
trunk: Trunking.
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
PORTS-GROUP: Group of ports to be trunked. Any number of ports may be
selected.
Example
OS900(config)# port trunk t2 2,4
OS900(config)#
3. Optionally, in order to provide traffic load balancing, select a hash function
appropriate to the layer at which datagrams are transferred through the trunk
using the command:
port trunk mode l2|l3|l4|port
where,
l2: Hashing based on source/destination MAC address.
l3: Hashing based on source/destination IP address.
l4: Hashing based on TCP/UDP port.
port: Hashing based on physical port or trunk.
Example
OS900(config)# port trunk mode l2
OS900(config)#

Activation
LACP can be activated on a port trunk or on a group of untrunked ports.

Trunk
To activate LACP on a port trunk and to set the port trunk to operate in active mode30, invoke the
command:
port trunk NAME lacp
where,

30
In active mode, the OS900 initiates LACP packets.

232 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 12: IEEE 802.3ad Link Aggregation

NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
lacp: Enable LACP.
Example
OS900(config)# port trunk t2 lacp
OS900(config)#

To activate rapid LACP (reduced-time-session-establishment LACP) on a port trunk and to set the
port trunk to operate in active mode, invoke the command:
port trunk NAME rapid-lacp
where,
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
rapid-lacp: Enable rapid LACP.
Example
OS910(config)# port trunk t1 rapid-lacp
OS910(config)#

To activate LACP on a port trunk and to set the port trunk to operate in passive mode31, invoke the
command:
port trunk NAME lacp passive
where,
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
lacp: Enable LACP.
passive: Passive mode for LACP.
Example
OS900(config)# port trunk t2 lacp passive
OS900(config)#

Port
To activate LACP on one or more ports and to set the ports to operate in active mode, invoke the
command:
port lacp (PORTS-GROUP|all)
where,
lacp: Enable LACP.
PORTS-GROUP: Group of ports to participate in LACP.
all: All ports to participate in LACP.
Example
OS910(config)# port lacp 1-3
OS910(config)#

To activate rapid LACP (reduced-time-session-establishment LACP) on one or more ports and to


set the ports to operate in active mode, invoke the command:
port rapid-lacp (PORTS-GROUP|all)
where,
rapid-lacp: Enable rapid LACP.
PORTS-GROUP: Group of ports to participate in rapid LACP.
all: All ports to participate in rapid LACP.

31
In passive mode, the OS900 does not initiate LACP packets. However, it can respond to received LACP packets.

January 2009 URL: http://www.mrv.com 233


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910(config)# port rapid-lacp 1,4
OS910(config)#

To activate LACP on one or more port and to set the ports to operate in passive mode, invoke the
command:
port lacp passive (PORTS-GROUP|all)
where,
passive: Passive mode for LACP.
PORTS-GROUP: Group of ports to participate in LACP.
all: All ports to participate in LACP.
Example
OS910(config)# port lacp passive 2-4
OS910(config)#

Deactivation
Trunk
LACP
To deactivate LACP on a port trunk, invoke the command:
no port trunk NAME lacp
where,
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
Example
OS910(config)# no port trunk t1 lacp
OS910(config)#

Rapid LACP

To deactivate rapid LACP on a port trunk, invoke the command:


no port trunk NAME rapid-lacp
where,
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
Example
OS910(config)# no port trunk t1 rapid-lacp
OS910(config)#

Port
To deactivate LACP on one or more ports, invoke the command:
no port lacp PORTS-GROUP|all
where,
PORTS-GROUP: Group of ports to participate in LACP.
all: All ports to participate in LACP.
Example
OS910(config)# no port lacp 1,4
OS910(config)#

Viewing
To view the port trunk configuration:

234 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 12: IEEE 802.3ad Link Aggregation

1. Enter configure terminal mode.


2. Invoke the following command:
show port trunk [NAME]
where,
show: Display.
port: Port action.
trunk: Trunking.
[NAME]: (optional) ID of trunk, e.g., t1. If no value is entered for this argument,
all Port Trunks will be shown.
Example
OS900(config)# show port trunk t2
NAME PORTS LINKED-PORTS
------------------------------------------------------------
t2 2-4
Media-select for t2: sfp: 3-4
OS900(config)#

To view the Port Trunk status:


1. Enter configure terminal mode.
2. Invoke the following command:
show port lacp
Example
OS900(config)# show port lacp
LACP INFO
=========
System Id: 00:0F:BD:00:36:67
System Priority: 32768
PORT LACP MODE KEY TRUNK PARTNER STATE
--------------------------------------------------------
1 disable
2 enable active auto t2 0 disable
3 enable active auto t2 0 disable
4 enable active auto t2 0 disable
OS900(config)#

Deleting
To delete a port trunk:
1. Enter configure terminal mode.
2. Invoke the following command:
no port trunk NAME
where,
no: Negation.
port: Port action.
trunk: Trunking.
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
Example
OS900(config)# no port trunk t6
OS900(config)#

January 2009 URL: http://www.mrv.com 235


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

236 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 13: Quality of Service (QoS)

Chapter 13: Quality of Service


(QoS)
DiffServ Service Levels
A Diffserv Service Level (SL) is a priority with which a packet (or frame) is serviced. The user can
set the classification criteria for ingress packets and then assign an SL (number between 1 and 8)
to each class. SL = 8 is highest service priority. SL = 1 is lowest service priority.
An ingress packet is directed to the associated one of eight hardware egress queues of a port
according to the SL assigned to the ingress packet.
SLs are used only internally by the OS900.
SL assignments can be overridden by new ones subsequently by an ACL – for details refer to
Chapter 14: Extended Access Lists (ACLs), page 247.
The user can also set the OS900 to mark (change) the VPT and DSCP values to new ones for
egress packets.

Assigning SLs to Ingress Packets


SLs can be assigned to ingress packets on the basis of any of the following: Port number, VPT,
DSCP, or ACL mark action. The user can assign SLs according to port number as described
below. The OS900 maps VPTs to SLs according to Table 9, page 238, and DSCPs to SL
according to Table 10, page 239. An ACL rule action can be used to assign SLs as described in
the section Stage 2 – Actions on Packet, page 255.
The procedure for assigning a default SL to an ingress port (i.e., assigning port priority) is as
follows:
1. Enter configure terminal mode.
2. Invoke the following command:
port sl <1-8> PORTS-GROUP|all
where,
port Port action.
sl SL.
<1-8> Range of SLs from which one is to be selected.
PORTS-GROUP Group of ports to which the SL is to be assigned.
all All ports
Example
OS900(config)# port sl 7 2-4
port 2 priority set to: 7
port 3 priority set to: 7
port 4 priority set to: 7
OS900(config)#

Selecting an SL Criterion
The Trust Mode function is used to select a criterion (Layer 3 DSCP bits, Layer 2 VPT bits, or port
priority) of ingress packets to be mapped to SLs.
To configure Trust Mode:
1. Enter configure terminal mode.
2. Invoke the command:
port qos-trust PORTS-GROUP|all l2|l2l3|l3|port

January 2009 URL: http://www.mrv.com 237


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

where,
PORTS-GROUP Group of ports. (Trunk ports may be included in the group.)
all All ports.
l2 Layer 2 VPT bits to be used to assign an SL to a packet.
l2l3 Layer 3 DSCP bits to be used to assign an SL to a packet, otherwise
use Layer 2 VPT bits to assign an SL.
l3 Layer 3 DSCP bits to be used to assign an SL to a packet.
port Default priority (SL) of the ingress port to be used to assign an SL to a
packet.

Original-VPT-to-SL Map
This map is used to assign an SL to an ingress packet according to its VPT.

Default
If the user does not change the Original-VPT-to-SL map, the OS900 uses the default map in Table
9, below.
Table 9: Default Original-VPT-to-SL Map

Original VPT SL
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8

Custom
The user can change the default Original-VPT-to-SL map as follows:
1. Enter configure terminal mode.
2. Invoke the following command:
diffserv orig-vpt RANGE sl <1-8>|default
where,
diffserv Differentiated Services.
orig-vpt VPT value of ingress packet.
RANGE Range of VPT values to be mapped to an SL. Any one or more VPT
values 0-7 can be selected.
sl SL.
<1-8> Range of SLs from which one is to be selected.
default Default SL for the VPT value. (Table 9, above, shows the default
SL for each VPT value.)
To revoke the above command, invoke the command:
no diffserv orig-vpt RANGE
Example
OS900(config)# diffserv orig-vpt 0-3 sl 8
OS900(config)# diffserv orig-vpt 4-7 sl 1
OS900(config)#

238 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 13: Quality of Service (QoS)

View
To view the Original-VPT-to-SL map, invoke the enable mode command show diffserv.
Example
OS900(config)# do show diffserv

VPT Classification & Marking Table


==================================
orig-vpt service-level mark-vpt
==================================
4-7 1 0
2 1
3 2
4 3
5 4
6 5
7 6
0-3 8 7
OS900(config)#

Original-DSCP-to-SL Map
It is used to assign an SL to an ingress packet according to its DSCP.

Default
If the user does not change the Original-DSCP-to-SL map, the OS900 uses the map in Table 10,
below.
Table 10: Default Original-DSCP-to-SL Map

Original DSCP SL
0-9,11-17,19,21,23-25,27,29,31-33,35,37,39-45,47-63 1
10 2
20,22 3
18 4
28,30 5
26 6
36,38 7
34,46 8

Custom
The user can change the default Original-DSCP-to-SL map as follows:
1. Enter configure terminal mode.
2. Invoke the following command:
diffserv orig-dscp RANGE sl <1-8>|default
where,
diffserv Differentiated Services.
orig-dscp DSCP value of ingress packet.
RANGE Range of DSCP values to be mapped to an SL. Any one or more
DSCP values 0-63 can be selected.
sl SL.
<1-8> Range of SLs from which one is to be selected.
default Default SL for the DSCP value. (Table 10, page 239, shows the
default SL for each DSCP value.)

January 2009 URL: http://www.mrv.com 239


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

To revoke the above command, invoke the command:


no diffserv orig-dscp RANGE
Example
OS910(config)# diffserv orig-dscp 4-7,19 sl 3
OS910(config)#

View
To view the Original DSCP to SL map, invoke the command do show diffserv.
Example
OS910(config)# do show diffserv

DSCP Classification & Marking Table


===================================
orig-dscp service-level mark-dscp
============================================================================
0-3,8-9,11-17,20-25,27,29,31-33,35,37,39-45,47,49-63 1 12
10 2 10
4-7,19 3 20
18 4 18
28,30 5 28
26 6 26
36,38 7 36
34,46,48 8 34
Notice that as a result of the mapping, DSCP values 20 and 22 that map to SL3 in the default map
are transferred to SL1.

Marking
General
The OS900 can be set to mark egress packets with a new VPT and/or DSCP according to the SL
of the packet. The user can set the OS900 to mark packets according to a global table (as
described in this section) or with an ACL rule action (as described in the section Stage 2 – Actions
on Packet, page 255). The global map only defines the values that will be used when marking is
activated. In order to activate marking, the user has to set the ingress port to do so. (The ingress
port turns on marking for each packet, but the actual marking is done on the egress port.) When
marking per an ACL rule, both the mark mode and mark value are set in the rule.

SL-to-New-VPT Map
This map is used to assign a VPT to an egress packet according to its SL.

Default
If the user does not change the SL-to-New-VPT map, the OS900 uses the map in Table 11, below.

240 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 13: Quality of Service (QoS)

Table 11: Default SL-to-New-VPT Map

SL Mark (New)
VPT
1 0
2 1
3 2
4 3
5 4
6 5
7 6
8 7

Custom
The user can change the default SL-to-New-VPT map as follows:
1. Enter configure terminal mode.
2. Invoke the following command:
diffserv sl <1-8>|all mark-vpt default|<0-7>
where,
diffserv Differentiated Services.
sl SL.
<1-8> Range of SLs from which one is to be selected for mapping to a VPT
value.
all All eight SLs.
mark-vpt VPT value to be changed.
default Default VPT value for the SL. (Table 11, above, shows the default
VPT value for each SL.)
<0-7> Range of VPT values from which one is to be selected.
To revoke the above command, invoke the command:
no diffserv sl <1-8>|all mark-vpt
The values in the Mark-VPT column can be changed again with the command action mark sl
<1-8> vpt <0-7> under rule under access-list under configure terminal.
Example
OS900(config)# diffserv sl all mark-vpt 5
OS900(config)#

View
To view the SL-to-New-VPT map, invoke the command do show diffserv.
Example
OS900(config)# do show diffserv

VPT Classification & Marking Table


==================================
orig-vpt service-level mark-vpt
==================================
0 1 5
1 2 5
2 3 5
3 4 5
4 5 5
5 6 5
6 7 5
7 8 5

January 2009 URL: http://www.mrv.com 241


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900(config)#

SL-to-New-DSCP Map
This map is used to assign a DSCP to an egress packet according to its SL.

Default
If the user does not change the SL-to-New-DSCP map, the OS900 uses the map in Table 12,
below.
Table 12: Default SL-to-New-DSCP Map

SL Mark (New)
DSCP
1 12
2 10
3 20
4 18
5 28
6 26
7 36
8 34

Custom
The user can change the default SL-to-New-DSCP map as follows:
1. Enter configure terminal mode.
2. Invoke the following command:
diffserv sl <1-8>|all mark-dscp <0-63>|default
where,
diffserv Differentiated Services.
sl SL.
<1-8> Range of SLs from which one is to be selected.
all All eight SLs.
mark-dscp New DSCP value(s) for ingress packet.
<0-63> Range of DSCP values to be mapped to an SL. Any one of the
DSCP values 0-63 can be selected.
default Default DSCP value for the SL. (Table 12, page 242, shows the
default DSCP value for each SL.)
To revoke the above command, invoke the command:
no diffserv sl <1-8>|all mark-dscp
Example
OS910(config)# diffserv sl 7 mark-dscp 0
OS910(config)#

View
To view the SL-to-New-DSCP map, invoke the command do show diffserv.

242 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 13: Quality of Service (QoS)

Example
OS910(config)# do show diffserv
DSCP Marking Table
==================
orig-dscp service-level mark-dscp
============================================================================
0-3,8-9,11-17,20-25,27,29,31-33,35,37,39-45,47-63 1 12
10 2 10
4-7,19 3 20
18 4 18
28,30 5 28
26 6 26
36,38 7 0
34,46 8 34

Activation
To activate marking:
1. Enter configure terminal mode.
2. Invoke the command:
port qos-marking PORTS-GROUP|all dscp|vpt|vptdscp
where,
PORTS-GROUP Group of ports. (Trunk ports may be included in the group.)
all All ports.
dscp Mark DSCP bits according to the SL of a packet.
vpt Mark VPT bits according to the SL of a packet.
vptdscp Mark Layer 3 DSCP bits and Layer 2 VPT bits according to the SL
of a packet.

Examples
VPT
This example is provided to demonstrate the procedure for setting up the OS900 to direct ingress
packets at a specific port that have a specific VPT to an egress queue having a specific SL and to
mark these packets with a different VPT at egress.
Suppose it is required:
− To direct ingress packets at Port 1
− That have VPT 5
− To the egress queue having SL 6
− And to mark these packets with VPT 4 at egress
The sequence of CLI commands to be invoked to implement the requirement is shown below.

----Modification of Table 9, page 238, so that the same SL is assigned to the VPT at ingress and to that required at egress----
OS900(config)# diffserv orig-vpt 5,4 sl 6

--------------------Modification of Table 11, page 241, so that the required VPT at egress is assigned to required SL--------------------
OS900(config)# diffserv sl 6 mark-vpt 4

------------------------Identification of the port at which ingress packets are to be queued according to their VPT-------------------------
OS900(config)# port qos-trust 1 l2

----------------------------------------------Activation of marking for the selected port and VPT value----------------------------------------------


OS900(config)# port qos-marking 1 vpt

January 2009 URL: http://www.mrv.com 243


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

In the above example, since Port 1 is a dual port32, both the ingress and the egress VPT are
specified in the command diffserv orig-vpt 5,4 sl 6.
Figure 28, below, shows the stages at which a packet passing through the OS900 ports is:
− assigned an SL for placement in an egress queue, and
− marked with the VPT required for egress.

Figure 28: SL Assignment & VPT Marking of a Packet

DSCP
This example is provided to demonstrate the procedure for setting up the OS900 to direct ingress
packets at a specific port that have a specific DSCP to an egress queue having a specific SL and
to mark these packets with a different DSCP at egress.
Suppose it is required:
− To direct ingress packets at Port 1
− That have DSCP 10
− To the egress queue having SL 6

And to mark these packets with DSCP 18 at egress
The sequence of CLI commands to be invoked to implement the requirement is shown below.

----Modification of Table 10, page 239, so that the same SL is assigned to the DSCP at ingress and to that required at egress----
OS910(config)# diffserv orig-dscp 10,18 sl 6

--------------------Modification of Table 12, page 242, so that the required DSCP at egress is assigned to required SL--------------------
OS910(config)# diffserv sl 6 mark-dscp 18

------------------------Identification of the port at which ingress packets are to be queued according to their DSCP-------------------------
OS910(config)# port qos-trust 1 l3

----------------------------------------------Activation of marking for the selected port and DSCP value----------------------------------------------


OS910(config)# port qos-marking 1 dscp

In the above example, since Port 1 is a dual port33, both the ingress and the egress DSCP are
specified in the command diffserv orig-dscp 10,18 sl 6.
Figure 28, below, shows the stages at which a packet passing through the OS900 ports is:
− assigned an SL for placement in an egress queue, and
− marked with the DSCP required for egress.

32
Dual ports are described in the section Dual (Internal and External) Ports, page 154.
33
Dual ports are described in the section Dual (Internal and External) Ports, page 154.

244 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 13: Quality of Service (QoS)

Figure 29: SL Assignment & DSCP Marking of a Packet

Statistics
General
This section describes how to enable statistics gathering per-port per-SL while preserving the
mapping function DSCP SL, VPT SL.
The OS900 can be configured to collect up to sixteen sets of counts (since there are sixteen
statistics counters). The readings of the counts are displayed in tabular format. The entry NA means
not applicable.

Configuration
1. Two new global tables can be configured. The first one maps VPT to SL, the second
maps DSCP to SL.
To configure the VPT SL global table:
1.1. Enter configure terminal mode.
1.2. Enter VPT-to-SL mode by invoking the command:
sl-stat-table-vpt
1.3. Invoke the command:
orig-vpt <0-7> sl <1-8>
To configure the DSCP SL global table:
1.4. Exit to configure terminal mode.
1.5. Enter DSCP-to-SL mode by invoking the command:
sl-stat-table-tos
1.6. Invoke the command:
orig-tos TOS_HEX_VALUE TOS_HEX_MASK sl <1-8>
where,
TOS_HEX_VALUE: ToS value (hexadecimal number selectable from the range
0 to FF)
TOS_HEX_MASK: ToS mask (hexadecimal number selectable from the range 0
to FF)
<1-8>: SL value (selectable from the range 1 to 8)
2. Enable global per-port statistics (internally create the ACLs and actions) by invoking
the command:
sl-stat-per-port
3. Enable accounting for one or more ports specifying whether the classification is by
VPT and/or DSCP by invoking any of the following commands:
port sl-account dscp PORTS-GROUP
port sl-account dscp PORTS-GROUP vpt PORTS-GROUP
port sl-account vpt PORTS-GROUP

January 2009 URL: http://www.mrv.com 245


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

port sl-account vpt PORTS-GROUP dscp PORTS-GROUP


where,
PORTS-GROUP: Group of ports34.

Viewing
To view the statistics counters:
1. Enter enable mode.
2. Invoke the command:
show sl-stat-counters (PORTS-GROUP|all) sl (SL-GROUP|all)
where,
PORTS-GROUP: Group of ports.
all: (First appearance) All ports.
SL-GROUP: Group of SLs.
all: (Second appearance) All SLs.
To view the statistics counters with refresh (continual data update):
1. Enter enable mode.
2. Invoke the command:
monitor sl-stat-counters (PORTS-GROUP|all) sl (SL-
GROUP|all)
where,
PORTS-GROUP: Group of ports.
all: (First appearance) All ports.
SL-GROUP: Group of SLs.
all: (Second appearance) All SLs.

Clearing
To clear the statistics counters:
clear sl-stat-counters (PORTS-GROUP|all) sl (<1-8>|all)
where,
PORTS-GROUP: Group of ports.
all: (First appearance) All ports.
<1-8>: Group of SLs.
all: (Second appearance) All SLs.

34
Each and every port in the group must NOT have a user-defined ACL bound to it.

246 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

Chapter 14:Extended Access


Lists (ACLs)
This chapter presents the extended Access List (ACL) mechanism for handling ingress and egress
traffic.

Definition
An ACL is a set of rules for handling traffic at each OS900 port or VLAN interface. Each rule
consists of a set of packet attribute values (for the purpose of packet classification) and actions to
be performed on packets that have these values.
Examples of attributes are: Protocol, Source IP address, Destination IP address, Source port,
Destination port, VLAN tag, etc.
Examples of actions are: Drop packet, Forward packet, Mark an SL, Mirror packet to CPU, Handle
packets according to an Action List, etc.

Applicability
An ACL can be applied to one or more:
− VLAN interfaces
− Specific ports (even if the ports are members of different VLAN interfaces)
The advantage in applying one ACL to several ports/interfaces (i.e., using the ACL in sharing
mode) becomes evident when the ACL has to be modified. In such an instance the ACL needs to
be modified just once rather than several times, once for each port/interface.
Also, two ACLs can be created specifying two traffic conditioners to provide dual leaky-bucket
policing of traffic. The procedure is described in the section Dual Leaky-Bucket Policer, page 294.

Number
Up to 1K ACLs can be bound to ports and VLAN interfaces.

Global Profiles
General
A global profile is a policy for all ACLs (whether existing or to be configured in the future) in
handling ingress packets according to their tags.

Types
There are two global profiles:
− Normal
− Doubletag
Either one of these two profiles is mandatorily assigned to all ACLs. The normal global profile is
the default.
Normal
This profile is used for handling single-tag packets. If normal profile is selected:
The classifications35 ctag and c-vpt are illegal classifications. If they are used, binding of
the ACL will fail!

35
Selectable in rule mode, and detailed in the section Stage 1 – Packet Classification, page 249.

January 2009 URL: http://www.mrv.com 247


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

The classifications tag and vpt apply to the first tag of the ingress traffic, before addition of a
tag to packets according to the port’s outbound tag mode36.
Doubletag
This profile is used for handling double-tag packets. If double-tag profile is selected:
The classifications ctag and c-vpt apply to the second tag of the ingress traffic, before
handling of packets according to the port’s outbound tag mode.
The classifications tag and vpt apply to the first tag of the ingress traffic, after handling of
packets according to the port’s outbound tag mode.

Selection
The user can select the profile to be assigned to all ACLs as follows:
1. Enter configure terminal mode.
2. Invoke the command:
access-list extended-profile normal|double-tag|mpls-exp
where,
normal: Single-tag packets
double-tag: Double-tag packets
mpls-exp: MPLS EXP-bits packets

Changing
To change the profile selected to be assigned to all ACLs:
1. First make sure that all ACLs are unbound (as described in the section Unbinding,
page 268
2. Invoke the command:
access-list extended-profile normal|double-tag|mpls-exp
where,
normal: Single-tag packets
double-tag: Double-tag packets
mpls-exp: MPLS EXP-bits packets

Default
To select the default profile for all ACLs:
1. Enter configure terminal mode.
2. Invoke either of the following commands:
default access-list extended-profile
Or
access-list extended-profile normal

Creating/Accessing
To create or access an ACL:
1. Enter configure terminal mode
2. Invoke the command:
access-list extended WORD
where,
WORD: Name of the ACL (new or existing)

36
If the mode is q-in-q or untagged, a VLAN tag is added. If the mode is hybrid, a VLAN tag is added to untagged
packets. For details on these modes, refer to the section Outbound Tag Mode, page 139.

248 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

Example
OS900> enable
OS900# configure terminal
OS900(config)# access-list extended ACL1
OS900(config-access-list)#

The ACL name (ACL1 in the example above) becomes the instance (current) and the CLI enters
ACL mode (as indicated by the prompt ‘OS900(config-access-list)#’).
If this ACL has just been created, it is empty. To make it useful, rules have to be created for it.
To create, display, edit, move, and delete rules, refer to the section Configuring, page 249.

Configuring
General
Number of Rules
The maximum number of rules that can be configured for an ACL is 1024.

Order of Rules
The order of rules can affect packet handling! For e.g., if one rule dictates dropping of a packet
while the following rule dictates mirroring to the CPU, and the packet meets the requirements of
both rules, the following rule will be overriden by the previous rule, and the packet will be dropped
without mirroring. If the order of these two rules is reversed, the packet will be mirrored rather than
dropped.

Content of Rules
Make sure when creating a rule it complies with the global profile (described in the section Global
Profiles, page 247).

Creating Rule
An ACL rule for packet handling is created in two stages:
Stage 1 – Packet Classification
Stage 2 – Actions on Packet

Stage 1 – Packet Classification


Packet Classification is the specification of attribute values of packets (according to which the
packets are to be forwarded or dropped). Examples of these attributes are: Protocol, Source IP
address, Destination IP address, Source port, Destination port, etc.
Ingress Ports and VLAN Interfaces
To perform Stage 1 (packet classification) of any rule for ingress ports and VLAN interfaces:
1. Create or access an ACL as described in the section Creating/Accessing, page
248.
2. Create a rule index (ID) by invoking the following command:
rule [RULE_NUM]
where,
[RULE_NUM]: (optional) Index of rule. If this argument is not entered, the rule is
indexed automatically, i.e., it is assigned a number that is a multiple of 10. Further,
this number is the smallest number larger than any of the other indices of the
existing rules in the ACL.
Rules are ordered by their index. A rule with lower index has higher priority. This fact
is significant, as noted in the section Order of Rules, page 249.
On creation of the rule, the rule mode is entered as indicated by the prompt
OS900(config-rule)#. The rule just created does not contain packet classification (or
actions). To include packet classification in the rule, continue with the steps below.
3. [Optional] Select the protocol of the packets by invoking the command:

January 2009 URL: http://www.mrv.com 249


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

protocol eq <0-255>|icmp|igmp|ip|tcp|udp
where,
eq: Equal to
<0-255>: Range of IDs of protocols from which one can be selected. The protocols
associated with these IDs can be obtained using the Internet link
http://www.iana.org/assignments/protocol-numbers.
icmp: Internet Control Message Protocol (ID = 1)
igmp: Internet Gateway Message Protocol (ID = 2)
tcp: Transmission Control Protocol (ID = 6)
udp: User Datagram Protocol (ID = 17)
4. [Optional] Select the source IP address of the packets by invoking the command:
source-ip eq A.B.C.D/M|any
where,
eq: Equal to
A.B.C.D./M: Source prefix (IP address/mask) to be matched
any: Any prefix is a match
5. [Optional] Select the destination IP of the packets by invoking the command:
dest-ip eq A.B.C.D/M|any
where,
eq: Equal to
A.B.C.D./M: Destination prefix (IP address/mask) to be matched
any: Any prefix is a match
6. [Optional] Select the TCP/UDP source port of the packets by invoking the
command:
source-port eq PORT_RANGE
where,
eq: Equal to
PORT_RANGE: Port range. The valid range is 0 to 65535. The acceptable formats
are:
numeric – for specifying one port, e.g., 327
numeric/mask – for specifying several ports.
The mask can have any value in the range 0-16,
e.g., 31897/12.
Note
In the above command, the mask is used to select a range of ports. The
mask specifies the number of Most Significant Bits (MSBs) that are to be
the same (fixed) for all port numbers in the range. A port number
(entered in decimal format) is internally translated by the OS900 as a 16-
digit binary number.
Example 1:
This example shows what ports are included in the range when a port
number and mask are entered. For example, the port/mask 240/14 is
translated into the 16-bit binary number 0000000011110000 with a mask
on the 14 MSBs – shown in bold. This is equivalent to the range of ports
0000000011110000, 0000000011110001, 0000000011110010, and
0000000011110011.
Example 2:
This example shows how to determine the argument values to use in
order to select a range of ports between two numbers. Suppose the
numbers are 32 and 127.
The binary equivalent of 32 is 10000. To get all the values between 32
and 63, all the MSBs down to the leftmost 1 must be masked.
Accordingly, the mask must be 16 – 5 = 11. Therefore, to specify this

250 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

range of ports, in one rule invoke the command source-port eq


32/11.
The binary equivalent of 127 is 1111111. To get all the values between
64 and 127, all the MSBs down to the leftmost 1 must be masked.
Accordingly, the mask must be 16 – 6 = 10. Therefore, to specify this
range of ports, in the other rule invoke the command source-port eq
127/10.
The following is a CLI screen capture of the commands.
rule 10
protocol eq tcp
source-port eq 32/11
rule 20
protocol eq tcp
source-port eq 127/10

7. [Optional] Select the TCP/UDP destination port(s) of the packets by invoking the
command:
dest-port eq PORT_RANGE
where,
eq: Equal to
PORT_RANGE: Port range. The valid range is 0 to 65535. The acceptable formats
are:
a numeric – for specifying one port, e.g., 25
numeric/mask – for specifying several ports.
The mask can have any value in the range 0-16,
e.g., 31897/10.
The Note above on masks for the command source-port eq PORT_RANGE applies for
the command dest-port eq PORT_RANGE as well.
8. [Optional] Select the DSCP value of the packet by invoking the command:
dscp eq DSCP_HEX_VALUE [MASK_HEX_VALUE]
where,
eq: Equal to
DSCP_HEX_VALUE: DSCP value. Any hexadecimal number in the range 0x0 to
0xFF can be entered.
[MASK_HEX_VALUE]: Mask of DSCP value. Any hexadecimal number in the range
0x0 to 0xFF can be entered. The mask is used to select several DSCP values. The
mask in binary format is compared to the DSCP value in binary format. In the
positions of the 0s of the mask, the DSCP bits are permitted to be 0 or 1. For e.g., a
DSCP value 0x 9C ( = 10011100) and mask FD ( = 11101101) together are
equivalent to the 22 DSCP values: 10011100, 10001110, 10011110, 10001100.
9. [Optional] Select the VPT value of the packet by invoking the command:
vpt eq <0-7>
where,
eq: Equal to
<0-7>: Range of VPT values. Any value between 0 and 7 can be entered.
10. [Optional] Select the VLAN tag of the packet by invoking either of the following
commands:
tag eq <1-4095> [MASK_HEX_VALUE]
tag eq <0-4095> up-to <1-4095>
ctag eq <0-4095> up-to <1-4095>
where,
tag: For single-tag packets
ctag: For double-tag packets
eq: Equal to
up-to: range

January 2009 URL: http://www.mrv.com 251


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

<1-4095>: (First appearance) (Lowest) VLAN tag of packet (in the range).
<1-4095>: (Second appearance) Highest VLAN tag of packet in the range.
[MASK_HEX_VALUE]: Mask hex value in the hexadecimal range 0 to fff. Allows
for selecting a range of VLAN tags. A ‘0’ binary digit in the mask means that the
VLAN tag binary digit in the same position will be considered as ‘0’ and ‘1’ to give
two values. For example, if the VLAN tag is decimal 9, i.e., binary 1001, and the
mask is hex C, i.e., binary 1100, the range of VLAN tags is 1000 to 1011, i.e.,
decimal 8 to 11.
The advantage in using the rule classification command with the keyword up-to is that it
takes up only one rule space instead of several. If the lowest VLAN tag of the range is not
a number that can be expressed as an integral power of 2, the OS900 automatically
rounds up the entered tag to the greatest number smaller than the entered tag that can be
expressed as an integral power of 2. If the highest VLAN tag of the range is not a number
that can be expressed as an integral power of 2, the OS900 automatically rounds up the
entered tag to the smallest number greater than the entered tag that can be expressed as
an integral power of 2. For example, if the entered lowest VLAN tag value is 21, it is
rounded down to 16. If the entered highest VLAN tag value is 58, it is rounded up to 63.
11. [Optional] Select the VLAN tag of the packet by invoking the command:
tag eq <1-4095> [MASK_HEX_VALUE]
where,
eq: Equal to
<1-4095>: VLAN tag of packet.
[MASK_HEX_VALUE]: Mask hex value in the hexadecimal range 0 to fff. Allows
for selecting a range of VLAN tags. A ‘0’ binary digit in the mask means that the
VLAN tag binary digit in the same position will be considered as ‘0’ and ‘1’ to give
two values. For example, if the VLAN tag is decimal 9, i.e., binary 1001, and the
mask is hex C, i.e., binary 1100, the range of VLAN tags is 1000 to 1011, i.e.,
decimal 8 to 11.
12. [Optional] Specify the packet ethertype (follows the VLAN header) by invoking the
command:
ethertype eq ETHERTYPE
where,
eq: Equal to
ETHERTYPE: Ethertype value in the range [0x5dd to 0xffff] and different from the
port core-ethertype
13. [Optional] Specify the source MAC address for non IP/ARP packets by invoking the
command:
src-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
where,
eq: Equal to
MAC_ADDRESS: Source MAC address in hex format (e.g., aa:bb:cc:dd:ee:ff)
[MASK]: Mask in hex format (e.g., aa:bb:cc:dd:ee:ff)
14. [Optional] Specify the destination MAC address for non IP/ARP packets by invoking the
command:
dest-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
where,
eq: Equal to
MAC_ADDRESS: Destination MAC address in hex format (e.g., aa:bb:cc:dd:ee:ff)
[MASK]: Mask in hex format (e.g., aa:bb:cc:dd:ee:ff)
15. [Optional] Specify the source physical port (irrespective of whether the port is a
member of a VLAN interface) by invoking the command:
src-phy-port eq PORT
where,
eq: Equal to

252 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

PORT: Physical port number


16. [Optional] Specify the value of the EXP bits of MPLS packets (on whom one or
more actions are to be performed) by invoking the command:
For Tagged Packets
mpls-exp-tagged eq <0-7>
where,
eq: Equal to
<0-7>: EXP value
To revoke a specific value of the EXP bits of tagged MPLS packets (and therefore the
action/s to be performed on such packets), invoke the command:
no mpls-exp-tagged eq <0-7>
where,
eq: Equal to
<0-7>: EXP value
To revoke all values of the EXP bits of MPLS tagged packets (and therefore the action/s
to be performed on such packets), invoke the command:
no mpls-exp-tagged
For Untagged Packets
mpls-exp-untagged eq <0-7>
where,
eq: Equal to
<0-7>: EXP value
To revoke a specific value of the EXP bits of untagged MPLS packets (and therefore the
action/s to be performed on such packets), invoke the command:
no mpls-exp-untagged eq <0-7>
where,
eq: Equal to
<0-7>: EXP value
To revoke all values of the EXP bits of MPLS untagged packets (and therefore the
action/s to be performed on such packets), invoke the command:
no mpls-exp-untagged

Note
Classification according to EXP bits (using the command mpls-exp-
tagged eq <0-7> or mpls-exp-untagged eq <0-7>) cannot be
combined with classification according to L3 or L4 in the same rule!
An ACL with classification according to EXP bits cannot be bound to
egress ports.

17. If required, create additional rules by repeating steps 2 to 15 above for each rule.
Egress Ports
To perform Stage 1 (packet classification) of any rule for egress ports:
1. Create or access an ACL as described in the section Creating/Accessing, page
248.
2. Create a rule index (ID) by invoking the following command:
rule [RULE_NUM]
where,
[RULE_NUM]: (optional) Index of rule. If this argument is not entered, the rule is
indexed automatically, i.e., it is assigned a number that is a multiple of 10. Further,
this number is the smallest number larger than any of the other indices of the
existing rules in the ACL.
Rules are ordered by their index. A rule with lower index has higher priority. This fact
is significant, as noted in the section Order of Rules, page 249.

January 2009 URL: http://www.mrv.com 253


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

On creation of the rule, the rule mode is entered as indicated by the prompt
OS900(config-rule)#. The rule just created does not contain packet classification (or
actions). To include packet classification in the rule, continue with the steps below.
3. [Optional] Select the protocol of the packets by invoking the command:
protocol eq <0-255>|icmp|igmp|ip|tcp|udp
where,
eq: Equal to
<0-255>: Range of IDs of protocols from which one can be selected. The protocols
associated with these IDs can be obtained using the Internet link
http://www.iana.org/assignments/protocol-numbers.
icmp: Internet Control Message Protocol (ID = 1)
igmp: Internet Gateway Message Protocol (ID = 2)
tcp: Transmission Control Protocol (ID = 6)
udp: User Datagram Protocol (ID = 17)
4. [Optional] Select the source IP address of the packets by invoking the command:
source-ip eq A.B.C.D/M|any
where,
eq: Equal to
A.B.C.D./M: Source prefix (IP address/mask) to be matched
any: Any prefix is a match
5. [Optional] Select the destination IP of the packets by invoking the command:
dest-ip eq A.B.C.D/M|any
where,
eq: Equal to
A.B.C.D./M: Destination prefix (IP address/mask) to be matched
any: Any prefix is a match
6. [Optional] Select the DSCP value of the packet by invoking the command:
dscp eq DSCP_HEX_VALUE [MASK_HEX_VALUE]
where,
eq: Equal to
DSCP_HEX_VALUE: DSCP value. Any hexadecimal number in the range 0x0 to
0xFF can be entered.
[MASK_HEX_VALUE]: Mask of DSCP value. Any hexadecimal number in the range
0x0 to 0xFF can be entered. The mask is used to select several DSCP values. The
mask in binary format is compared to the DSCP value in binary format. In the
positions of the 0s of the mask, the DSCP bits are permitted to be 0 or 1. For e.g., a
DSCP value 0x 9C ( = 10011100) and mask FD ( = 11101101) together are
equivalent to the 22 DSCP values: 10011100, 10001110, 10011110, 10001100.
7. [Optional] Select the VPT value of the packet by invoking the command:
vpt eq <0-7>
where,
eq: Equal to
<0-7>: Range of VPT values. Any value between 0 and 7 can be entered.
8. [Optional] Select the VLAN tag of the packet by invoking the command:
tag eq <1-4095> [MASK_HEX_VALUE]
where,
eq: Equal to
<1-4095>: VLAN tag of packet.
[MASK_HEX_VALUE]: Mask hex value in the hexadecimal range 0 to fff. Allows
for selecting a range of VLAN tags. A ‘0’ binary digit in the mask means that the
VLAN tag binary digit in the same position will be considered as ‘0’ and ‘1’ to give
two values. For example, if the VLAN tag is decimal 9, i.e., binary 1001, and the

254 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

mask is hex C, i.e., binary 1100, the range of VLAN tags is 1000 to 1011, i.e.,
decimal 8 to 11.
9. [Optional] Specify the packet ethertype (follows the VLAN header) by invoking the
command:
ethertype eq ETHERTYPE
where,
eq: Equal to
ETHERTYPE: Ethertype value in the range [0x5dd to 0xffff] and different from the
port core-ethertype

Note
Packets assigned ethertype 0x806 (ARP) can neither be distinguished by the
classification source-ip (source IP address) nor by the classification dest-
ip (destination IP address).

10. [Optional] Specify the source MAC address for non IP/ARP packets by invoking
the command:
src-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
where,
eq: Equal to
MAC_ADDRESS: Source MAC address in hex format (e.g., aa:bb:cc:dd:ee:ff)
[MASK]: Mask in hex format (e.g., aa:bb:cc:dd:ee:ff)
11. [Optional] Specify the destination MAC address for non IP/ARP packets by
invoking the command:
dest-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
where,
eq: Equal to
MAC_ADDRESS: Destination MAC address in hex format (e.g., aa:bb:cc:dd:ee:ff)
[MASK]: Mask in hex format (e.g., aa:bb:cc:dd:ee:ff)

12. If required, create additional rules by repeating steps 2 to 15 above for each rule.

Stage 2 – Actions on Packet


Actions for a rule consist of selecting one or more actions (to be performed on a packet)
conditional on the packet classification (Stage 1) and the command action deny|permit
(described in the subsections, Ingress Ports and VLAN Interfaces and Egress Ports, below).
Stage 2 may be performed immediately after completing Stage 1, above, while in rule mode.
rule mode is indicated by the prompt OS900(config-rule)#, and is applicable for the rule that is
the instance (current).
The SL value assigned in Stage 2 (using any of actions 3.5 to 3.13 and 3.19, in the section Ingress
Ports and VLAN Interfaces, below) overrides the SL assigned as described in the section Custom
Map, page 289.
In Stage 2, an action (or Action List) that is the instance (current) can be deleted, by invoking the
command:
no action
Example
OS900(config-rule)# action mark sl 7 vpt 3
OS900(config-rule)# show
OS910(config-rule)# show
Rule index: 10
Action:
Mark sl 7
Mark vpt 3
Rule:
Rule is enable.

January 2009 URL: http://www.mrv.com 255


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

----------
OS910(config-rule)# no action mark sl
OS910(config-rule)# show
Rule index: 10
Action:
Mark vpt 3
Rule:
Rule is enable.
----------
OS910(config-rule)#

In the above example, the command ‘no action mark sl’ revokes only the action ‘Mark sl 7‘. To
revoke all actions of a rule, invoke the command: no action all.
Up to 56 mark actions can be defined per ACL. A mark action can include one or more of the
following packet attributes: VPT, DSCP, and SL.
Ingress Ports and VLAN Interfaces
To perform Stage 2 (action on packets) of any rule for ingress ports and VLAN interfaces:
1. Enter rule mode of the specific rule. This may require performance of the following
sequence of actions: entry into enable mode, entry into configure terminal
mode, entry into access-list mode for the specific ACL (as described in the
section Creating/Accessing, page 248.), entry into rule mode of the specific rule (as
described in step 2, page 249).
2. Invoke the command37:
action deny|permit
where,
deny: Deny (drop) packets that have all the attribute values (specified in Stage 1 –
Packet Classification, page 249) .
permit: Permit (forward) packets that have all the attribute values.

Note
The actions in steps 3.1 to 3.10 are conditional on the command
action deny|permit.

3. Select any one or more of the following actions, provided they do not conflict with one
another:
3.1. Trap/copy packets to the CPU by invoking the command:
action (trap-to-cpu [high-priority]|mirror-to-cpu)
where,
trap-to-cpu: Trap (send) packets only to the CPU.
high-priority: With high priority.
mirror-to-cpu: Copy packets to the CPU.
3.2. If a rate limit is required for traffic to the CPU, trap/copy the packets to the CPU by
invoking the command:
action redirect port cpu
3.3. Copy packets to the analyzer port/VLAN by invoking the command:
action mirror-to-analyzer
where,
mirror-to-analyzer: Copy packets to the analyzer port/VLAN.
3.4. Loopback and swap MAC SA with MAC DA by invoking the command:

37
This command (action) may be overridden if a rule with a lower index number specifies a conflicting action – see the
section Order of Rules, page 249.

256 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

action layer2-loopback port PORT


where,
PORT: The number of the port to which the packet is to be sent.
3.5. Mark packets with an SL value by invoking the command:
action mark sl <1-8>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)

Note
The effect of SL marking depends on the binding of the ACL (using the
command access-group). When an ACL is bound to an interface or
port, the marking sets the internal SL used for ingress shaping. In order
for the marking action to effect the actual egress SL, the ACL should be
bound to a port using the command port access-group extra …).
3.6. Mark packets with a DSCP value by invoking the command:
action mark dscp <0-63>
where,
mark: Marking.
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
3.7. Mark packets with a VPT value by invoking the command:
action mark vpt <0-7>
where,
mark: Marking.
vpt: VPT.
<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)

Note
The effect of VPT marking depends on the binding of the ACL (using the
command access-group) and the ingress port tag-outbound mode.
When ACL is bound to an interface or to a port, the VPT marking is
effective only if the ingress port is not set as ‘untagged’. In order for the
marking action to effect the actual egress packet when ingress port
is‘untagged,’ the ACL should be bound to a port using the command
port access-group extra …).
3.8. Redirect all packets that enter ports (even trunk ports) in a VLAN to a specific port in
the VLAN by invoking the command:
action redirect port PORT
where,
PORT: Port number.
3.9. Swap (replace) the VLAN tag of ingress packets by invoking the command:
action tag swap <0-4095>
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.

January 2009 URL: http://www.mrv.com 257


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Note
In combination with the command port tag-outbound-mode q-
in-q PORTS-GROUP TAG (described in the section Q-in-Q (Service
VLAN Access Mode), page 141), this action can be used to implement
selection of a specific service VLAN in Provider Bridges applications.
3.10. Translate/swap the customer VLAN tag of packets (for the service VLAN tag) by
invoking the command:
action tag swap-ctag <0-4095> stag <0-4095>
where,
<0-4095>: (First appearance) Range of customer VLAN tags from which one
tag is to be selected.
<0-4095>: (Second appearance) Range of service VLAN tags from which
one tag is to be selected.
3.11. Assign a specific Action List by invoking the command:
action list NAME
where,
NAME: Action List name.
3.12. Nest a tag (add a higher level tag, e.g., an IEEE802.1ad q-in-q service provider
bridge tag) to an incoming packet by invoking the command:
action tag nest <0-4095> [vpt <0-7>]
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.
[vpt]: (Optional) VLAN priority tag.
<0-7>: Range of VLAN priority tags from which one tag is to be selected.
3.13. Swap the VLAN tag and VPT value of packets by invoking the command:
action tag swap <0-4095> vpt <0-7>
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.
<0-7>: Range of VLAN priority values from which one value is to be selected.
3.14. Mark packets with an SL and DSCP value by invoking the command:
action mark sl <1-8> dscp <0-63>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. If an SL value
already exists, it is overwritten.
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
3.15. Mark packets with an SL and VPT value by invoking the command:
action mark sl <1-8> vpt <0-7>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
vpt: VPT.

258 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)
3.16. Mark packets with an SL, DSCP, and VPT value by invoking the command:
action mark sl <1-8> dscp <0-63> vpt <0-7>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
dscp: is a keyword signifying DSCP.
<0-63>: DSCP values from which one can be selected. (If a DSCP value
already exists, it is overwritten.)
vpt: keyword signifying VPT.
<0-7>: Range of VPT values from which one can be selected. If a VPT value
already exists, it is overwritten.
3.17. Mark packets with an SL value and swap their VLAN tag by invoking the command:
action mark sl <1-8> tag swap <0-4095>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
tag swap: Swap VLAN tag
<0-4095>: Range of VLAN tags from which one tag is to be selected.
3.18. Mark packets with an SL and VPT value and swap their VLAN tag by invoking the
command:
action mark sl <1-8> vpt <0-7> tag swap <0-4095>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
vpt: VPT.
<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)
tag swap: Swap VLAN tag
<0-4095>: Range of VLAN tags from which one tag is to be selected.
3.19. Mark packets with an SL and DSCP value and swap the VLAN tag of the packets by
invoking the command:
action mark sl <1-8> dscp <0-63> tag swap <0-4095>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. If an SL value
already exists, it is overwritten.
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
tag swap: Swap VLAN tag

January 2009 URL: http://www.mrv.com 259


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

<0-4095>: Range of VLAN tags from which one tag is to be selected.


3.20. Mark packets with an SL, DSCP, VPT value, and swap their VLAN tag by invoking
the command:
action mark sl <1-8> dscp <0-63> vpt <0-7> tag swap <0-4095>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
vpt: VPT.
<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)
tag swap: Swap VLAN tag
<0-4095>: Range of VLAN tags from which one tag is to be selected.
3.21. Assign a specific Action List and, optionally, mark ingress packets with an SL,
DSCP, VPT value, and swap their VLAN tag by invoking the command:
action list NAME [mark [sl <1-8>] [dscp <0-63>] [vpt <0-7>]
[tag swap <0-4095>]]
where,
NAME: Action List name.
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
vpt: VPT.
<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)
tag swap: Swap VLAN tag
<0-4095>: Range of VLAN tags from which one tag is to be selected.
3.22. It is possible that no rule will apply to certain packet types. Such packets, by default,
are dropped. To enable forwarding (or dropping) of all such packets:
3.22.1. Enter the access-list mode of the ACL.
To do so when in the rule mode, invoke the command exit.
(To do so when in the configure terminal mode, invoke the
command access-list extended WORD, where WORD is the name of
the ACL.)
3.22.2. Invoke the command:
default policy permit|deny
where,
permit: Permit forwarding of a packet if no rule applies.
deny: Drop (deny forwarding of) a packet if no rule applies.
Example
OS900(config-access-list)# default policy permit
OS900(config-access-list)#

260 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

Egress Ports
To perform Stage 2 (action on packets) of any rule for egress ports:
1. Enter rule mode of the specific rule. This may require performance of the following
sequence of actions: entry into enable mode, entry into configure terminal
mode, entry into access-list mode for the specific ACL (as described in the
section Creating/Accessing, page 248.), entry into rule mode of the specific rule (as
described in step 2, page 249).
2. Invoke the command38:
action deny|permit
where,
deny: Deny (drop) packets that have all the attribute values (specified in Stage 1 –
Packet Classification, page 249) .
permit: Permit (forward) packets that have all the attribute values.

Note
The actions in steps 3.1 to 3.10 are conditional on the command
action deny|permit.

3. Select any one or more of the following actions, provided they are not mutually
conflictual:

Note
Before invoking the command action mark … vpt or action tag
swap … for a port, first make sure that the port is set in tagged or
hybrid mode and the rule action permit has been selected.

3.1. Mark packets with a DSCP value by invoking the command:


action mark dscp <0-63>
where,
mark: Marking.
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
Note
The action mark … dscp can apply only to IP packets.
For it to apply to non-IP packets as well, the non-IP
packets must be assigned the ethertype 0x800 (for IPv4
packets) or 0x86dd (for IPv6 packets) using the command
ethertype eq ETHERTYPE.

3.2. Mark packets with a VPT value by invoking the command:


action mark vpt <0-7>
where,
mark: Marking.
vpt: VPT.
<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)

38
This command (action) may be overridden if a rule with a lower index number specifies a conflicting action – see the
section Order of Rules, page 249.

January 2009 URL: http://www.mrv.com 261


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Note
The effect of VPT marking depends on the binding of the ACL (using the
command access-group) and the ingress port tag-outbound mode. When ACL
is bound to an interface or to a port, the VPT marking is effective only if the
ingress port is not set as ‘untagged’. In order for the marking action to effect the
actual egress packet when ingress port is‘untagged,’ the ACL should be bound
to a port using the command port access-group extra …).
3.3. Swap (replace) the VLAN tag of packets by invoking the command:
action tag swap <0-4095>
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.

Note
In combination with the command port tag-outbound-mode q-in-q
PORTS-GROUP TAG (described in the section Q-in-Q (Service VLAN Access
Mode), page 141), this action can be used to implement selection of a specific
service VLAN in Provider Bridges applications.

3.4. Swap the VLAN tag and VPT value of egress packets by invoking the command:
action tag swap <0-4095> vpt <0-7>
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.
<0-7>: Range of VLAN priority values from which one value is to be selected.
3.5. It is possible that no rule will apply to certain packet types. Such packets, by default,
are dropped. To enable forwarding (or dropping) of all such packets:
3.5.1. Enter the access-list mode of the ACL.
To do so when in the rule mode, invoke the command exit.
(To do so when in the configure terminal mode, invoke the
command access-list extended WORD, where WORD is the name of
the ACL.)
3.5.2. Invoke the command:
default policy permit|deny
where,
permit: Permit forwarding of a packet if no rule applies.
deny: Drop (deny forwarding of) a packet if no rule applies.
Example
OS900(config-access-list)# default policy permit
OS900(config-access-list)#

Viewing Rule
To view a specific rule of an ACL:
1. Enter configure terminal mode.
2. Enter the mode of the ACL whose rule(s) is/are to be viewed by invoking the
command:
access-list extended WORD
where,
WORD: Name of the ACL
3. Invoke the command:
show rule RULE_NUM
where,
[RULE_NUM] : Index of rule.

262 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

Example
OS900# configure terminal
OS900(config)# access-list extended ACL1
OS900(config-access-list)# show rule 10
Rule index: 10
Action:deny
Source ip:32.32.32.32/32
----------
OS900(config-access-list)#

To view all rules of an ACL:


1. Enter configure terminal mode.
2. Enter the mode of the ACL whose rule(s) is to be viewed by invoking the
command:
access-list extended WORD
where,
WORD: Name of the ACL
3. Invoke the command:
show
Example
OS900# configure terminal
OS900(config)# access-list extended ACL1
OS900(config-access-list)# show

Access List Extended ACL1


=========================
state: NOT ACTIVE
----------
Rule index: 10
Action:deny
Source ip:32.32.32.32/32
----------
Rule index: 20
Action:permit
Destination ip:31.31.31.0/24
----------
Rule index: 30
Action:action-list ACN1 with mark sl 7
----------
Rule index: 40
Action:action-list ACN1
Protocol:icmp
----------
default policy: deny all
OS900(config-access-list)#

Editing Rule
To edit an existing or new rule:
1. Invoke the command:
rule RULE_NUM
where,
RULE_NUM: Index of the rule to be edited
Example
OS900(config)# access-list extended Sales
OS900(config-access-list)#
OS900(config-access-list)# rule 2
OS900(config-rule)#

January 2009 URL: http://www.mrv.com 263


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

2. Invoke any one or more of the commands noted above for classification and
actions.

Moving Rule
To move a rule, invoke the command:
rule RULE_NUM move NEW_RULE_NUM
where,
RULE_NUM: Index of the rule to be moved
NEW_RULE_NUM: New index to be assigned to the rule. The rule is moved to a position so
that the indexes of all the rules are in ascending order from top to bottom.
Example
OS900(config-access-list)#
OS900(config-access-list)# rule 3 move 1
OS900(config-access-list)#

Deleting Rule
To delete a specific rule:
1. Enter the access-list mode of the ACL.
2. Invoke the command:
no rule RULE_NUM
where,
RULE_NUM: Index of the rule.
Example
OS900(config-access-list)#
OS900(config-access-list)# no rule 2
OS900(config-access-list)#

To delete all rules of an ACL:


1. Enter the access-list mode of the ACL.
2. Invoke the command:
flush
Example
OS900(config)# access-list extended ACL1
OS900(config-access-list)# flush
OS900(config-access-list)#

Global Default Policy


A packet-handling policy (called Global Default Policy) that applies to all ACLs configured on the
OS900 can be implemented. This policy can be either ‘permit forwarding’ or ‘deny forwarding’ (of a
packet if it does not possess any of the attributes specified in the rules of the associated ACL.
To implement a Global Default Policy:
1. Enter configure terminal mode.
2. Invoke the command:
access-list extended-default-policy deny|permit
where,
deny: Drop a packet if any criterion for forwarding the packet in any rule is not
met.
permit: Forward a packet if no criterion for forwarding the packet in any rule
is violated.

264 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

Note
The command Global Default Policy is effective for ACLs that are bound after
invocation of this command. To make the command Global Default Policy
effective for an ACL that is bound before invocation of this command, unbind all
ACLs, invoke the command Global Default Policy, and then rebind the ACL.

Example
OS900> enable
OS900# configure terminal
OS900(config)# access-list extended-default-policy permit
OS900(config)#

Viewing
Configured ACLs can be viewed from any of the following modes:
− access-list mode
− enable mode
access-list mode
Only the current ACL can be displayed from this mode. To display the ACL, invoke the command:
show [detail]
where,
detail (optional): Information in detail. The command without this argument displays
abbreviations used by the OS900 in displaying rule actions.
Example
OS900(config-access-list)# show

Access List Extended ACL2


=========================
state: NOT ACTIVE
----------
default policy: deny all
OS900(config-access-list)#
enable mode
Any one or more ACLs can be displayed from this mode.
show access-list [NAME|configuration]
where,
NAME: (Optional) Name of an existing ACL. The command displays a specific ACL if the
ACL name is typed in place of this argument. The command without this argument
displays all the ACLs in memory.
configuration: ACLs in run-time memory.
Example
OS900# show access-list ACL2

Access List Extended ACL2


=========================
state: NOT ACTIVE
----------
default policy: deny all
OS900#

Comment Adding
A user comment on an ACL can be entered with the ACL as follows:
1. Enter the access-list mode of the ACL.
2. Invoke the command:

January 2009 URL: http://www.mrv.com 265


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

remark LINE
where,
LINE: Comment on the current ACL.
Example
OS900> enable
OS900# configure terminal
OS900(config)# access-list extended ACL1
OS900(config-access-list)# remark This ACL is to be used for the Sales Dept.
OS900(config-access-list)# show

Access List Extended ACL2


=========================
This ACL is to be used for the Sales Dept.
state: NOT ACTIVE
----------
default policy: deny all
OS900(config-access-list)#

Binding
Limitations
− Only one ACL can be bound to a VLAN interface.
− Up to two ACLs can be bound to a port.
− A specific ACL can be bound either to ingress ports/VLANs or egress ports; not
both.

Ingress Ports and Ingress VLAN Interfaces


Mode
Ingress ports can be configured to use ACLs in either of the following modes:
− Port Mode
− VLAN Mode
In Port Mode, incoming packets are handled according to the ACL bound to the port group. In
VLAN Mode, incoming packets are handled according to the ACL bound to the VLAN interface
having the same tag as the packet. (In VLAN Mode, an ingress port must be a member of the
VLAN interface otherwise the packets may be dropped depending on the handling mode set as
described in the section Outbound Tag Mode, page 139.)
To select the binding mode and to bind ACLs to a port group:
1. Enter configure terminal mode.
2. Select Port Mode or VLAN Mode by invoking the command:
port acl-binding-mode by-port|by-vlan [PORTS-GROUP]
where,
by-port: (Port Mode) Use ACL bound to a port group.
by-vlan: (VLAN Mode) Use ACL bound to VLAN interface having the same
tag as the incoming packet. (Default).
PORTS-GROUP: Group of ports.

Ingress Ports

1. To bind an ACL to an ingress port group, invoke the command:


port access-group WORD PORTS-GROUP
where,
WORD: Name of ACL.

266 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

PORTS-GROUP: Group of Ports.

2. Two ACLs may be bound to a port group. The first ACL is bound as in step 1,
above. To bind a second ACL to a port group, invoke the command:
port access-group extra WORD PORTS-GROUP
where,
WORD: Name of second ACL.
PORTS-GROUP: Same group of Ports as for the first ACL. (The port/s must not
be port 11 or 12 of the OS912.)

Ingress VLAN Interface


1. To bind an ACL to a VLAN interface:
a. Invoke the command:
interface vlan IFNAME
where,
IFNAME: ID of the interface, e.g., vif1, vif2, etc.
b. From the VLAN interface’s mode, invoke the command:
access-group WORD
where,
WORD: Name of the ACL.

Example

--------------------------------------Configuring Interface vif777--------------------------------------


OS900(config)# interface vlan vif777
OS900(config-vif777)# ports 1,2
OS900(config-vif777)# tag 7
Interface is activated.

OS900(config)# show port access-list


[PORT-GROUP] Group of Ports
| Output modifiers
OS900(config)# show port access-list

Port Access List Configuration


================================
Port Binding Mode Access List Extra ACL Egress ACL
--------------------------------------------------------------
1 by-vlan
2 by-port
3 by-vlan
4 by-vlan
OS900(config)#

--------------------------Selecting the mode for binding an ACL to Port 2-------------------------

OS900(config-vif777)# exit
OS900(config)# port acl-binding-mode ?
by-port Set acl binding by port
by-vlan Set acl binding by vlan
OS900(config)# port acl-binding-mode by-port ?
<cr>
PORTS-GROUP Group of Ports
| Output modifiers
OS900(config)# port acl-binding-mode by-port 2 ?
<cr>
| Output modifiers
OS900(config)# port acl-binding-mode by-port 2

January 2009 URL: http://www.mrv.com 267


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

-----------------------------Displaying the binding modes for each port------------------------------

OS900(config)# show port access-list

Port Access List Configuration


================================
Port Binding Mode Access List Extra ACL Egress ACL
--------------------------------------------------------------
1 by-vlan
2 by-port
3 by-vlan
4 by-vlan
OS900(config)#

--------------------------------------Binding ACL ACL6 to Port 2---------------------------------------

OS900(config)# port access-group ACL6 2


OS900(config)#

-----------------------------------Binding ACL ACL7 also to Port 2------------------------------------

OS900(config)# port access-group extra ACL7 2


OS900(config)#

-------------------------------Binding ACL ACL8 to Interface vif777--------------------------------

OS900(config)# interface vif777


OS900(config-vif777)# access-group ACL8
OS900(config-vif777)#

Egress Ports
ACLs can be bound to egress ports only; not egress VLANs
To bind an ACL to an egress port group:
1. Enter configure terminal mode.
2. Select Port Mode by invoking the command:
port acl-binding-mode by-port [PORTS-GROUP]
where,
by-port: (Port Mode) Use ACL bound to a port group.
PORTS-GROUP: Group of ports.
3. Invoke the command:
port access-group egress WORD PORTS-GROUP
where,
WORD: Name of ACL.
PORTS-GROUP: Group of ports.

Unbinding
Ingress Ports
To unbind the first ACL from a group of ports:
1. Enter configure terminal mode.
2. Invoke the command:
no port access-group PORTS-GROUP
where,
PORTS-GROUP: Group of Ports.

268 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

Example
OS900# configure terminal
OS900(config)# no port access-group 4
OS900(config)#

To unbind the second ACL from a group of ports:


1. Enter configure terminal mode.
2. Invoke the command:
no port access-group extra PORTS-GROUP
where,
PORTS-GROUP: Same group of Ports.
Example
OS900# configure terminal
OS900(config)# no port access-group extra 4
OS900(config)#

Ingress VLAN Interface


To unbind an ACL from an ingress VLAN interface:
1. Enter configure terminal mode.
2. Invoke the command:
interface IFNAME
where,
IFNAME: ID of the interface, e.g., vif1, vif2, etc.
3. Invoke the command:
no access-group
Example
OS900# configure terminal
OS900(config)# interface vif777
OS900(config-vif777)# no access-group
OS900(config-vif777)#

Egress Ports
To unbind an ACL from an egress port group:
1. Enter configure terminal mode.
2. Invoke the command:
no port access-group egress PORTS-GROUP
where,
PORTS-GROUP: Group of ports.
Example
OS900(config)# port access-group ACL3 1,3
OS900(config)#

Deleting
To delete an ACL:
1. Unbind the ACL from each interface to which it has been bound as described in
the section Unbinding, page 268.
2. Enter configure terminal mode.
3. Invoke the command:
no access-list WORD
where,
WORD: Name of the ACL

January 2009 URL: http://www.mrv.com 269


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900(config)# no access-list ACL1
Access List ACL1 was deleted.
OS900(config)#

Example
Below is a configuration example showing the user inputs (in bold) and OS900 outputs on the CLI
screen. The user inputs include:
− ACL creation
− Adding a comment (remark) on the ACL
− Creation of rules. Each rule consists of a criterion (condition) and the action for the rule
− Creation of an interface to which the ACL is to be applied
− Activation of the ACL using the command access-group.
− ACL status display
− Interface status display
OS900> enable
OS900# configure terminal
OS900(config)# access-list extended ACL1

OS900(config-access-list)# remark This ACL is for Sales Dept.

OS900(config-access-list)# rule 1
OS900(config-rule)# source-ip eq 10.10.10.10/32
OS900(config-rule)# action permit
OS900(config-rule)# exit

OS900(config-access-list)# rule
OS900(config-rule)# source-ip eq 4.4.4.4/32
OS900(config-rule)# action mirror-to-cpu
OS900(config-rule)# exit

OS900(config-access-list)# rule
OS900(config-rule)# source-ip eq 1.1.1.1/32
OS900(config-rule)# action mark sl 7
OS900(config-rule)# exit
OS900(config-access-list)# exit

OS900(config)# interface vlan vif2005


OS900(config-vif2005)# ports 2-4
OS900(config-vif2005)# tag 100
Interface is activated.
OS900(config-vif2005)# ip 193.88.88.234/24
OS900(config-vif2005)# access-group ACL1
OS900(config-vif2005)#

OS900(config-vif2005)# show access-group


Access List ACL1 is activated on inteface vif2005

OS900(config-vif2005)# show detail

vif2005 is DOWN (No state changes have occurred)


Active: Yes
Ports: 3-8
Interface type is Vlan
Encapsulation: 802.1Q, Tag 100
MAC address is 00:0F:BD:02:05:B8
IP address is 193.88.88.234/24
Cpu-membership is enable
Management access is denied
TFTP access is denied.

270 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

Access-group is active:
ACL1 Ports: all
OS900(config-vif2005)#

Modifying an Active ACL


General
An ACL that is active (bound) to one or more ports/VLANs can be modified on-the-fly, i.e., while it
is still bound. Modifying an active ACL means one or more of the following:
− Adding a New Rule
− Deleting an Existing Rule
− Editing an Existing Rule

Adding a New Rule


To add a new rule in an active ACL:
1. Enter the access-list mode of the ACL.
2. Create the new rule as described in the section Creating Rule, page 249, making
sure that the index (ID) chosen for the new rule will position the rule among the
other rules (if any) where required.
3. If the ACL has already been bound, to activate the new rule, in its rule mode
invoke the command:
enable
Example
OS900(config)# access-list extended test
OS900(config-access-list)# rule 15
OS900(config-rule)# source-ip eq 11.1.1.101/32
OS900(config-rule)# action list rate1
OS900(config-rule)# enable
OS900(config-rule)#

In the example above the new rule (Rule 15) is inserted between Rule 10 and Rule 20.

Deleting an Existing Rule


To delete an existing or new rule:
1. Enter the access-list mode of the ACL containing the rule to be deleted.
2. Delete the rule by invoking the command:
no rule RULE_NUM
where,
RULE_NUM: Index of the rule to be deleted
Example
OS900(config)# access-list extended test
OS900(config-access-list)# no rule 10
OS900(config-access-list)#

Editing an Existing Rule


In editing an existing rule in an active ACL, Method 1 or 2 can be used:

Method 1
In this method, the effect on the traffic while the rule is being edited is ignored.
To edit an existing rule in an active ACL:
1. Enter the access-list mode of the ACL containing the rule to be edited.

January 2009 URL: http://www.mrv.com 271


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

2. Enter the mode of the rule with the old index by invoking the command:
rule RULE_NUM
where,
RULE_NUM: Old index of the rule to be edited
3. So that the rule can be edited, disable it by invoking the command:
no enable
4. Edit the rule (having the new index) by invoking any one or more of the commands
noted in the section Creating Rule, page 249, for classification and actions.
5. To activate the edited rule (having the old index), in its rule mode invoke the
command:
enable
Example
OS900(config)# access-list extended test
OS900(config-access-list)# rule 15
OS900(config-rule)# no enable
OS900(config-rule)# action list rate2
OS900(config-rule)# enable
OS900(config-access-list)#

Method 2
In this method, traffic is allowed to be forwarded unaffected while the rule is being edited.
To edit an existing rule in an active ACL:
1. Enter the access-list mode of the ACL containing the rule to be edited.
2. To allow traffic to be forwarded unaffected according to the unedited rule while the
rule is being edited, copy the rule using a new index as follows:
rule RULE_NUM copy RULE_NUM
where,
RULE_NUM: (First appearance) Old index of the rule to be edited
RULE_NUM: (Second appearance) New index for the rule to be edited
3. Enter the mode of the rule with the old index by invoking the command:
rule RULE_NUM
where,
RULE_NUM: Old index of the rule to be edited
4. So that the rule can be edited, disable it by invoking the command:
no enable
5. Edit the rule (having the new index) by invoking any one or more of the commands
noted in the section Creating Rule, page 249, for classification and actions.
6. To activate the edited rule (having the old index), in its rule mode invoke the
command:
enable
7. Exit to the access-list mode of the ACL containing the rule by invoking the
command:
quit
8. Delete the rule with the new index by invoking the command:
no rule RULE_NUM
where,
RULE_NUM: New index of the rule to be edited

272 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

Example
OS900(config)# access-list extended test
OS900(config-access-list)# rule 15 copy 16
OS900(config-access-list)# rule 15
OS900(config-rule)# no enable
OS900(config-rule)# action list rate2
OS900(config-rule)# enable
OS900(config-rule)# quit
OS900(config-access-list)# no rule 16
OS900(config-access-list)#

Example
The following example demonstrates how an active ACL can be modified on-the-fly.

---------------------------------------------------------------------An Active ACL---------------------------------------------------------------------

!
action-list rate1
tc-action
drop-red
rate single-leaky-bucket cir 5m cbs 4K
!
action-list rate2
tc-action
drop-red
rate single-leaky-bucket cir 3m cbs 4K
!
access-list extended test
rule 10
action list rate1
dest-ip eq 11.1.1.10/32
!
interface vlan vif100
tag 100
ports 1-2
access-group test

--------------------------------------------------------------Appending a New Rule--------------------------------------------------------------

OS900(config)# access-list extended test


OS900(config-access-list)# rule 20
OS900(config-rule)# source-ip eq 11.1.1.100/32
OS900(config-rule)# action permit
OS900(config-rule)# enable

The enable command above activates the new rule.

The resulting configuration is as follows:

access-list extended test


rule 10
action list rate
dest-ip eq 11.1.1.10/32
rule 20
action permit
source-ip eq 11.1.1.100/32

----------------------------------------------------------------Inserting a New Rule----------------------------------------------------------------

OS900(config)# access-list extended test

January 2009 URL: http://www.mrv.com 273


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900(config-access-list)# rule 15
OS900(config-rule)# source-ip eq 11.1.1.101/32
OS900(config-rule)# action list rate1
OS900(config-rule)# enable

The resulting configuration is as follows:

access-list extended test


rule 10
action list rate1
dest-ip eq 11.1.1.10/32
rule 15
action list rate1
source-ip eq 11.1.1.101/32
rule 20
action permit
source-ip eq 11.1.1.100/32

---------------------------------Editing an Existing Rule Ignoring its Effect on Traffic Flow---------------------------------

OS900(config)# access-list extended test


OS900(config-access-list)# rule 15
OS900(config-rule)# no enable
OS900(config-rule)# action list rate2
OS900(config-rule)# enable

Note that while rule 15 is disabled traffic from the source 11.1.1.101 is denied.

-------------------------------------Editing an Existing Rule without Affecting Traffic Flow-------------------------------------

OS900(config)# access-list extended test


OS900(config-access-list)# rule 15 copy 16
OS900(config-access-list)# rule 16
OS900(config-rule)# no enable
OS900(config-rule)# action list rate2
OS900(config-rule)# enable
OS900(config-rule)# quit
OS900(config-access-list)# no rule 15
OS900(config-access-list)# rule 16 move 15

Note that traffic from source 11.1.1.101 is forwarded according to rule 15, i.e., it is not denied,
during the editing.

The resulting configuration is as follows:

access-list extended test


rule 10
action list rate1
dest-ip eq 11.1.1.10/32
rule 15
action list rate2
source-ip eq 11.1.1.101/32
rule 20
action permit
source-ip eq 11.1.1.100/32

------------------------------------------------------------Deleting an Existing Rule------------------------------------------------------------

OS900(config)# access-list extended test


OS900(config-access-list)# no rule 10

274 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 14: Extended Access Lists (ACLs)

The resulting configuration is as follows:

access-list extended test


rule 15
action list rate2
source-ip eq 11.1.1.101/32
rule 20
action permit
source-ip eq 11.1.1.100/32

January 2009 URL: http://www.mrv.com 275


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

276 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 15: Port/VLAN Mirroring

Chapter 15: Port/VLAN Mirroring

Terminology
Ingress port – A port at which traffic enters the OS900.
Egress port – A port at which traffic exits the OS900.
Mirrored port – A port whose traffic is replicated at another port/VLAN.
Mirrored VLAN – A VLAN whose traffic is replicated at another port/VLAN.
Analyzer port – A port at which traffic (received at another port/VLAN) is replicated.
Analyzer VLAN – A VLAN at which traffic (received at another port/VLAN) is replicated.

Definition
Port/VLAN mirroring is the replication of traffic received on one or more physical ports (called
mirrored ports) or at a VLAN interface (called mirrored VLAN) at another physical port (called
analyzer or probe port) or at another VLAN interface (called analyzer VLAN).

Purpose
Port/VLAN mirroring provides for the connection of a network protocol analyzer to an analyzer
port/VLAN to identify the types of traffic passing through particular ports/VLANs. The data thus
obtained can be used for statistical analyses to determine how to improve network operation as
well as for troubleshooting a network on a port-by-port basis.

Applicability
Port mirroring can be applied to ingress, egress, or ingress & egress traffic received on one port, a
group of ports, or at a VLAN. Instead of mirroring all traffic received at a port/VLAN, selective
traffic, called a flow39, at the port/VLAN can be mirrored. (To enable flow mirroring, an ACL must
be bound to the port/VLAN. Configuration and binding of ACLs is described in Chapter 14:
Extended Access Lists (ACLs), page 247.)
The packets can be mirrored to one analyzer port or to one analyzer VLAN. The advantage in
selecting an analyzer VLAN is that an analyzer can be connected to a port of another switch in the
network.

Ingress Traffic Mirroring


In ingress traffic mirroring, the OS900 duplicates each packet that it receives at the port/VLAN to
be mirrored. One of the duplicate packets is sent towards its destination and the other to the
ingress analyzer port/VLAN.
Mirroring is not performed on ingress traffic that does not meet MAC level prerequisites.
Accordingly, bad CRC packets, fragmented packets, etc. will not be mirrored.
All ingress packets pass through the ingress control pipe in the OS900. Some of these packets
may be dropped or trapped to the CPU. In any case, such packets are forwarded to the analyzer
port/VLAN.

39
A flow is traffic at a port/VLAN that is definable with the following characterizations: destination address, source address,
protocol, etc. – see Stage 1 – Packet Classification, page 249.

January 2009 URL: http://www.mrv.com 277


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Egress Traffic Mirroring


In egress traffic mirroring, the OS900 duplicates each packet that it transmits from the port/VLAN
to be mirrored. The egress mechanism is responsible for duplicating the packet. One of the
duplicate packets is sent towards its destination and the other to the egress analyzer port/VLAN.
The packet is mirrored only after verifying that there is no egress filtering to be applied to it and
that it is not to be dropped on the egress transmit queues due to congestion.

Analyzer Port/VLAN
Mirroring can be performed to one analyzer port or to one VLAN40 (that may have several member
ports).
The speed of the analyzer port/VLAN is independent of the ingress and egress mirrored
port(s)/VLAN speed. In some cases, the analyzer port/VLAN may be over-subscribed if the
aggregate bandwidth of the mirrored traffic exceeds the analyzer port/VLAN link bandwidth. The
congestion is handled in the same way as a regular transmit port congestion.

Rules for Mirroring


1. One port, several ports, a VLAN, or a specific packet flow satisfying an ACL rule
can be mirrored.
2. Only one port or one VLAN can be set as an analyzer port/VLAN.
(This means that if any other port/VLAN is configured as an analyzer port/VLAN,
the previous port/VLAN will cease to be an analyzer port/VLAN.)
3. The analyzer port/VLAN must be different from the mirrored port/VLAN.
4. The analyzer port must not be a trunk port.
5. The mirrored port and analyzer port may be of different bandwidth (e.g., 10 Mbps
and 1000 Mbps) and/or different interface type (e.g., 100Base-TX and 100Base-
FX). However, if the bandwidth of the analyzer port is smaller than that of the
mirrored port, only part of the data traffic may be made available for analysis.

Usage
Analyzer Port
An analyzer port can be added, deleted, or viewed.

Adding/Replacing Analyzer Port


To add an analyzer port or to replace it with a new one:
1. Enter configure terminal mode.
2. Invoke the command:
port mirror to-analyzer port PORT
where,
PORT: Number of port to be an analyzer port.
Example
OS900> enable
OS900# configure terminal
OS900(config)# port mirror to-analyzer port 3
OS900(config)#

Viewing Analyzer Port


To view the existing analyzer port, invoke the command show port mirror.
Example
OS900(config)# show port mirror

40
Mirroring to an analyzer VLAN can be performed only with the OS904, OS906/AC-2, OS912-AC-2, and OS912-DC-2.

278 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 15: Port/VLAN Mirroring

Ingress traffic is mirrored to analyzer port 3


Egress traffic is mirrored to analyzer port 3
OS900(config)#

Deleting Analyzer Port


To delete the existing analyzer port, invoke the command:
no port mirror to-analyzer.
Example
OS900(config)# no port mirror to-analyzer
OS900(config)#

Analyzer VLAN
An analyzer VLAN can be added, deleted, or viewed.
For the models OS912-AC-2 and OS912-DC-2, before adding or replacing an analyzer VLAN do
the following:
1. Enter configure terminal mode and then boot mode
2. Invoke the command:
analyzer-vlan
3. Exit to enable mode and reboot by invoking the command:
reboot
or
reboot-force

Note
If an analyzer VLAN is configured on OS912-AC-2 or OS912-DC-2,
internal Port 10 will become unavailable for all other operations requiring
its use. For e.g., ‘Rate limiting of flood packets for a second packet type
at Port 10 – see Chapter 9: Rate Limiting of Flood Packets, page
211’, ‘Ingress traffic shaping – see the section Shaping, page 301’, ‘Tag
translation/swapping – see Chapter 11: Tag Translation/Swapping,
page 225’, and ‘Binding a second ACL to a port – see the section
Binding, page 266.’

Adding/Replacing Analyzer VLAN


To add an analyzer VLAN or to replace it with a new one:
1. Enter configure terminal mode.
2. Invoke the command:
port mirror to-analyzer vlan <2-4093> vpt [<0-7>]
where,
<2-4093>: Range of VLAN tags from which one is to be selected that
represents the analyzer VLAN.
[<0-7>]: New VLAN priority tag. The default is the original tag.
Example
OS900> enable
OS900# configure terminal
OS900(config)# port mirror to-analyzer vlan 3027 vpt 4
OS900(config)#

Viewing Analyzer VLAN


To view the existing analyzer VLAN, invoke the command:
show port mirror
Example
OS900(config)# show port mirror
Ingress traffic is mirrored to analyzer vlan 3027 vpt 4

January 2009 URL: http://www.mrv.com 279


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Egress traffic is mirrored to analyzer vlan 3027 vpt 4


OS900(config)#

Deleting Analyzer VLAN


To delete the existing analyzer VLAN, invoke the command:
no port mirror to-analyzer
Example
OS900(config)# no port mirror to-analyzer
OS900(config)#

Mirrored Ingress Ports


One or more mirrored ingress ports can be added, deleted, or viewed.

Adding/Replacing Mirrored Ingress Ports


To add ports whose ingress traffic is to be mirrored or to replace them with new ones:
1. Enter configure terminal mode.
2. Invoke the command:
port mirror ingress PORTS-GROUP
where,
PORTS-GROUP: Group of ports whose ingress traffic is to be mirrored.
Example
OS900> enable
OS900# configure terminal
OS900(config)# port mirror ingress 2-4
OS900(config)#

Viewing Mirrored Ingress Ports


To view the existing mirrored ingress ports, invoke the command:
show port mirror
Example
OS900(config)# show port mirror
Ingress traffic is mirrored from ports 2-4
OS900(config)#

Deleting Mirrored Ingress Ports


To delete the existing mirrored ingress ports, invoke the command:
no port mirror
Example
OS900(config)# no port mirror
OS900(config)#

Mirrored Egress Ports


One or more mirrored egress ports can be added, deleted, or viewed.

Adding/Replacing Mirrored Egress Ports


To add ports whose egress traffic is to be mirrored or to replace them with new ones:
1. Enter configure terminal mode.
2. Invoke the command:
port mirror egress PORTS-GROUP
where,
PORTS-GROUP: Group of ports whose egress traffic is to be mirrored.
Example
OS900> enable

280 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 15: Port/VLAN Mirroring

OS900# configure terminal


OS900(config)# port mirror egress 1,2
OS900(config)#

Viewing Mirrored Egress Ports


To view the existing mirrored egress ports, invoke the command:
show port mirror
Example
OS900(config)# show port mirror
Egress traffic is mirrored from ports 1-2
OS900(config)#

Mirrored Ingress & Egress Ports


One or more mirrored ingress & egress ports can be added, deleted, or viewed.

Adding/Replacing Mirrored Ingress & Egress Ports


To add ports whose ingress & egress traffic is to be mirrored or to replace them with new ones:
1. Enter configure terminal mode.
2. Invoke the command:
port mirror both PORTS-GROUP
where,
PORTS-GROUP: Group of ports whose ingress & egress traffic is to be
mirrored.
Example
OS900> enable
OS900# configure terminal
OS900(config)# port mirror both 2-4
OS900(config)#

Viewing Mirrored Ingress & Egress Ports


To view the existing mirrored ingress & egress ports, invoke the command:
show port mirror
Example
OS900(config)# show port mirror
Ingress traffic is mirrored from ports 2-4
Egress traffic is mirrored from ports 2-4
OS900(config)#

Deleting Mirrored Ingress & Egress Ports


To delete the existing mirrored ingress & egress ports, invoke the command:
no port mirror
Example
OS900(config)# no port mirror
OS900(config)#

Configuration
Any of a wide range of mirroring configurations can be implemented based on port ingress/egress
traffic, VLAN, or ACL rule and destination port or VLAN. To cover this range and to serve as a
guide that will enable the user to implement a configuration that best suits the purpose at hand,
three configuration examples are presented below.

Example 1
This is a configuration in which traffic will be mirrored (from one or several ports) to a single port.
The configuration steps are as follows:

January 2009 URL: http://www.mrv.com 281


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

1. Add one analyzer port as described in the section Adding/Replacing Analyzer


Port, page 278.
2. Add one or more mirrored ports (whose ingress traffic, egress traffic, or both is to
be mirrored) as described in any of the above sections, e.g., Adding/Replacing
Mirrored Ingress Ports, page 280.
Example
OS900# configure terminal

------------------------------------------Adding one analyzer port------------------------------------------

OS900(config)# port mirror to-analyzer port 1

------------------------------------Adding one or more mirrored ports------------------------------------

OS900(config)# port mirror both 2-4


OS900(config)#

Example 2
This is a configuration in which traffic will be mirrored (from one or several ports) to a VLAN.
The configuration steps are as follows:
1. Add one analyzer VLAN as described in the section Adding/Replacing Analyzer
Port, page 278.
2. Add one or more mirrored ports (whose ingress traffic, egress traffic, or both is to
be mirrored) as described in any of the above sections, e.g., Adding/Replacing
Mirrored Ingress Ports, page 280.
Example
OS900# configure terminal

------------------------------------------Adding one analyzer VLAN------------------------------------------

OS900(config)# port mirror to-analyzer vlan 3027

------------------------------------Adding one or more mirrored ports------------------------------------

OS900(config)# port mirror both 2-4


OS900(config)#

Example 3
This is a configuration in which traffic in a VLAN will be mirrored (to a port).
The configuration steps are as follows:
1. Add one analyzer port as described in the section Adding/Replacing Analyzer
Port, page 278.
2. Select/create a mirrored VLAN (i.e., an interface whose traffic is to be mirrored.
The procedure for creating/selecting an interface is described in Chapter 7:
Interfaces, page 171.)
3. Select VLAN Mode for the ports that are members in the mirrored VLAN.
4. Create an ACL that includes the rule that contains the action action mirror-
to-analyzer.
5. Bind the ACL to the mirrored VLAN.
Example

OS900# configure terminal

------------------------------------------Adding one analyzer port------------------------------------------

OS900(config)# port mirror to-analyzer port 1

282 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 15: Port/VLAN Mirroring

---------------Selecting/creating a mirrored VLAN whose traffic is to be mirrored---------------

OS900(config)# interface vlan vif7


OS900(config-vif7)# ports 2-4
OS900(config-vif7)# tag 100
Interface is activated.
OS900(config-vif7)#

---------Selecting VLAN Mode for the ports that are members in the mirrored VLAN---------

OS900(config-vif7)# exit
OS900(config)# port acl-binding-mode by-vlan 2-4
OS900(config)#

------Creating an ACL that includes the rule action action mirror-to-analyzer------

OS900(config)# access-list extended ACL99


OS900(config-access-list)# rule
OS900(config-rule)# source-ip eq 2.2.2.2/32
OS900(config-rule)# action mirror-to-analyzer
OS900(config-rule)#

---------------------------------Binding the ACL to the mirrored VLAN---------------------------------

OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# interface vif7
OS900(config-vif7)# access-group ACL99
OS900(config-vif7)#

January 2009 URL: http://www.mrv.com 283


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

284 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 16: Traffic Conditioner

Chapter 16: Traffic Conditioner

Definition
Traffic Conditioner41 (TC) is a set of functions for controlling the rate of ingress traffic of specific
flows42. It complements the flow classification process described in Chapter 13: Quality of
Service (QoS), page 237.

Purpose
A TC is used to provide two key services related to aggregate flow:
− SLA enforcement: This service is implemented using metering, selective packet drop, and
SL remarking
− Accounting and billing: For this service, flow aggregate counters are maintained
These two services are needed to limit ingress traffic and to account for it, typically at access
points, such as, an Ethernet-to-Subscriber access box. By combining these services with ingress
and egress traffic shaping (described in the section Shaping, page 301), they form a complete SLA
enforcement set of tools for service providers.

Number
Up to 256 TCs can be configured on an OS900.

Action List
General
An Action List is a set of actions. Currently, a TC action is the only option in an Action List.
To activate a configured TC, its Action List must be included in an Access List (ACL) rule as
described in the section Stage 2 – Actions on Packet, page 255.

Sharing
An Action List (e.g., TC) can be included in any number of ACL rules, which contain actions to be
performed.
The advantage in applying one Action List to several ports/interfaces (i.e., using the Action List in
sharing mode) becomes evident when the Action List has to be modified. In such an instance the
Action List needs to be modified just once rather than several times, once for each port/interface.

Creation/Access
To create/access an Action List:
1. Enter configure terminal mode
2. Invoke the command:
action-list NAME
where,
NAME: Name of the Action List. (The name can be any string of alphanumeric
characters.)

41
Also known as policer, meter, or rate-limiter.
42
A flow is streams of packets that comply with a specific ACL rule.

January 2009 URL: http://www.mrv.com 285


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900# configure terminal
OS900(config)# action-list ActionList1
OS900(config-action-list)#

Viewing
To view an Action List:
1. Enter configure terminal mode
2. Invoke the command:
show action-list [detail] [NAME]
where,
detail: Details on the action list.
NAME: Name of the action list. (The name can be any string of alphanumeric
characters. If no name is entered, all the configured action lists are displayed.)
Example
OS900(config)# show action-list detail ACN1

action-list ACN1
================
Status: not active
Number of actions: 1

TC
----
Accounting: enabled, packet-counters
Drop packets marked Red: disabled
Conformance counter set number is #2
Single Leaky Bucket parameters:
cir=5m bits/sec, cbs=10K bytes, ebs=5K bytes
OS900(config)#

Functions
The TC can perform the following functions on ingress traffic:
− Metering
− Actions on Non-Conforming (Red) Traffic
o Dropping or
o Service Level Remarking according to Conformance Level
− Accounting

Metering
Model
Traffic metering is the process of measuring the time-based properties (e.g., rate) of a traffic
stream. A TC may be configured to meter traffic flow according to the OS900’s metering model,
which is a single-rate 2-color marker.
The traffic flow rate is defined with the parameters Committed Information Rate (CIR) and
Committed Burst Size (CBS) of the ‘Leaky Bucket’ mechanism. This mechanism can be likened to
a water bucket having one hole, with CBS analogous to the bucket capacity and CIR analogous to
the rate of water leakage through the hole. CIR can be set in kilobytes/sec, megabytes/sec, or
gigabytes/sec units. CBS can be set in kilobytes or megabytes.
A packet is marked with the Conformance Level as follows:
− Green if it does not exceed the CIR and CBS
− Red otherwise

286 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 16: Traffic Conditioner

Figure 30, below, shows how the metering model handles a packet.

Figure 30: Metering Operation


Metering includes:
− Policing Mode
− Maximum Transmission Unit (MTU) for Policing
− Traffic Rate

Policing Mode
General
A policing mode is whether ingress traffic bytes counting is done to include the parts of Layer 1
frames, Layer 2 frames, or Layer 3 packets. Since a Layer 1 PDU ⊃ Layer 2 PDU ⊃ Layer 3 PDU,
more bytes are counted for a Layer 1 PDU than for a Layer 2 PDU, and more bytes are counted
for a Layer 2 PDU than for a Layer 3 PDU. The policing mode is global and applies for all TCs.

Setting
To set the policing mode,
1. Enter configure terminal mode
2. Invoke the command:
policing mode l1|l2|l3
where,
policing: Global policing.
mode: Mode of policing.
l1: Layer 1 bytes for counting.
l2: Layer 2 bytes for counting. (Default)
l3: Layer 3 bytes for counting.
Example
OS900(config)# policing mode l2
OS900(config)#

Maximum Transmission Unit (MTU) for Policing


General
If jumbo MTUs (longer than 2048 bytes) are to be forwarded in policing mode then, in addition to
performing the setting for such MTUs as described in the section Maximum Transmission Unit
(MTU), page 101, the setting as described in section Custom (just below) must also be performed.
In both settings the MTUs must be at least as large as the jumbo MTUs required to be forwarded.

January 2009 URL: http://www.mrv.com 287


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Custom
To set the MTU for policing:
1. Enter configure terminal mode.
2. Invoke the command:
policing mtu (1536|2048|10240)
where,
1536: MTU size 1536 bytes
2048: MTU size 2048 bytes (default value)
10240: MTU size 10240 bytes. Use this value for policer and jumbo frames

Default
To set the MTU for policing to the default value (2048 bytes):
1. Enter configure terminal mode.
2. Invoke the command:
no policing mtu

Traffic Rate
To set the traffic rate:
1. Enter configure terminal mode.
Example
OS900> enable
OS900# configure terminal
2. Create/access an Action List by invoking the following command.
action-list NAME
where,
NAME: is the name of the action list. (The name can be any string of
alphanumeric characters up to 20 characters long.)
Example
OS900(config)# action-list ACN1
OS900(config-action-list)#
3. Enter the TC mode by invoking the command:
tc-action
Example
OS900(config-action-list)# tc-action
OS900(config-tc-action)#
4. Invoke the command:
rate single-leaky-bucket cir RATELIMIT cbs BURSTSIZE
where,
rate: Traffic speed.
single-leaky-bucket: Metering/marking algorithm whose coloring action
depends on whether the BURSTSIZE (CBS) is exceeded. If it is not, a packet
is colored green; otherwise it is colored red.
cir: Committed Information Rate (CIR)
RATELIMIT: CIR value. The value may be any number in the range 64K-1G
bits/sec. For OS930, the value may be any number in the range 64K-10G
bits/sec. Valid units are: k, m, g. Examples: 100k, 10m, 1g.
cbs: Committed Burst Rate (CBS)
BURSTSIZE: CBS value. This value is required to be larger than the policer
MTU described in the section Maximum Transmission Unit (MTU) for Policing,
page 287. It is recommended to select a value that is greater than or equal to
the size of the largest possible packet in the stream.

288 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 16: Traffic Conditioner

The value may be any number in the range 4K-16M bytes. Valid units are: k,
m. Examples: 7k, 2m.

Actions on Non-Conforming (Red) Traffic


Dropping
Packets that do not conform with the limits specified by the metering model parameters CIR and
CBS can be dropped.
To cause dropping for a specific TC:
1. Enter the Action List mode by invoking the command:
action-list NAME
where,
NAME: Name of the action list. (The name can be any string of alphanumeric
characters up to 20 characters long.)
2. Enter the TC mode by invoking the command:
tc-action
3. Select dropping by invoking the command:
drop-red

Service Level Remarking according to Conformance Level


CL remarking is the changing of a packet SL based on its conformance level, i.e., color (red or
green). It is always done. The CL is assigned to packets by the metering model of the TC. CL
remarking overrides the SL assigned as described in Chapter 13: Quality of Service (QoS),
page 237 and the SL assigned as described in the section Stage 2 – Actions on Packet, page 255.
Re-marking can be used for two purposes:
− To modify the internal forwarding priority within the egress queues.
− To modify the handling of a packet by downstream devices in the network.

Default Map
To view the current CL remarking map, invoke the command do show cl-mapping.
Table 13, below, shows the default CL mapping.
Table 13: Default CL Remarking Map
ORIG-SL CL NEW-SL
1 Red 1
2 Red 2
3 Red 3
4 Red 4
5 Red 5
6 Red 6
7 Red 7
8 Red 8

Custom Map
To change an existing CL remarking map:
1. Enter configure terminal mode.
2. Invoke the command:
cl-mapping orig-sl <1-8> red new-sl <1-8>
where,

January 2009 URL: http://www.mrv.com 289


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

<1-8>: (first) Range of SL values 1-8, from which one value is to be selected. The
value is the SL marked as described in Chapter 13: Quality of Service (QoS), page
237.
red: CL red
<1-8>: (second) Range of SL values 1-8, from which one new value is to be
selected.
Example
OS900(config)# cl-mapping orig-sl 8 red new-sl 6
OS900(config)#

3. If required, repeat step 1, above for other SL values.

View Map
To view the existing CL remarking map:
1. Enter configure terminal mode.
2. Invoke the command:
show cl-mapping
Example
OS900(config)# show cl-mapping
ORIG-SL CL NEW-SL
----------------------------------------------
1 red 1
2 red 2
3 red 3
4 red 4
5 red 5
6 red 6
7 red 7
8 red 6
OS900(config)#

Activation
For remarking to take effect, the metering model must be assigned to the Action List (using the
command rate single-leaky-bucket cir RATELIMIT cbs BURSTSIZE as described in
the subsection Traffic Rate, page 288.)

Deactivation
To deactivate remarking:
1. Enter configure terminal mode
2. Invoke the command:
no cl-mapping orig-sl <1-8> red
where,
<1-8>: SL to be selected from the range 1 to 8

Accounting
Counters
There are sixteen Global Counter Sets available for TCs. Each Global Counter Set consists of two
counters. They are:
− Green CL byte Counter (Counts conforming bytes)
− Red CL byte Counter (Counts excess bytes)

290 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 16: Traffic Conditioner

Assignment & Activation


One (or none) of these sixteen sets of counters may be assigned each TC. . On assignment of a
counter it is automatically activated. The procedure for assigning a counter set to a specific TC is
as follows:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Enter the mode of the specific Action List by invoking the command.
action-list NAME
where,
NAME: Name of the action list. (The name can be any string of alphanumeric
characters up to 20 characters long.)
Example
OS900(config)# action-list ACN1
OS900(config)#
3. Enter the TC mode by invoking the command:
tc-action
4. Assign a global counter set by invoking the command:
counter-set-number <1-16>
where,
<1-16>: Global counter sets 1 to 16 from which one is to be selected.
To replace a selected global counter set with another for a specific TC, invoke the counter-set-
number <1-16> using the new global counter set number instead of <1-16>.
To dissociate a selected global counter set from a specific TC, invoke the no counter-set-
number.
Each counter shows the aggregate of counts for all the TCs assigned to the counter.
The counters may count either the entire Layer 1 packet bytes (including inter-packet gap and
preamble) or just the Layer 2 packet bytes. Section Policing Mode, page 287, shows how to set
the counting mode.
Global Counter Sets are used for statistical analyses and troubleshooting.

Viewing
Method 1
To view the counter readings for a specific TC in TC mode:
1. Enter the TC mode as described in the section Activation, page 290.
2. To display counter readings with refresh (continual update), invoke the command:
monitor tc-counters
3. To display counter readings without refresh, invoke the command:
show tc-counters
Example
OS900# configure terminal
OS900(config)# action-list ACN1
OS900(config-action-list)# tc-action
OS900(config-tc-action)# show tc-counters

TC Conformance Counter Set#1:


--------------------------------
1478934 - Number of bytes marked green
381 - Number of bytes marked red
OS900(config-tc-action)#

January 2009 URL: http://www.mrv.com 291


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Method 2
To view the counter readings for a specific TC from enable mode:
1. Enter enable mode.
2. Invoke the command:
show tc-counters AL_NAME
where,
AL_NAME: Name of the action list. (The name can be any string of
alphanumeric characters up to 20 characters long.)

Clearance
To clear the Specific Counter Set of a TC:
1. Enter the TC mode as described in the section Activation, page 290.
2. Invoke the command:
clear tc-counters
Example
OS900# configure terminal
OS900(config)# action-list ACN1
OS900(config-action-list)# tc-action
OS900(config-tc-action)# clear tc-counters

Aggregation
Configuration
Accounting for several existing TCs (assigned using action lists) can be unified as follows:
1. Enter configure terminal mode.
2. To enter the tc-counters-group mode, invoke the command:
tc-counters-group NAME
where,
NAME: Name for the group of existing TCs whose accounts are to be unified.
(To cancel aggregate accounting, invoke the command no tc-counters-group
NAME.)
3. To provide a textual description for the group of TCs, invoke the command:
description TEXT
where,
TEXT: Textual description for the group.
(To delete the textual description for the group of TCs, invoke the command no
description.)
4. To include an existing TC in the joint accounting, invoke the command:
action-list NAME
where,
NAME: Name for the action list assigned to the existing TC whose account is to
be unified with those of other TCs.
(To delete the action list, invoke the command no action-list NAME.)
5. Repeat the above step for each action list assigned to an existing TC whose
account is to be unified with those of other TCs.

292 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 16: Traffic Conditioner

Example
OS900# configure terminal
OS900(config)# tc-counters-group ?
NAME Name of the group
OS900(config)# tc-counters-group WaterPark
OS900(config-tc_group-WaterPark)# description Customers are C118, C119, C120.
OS900(config-tc_group-WaterPark)# action-list ACN1
OS900(config-tc_group-WaterPark)# action-list ACN2
OS900(config-tc_group-WaterPark)#

Viewing
Groups
To view configured groups of Action Lists:
1. Enter enable mode.
2. Invoke either of the following commands:
show tc-counters-group [configuration]
Example
OS900> enable
OS900# show tc-counters-group configuration
!
! TCGROUP configuration
!
tc-counters-group JurassicPark
action-list ACN3
!
tc-counters-group WaterPark
action-list ACN1
action-list ACN2
!
OS900#

Aggregate Counts
Method 1
To view the aggregate counts of a specific group of TCs, whose accounting has been unified, in
tc-counters-group mode:
1. Enter configure terminal mode.
2. Invoke the command:
tc-counters-group NAME
where,
NAME: Name for the group of TCs whose accounts have been unified.
3. Invoke either of the following commands:
show
monitor
where,
show: Display without refresh.
monitor: Display with refresh.

January 2009 URL: http://www.mrv.com 293


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900# configure terminal
OS900(config)# tc-counters-group WaterPark
OS900(config-tc_group-WaterPark)# show
Traffic conditioner counters groups:
Flags: a - absent; i - inactive; m - metering;
<1-16> - conformance counter set number

Group:WaterPark
Action-list |Flags| Bytes Green | Bytes Red |
ACN1 i 78905 0
ACN2 i 8063942 0
summary: 0 0

OS900(config-tc_group-WaterPark)#
Method 2
To view the aggregate counts of the group of TCs, whose accounting has been unified, in enable
mode:
1. Enter enable mode.
2. Invoke either of the following commands:
show tc-counters-group [NAME]
monitor tc-counters-group [NAME]
where,
show: Display without refresh.
monitor: Display with refresh.
NAME: Name of the group of TCs whose accounts have been unified.
Example
OS900> enable
OS900# show tc-counters-group configuration
!
! TCGROUP configuration
!
tc-counters-group JurassicPark
action-list ACN3
!
tc-counters-group WaterPark
action-list ACN1
action-list ACN2
!
OS900#

Activation
To activate a configured TC, include its Action List in an ACL rule as described in the section
Stage 2 – Actions on Packet, page 255.

Dual Leaky-Bucket Policer


General
A dual leaky-bucket policer can be configured using two single leaky buckets sequentially.
In some applications it is required to define a dual leaky-bucket policer, e.g., a trTcm (2-rate 3-
color meter, as defined in RFC 2698). In the following example we show how such a policer can be
implemented using two single-leaky-bucket policers run sequentially.
Assuming we want to implement a trTcm defined by a CIR, CBS, PIR, and PBS (peak burst size).
We use two TCs. The first is defined by the larger bucket (PIR, PBS) and the second is defined by
the smaller bucket (CIR, CBS). The first TC will be configured to drop red packets. The second TC

294 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 16: Traffic Conditioner

will not drop red traffic but will mark it as red (as having higher drop precedence). In this way,
traffic not conforming with PIR/PBS will be dropped. Traffic conforming with PIR/PBS and not
conforming with CIR/CBS will be marked red on the second TC (this is the equivalent for yellow
traffic in the first TC), and traffic conforming with both will be marked green by the second TC.

Configuration
The configuration steps are:
1. Define two TCs: One for the bigger bucket (PIR, PBS) and the second for the
smaller bucket (CIR, CBS). (Note that a TC may be called ‘smaller’ if either the
burst-size or the rate or both are smaller).
2. Define two ACLs, one for each TC.
3. Set the ingress port (port 1) to by-port ACL binding mode
4. Bind the ACL with the bigger TC to the port.
5. Bind the ACL with the smaller TC to the port as extra (second ACL for the port).
Example
In the example below the PIR is 10 Mbps, the PBS is 100 KB, the CIR is 2 Mbps, and the CBS is
100 KB.
OS900> enable
OS900# configure terminal
OS900(config)# action-list pirpbs
OS900(config-action-list)# tc-action
OS900(config-tc-action)# rate single-leaky-bucket cir 10m cbs 100k
OS900(config-tc-action)# drop-red
OS900(config-tc-action)# counter-set-number 1

OS900(config-tc-action)# exit
OS900(config-action-list)# exit
OS900(config)# action-list circbs
OS900(config-action-list)# tc-action
OS900(config-tc-action)# rate single-leaky-bucket cir 2m cbs 100k
OS900(config-tc-action)# counter-set-number 2

OS900(config-tc-action)# exit
OS900(config-action-list)# exit
OS900(config)# access-list extended pirpbs
OS900(config-access-list)# rule 10
OS900(config-rule)# action list pirpbs
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# access-list extended circbs
OS900(config-access-list)# rule 10
OS900(config-rule)# action list circbs

OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port acl-binding-mode by-port 1
OS900(config)# port access-group pirpbs 1
OS900(config)# port access-group extra circbs 1
OS900(config)#

January 2009 URL: http://www.mrv.com 295


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Notes
1. In the above example, the trTcm red bytes counter can
be viewed by viewing the red bytes counter of counter-
set 1, the trTcm yellow bytes counter can be viewed by
viewing the red bytes counter in counter-set 2, and the
trTcm green bytes counter can be viewed by viewing the
green bytes counter in counter-set 2.
2. For implementing an srTcm (RFC 2697) a similar
method can be applied: the CIR will be the rate of both
TCs, the EBS will be the burst size of the first (bigger)
TC and the CBS will be the burst-size of the second
(smaller) TC.

296 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 17: Egress-Queue Manager (EQM)

Egress-Queue
Chapter 17:
Manager (EQM)
Definition
The Egress Queue Manager (EQM) is used to provide traffic control and monitoring services on outbound
traffic queues.

Purpose
The purpose of the EQM is to perform the following functions at each physical port:
− Prevent congestion in queues
− Ensure that at least the minimum bandwidth allocated to each queue is provided
− Limit rate to the allocated bandwidth and shape individual queues
− Schedule flows from multiple queues

Global Configuration
The EQM can provide a shared resource (common memory space) for buffering packets that may
not be immediately forwarded at their port/queue due to the fact that the buffer space allocated to
the port/queue is limited.

Port Configuration
The EQM maintains the following per egress port:
• Maximum egress rate set for the port for Token Bucket shaping, in
addition to the per-queue shaping. (This is useful for limiting the egress
bandwidth for each port.)
• Scheduling modes (SP, WRR1, WRR0) for the port’s queues – see the
section Scheduling, page 298, for details.

Queue Configuration
The EQM maintains the following configuration parameters per queue per egress port:
• Queue enable/disable
• Maximum number of packet buffers and descriptors allowed for the
queue, i.e., a per queue per drop-precedence configuration. (This
constraint prevents a congested port/queue from using up all egress
buffer and descriptor space in the OS900.)
• Queue shaping parameters, i.e., shaping Token Bucket profile. (This is
useful for limiting the egress bandwidth for each queue.)
• Weight for WRR scheduler (if the queue is scheduled according to
WRR)

Congestion Avoidance
Congestion is a condition in which the OS900 is unable to receive and process all packets arriving
at its ports. It can occur when:
• The data speed on the transmission link remains smaller than the data
speed on the reception links over a period of time. Examples of
situations that may lead to such congestion are:
1. A Gigabit port transmits more than 100Mbps to a Fast Ethernet
port.

January 2009 URL: http://www.mrv.com 297


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

2. A Gigabit port transmits at a high bandwidth to a Gigabit port


configured to perform egress shaping (described in the section
Shaping, page 301.)
3. Several Gigabit ports transmit to one Gigabit port at a total rate
that exceeds 1Gbps.
• Flow Control is activated by a device at the other end of the
transmission link
This problem is resolved by the OS900 using the congestion avoidance mechanism called Tail-
Drop.

Scheduling
General
Scheduling is the process of selecting packets from egress queues for placement on a
transmission link. Scheduling depends on the scheduling mode (described below) and QoS factors
such as traffic shaping (described in the section Shaping, page 301).

Scheduling Modes
There are three scheduling modes for queues. They are:
− Strict Priority (SP)
− Shape-deficit Weighted Round Robin 1 (WRR1)
− Shape-deficit Weighted Round Robin 0 (WRR0)
The general relationship between the modes is as follows: SP queues are scheduled before
WRR1 queues and WRR0 queues. WRR1 queues are scheduled before WRR0 queues.
The user can set each queue at each port in any one of the scheduling modes.
The user can also set a further relationship between these modes such as rate limit per queue as
described in the section Shaping, page 301.
The general relationship between the modes, the capability to set a queue in any one of the
modes, and the capability to set a rate limit per queue enables support for high level QoS
applications (e.g., the IETF DiffServ standardized PHBs such as Assured Forwarding (AF),
Expedited Forwarding (EF), Best Effort, etc.).
Scheduling queues in both SP and WRR modes enables handling of highly time-sensitive traffic
(such as VoIP and mission critical protocols) and other traffic on the same link bandwidth.

Strict Priority (SP)


SP has higher scheduling priority than WRR1 and WRR0.
At each port, a queue in SP mode that has higher SL43 is scheduled before queues in SP mode
that have lower SL. Accordingly, if, for e.g., queues 6 to 8 are in SP mode, queue 8 (SL8) is
scheduled before queue 7 (SL7), and queue 7 before queue 6.
This means the following:
− The egress port serves queue 8 as long as packets are waiting in that queue, and
lower queues are served only when queue 8 is empty.
− If queue 8 is empty, the egress port serves queue 7 as long as packets
are waiting in that queue, and lower queues are served only when
queue 7 is empty.

Weighted Round Robin 1 (WRR1)


WRR1 has higher scheduling priority than WRR0.
At each port, queues in WRR1 mode share the available link bandwidth in proportion to the
weights assigned to them. The weights can have any value in the range 1 and 255 so that the
weight ratio of two queues in WRR1 mode can be as high as 255:1. If a weight W is assigned to a

43
SL is DiffServ Service Level or Class of Service (CoS). SL can have any value from 1 to 8.

298 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 17: Egress-Queue Manager (EQM)

queue W x 256 bytes will be transmitted from the queue before transmission begins from another
queue.
This above description of WRR operation is roughly correct. The actual operation is more complex
and resembles the WFQ scheduling algorithm that provides fairness among the various WRR
queues.
Accordingly, weight 1 is equivalent to 256 bytes, weight 2 is equivalent to 2 x 256 bytes, etc., so
that weight 255 is 63.75 Kbytes. As a result, the distribution of bandwidth among a queues in a
WRR group will be directly proportional to the weights.

Weighted Round Robin 0 (WRR0)


WRR0 has lower scheduling priority than WRR1 and SP. Other than this, the description given for
WRR1 in the section just above applies for WRR0 just as well.

Configuration
General
This section shows how to configure scheduling for each queue by setting it into one of the three
modes and assigning to the queue a weight if it is set in WRR1 or WRR0 mode.

Priority Queuing
To avoid confusion, ensure that:
− Queues in SP mode have higher SL values than queues in WRR1 mode and WRR0
mode, and
− Queues in WRR1 mode have higher SL values than queues in WRR0 mode.
For example, queue 6 should not be set in SP if queue 7 is set in WRR1.
Setting all queues in SP mode without traffic shaping or ingress rate limiting (policing) may prevent
progress of lower SL queues.
The default weights for the eight queues in WRR1 or WRR0 mode are as follows:

Queue 1 2 3 4 5 6 7 8
Weight 1 (= 256 16 (= 4K 32 (= 8K 48 (= 12K 64 (= 16K 80 (= 20K 96 (= 24K 112 (= 28K
bytes) bytes) bytes) bytes) bytes) bytes) bytes) bytes)

To assign modes (SP, WRR0, WRR1) and SLs (1, 2, etc. up to 8) to the queues:
1. Enter configure terminal mode.
2. For WRR0 or WRR1, invoke the command:
priority-queuing sl <1-8> wrr0|wrr1 weight <1-255> profile <1-
7>
where,
<1-8>: Number of Service Level
wrr0: WRR0 mode
wrr1: WRR1 mode
<1-255>: WRR weight value in units of 256 bytes
<1-7>: Profile number
3. For SP or default, invoke the command:
priority-queuing sl <1-8> sp|default profile <1-7>
where,
<1-8>: Number of Service Level
sp: SP mode
default: Assign the queue (SL) to SP mode
<1-7>: Profile number

January 2009 URL: http://www.mrv.com 299


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Profiles
Up to 7 global profiles can be defined for ports using the port priority-queuing profile
command. To each port one profile can be assigned to ingress traffic and one to egress traffic. If
the port is a trunk only one and the same profile can be assigned to the member ports of the trunk.
To assign a profile to egress traffic at a port/group:
1. Enter configure terminal mode.
2. Invoke the command:
port priority-queuing profile <1-7> [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of Ports
To assign a profile to ingress traffic at a port/group:
1. Enter configure terminal mode.
2. Invoke the command:
port priority-queuing profile <1-7> ingress [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of Ports
By default, all ports are assigned to profile 1.

Example
The example below demonstrates how to configure scheduling. Suppose the scheduling conditions
are as follows: :
− Applicability to ports 3 and 4.
− Queues 6 to 8 in SP
− Queues 3 to 5 in WRR1
− Queues 3, 4, and 5 have 5 Kbytes (weight 20), 7.5 Kbytes (weight 30), and 15 Kbytes
(weight 60), respectively of the bandwidth for WRR1
− Queues 1 and 2 in WRR0
− Queues 1 and 2 have 10 Kbytes (weight 40) and 12.5 Kbytes (weight 50), respectively of
the bandwidth for WRR0
Packets entering queues 6 to 8 will be forwarded first. Packets entering queues 3 to 5 will be
forwarded provided the queues 6 to 8 are empty. Packets entering queues 1 and 2 will be
forwarded provided the queues 3 to 8 are empty. Packets in queue 7 will be forwarded provided
queue 8 is empty. Packets in queue 6 will be forwarded provided queues 7 and 8 are empty.
OS900> enable
OS900# configure terminal
OS900(config)# priority-queuing sl 8 sp profile 2
OS900(config)# priority-queuing sl 7 sp profile 2
OS900(config)# priority-queuing sl 6 sp profile 2
OS900(config)# priority-queuing sl 5 wrr1 weight 60 profile 2
Set weight 60 (15k bytes)
OS900(config)# priority-queuing sl 4 wrr1 weight 30 profile 2
Set weight 30 (7.5k bytes)
OS900(config)# priority-queuing sl 3 wrr1 weight 20 profile 2
Set weight 20 (5k bytes)
OS900(config)# priority-queuing sl 2 wrr0 weight 50 profile 2
Set weight 50 (12.5k bytes)
OS900(config)# priority-queuing sl 1 wrr0 weight 40 profile 2
Set weight 40 (10k bytes)
OS900(config)# port priority-queuing profile 2 3,4
port 3 scheduler profile set to: 2
port 4 scheduler profile set to: 2
OS900(config)#

Viewing
To view a configured Flow Scheduler, invoke the command:

300 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 17: Egress-Queue Manager (EQM)

show priority-queuing profile <1-7>


where,
show: Display information.
priority-queuing: Queuing priority in respect to queues.
profile: Scheduler profile.
<1-7>: Profile number.
OS900(config)# show priority-queuing profile 2

PRIORITY-QUEUING
======================
SL GROUP WRR-WEIGHT
---------------------------
Profile 2 Port Members:3-4
-------------------------
1 wrr0 40 (10K)
2 wrr0 50 (12.5K)
3 wrr1 20 (5K)
4 wrr1 30 (7.5K)
5 wrr1 60 (15K)
6 sp -
7 sp -
8 sp -
OS900(config)#

Shaping
General
Shaping is a mechanism for regulating traffic (ingress traffic at dual ports or egress traffic) in order
to smoothen traffic flow.
Shaping can be used to limit and shape the traffic rate for specific egress queues or for the whole
egress port.
Traffic rate per queue is limited by the per-queue Token Bucket mechanism. Traffic that is in-
profile with the Token Bucket parameters is transmitted on the link. Out-of-profile traffic remains in
the queue until it becomes in-profile. When operating in this mode, the queue-scheduling algorithm
is considered non-work-conserving, i.e., queued packets are not transmitted at every opportunity,
but only when the packets match the Token Bucket profile.
Another mechanism for regulating traffic is metering (as described in the section Metering, page
286) coupled with dropping (as described in the section Dropping, page 289).
The difference between the two mechanisms is that metering/dropping can only mark and
optionally drop or forward non-conforming traffic, while shaping can smooth the traffic (by delaying
non-conforming packets, an operation which metering cannot do).
A token bucket shaper is available per port and a token bucket shaper is available per queue. The
port shaper has a higher hierarchical level, meaning that traffic is first shaped by its queue shaper
and then shaped for all eight queues of the port by the port shaper.
The Token Bucket shaper is enabled per queue and per port.

Maximum Transmission Unit (MTU) for Port Shaper


General
If jumbo MTUs (longer than 2048 bytes) are to be forwarded in shaping mode then, in addition to
performing the setting for such MTUs as described in the section Maximum Transmission Unit
(MTU), page 101, the setting as described in the section Custom (just below) must also be
performed. In both settings the MTUs must be at least as large as the jumbo MTUs to be
forwarded.

Custom
To set the Maximum Transmission Unit (MTU) for the port shaper:

January 2009 URL: http://www.mrv.com 301


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

1. Enter configure terminal mode.


2. Invoke the command:
port shaper mtu (1536|2048|10240)
where,
1536: MTU size 1536 bytes
2048: MTU size 2048 bytes (default value)
10240: MTU size 10240 bytes.

Default
To set the MTU for the port shaper to the default value (2048 bytes):
1. Enter configure terminal mode.
2. Invoke the command:
no port shaper mtu

Configuration
For the bandwidth limitation to be met according to the configured traffic shaping as described
below, the sizes of the egress packets must not be greater than the MTU size – see the section
Maximum Transmission Unit (MTU) for Port Shaper, page 301.
To configure egress traffic shaping & bandwidth limitation for one or more queues at one or more
ports, invoke the command:
port egress-shaping [per-queue <1-8>] rate RATELIMIT burst-size
BURSTSIZE PORTS-GROUP|all
where,
port: action on port(s).
egress-shaping: Shaping of egress traffic.
per-queue: (optional) Specific queue. If this argument is skipped, the rate limitation
will be applied on the port level.
<1-8>: Eight queues from which one is to be selected. Queue 1 has CoS/service
level 1 (lowest priority). Queue 8 has CoS/service level 8 (highest priority).
rate: Rate (bandwidth) limitation.
RATELIMIT: Rate limitation. This can be any value in the range <65k-1g
bits/sec>. The format is a number indexed with k, m, or g
where, k = kilo = 103, m = mega = 106, g = giga = 109. For example, 200m , which
means 200 Mbps. The number is rounded down to a multiple of 65k bits/sec.
burst-size: Burst size.
BURSTSIZE: Burst size. This can be any value in the range <4k-16m bytes>. The
format is a number indexed with k or m
where, k = 210, m = 220. For example, 11k , which means 11K bytes. The number is
rounded down to a multiple of 4K bytes.
PORTS-GROUP: Group of ports at which the queue(s) is(are) to be rate limited. (Trunk
ports may be included in the group. For a trunk, the rate applies to each member port
of the trunk and is not the total rate of the entire trunk.)
all: All ports at which the queue(s) is(are) to be rate limited.
Ingress traffic shaping & bandwidth limitation applies only for a dual port. A dual port has one
internal and one external port. For details, refer to the section Dual (Internal and External) Ports,
page 154. If an analyzer VLAN has been configured on OS912-AC-2 or OS912-DC-2, internal Port
10 will become unavailable for ingress traffic shaping & bandwidth limitation.
To configure ingress traffic shaping & bandwidth limitation for one or more queues at one or more
dual ports, invoke the command:
port ingress-shaping [per-queue <1-8>] rate RATELIMIT burst-size
BURSTSIZE PORTS-GROUP|all
where,
port: action on port(s).

302 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 17: Egress-Queue Manager (EQM)

ingress-shaping: Shaping of ingress traffic.


per-queue: (optional) Specific queue. If this argument is skipped, the rate limitation
will be applied on the port level.
<1-8>: Eight queues from which one is to be selected. Queue 1 has CoS/service level
1 (lowest priority). Queue 8 has CoS/service level 8 (highest priority).
rate: Rate (bandwidth) limitation.
RATELIMIT: Rate limitation. This can be any value in the range <65k-1g
bits/sec>. The format is a number indexed with k, m, or g
where, k = kilo = 103, m = mega = 106, g = giga = 109. For example, 200m , which
means 200 Mbps. The number is rounded down to a multiple of 65k bits/sec.
burst-size: Burst size.
BURSTSIZE: Burst size. This can be any value in the range <4k-16m bytes>. The
format is a number indexed with k or m
where, k = 210, m = 220. For example, 11k , which means 11K bytes. The number is
rounded down to a multiple of 4K bytes.
PORTS-GROUP: Group of dual ports at which the queue(s) is(are) to be rate limited.
(Trunk ports may be included in the group. For a trunk, the rate applies to each
member port of the trunk and is not the total rate of the entire trunk.)
all: All ports at which the queue(s) is(are) to be rate limited.

Example
Below is an example showing the user inputs (in bold) and OS900 outputs on the CLI screen.
MRV OptiSwitch 910 version 1_0_11
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# port egress-shaping per-queue 7 rate 200m burst-size 18k 2-4
Note that machine limitation is rate in steps of 65k bits/sec
Note that machine limitation is burst in steps of 4k bytes
port 2 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes
port 3 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes
port 4 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes
OS900(config)#

Memory Resource Management


General
The OS900 has 4K packet buffers and 4K descriptors. The size of each buffer is 256 bytes. These
buffers (and descriptors) can be allocated and categorized on the basis of port, queue (SL), and
drop-precedence (CL). The remainder of these buffers is automatically allocated as a shared
resource/pool (common memory space) for buffering packets (and their descriptors) that may not
be immediately stored at their port/queue due to the limited buffer space allocated to the
port/queue. This shared resource/pool enables packets with low SL to be forwarded even when
their SL buffer budget is exceeded.

Note
In allocating buffers, the following requirements must be met:
The total of packet buffers allocated to all the ports plus the
buffers allocated as the shared resource does not exceed 4K
and the total of descriptors allocated to all the ports plus the
shared resource does not exceed 4K. The shared resource is
automatically configured to have what is left of the total 4K. Out
of the total budget there are some buffers/descriptors allocated
for internal use of the device and the automatic configuration of
the shared resource takes this allocation into account.

January 2009 URL: http://www.mrv.com 303


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Viewing a Buffer Profile


A buffer profile is a global profile defining the buffer resource management for a port. Each port is
assigned to one of the 7 global profiles. The buffer profile is only a template defining the buffer
limits, but the actual budget is managed per port (not per profile).
To view a global buffer profile, enter enable mode or configure terminal mode, and invoke
the command:
show buffers [profile <1-7>]
where,
profile: Buffer profile.
<1-7>: Profile number.
Example
OS900(config)# show buffers profile 1
Buffer Configuration
====================

Profile 1:
-----------
Port Members: 1-4
Port Ingress Members:
sl<1> Green Buffers: 28 Green Descriptors: 28
sl<1> Red Buffers: 5 Red Descriptors: 5
sl<2> Green Buffers: 28 Green Descriptors: 28
sl<2> Red Buffers: 5 Red Descriptors: 5
sl<3> Green Buffers: 28 Green Descriptors: 28
sl<3> Red Buffers: 5 Red Descriptors: 5
sl<4> Green Buffers: 28 Green Descriptors: 28
sl<4> Red Buffers: 5 Red Descriptors: 5
sl<5> Green Buffers: 28 Green Descriptors: 28
sl<5> Red Buffers: 5 Red Descriptors: 5
sl<6> Green Buffers: 28 Green Descriptors: 28
sl<6> Red Buffers: 5 Red Descriptors: 5
sl<7> Green Buffers: 12 Green Descriptors: 12
sl<7> Red Buffers: 5 Red Descriptors: 5
sl<8> Green Buffers: 12 Green Descriptors: 12
sl<8> Red Buffers: 5 Red Descriptors: 5

Shared Buffers: 648 Descriptors: 434


OS900(config)#

The default profile for all ports is Profile 1 as shown in the example above. Each port is allocated
120 port buffers, 120 port descriptors. These descriptors and buffers are divided among the two
CLs (green, red) and eight SLs (1 to 8) for a port. The shared resource is configured to have 96
shared buffers and 96 shared descriptors.

Changing a Buffer Profile


Profiles 1 to 6 are user-configurable. Profile 7 is machine-defined and fixed! To change an existing
buffer profile, invoke the command:
buffers profile <1-6> sl <1-8> <1-4095> <1-4095> <1-4095> <1-4095>
where,
profile: Buffer profile.
<1-6>: Profile number.
sl: SL.
<1-8>: SL value.
<1-4095>: (First appearance) Number of descriptors for green.
<1-4095>: (Second appearance) Number of buffers for green.
<1-4095>: (Third appearance) Number of descriptors for red.

304 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 17: Egress-Queue Manager (EQM)

<1-4095>: (Fourth appearance) Number of buffers for red.


Example
OS900# configure terminal
OS900(config)# buffers profile 2 sl 5 18 40 3 16
OS900(config)#

Assigning a Buffer Profile to a Port


Ingress Traffic
To bind any one of 7 global buffer profiles to a port for ingress traffic, invoke the command:
port buffers profile <1-7> ingress [PORTS-GROUP]
where,
profile: Buffer profile.
<1-7>: Profile number. Profile 7 is machine-defined, fixed, and allocates much fewer
buffers than the default configuration of the other profiles.
ingress: Ingress traffic.
[PORTS-GROUP]: Group of Ports. Default = all ports
Example
OS900(config)# port buffers profile 6 ingress 2-4
port 2 buffers profile set to: 6
port 3 buffers profile set to: 6
port 4 buffers profile set to: 6
OS900(config)#

Egress Traffic
To bind any one of 7 global buffer profiles to a port for egress traffic, invoke the command:
port buffers profile <1-7> [PORTS-GROUP]
where,
profile: Buffer profile.
<1-7>: Profile number. Profile 7 is machine-defined, fixed, and allocates much fewer
buffers than the default configuration of the other profiles.
[PORTS-GROUP]: Group of Ports. Default = all ports
Example
OS900(config)# port buffers profile 2 1,3
port 1 buffers profile set to: 2
port 3 buffers profile set to: 2
OS900(config)#

Restoring the Default Buffer Profile


To restore the default buffer profile for a specific SL, invoke the command:
no buffers profile <1-6> sl <1-8>
where,
profile: Buffer profile.
<1-6>: Profile number.
sl: Service Level.
<1-8>: Service Level.
Example
OS900# configure terminal
OS900(config)# no buffers profile 2 sl 5
OS900(config)#

January 2009 URL: http://www.mrv.com 305


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Allocation of Shared Descriptors and Buffers


The number of buffers and descriptors allocated as the shared resource is automatically
configured by the OS900 to the number of buffers and descriptors left after port assignments and
internal assignments. To view the shared resource configuration, use the show buffers
[profile <1-6>] command as described in the section Viewing a Buffer Profile, page 304.

WARNING!
It is strongly recommended to use the default configuration of buffers and
descriptors for memory resource management.
In changing descriptor or buffer budgets, take into account unexpected
packet loss.

Disabling Buffer Sharing


To disable buffer sharing, invoke the command:
no buffers shared

Egress Counters
An egress counter is used to count packets in an egress queue according to one or more of the
following attributes:
− Physical ports
− VLAN tag (Interface ID)
− Service Level
− Conformance Level
There are two sets of four egress counters, identified as ‘set1’ and ‘set2’. The egress counters in a
set are:
− UNICAST (counts the number of unicast packets)
− MCAST/UNKNOWN (counts the number of multicast/unknown packets)
− BCAST (counts the number of broadcast packets)
− TxQ Congest (counts the number of packets dropped due to Tx queue congestion)

Activation
To activate a set of egress queue counters:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Invoke the command:
egress-counters set1|set2 port PORT|all tag <1-4096>|all sl <1-
8>|all cl all|green|red
where,
set1: First egress counters set
set2: Second egress counters set
port: Egress port
PORT: Range of port numbers from which one can be selected
all: (first) All ports
tag: VLAN interface tag
<1-4096>: Range of VLAN Interface IDs from which one can be selected
all: (second) All VLAN Interface IDs
sl: Egress traffic service level
<1-8>: Range of service levels from which one can be selected

306 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 17: Egress-Queue Manager (EQM)

all: (third) All service levels


cl: Egress traffic conformance level
all: (fourth) All conformance levels
green: Conformance level green
red: Conformance level red
To revoke the above command, invoke the command:
no egress-counters set1|set2
where,
set1: First egress counters set
set2: Second egress counters set
Example
OS900(config)# egress-counters set1 port 3 tag 2006 sl 5 cl red
OS900(config)#

Viewing
To view the egress queue counters
1. Enter configure terminal mode.
2. Invoke either of the following commands:
show egress-counters set1|set2
monitor egress-counters set1|set2
where,
show: Display without refresh.
monitor: Display with refresh.
set1: First egress counters set
set2: Second egress counters set
Example
OS900(config)# monitor egress-counters set1
Egress counters group is active for port 3, tag 2006, sl 5, cl red

SENT SENT SENT DROP


UNICAST MCAST/UNKNOWN BCAST TxQ Congest
23067 190 22 54
OS900(config)#

January 2009 URL: http://www.mrv.com 307


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

308 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

Chapter 18: IEEE 802.1ag and


ITU-T Y.1731 Ethernet Service
OAM
General
This chapter presents the OAM functions and mechanisms for Ethernet-based networks, describes
the principle of operation of the OS900 with these functions, shows how to configure the OS900 to
use these functions and their parameters, gives the procedure for loopback testing, and shows
how to view status and performance information.

Definition
Ethernet Service OAM is a set of management functions for managing Ethernet services. Such
management functions are specified in the IEEE 802.1ag and ITU-T SG 13 Y.1731 standards.
Ethernet Service OAM includes Fault Management as well as Performance Management (per
Y.1731).

Purpose
The purpose of Ethernet Service OAM is to enable service providers to operate, administer, and
maintain Ethernet services. In particular, the path through bridges and LANs taken by frames
addressed to and from specified network users can be discovered and verified and faults can be
detected and isolated to an individual bridge or LAN.

Applicability
Ethernet Service OAM can be applied to single-domain and multi-domain Ethernet services.

Terminology
Following is a list of terms with their meaning as used in this chapter:
CCM A multicast CFM PDU transmitted periodically by a MEP in order to verify
connectivity over the MA to which the transmitting MEP belongs. No reply is sent
by any MP in response to receiving a CCM.
CFM An end-to-end44 per-service-instance-per-VLAN Ethernet layer OAM protocol for
proactive connectivity monitoring, fault verification, and fault isolation. These actions
are performed using IEEE 802.1ag standard Layer 2 PING, Layer 2 traceroute, and
end-to-end connectivity check of Ethernet networks.
LBR A unicast CFM PDU transmitted by a MEP or MIP to a MEP, in response to an
LBM received from that MEP.
LTM A CFM PDU initiated by a MEP, and forwarded from MIP to MIP, with each MIP
generating an LTR (Link Trace Reply), up to the point at which the LTM
(LinkTrace Message) reaches its destination or can no longer be forwarded.
MA A set of MEPs, each configured with the same MAID (MA IDentifier) and MD Level
(Maintenance Domain Level), established to verify the integrity of a single service
instance. An MA can also be thought of as a full mesh of Maintenance Entities
among a set of MEPs so configured.
MAID An MA identifier for an MA, unique over the domain that CFM is to protect against
the accidental concatenation of service instances. MAID has two parts: the
Maintenance Domain Name and the Short MA Name.

44
End-to-end means spanning the Provider Edge or Customer Edge.

January 2009 URL: http://www.mrv.com 309


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

MD Level Maintenance Domain Level is a value in the range 0-7 which together with the
VLAN tag is used to determine which OAM PDU is to be handled at the current
level and which OAM PDU is to be forwarded in the VLAN.
OAM allows transparent forwarding of OAM PDUs from higher level domains via
lower level domains when the domains are nested.
It is possible to set a name for a domain level. This name can be one of following
types: DNS, string, or MAC address with a 2-octet unsigned integer. A domain
name has to be the same, in respect to type and value, for all MEPs in service.
MDN Maintenance Domain Name is the identifier, unique over the domain for which
CFM is to protect against accidental concatenation of service instances, of a
particular Maintenance Domain.
ME Maintenance Entity is a point-to-point relationship between two MEPs within a
single MA.
MEG Maintenance Entity Group is a group of Maintenance Entities.
MEP An actively managed OAM entity associated with a specific access port of a
service instance that can generate and receive OAM PDUs as well as track any
response. It is an end point of a single service that can branch out to other MEPs.
This means that a single service may have several MEPs as end points. A MEP
resides in a bridge that receives OAM PDUs and transmits them in the direction of
the Bridge’s Relay Entity. Each MEP maintains a list of MEPs with whom it is
connected. Each MEP has a primary VLAN whose tag it sends with OAM PDUs.
MHF A CFM entity, associated with a single Maintenance Domain, and thus with a
single MD Level and a set of VIDs, that can generate CFM PDUs, but only in
response to received CFM PDUs.
MIP A CFM entity consisting of one or more MHFs.
Primary VLAN The VLAN in a group associated with a service instance, on which all CFM PDUs
generated by MPs, except for forwarded LTMs, are to be transmitted.
Service A set of MEPs, each configured with the same service ID and MD level,
established to verify the integrity of a single service instance. Every service
maintains a list of VLANs for whose connectivity it is responsible. The service is
uniquely identified by MD level and service name (ID). If the service name is not
defined explicitly, it is assigned the first VLAN tag in the list of VLANs. Each
service maintains a remote list of MEPs. No OAM request is handled if it arrives
from a remote MEP that does not appear on this list.

Management Functions
In a layered network model, Ethernet Service OAM is active at the Ethernet Service Layer.
In OAM, a switch (such as the OS900) plays the role of a bridge defining all its Maintenance Entity
Groups (MEGs) as MEPs. Each MEP can be uniquely identified by administrative domain level,
service ID, and MEP ID. The bridge transmits OAM frames to all ports that belong to the same
VLAN except to the MEP ports. A MEP port is required to provide transparency only to higher MD
levels.

Fault Management
The Fault Management OAM contains the following functions, each of which is supported in
software:

Ethernet Continuity Check Function


The Ethernet Continuity Check function (ETH-CC) is used for proactive OAM, i.e., carried out
continuously to permit proactive reporting of faults. It causes MEPs to exchange CCMs (Continuity
Check OAM Messages) in order to detect Loss Of Continuity (LOC) or incorrect network
connections between any pair of MEPs in a MEG.
When ETH-CC is enabled, a MEP periodically transmits CCM PDUs as often as determined by the
configured transmission period. When ETH-CC transmission is enabled in a MEG, all MEPs are
enabled to periodically transmit frames with ETH-CC information to all other MEPs in the MEG.
The ETH-CC transmission period is the same for all MEPs in the MEG. When a MEP is enabled to

310 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

generate PDUs with ETH-CC information, it also expects to receive PDUs with ETH-CC
information from its peer MEPs in the MEG. A MEP always reports reception of a PDU with
unexpected ETH-CC information.
A field of flags is incorporated in each CCM. This field is used to indicate the defect detected (if
any) and the period during which CCMs are transmitted. In case of a Continuity Fault, a Fault
Alarm is generated. Fault Alarm is an out-of-band signal that is both an SNMP notification and a
CLI message.
The following defects can be detected by ETH-CC:
RDI Remote Defect Indication. It is used by a MEP to communicate to its peer
MEPs that a defect condition has been encountered. A MEP that is in a defect
condition transmits frames with ETH-RDI information. A MEP, upon receiving
frames with ETH-RDI information, determines that its peer MEP has
encountered a defect condition.
MAC MAC status defect. It is indicated if the:
o Bridge port on which the transmitting MEP resides, has no ability to
pass ordinary data, or
o MEP's primary VLAN is down.
RMEP Remote MEP defect. If no CCM frames are received from a peer MEP within
an interval equal to 3.5 times the receiving MEP's CCM transmission period,
LOC with the peer MEP is flagged.
ERROR Transmission period error. A MEP received a CCM frame with an incorrect
value of the transmission period.
XCON Cross-connect defect. Incompatibility in one or more of expected parameters
in a CCM frame such as: domain level, domain name type, service name type,
service ID, etc.

Ethernet Loopback Function


The Ethernet Loopback Function (ETH-LB) is an on-demand PING-like request/reply OAM
function. It causes MEPs to send unicast CFM PDUs called LBMs (LoopBack OAM Messages) to
verify connectivity with another MEP for a specific MA. The MEP receiving the LBM responds with
an LBR (Loopback Reply Message). LBRs are used to verify bidirectional connectivity. They are
typically initiated by operator command.
Whenever a valid unicast LBM frame is received by a MEP, an LBR frame is generated and
transmitted to the requester MEP. A unicast LBM frame with a valid MEG Level and a destination
MAC address equal to the MAC address of the receiving MEP is considered to be a valid unicast
LBM frame. Every field in the unicast LBM frame is copied to the LBR frame with the following
exceptions:
− The source and destination MAC addresses are swapped
− The OpCode field is changed from LBM to LBR
Loopback can also be used as an out-of-service diagnostic test, by transmitting unicast loopback
PDUs. The loopback OAM PDU includes a Test Pattern TLV parameter. MRV loopback
additionally provides Fame Loss Ratio (FLR) and Frame Delay (FD).

Ethernet Linktrace Function


The function causes a MEP to send Link Trace (LT) request PDUs to remote bridges participating
in a service on an on-demand basis. Depending on the replies, LT produces a sequence of the
bridges from the MEP to the target bridge. The MEP expects to receive LT reply PDUs within a
specified period of time. Bridges that do not reply are excluded from the sequence.
LT can be used for:
• Retrieval of adjacency relationships between a MEP and remote bridges participating in
the service, i.e., retrieval of the sequence of bridges from the source MEP to the target
bridge.
• Fault localization. When a fault (e.g., link or device failure) or a forwarding plane loop
occurs, the sequence of bridges will likely be different from the expected one. The

January 2009 URL: http://www.mrv.com 311


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

difference in the sequences provides information about the fault location.

Performance Management
Ethernet Performance Management (ETH-PM) is an on-demand OAM function which causes
MEPs to send PM (Performance Management) unicast packets to point-to-point MAs. Whenever a
valid unicast PM frame is received by the target MEP, a PMR frame is generated and transmitted
to the requester MEP. Every field in the PM frame is copied to the PMR frame with the following
exceptions:
− The source and destination MAC addresses are swapped.
− The OpCode field is changed from PMM to PMR.
− Rx and Tx time stamps are inserted.
The following performance parameters are measured by respective Performance Measurement45
messages:
1. Frame Loss Ratio (FLR) – Percentage of undelivered service frames, divided by the total
number of service frames during a time interval. The number of service frames not
delivered is the difference between the number of service frames sent to an ingress UNI
and the number of service frames received at an egress UNI.
2. Frame Delay (FD) - Time taken by a frame to make the round-trip from the source node,
through the destination node, and back to the same source node. This time is measured
from the start of transmission of the first bit of the frame by a source node until the
reception of the last bit of the frame by the same source node.
3. Frame Delay Variation (FDV) or jitter - Measure of the variations in the FD between a pair
of service frames belonging to the same CoS instance on a point-to-point Ethernet
connection.
4. Inter-arrival jitter – Estimate of the statistical variance of the Performance Measurement
data packet inter-arrival time, measured in timestamp units and expressed as an unsigned
integer, as defined in RFC1889.

Configuration

Rules
The following rules apply when configuring the OS900 to operate Ethernet Service OAM:
1. A user-created service must be assigned a service ID in the range 1 to 65535.
2. Only one MEP may be defined per port.
3. A user-created MEP must be assigned a MEP ID in the range 1 to 4095.
4. MEP is uniquely defined by domain level, service ID, and MEP ID.
5. Port number and VLAN tag uniquely define one MEP.
6. Every port that belongs to the same VLAN of a MEP should preferably be tagged.
7. Every MEP that belongs to the same service must be defined in the same domain level.
8. Every MEP that belongs to the same service must be defined with the same domain
name.
9. Every MEP that belongs to the same service must be defined with the same service ID.
10. Every MEP that belongs to the same service must be defined with the same service name.
11. Every remote MEP that belongs to the same service must be included in the remote MEPs
list of the MEP.
12. All remote MEP VLAN tags that belong to the same service must be included in the
remote VLANs list of each MEP.
13. The same CCM interval must be defined for all MEPs in the same service.
14. In the same domain, different services must be assigned different primary VLANs.

45
Supported by OS900s with FPGA version 0x19 or later. To view the FPGA version of an OS900, enter enable mode
and invoke the command show fpga version.

312 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

Network
The network shown in Figure 31, below, is used as an example in the procedure for configuring the
OS900 to operate Ethernet Service OAM.

Figure 31: Network used for Ethernet Service OAM Configuration Procedure
The planned initial setup is as follows:
− Two bridges (OS900_A and OS900_B).
− Ethernet VLAN interfaces vif10 and vif20 in OS900_A and OS900_B and participate in
the service 1 in domain level 4.
− Ports 1 to 3 are members of inband VLAN interfaces vif10 and vif20 in OS900_A.
− Port 1 in OS900_A is an access port.
− Inband VLAN interface vif10 in OS900_B can have any group of ports as members.
Although vif10 here does not actively participate in the service, its existence is required
because it belongs to the service.
− Ports 1 to 3 are members of inband VLAN interface vif20 in OS900_B.
− Port 1 in vif20 in OS900_B is an access port.

Procedure
Following is the basic procedure for configuring the OS900 to operate Ethernet Service OAM using
the network described above as an example. Additional settings may be made using the
commands detailed in the section Optional Configuration Parameters, page 316.
Configuring OS900 A

1. Set at least one provider port (e.g., 2 or 3 in OS900_A) in tagged mode using the
command:
port tag-outbound-mode tagged PORTS-GROUP
where,
PORTS-GROUP: Group of ports
Example
OS900_A(config)# port tag-outbound-mode tagged 2,3
OS900_A(config)#

January 2009 URL: http://www.mrv.com 313


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

2. Create interface VLANs (e.g., vif10 and vif20 in OS900_A) each including at
least two ports (e.g., 1 to 3)
3. Create an Ethernet OAM domain level (e.g. 4) using the command:
ethernet oam domain <0-7>
where,
<0-7>: Range of eight domain levels from which an
integer value is to be selected
Example
OS900_A(config)# ethernet oam domain 4
OS900_A(config-ethoam-Lev4)#

(To delete an Ethernet OAM domain level, invoke the command:


no ethernet oam domain <0-7>)
4. Create a service (e.g., 1) in the OAM domain using the command:
service NUMBER (0-65535) or (0x0000-0xffff)
where,
NUMBER: Range of service numbers. Either a decimal number from the
range 0-65535 or a hexadecimal number from the range 0x0000-0xffff
may be selected.
Example
OS900_A(config-ethoam-Lev4)# service 1
OS900_A(config-ethoam-Lev4:MAiD#1)#

5. To create a MEP on a port, invoke either of the two equivalent commands:


mep <1-4095> inward port PORT
mep <1-4095> port PORT
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
inward: Towards the access port.
PORT: Number of port
(To remove a MEP from a port, invoke the command:
no mep <1-4095> port)
6. Select IDs of remote MEPs (e.g., 200 and 300) that are to participate in the service
using the command:
remote-meps LIST-OF-MEPS|all
where,
LIST-OF-MEPS: IDs of remote MEPs. IDs are to be selected from the range
1 to 4095
all: IDs 1 to 4095
Example
OS900_A(config-ethoam-Lev4:MAiD#1)# remote-meps 200,300
OS900_A(config-ethoam-Lev4:MAiD#1)#

(To prevent one or more remote MEPs from participating in the service, invoke the
command:
no remote-meps LIST-OF-MEPS|all
6. Select VLANs (e.g., 10 and 20) that are to participate in the service using the
command:
vlans LIST-OF-VIDS|all
where,
LIST-OF-VIDS: IDs (tags) of VLANs. IDs are to be selected from the range
1 to 4095

314 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

all: IDs 1 to 4095


Example
OS900_A(config-ethoam-Lev4:MAiD#1)# vlans 10,20
OS900_A(config-ethoam-Lev4:MAiD#1)#

7. Create a MEP (e.g., 100) on the access port (e.g., 1) and assign a VLAN as the primary
VLAN (e.g., 10).
mep <1-4095> primary-vlan TAG
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
primary-vlan: Primary VLAN
TAG: Primary VLAN ID
Example
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 100 port 1
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 100 primary-vlan 10
OS900_A(config-ethoam-Lev4:MAiD#1)#

(To delete a MEP assigned to a primary VLAN, invoke the command:


no mep <1-4095> primary-vlan)
(To delete a MEP, invoke the command:
no mep <1-4095>)
8. Activate the MEP created in step 7 above so that when Ethernet OAM is enabled (as
described in step 9 below), MEP can send OAM PDUs.
mep <1-4095> activate
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
activate: Activate MEP
Example
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 100 activate
OS900_A(config-ethoam-Lev4:MAiD#1)#

(To deactivate a MEP, invoke the command:


no mep <1-4095> activate)
9. Enable Ethernet OAM, i.e., create all the entities and enter relative MACs in the learn table
by entering configure terminal mode and invoking the command:
ethernet oam enable
Example
OS900_A(config-ethoam-Lev4:MAiD#1)# quit
OS900_A(config-ethoam-Lev4)# quit
OS900_A(config)# ethernet oam enable
OS900_A(config)#

(To disable Ethernet OAM, invoke the command:


no ethernet oam enable)

January 2009 URL: http://www.mrv.com 315


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Configuring OS900 B
Repeat steps 1 to 9, above, for OS900_B.
Example
OS900_B(config)# interface vlan vif10
OS900_B(config-vif10)# tag 10
OS900_B(config-vif10)# ports 2-3
OS900_B(config-vif10)# exit
OS900_B(config)# interface vlan vif20
OS900_B(config-vif20)# tag 20
OS900_B(config-vif20)# ports 1-3
OS900_B(config-vif20)# exit
OS900_B(config)# ethernet oam domain 4
OS900_B(config-ethoam-Lev4)# service 1
OS900_B(config-ethoam-Lev4:MAiD#1)# vlans 10,20
OS900_B(config-ethoam-Lev4:MAiD#1)# ccm-interval 10s
OS900_B(config-ethoam-Lev4:MAiD#1)# remote-meps 100,300
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 port 1
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 primary-vlan 20
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 activate
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 ccm-activate
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure rmep 100,300
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure priority 5
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure history-size 10
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure burst-interval 10
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure enable
OS900_B(config-ethoam-Lev4:MAiD#1)# exit
OS900_B(config-ethoam-Lev4)# exit
OS900_B(config)# ethernet oam enable
OS900_B(config)#

Optional Configuration Parameters


Global OAM Parameters
Ethernet Header
To set the OS900 to encapsulate frames with an Ethernet header, invoke the command:
ethernet oam encapsulation-type default|llc|type-length
where,
default: Default header, i.e., IEEE 802.3 Standard type header (Type/Length)
llc: IEEE 802.3 Standard type header followed by IEEE 802.2 LLC Standard
type header
type-length: IEEE 802.3 Standard type header
Example
OS900(config)# ethernet oam encapsulation-type type-length
OS900(config)#

Ethertype
The OAM ether-type is not specified in the IEEE 802.1ag standard (still to be finalized).
To specify (identify) the OAM ethertype of a frame, invoke the command:
ethernet oam ether-type [HEXLINE]
where,
HEXLINE: Range of OAM ethertypes. Either a decimal number from the range 0 to
65535 or a hexadecimal number from the range 0x0000 to 0xffff may be
selected. Default: 0x88e6.
Example
OS900(config)# ethernet oam ether-type 0x1a1a
OS900(config)#

(To delete specification (identification) of the OAM ethertype of a frame, invoke the command:

316 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

no ethernet oam ether-type [HEXLINE])


Multicast MAC Address
The OAM multicast MAC address is not specified in the IEEE 802.1ag standard.
To change a multicast MAC address, invoke the command:
ethernet oam mac [HEXLINE]
where,
HEXLINE: Range of OAM multicast addresses having the format:
01:80:c2:x1x2:x3x4:x5L, where x1x2:x3x4:x5L represent
the 6 least significant hex digits of the MAC address, and
L represents the domain level.
x1 to x5 are to be defined in the future.
Default for x1x2:x3x4:x5: 01:80:c2:12:34:5.
Example
OS900(config)# ethernet oam mac 0xaaaaa
OS900(config)#

In the example above, 0x designates hex and aaaaa are the values of x1 to x5.
(To revoke changing of a multicast MAC address, invoke the command:
no ethernet oam mac [HEXLINE])

Destination MAC Address in CCM


To set the multicast destination MAC address in CCMs to be sent by MEPs, invoke the command:
ethernet oam destination-multicast mac MAC_ADDRESS
where,
MAC_ADDRESS: Multicast destination MAC address in CCMs sent by MEPs in the format
xx:xx:xx:xx:xx:xx where, xx is a double-digit hex number. The first five hex digits are
defined in the standard. The value of the last digit as entered by the user is immaterial
since it is adjusted by the OS900 automatically.
Example
OS900(config)# ethernet oam destination-multicast mac 22:11:55:a3:be:74
dst_mac=22:11:55:a3:be:74
dst_mac=22:11:55:a3:be:70
OS900(config)#

To revoke the setting of the multicast destination MAC address in CCMs to be sent by MEPs,
invoke the command:
no ethernet oam destination-multicast mac [MAC_ADDRESS]
TLVs
A TLV is a datagram consisting of Type, Length, and Value fields. The fields are as follows:
Type Numeric code indicating the kind of field that the message designates
Length Size of the Value field
Value Variable size that contains data for the message
Setting
To set TLVs (for appending to CCMs), invoke one or both of the following commands:
ethernet oam organization-specific-tlv set OUI <0-255> length <0-
1350>
or
ethernet oam organization-specific-tlv set OUI <0-255> VALUE
where,
set: Set
OUI: Organizationally Unique Identifier. 6-digit hex number in the format
0xyyyyyy, where 0x designates hex. Example: 0x0a0b0c.

January 2009 URL: http://www.mrv.com 317


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

<0-255>: Range of type values from which one value is to be selected


length: Length of TLV data
<0-1350>: Value of TLV data length
VALUE: Value of TLV data

Note
If the Value of length specified is greater than the TLV data
length, the data is replicated until it is equal to the length. If the
TLV data length is greater than the length specified, the LSB of
the data is truncated so that it becomes equal to the length
specified.

Example
OS900(config)# ethernet oam organization-specific-tlv set 0xaabbcc 40 length 20
(Set organization specific TLV where OUI is 0xaabbcc and sub type is equal to
40 and length 20.)

(To revoke setting of TLVs (for appending to CCMs), invoke the command:
no ethernet oam organization-specific-tlv set OUI <0-255>)
Appending
In order to append a specific TLV to CCMs, invoke the command:
ethernet oam organization-specific-tlv enable OUI <0-255>
where,
enable: Enable
OUI: Organizationally Unique Identifier. 6-digit hex number in the format
0xyyyyyy, where 0x designates hex. Example: 0x0a0b0c.
<0-255>: Range of type values from which one value is to be selected
Example
OS900(config)# ethernet oam organization-specific-tlv enable 0xaabbcc 40
OS900(config)#

(To revoke appending of a specific TLV to CCMs, invoke the command:


no ethernet oam organization-specific-tlv enable OUI <0-255>)

Domain Parameters
Encapsulation
To set the OS900 to encapsulate frames belonging to a given domain level with a specific
type, invoke the command:
encapsulation-type (default|llc|type-length)
where,
default: Default (Type/Length header encapsulation type)
llc: LLC header encapsulation type
type-length: Type/Length header encapsulation type.
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# encapsulation-type llc
OS900(config-ethoam-Lev4)#

Domain Name
The domain name type and value must be the same for every MEP in a domain.
To assign a domain name type (IEEE 802.1ag compatible), invoke any one of the
following commands:
DNS Type
name dns NAME

318 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

where,
NAME: Name of the domain.
String Type
name string NAME
where,
NAME: String (e.g., mnemonic) for the domain.
MAC Address Type
name mac-addr-and-uint NUMBER
where,
NUMBER: MAC address with a 2-octet unsigned integer. Decimal number (in the
range 0 to 65535) or hex number (in the range 0x0000 to 0xffff).
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# name string MRV-domain
OS900(config-ethoam-Lev4)#

Service Parameters
Enabling a MEP to Send CCM PDUs
Enable a specific MEP to send CCM PDUs (when Ethernet OAM is enabled).
mep <1-4095> ccm-activate
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
ccm-activate: Enable sending of CCM PDUs
Example
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 100 ccm-activate
OS900_A(config-ethoam-Lev4:MAiD#1)#

Disabling a MEP from Sending CCM PDUs


To disable a MEP from sending CCM PDUs, invoke the command:
no mep <1-4095> ccm-activate
Enabling a MEP to Send CCM Alarms
Enable a specific MEP to send CCM alarms (when Ethernet OAM is enabled).
mep <1-4095> ccm-alarms (all|fault|recovery)
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
ccm-alarms: Enable sending of CCM alarms
all: Send nbEthOamCcmAlarm PDU when MEP loses or restores contact with
one or more remote MEPs
fault: Send nbEthOamCcmAlarm PDU when MEP loses contact with one or
more remote MEPs
recovery: Send nbEthOamCcmAlarm PDU when MEP restores contact with one
or more remote MEPs (default)
Example
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 100 ccm-alarms
OS900_A(config-ethoam-Lev4:MAiD#1)#

Disabling a MEP from Sending CCM Alarms


To disable a MEP from sending CCM alarms, invoke the command:
no mep <1-4095> ccm-alarms (all|fault|recovery)
Time between CCM PDUs
To set the time interval between CCM PDUs, invoke the command:

January 2009 URL: http://www.mrv.com 319


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

ccm-interval [TIME_INTERVAL]
where,
TIME_INTERVAL: Time interval between CCM PDUs.
Choices: 100ms, 10ms, 10s, 1s, 300Hz (31/3 millisecond), 600s, and
60s. Default: 1s (1 second).
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# ccm-interval 10s
OS900(config-ethoam-Lev4:MAiD#1)#

(To reset the time interval between CCM PDUs to the default value, invoke the command:
no ccm-interval)

Note
The chosen time interval between CCM PDUs must be the same in
every MEP in a service.

InterfaceStatusTLV in CCM
By default, MEPs send the InterfaceStatusTLV with the CCM.
To cause a MEP to send the InterfaceStatusTLV, invoke the command:
mep <1-4095> send-interface-tlv
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS900(config-ethoam-Lev4:MAiD#1)# mep 44 send-interface-tlv
OS900(config-ethoam-Lev4:MAiD#1)#

To prevent a MEP from sending the InterfaceStatusTLV, invoke the command:


no mep <1-4095> send-interface-tlv

PortStatusTLV in CCM
By default, MEPs send the PortStatusTLV with the CCM.
To cause a MEP to send the PortStatusTLV, invoke the command:
mep <1-4095> send-port-tlv
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS910(config-ethoam-Lev4:MAiD#1)# mep 44 send-port-tlv
OS910(config-ethoam-Lev4:MAiD#1)#

To prevent a MEP from sending the PortStatusTLV, invoke the command:


no mep <1-4095> send-port-tlv
Monitoring CCM PDUs
To enable monitoring of all received or transmitted CCM PDUs, invoke the command:
mep <1-4095> debug rx-ccm|tx-ccm
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
rx-ccm: Received CCM PDUs.
tx-ccm: Transmitted CCM PDUs.

320 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 debug rx-ccm
OS900(config-ethoam-Lev4:MAiD#1)#

Lowest CCM Defect Priority


The order of priority of CCM defects is as follows: RDI (lowest priority) < MAC < Remote_MEP <
ERROR < XCON (highest priority). These defects are described in the section Ethernet Continuity
Check Function, page 310.
To set the lowest CCM defect priority that will issue an alarm, invoke the command:
mep <1-4095> lowest-alarm-prio (all|error|mac_status|none|rdi|rmep)
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
lowest-alarm-prio: CCM with the lowest-priority defect that is allowed to generate a
Fault Alarm
all: All defects, i.e., XCON CCM, ErrorCCM, Remote MEP fault, MACStatus, and RDI
error: ErrorCCM, Remote_MEP fault, MACStatus, RDI
mac_status: MACStatus and RDI
none: Not alarm (for any of the defects)
rdi: RDI
rmep: Remote_MEP, MACStatus, or RDI is received.
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 lowest-alarm-prio rmep
OS900(config-ethoam-Lev4:MAiD#1)#
To revoke issuing of alarms when a CCM defect is detected, invoke the command:
no mep <1-4095> lowest-alarm-prio
Layer 2 VLAN Tag Priority CCM or Linktrace
To set a Layer 2 VLAN tag priority46 for OAM PDUs of the CCM or Linktrace function that are
transmitted from a specific MEP, invoke the command:
mep <1-4095> priority [<0-7>]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<0-7>: Range of priorities. Default: 5.
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 priority 2
OS900(config-ethoam-Lev4:MAiD#1)#
To reset the Layer 2 VLAN tag priority for OAM PDUs (that are transmitted from a specific MEP),
to the default value, invoke the command:
no mep <1-4095> priority
Service Name Type and Value
To define the service name type and value, invoke either of the following two commands:
Primary VID Type Name
name primary-vid <1-4095>
where,
primary-vid: Primary VID type.

46
of handling

January 2009 URL: http://www.mrv.com 321


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

<1-4095>: Name of the service (primary VID).


Note
The service name type and value must be the same for every MEP in a
specific service.

String Type Name


name string NAME
where,
string: String type.
<1-4095>: Name of the service (e.g., mnemonic).
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# name primary-vid 10
OS900(config-ethoam-Lev4:MAiD#1)#

To revoke the service name type and value, invoke the command:
no name
Default Primary-VLAN for MEPs
To create a default primary-VLAN for every MEP in service, invoke the command:
primary-vlan <1-4095>
where,
<1-4095>: Range of VLANs.
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# primary-vlan 10
OS900(config-ethoam-Lev4:MAiD#1)#

To delete the default primary-VLAN, invoke the command:


no primary-vlan

Defect and Alarm Parameters


Fault Alarm Invocation Wait Time
To set the time that defects must be present before a Fault Alarm is issued, invoke the command:
mep <1-4095> fng-alarm-time [TIME_INTERVAL]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
TIME_INTERVAL: Time for defects to be present.
Choices: 100ms, 10ms, 10s, 1s, 2.5s, 300Hz (31/3 millisecond),
600s, and 60s. Default: 1s (1 second).
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 fng-alarm-time 1s
OS900(config-ethoam-Lev4:MAiD#1)#

To reset the time that defects must be present before a Fault Alarm is issued, invoke the
command:
no mep <1-4095> fng-alarm-time
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095

322 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

Fault Alarm Revocation Wait Time


To set the time that defects must be absent before a Fault Alarm is disabled, invoke the
command:
mep <1-4095> fng-reset-time [TIME_INTERVAL]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
TIME_INTERVAL: Time for defects to be absent.
Choices: 100ms, 10ms, 10s, 1s, 2.5s, 300Hz (31/3 millisecond),
600s, and 60s. Default: 1s (1 second).
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 fng-reset-time 10s
OS900(config-ethoam-Lev4:MAiD#1)#

To reset the time that defects must be absent before a Fault Alarm is disabled, invoke the
command:
no mep <1-4095> fng-reset-time
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Thresholds
To set the Performance Monitoring threshold for averages in a burst that will send alarms,
invoke the command:
mep <1-4095> threshold (frame-delay|ds-jitter|sd-jitter) rise <0-
100000> fall <0-100000>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
frame-delay: Frame delay
ds-jitter: Destination-Source jitter
sd-jitter: Source-Destination jitter
<0-100000>: (First appearance) Rise threshold value (microseconds)
<0-100000>: (Second appearance) Fall threshold value (microseconds)
Example
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 threshold frame-delay rise 200 fall 150
OS900(config-ethoam-Lev4:MAiD#1)#

To revoke the Performance Monitoring threshold setting, invoke the command:


no mep <1-4095> threshold (frame-delay|ds-jitter|sd-jitter) [rise]
[NUMBER] [fall] [NUMBER]
Example
OS900(config-ethoam-Lev4:MAiD#1)# no mep 100 threshold frame-delay
OS900(config-ethoam-Lev4:MAiD#1)#

Delay-Measurement/Loopback Parameters
For Delay-Measurement or Loopback, the remote MEP(s) must be specified in the service by
invoking either of the commands in the section Remote MEPs, just below.
Remote MEPs
To select the remote (destination) MEPs for a MEP, use either of the following methods.
Method 1 (Remote MEP identified by its ID)
To select the local MEP and remote MEPs (between which the Delay-Measurement is to be set or
Loopback testing is to be performed)
For a specific MEP in the service, invoke the command:

January 2009 URL: http://www.mrv.com 323


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

mep <1-4095> delay-measure|loopback rmep <1-4095>


where,
<1-4095>: (First appearance) Local MEP ID to be selected from the range 1 to
4095
<1-4095>: (Second appearance) Remote MEP ID to be selected from the range
1 to 4095
(To revoke selection of remote MEPs, invoke the command:
no mep <1-4095> delay-measure|loopback rmep.)
Method 2 (Remote MEP identified by its MAC Address)
To select the local MEP and remote MEPs (between which the Delay-Measurement is to be set or
Loopback testing is to be performed)
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback mac MAC_ADDRESS
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
MAC_ADDRESS: MAC address of the remote MEP in hex format, e.g.,
aa:bb:cc:dd:ee:ff
(To revoke selection of remote MEPs, invoke the command:
no mep <1-4095> delay-measure|loopback mac.)
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure mac 00:0F:BD:00:36:57
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure enableOS900(config-ethoam-
Lev4:MAiD#1)#

Number of Bursts
To set the number of frame transmission bursts
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback burst-number <1-255>|forever
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-255>: Number of bursts to be selected from the range 1-255. Default: 1
forever: Continuous transmission
(To reset the burst number to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback burst-number)
Number of History Entries
To limit the number of most recent history entries:
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback history-size <2-120>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<2-120>: Maximum number of history entries to be recorded from the range 2-
120. Default: 5
(To reset the number of history entries to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback history-size)
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure history-size 20

324 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

Time Interval
To set the time interval between every two packets in a burst
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback interval <1-1000> [msec| µsec]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-1000>: Time interval to be selected from the range 1 to 1000. Default: 100
[msec| µsec]: milliseconds or microseconds. Default: msec (milliseconds)
(To reset the time interval to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback interval)
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure interval 200
OS900(config-ethoam-Lev4:MAiD#1)#

Layer 2 VLAN Tag Priority for Delay-Measurement or Loopback


To set the Layer 2 VLAN tag priority for OAM PDUs of the Delay-Measurement or Loopback
function that are transmitted from a specific MEP
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback priority <0-7>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<0-7>: VLAN tag priority. Default: Same as MEP priority
(To reset the Layer 2 VLAN tag priority to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback priority)
Wait Time
To set the maximum time the Delay-Measurement/Loopback mechanism is to wait for a response
to its request PDU
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback timeout <0-60000>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<0-60000>: Wait time (in milliseconds) from the range 0 to 60000. Default: 200
(To reset the wait time to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback timeout
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure timeout 10000
OS900(config-ethoam-Lev4:MAiD#1)#

CLI Messages
To cause the display of a CLI message for every Delay-Measurement or Loopback attempt (i.e.,
reply by echoing the PDU from the local MEP)
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback echo-reply-mode
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
echo-reply-mode: Reply by echoing the PDU from the local MEP.

January 2009 URL: http://www.mrv.com 325


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

(By default CLI messages are not displayed.To prevent display of CLI messages,
invoke the command:
no mep <1-4095> delay-measure|loopback echo-reply-mode)
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure echo-reply-mode
OS900(config-ethoam-Lev4:MAiD#1)#

PDU Length
To set the PDU length (measured in the Layer 2 header up to and excluding CRC) that will help
diagnose faults sensitive to this length
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback length <60-9000>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<60-9000>: PDU length (in octets) to be selected from the range 68 to 9000.
Default: 60
(To reset the PDU length to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback length
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure length 80
OS900(config-ethoam-Lev4:MAiD#1)#

Data Pattern
To set a data pattern (inside a PDU) that will help to diagnose faults sensitive to incompleteness of
data in a frame
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback pattern HEXLINE
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
HEXLINE: Pattern (dataFill) of DataTLV using hexadecimal digits, e.g.,
0f0f0a0a880c
If a conflict exists between PDU length and pattern size, the whole pattern is used.
(To delete the data pattern, invoke the command:
no mep <1-4095> delay-measure|loopback pattern
Layer 2 PDU Priority
To set the Layer 2 PDU priority
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback priority [<0-7>]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
[<0-7>]: Layer 2 PDU priority to be selected from the range 0 to 7. Default:
Same as MEP priority
(To reset the Layer 2 PDU priority to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback priority
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure priority 5
OS900(config-ethoam-Lev4:MAiD#1)#

326 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

Number of Packets
To set the number of packets to be sent during each burst interval
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback packets <1-1000000>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-1000000>: Number of packets to be sent to be selected from the range 1 to
1000000. Default: 3.
(To reset the number of packets to be sent to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback packets
Burst Interval
To set the time interval between every two bursts
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback burst-interval <1-86400>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-86400>: Burst interval (in seconds) to be selected from the range 1 to 86400.
Default 60.
(To reset the burst interval to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback burst-interval
Activating
To activate the PDU delay-measure or loopback function, invoke the command:
mep <1-4095> (delay-measure|loopback) enable [slow]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
[slow]: Execute slow (CPU/software-controlled) Delay-Measurement or Loopback.
Default: Execute fast (FPGA/hardware-controlled) Delay-Measurement or
Loopback test. If the OS900 model does not have an FPGA, the mode of
Delay-Measurement and Loopback will be slow even if the argument slow
is not selected. Enabling FPGA/hardware-controlled Delay-Measurement
and Loopback test provides for presenting time parameters with extremely
higher accuracy, i.e., in nanoseconds!
Alternatively, Delay-Measurement/Loopback can be activated in enable mode by invoking the
command: ethernet oam domain <0-7> service NUMBER mep <1-4095> delay-
measure|loopback enable.
Example 1
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure enable
OS900_A(config-ethoam-Lev4:MAiD#1)#

Example 2
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure enable slow
Results of delay measure for Level=4 MA=1 MEPiD=200:
Started:Sat Mar 4 17:57:22 2000 on target: rmep 201 mac
00:0f:bd:01:5e:88
10 packets transmitted; 10 packets received, 0.00% packet loss
Round-trip min/avg/max: 2.526/15.585/44.248 ms
Jitter SD min/avg/max: 0.000/ 2.278/ 11.212 ms; number=10
Jitter DS min/avg/max: 0.000/ 8.655/ 41.205 ms; number=10
OS900_A(config-ethoam-Lev4:MAiD#1)#

The results of Delay-Measurement/Loopback can be viewed by invoking any of the commands in


the section Viewing History Entries, page 337.

January 2009 URL: http://www.mrv.com 327


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Deactivating
To deactivate the PDU Delay-Measurement or Loopback mechanism, invoke the command:
no mep <1-4095> (delay-measure|loopback) enable
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095

Storm Guard
A storm guard can be enabled over a group of ports, i.e., the ports can be set to automatically
disconnect from the network when a user-specified ingress OAM frame rate is exceeded.
Enabling
To enable a storm guard over a group of ports, invoke the command:
ethernet oam pdu-storm-guard [VALUE] PORTS-GROUP|all
where,
VALUE: Maximum number of OAM PDUs per port per second. Default: 50 frames
per second.
PORTS-GROUP: Group of ports
all: All ports
Example
OS900(config)# ethernet oam pdu-storm-guard 7 3-5
OS900(config)#
Disabling
To disable the storm guard over a group of ports, invoke the command:
no ethernet oam pdu-storm-guard PORTS-GROUP|all
where,
VALUE: Maximum number of OAM PDUs per port per second. Default: 50 frames
per second.
PORTS-GROUP: Group of ports
all: All ports
Example
OS900(config)# no ethernet oam pdu-storm-guard 3-5
OS900(config)#
Reconnecting Ports
To reconnect the ports to the network after they have been disconnected by the storm guard,
invoke the command:
port state enable PORTS-GROUP|all
where,
enable: Enable
PORTS-GROUP: Group of ports
all: All ports
Example
OS900(config)# port state enable 2
port 2 state set to: ENABLE
OS900(config)#

Viewing
Ethernet OAM Defaults
To view the default settings for Ethernet OAM parameters:
1. Enter enable mode

328 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

2. Invoke the command:


show ethernet oam defaults
Example
OS906C# show ethernet oam defaults
Parameter Default values
----------------------------------------------------------------
OAM:
destination-multicast 01:80:C2:00:00:3y
enable no
encapsulation-type 3
ether-type 8902
organization-specific-tlv no
pdu-storm-guard 50 OAM PDUs per port per second
Domain:
encapsulation-type 3
Service:
ccm-interval 1 sec
name The same as service index
primary-vlan 1
Mep:
activate no
ccm-activate no
ccm-alarms recovery
fng-alarm-time 2.5 sec
fng-reset-time 10 sec
lowest-alarm-prio rdi
primary-vlan The same as service primary-vlan
send-interface-tlv yes
send-port-tlv yes
threshold 0 usec
Linktrace:
ttl 255
use_fdb_only yes
DM/LB:
burst-interval 60 sec
burst-number 1
echo-reply-mode no
history-size 5 entries
interval 100 msec
length 60 bytes (without CRC)
packets 3
priority The same as MEP priority
timeout 200 msec
OS906C#

Selected Domain Levels


To display the list of selected domain levels, from domain’s or service’s mode invoke the
command:
show domains
Example 1 (from domain mode)
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# show domains
Level NameType(##) Name
4 None ( 1) -
End of Table.
OS900(config-ethoam-Lev4)#

January 2009 URL: http://www.mrv.com 329


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example 2 (from service mode)


OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show domains
Level NameType(##) Name
4 None ( 1) -
End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#

The fields in the above example are described below.


Level Number of domain level
NameType DNS, character string, MAC address with 2-octet integer, user defined (i.e., a
number outside the IEEE 802.1ag standard range), or none
(##) Name type code
Name Maintenance Domain Name in the format specified for the Maintenance
Domain NameType.

List of MEPs in a Domain


To display the list of all MEPs in a given domain, from the domain’s mode invoke the command:
show mep status
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# show mep status
Service Lev=4:Ma#1
mepid port act cc-act vid mac
100 1 Y Y 10 00:0F:BD:00:36:57
End of Table.
OS900(config-ethoam-Lev4)#

The fields in the above example are described below.


mepid ID of MEP (in a specific domain and service)
port Bridge port on which the MEP resides
act Y: MEP activated, N: MEP idle
cc-act Y –MEP enabled to send CCM PDUs, N: MEP disabled from sending CCM
PDUs
vid Primary VLAN ID (tag)
mac MEP port MAC address

Status of All Services


To view the CC status of all services in a specific domain, in the domain’s mode invoke the
command:
show ccm
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# show ccm

Service Lev=4:Ma#1
MEPiD Port VID RDI MAC RMEP ERROR XCON highestDefect rCCMseq.Errors Tx Rx
100 2 20 n Up n n n XCON 0 843 736

Service Lev=4:Ma#1
MEPiD Port VID RDI MAC RMEP ERROR XCON highestDefect rCCMseq.Errors Tx Rx
200 1 10 Y Dn n n n MACStatus 0 217 211

End of Table.
OS900(config-ethoam-Lev4)#

The fields in the above example are described below.

330 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

MEPid ID of local MEP (in a specific domain and service)


Port Bridge Port on which the MEP resides
VID Primary VLAN ID (tag)
RDI Y: MEP in RDI state
N: MEP not in RDI state
MAC Up: A CCM with a MAC TLV or interface TLV has been received. Dn: No
CCM with a MAC TLV or interface TLV has been received.
RMEP Y: A CCM with a CCM Interval field that contains a non-zero value has
been received.
N: No CCM with a CCM Interval field that contains a non-zero value has
been received.
ERROR Y: An invalid CCM has been received.
N: No invalid CCM has been received.
XCON Y: One or more cross-connect CCMs has been received, and 3.5 times
of at least one of those CCMs’ transmission interval has not yet expired.
N: One or more cross-connect CCMs has been received and/or 3.5
times of at least one of those CCMs’ transmission interval has not yet
expired.
Highest Defect The highest priority defect that occurred in the MEP. (The order of
priority of defects is as follows: RDI [lowest] < MAC < RMEP < ERROR
< XCON [highest].)
rCCMseq.Errors Number of frames received with a wrong sequence number
Tx Number of CCM frames transmitted by MEP
Rx Number of CCM frames received by MEP

List of MEPs in a Service


To display the list of all MEPs in a specific service, from the service’s mode invoke the command:
show mep status
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show mep status
mepid port act cc-act vid mac
100 2 n n 0 00:00:00:00:00:00
End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#

The fields in the above example are described below.


mepid ID of MEP (in a specific domain and service)
port Bridge port on which the MEP resides
act Y: MEP activated, N: MEP idle
cc-act Y –MEP enabled to send CCM PDUs, N: MEP disabled from sending CCM
PDUs
vid Primary VLAN ID (tag)
mac MEP port MAC address

MEP Status
To display the status of a specific MEP, from the service’s mode invoke the command:
show mep status <1-4095>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095

January 2009 URL: http://www.mrv.com 331


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show mep status 100
mepid port act cc-act vid mac
100 2 n n 0 00:00:00:00:00:00
End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#

The fields in the above example are described below.


mepid ID of MEP (in a specific domain and service)
port Bridge port on which the MEP resides
act Y: MEP activated, N: MEP idle
cc-act Y –MEP enabled to send CCM PDUs, N: MEP disabled from sending CCM
PDUs
vid Primary VLAN ID (tag)
mac MEP port MAC address

OAM Configuration
To view the Ethernet OAM configuration, from a domain or service mode invoke the command:
show configuration
Example (from service mode)
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show configuration
!
! Ethernet OAM configuration
!
ethernet oam domain 4
service 1
vlans 10,20
remote-meps 100,200,300
mep 100 port 2
mep 100 primary-vlan 10
mep 100 activate
mep 100 ccm-activate
ethernet oam enable
OS900(config-ethoam-Lev4:MAiD#1)#

List of Remote MEPS Linked to a Local MEP


To display the list of remote MEPs linked to a specific local MEP in a service, from the service’s
mode invoke the command:
show mep <1-4095> rmeps
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show mep 100 rmeps

Remote MEPs of the MEP MEPiD=100 of Lev=4:Ma#1

MEPiD srcPort State lastChangeTime MAC RDI Port IfStat RxCCMs


200 2 OK 19:35:05,83 00:0F:BD:00:22:79 Y Down Down 20976

End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#

The fields in the above example are described below.

332 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

mepid ID of remote MEP (in a specific domain and service)


srcPort Number of port that receives frames from remote MEP
State Idle / start / fault / OK
LastChangeTime The last time the state of the MEP changed
MAC Remote MEP port MAC address
RDI Y: RDI flag is enabled in CCM frames belonging to a specific remote
MEP.
N: RDI flag is disabled
Port Up: The Bridge Port on which the remote MEP resides can pass ordinary
data regardless of the status of the MAC.
Down: Bridge Port on which the remote MEP resides cannot pass
ordinary data.
IfStat Up: The status of the interface on which the MEP is transmitting the
CCM is configured.
Down: The status of the interface on which the MEP is transmitting the
CCM is not configured.
RxCCMs Number of received CCM frames.

CC Status of a Specific Service


To view Continuity Check (CC) status of a specific service, from the service’s mode invoke the
command:
show ccm
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show ccm

Service Lev=4:Ma#1
MEPiD Port VID RDI MAC RMEP ERROR XCON highestDefect rCCMseq.Errors Tx Rx
100 1 10 Y Dn n n n MACStatus 0 251 210

End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#

The fields in the above example are described below.


mepid ID of remote MEP (in a specific domain and service)
Port Bridge Port on which the MEP resides
VID Primary VLAN ID (tag)
RDI Y: MEP in RDI state
N: MEP not in RDI state
MAC Up: A CCM with a MAC TLV or interface TLV has been received. Dn: No
CCM with a MAC TLV or interface TLV has been received.
RMEP Y: A CCM with a CCM Interval field that contains a non-zero value has
been received.
N: No CCM with a CCM Interval field that contains a non-zero value has
been received.
ERROR Y: An invalid CCM has been received.
N: No invalid CCM has been received.
XCON Y: One or more cross-connect CCMs has been received, and 3.5 times
of at least one of those CCMs’ transmission interval has not yet expired.
N: One or more cross-connect CCMs has been received and/or 3.5
times of at least one of those CCMs’ transmission interval has not yet
expired.
Highest Defect The highest priority defect that occurred in the MEP. (The order of
priority of defects is as follows: RDI [lowest] < MAC < RMEP < ERROR
< XCON [highest].)

January 2009 URL: http://www.mrv.com 333


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

rCCMseq.Errors Number of frames received with a wrong sequence number


Tx Number of CCM frames transmitted by MEP
Rx Number of CCM frames received by MEP

Time Interval between CCM PDUs


To view the time interval between CCM PDUs, invoke the command:
show ccm interval
Example
OS900(config-ethoam-Lev4:MAiD#1)# show ccm interval
1s
OS900(config-ethoam-Lev4:MAiD#1)#

Defects in CCMs in a Specific MEP


To display all defects indicated in CCMs for a specific MEP, in the service’s mode invoke the
command:
show mep ccm defects <1-4095>
where,
defects: All defects
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show mep ccm defects 100

Service Lev=4:Ma#1
MEPiD Port VID RDI MAC RMEP ERROR XCON highestDefect rCCMseq.Errors Tx Rx
100 1 10 Y Dn n n n MACStatus 0 226 210

End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#

The fields in the above example are described below.


mepid ID of remote MEP (in a specific domain and service)
Port Bridge Port on which the MEP resides
VID Primary VLAN ID (tag)
RDI Y: MEP in RDI state
N: MEP not in RDI state
MAC Up: A CCM with a MAC TLV or interface TLV has been received. Dn: No
CCM with a MAC TLV or interface TLV has been received.
RMEP Y: A CCM with a CCM Interval field that contains a non-zero value has
been received.
N: No CCM with a CCM Interval field that contains a non-zero value has
been received.
ERROR Y: An invalid CCM has been received.
N: No invalid CCM has been received.
XCON Y: One or more cross-connect CCMs has been received, and 3.5 times
of at least one of those CCMs’ transmission interval has not yet expired.
N: One or more cross-connect CCMs has been received and/or 3.5
times of at least one of those CCMs’ transmission interval has not yet
expired.
Highest Defect The highest priority defect that occurred in the MEP. (The order of
priority of defects is as follows: RDI [lowest] < MAC < RMEP < ERROR
< XCON [highest].)
rCCMseq.Errors Number of frames received with a wrong sequence number
Tx Number of CCM frames transmitted by MEP

334 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

Rx Number of CCM frames received by MEP

Cross-Connect Defects in CCMs in a Specific MEP


To display cross-connect defects (XCON) indicated in CCMs for a specific MEP, in the service’s
mode invoke the command:
show mep ccm xcon <1-4095>
where,
xcon: Cross-connect defects
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show mep ccm xcon 100

Remote MEP Defects in CCMs in a Specific MEP


To display defects indicated in CCMs for remote MEPs, in the service’s mode invoke the
command:
show mep ccm rmep-error <1-4095>
where,
rmep-error: Remote MEP defects
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show mep ccm rmep-error 100

CCM Received Last in a Specific MEP


To display the CCM received last in a specific MEP, in the service’s mode invoke the command:
show mep ccm last-ccm <1-4095>
where,
last-ccm: CCM received last
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show mep ccm last-ccm 100

Delay-Measurement/Loopback Status
To view the latest Delay-Measurement or Loopback status of a specific MEP or all MEPs:
1. Enter the mode of the service for which the loopback status(es) of the MEP(s) is
(are) to be viewed
2. Invoke the command:
show delay-measure|loopback [mep <1-4095>]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
If the optional parameter [mep <1-4095>] is not used, the loopback statuses of all the MEPs are
displayed.
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show loopback

January 2009 URL: http://www.mrv.com 335


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Service Lev=4:Ma#1
mepid Active NextId ExpectID Absent rmepid
100 No 0 0 0 0
Started:Sun Jan 0 00:00:00 1900 on target: mac b3:90:ce:a7:9b:6d
200 packets transmitted; 200 packets received, 0.00% packet loss
OS900(config-ethoam-Lev4:MAiD#1)#

CCM Status
To view the CCM configuration for all MEPs:
1. Enter enable mode
2. Invoke the command:
show ethernet oam ccm
show ethernet oam delay-measure|loopback
show ethernet oam linktrace [detailed-output]
show running-config ethernet [oam]

Cross-Connect Alarm Notifications


The Cross-Connect (CC) alarm notification format is as follows:
EthOam Fault:XXX MEP={Level=L MA=0xM MEPiD=N} sysUpTime=HH:MM:SS,MS
where,
XXX: Defect type RDI, MAC Status, Remote MEP, Error, or Cross-Connect
L: Domain level
M: Service ID
N: MEP ID
sysUpTime: Time elapsed since reboot until detection of the defect type.
HH: hours
MM: minutes
SS: seconds
MS: milliseconds

Note
Note that the defect type in a MEP is indicated if it occurred
during sysUpTime.

Example
Below is an example of a CC alarm notification.
EthOam Fault:MACStatus MEP={Level=4 MA=0x1 MEPiD=100} sysUpTime=00:01:23,75

History
Setting Number of Loopback History Entries
To set the number of latest loopback history entries (bursts) whose results are to be displayed for
a specific MEP, invoke the command:
mep <1-4095> loopback history-size <2-120>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
loopback: Loopback
history-size: History entries to be held
<2-120>: Range of numbers of history entries. Default: 5.

336 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

Viewing History Entries


Whole History
To view the whole history of CLI commands invoked, from enable mode or a service mode
invoke the command:
show history

Delay-Measurement/Loopback History
Results of Delay-Measurement/Loopback History are displayed with ns accuracy if Delay-
Measurement/Loopback was enabled for control by FPGA/hardware using the command mep <1-
4095> (delay-measure|loopback) enable described in the section Activating, page 327.
All MEPs
To view Delay-Measurement/Loopback history for all MEPs:
From enable mode invoke the command:
show ethernet oam delay-measure|loopback history
or
From a service mode invoke the command:
show delay-measure|loopback history
Example 1
OS906C(config-ethoam-Lev1:MAiD#14)# show delay-measure history

Service Lev=1:Ma#14

-------------- id:6 -------------


Started:Sat Apr 15 19:28:30 2000 on target: rmep 201 mac
00:0f:bd:01:5e:88
60 packets transmitted; 60 packets received, 0.00% packet loss
Round-trip min/avg/max: 13.664/13.717/13.776 us
Jitter SD min/avg/max: -0.064/ -1.919/ -21.776 us
Jitter DS min/avg/max: 0.048/ 1.919/ 21.744 us
-------------- id:7 -------------
Started:Sat Apr 15 19:28:30 2000 on target: rmep 201 mac
00:0f:bd:01:5e:88
70 packets transmitted; 70 packets received, 0.00% packet loss
Round-trip min/avg/max: 13.664/13.714/13.776 us
Jitter SD min/avg/max: -0.064/ -1.967/ -21.776 us
Jitter DS min/avg/max: 0.048/ 1.967/ 21.744 us
-------------- id:8 -------------
Started:Sat Apr 15 19:28:30 2000 on target: rmep 201 mac
00:0f:bd:01:5e:88
80 packets transmitted; 80 packets received, 0.00% packet loss
Round-trip min/avg/max: 13.664/13.713/13.776 us
Jitter SD min/avg/max: -0.064/ -2.003/ -21.776 us
Jitter DS min/avg/max: 0.048/ 2.003/ 21.744 us
OS906C(config-ethoam-Lev1:MAiD#14)#

The fields in the above example are described below.


Round-trip min Minimal value of frame round-trip time
(in µs, with 1 ns accuracy)
Round-trip avg Average value of frame round-trip time
(in µs, with 1 ns accuracy)
Round-trip max Maximal value of frame round-trip time
(in µs, with 1 ns accuracy)
JitterSD min Minimal value of source-destination jitter
(in µs, with 1 ns accuracy)
JitterSD avg Average value of source-to-destination jitter
(in µs, with 1 ns accuracy)
JitterSD max Maximal value of source-to-destination jitter
(in µs, with 1 ns accuracy)

January 2009 URL: http://www.mrv.com 337


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

JitterDS min Minimal value of destination-to-source jitter


(in µs, with 1 ns accuracy)
JitterDS avg Average value of destination-to-source jitter
(in µs, with 1 ns accuracy)
JitterDS max Maximal value of destination-to-source jitter
(in µs, with 1 ns accuracy)
Example 2
OS906C(config-ethoam-Lev1:MAiD#14)# show loopback history

Service Lev=1:Ma#14

-------------- id:11 -------------


Started:Sat Apr 15 19:31:26 2000 on target: rmep 201 mac
00:0f:bd:01:5e:88
10 packets transmitted; 10 packets received, 0.00% packet loss
OS906C(config-ethoam-Lev1:MAiD#14)#

Specific MEP
To view the Delay-Measurement/Loopback history for a specific MEP, from the mode of a
service invoke the command:
show delay-measure|loopback history mep <1-4095>
Example 1
OS900(config-ethoam-Lev4:MAiD#1)# show delay-measure history mep 100
Service Lev=4:Ma#1
OS900(config-ethoam-Lev4:MAiD#1)#

Example 2
OS900(config-ethoam-Lev4:MAiD#1)# show loopback history mep 100
Service Lev=4:Ma#1
OS900(config-ethoam-Lev4:MAiD#1)#

Link Trace
The Link Trace (LT) function causes a MEP to send LT request PDUs to remote bridges
participating in a service on an on-demand basis. Depending on the replies, LT produces a
sequence of the bridges from the MEP to the target bridge. The MEP expects to receive LT reply
PDUs within a specified period of time. Bridges that do not reply are excluded from the sequence.
LT can be used for:
• Retrieval of adjacency relationships between a MEP and remote bridges participating in
the service, i.e., retrieval of the sequence of bridges from the source MEP to the target
bridge.
• Fault localization. When a fault (e.g., link or device failure) or a forwarding plane loop
occurs, the sequence of bridges will likely be different from the expected one. The
difference in the sequences provides information about the fault location.

Setting
Activation
To activate the link trace function, invoke the command:
mep <1-4095> linktrace rmep <1-4095>
or
mep <1-4095> linktrace mac MAC_ADDRESS
where,
<1-4095>: (First appearance) Local (source) MEP ID to be selected from the range 1 to
4095
<1-4095>: (Second appearance) Remote (destination) MEP ID to be selected from the
range 1 to 4095

338 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

MAC_ADDRESS: MAC address of the remote MEP


Additional parameter to these commands is the number of link trace packets that should be
transmitted in one burst.
Example 1
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 linktrace rmep 200

MEP={Level=4 MA=1 MEPiD=100} from 00:0F:BD:01:22:79 id=1 ttl=254 Terminated

OS900(config-ethoam-Lev4:MAiD#1)#

Example 2
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 linktrace mac 00:0F:BD:01:22:79

The fields in the above example are described below.


MEP={Level=4 MA=1 MEPiD=100} Domain Level 4, Service 1, and MEP ID 100
LTR(port 2) Link Trace Reply arrived at Port 2
00:0F:BD:01:22:79 Responder MAC address
Id=1 LT message sequence number
ttl=254 Time to leave (starts from 255)
Terminated Receipt of reply from target (destination) MAC address

Packet Handling Mode


To set the linktrace packet handling mode, invoke the command:
mep <1-4095> linktrace (clear|use_fdb_only)
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
clear: Use only FDB for LTM forwarding
use_fdb_only: (UseFDBonly from 802.1ag-2007): It indicates that only MAC addresses
learned in a Bridge’s Filtering Database, and not information saved in the MIP CCM
Database, is to be used to determine the Egress Port.
(To reset the linktrace packet handling mode to the default (clear), invoke the command:
no mep <1-4095> linktrace use_fdb_only)

Time-To-Live
To set the time-to-live for linktrace packets, invoke the command:
mep <1-4095> linktrace ttl <1-255>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-255>: Time-to-live for linktrace packets from the range 1 to 255: Default: 255
To reset the time-to-live to the default value (255), invoke the command:
no mep <1-4095> linktrace ttl
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095

Viewing
To view the linktrace setting for a MEP, invoke the command:
show linktrace [mep <1-4095>] [detailed-output]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095

January 2009 URL: http://www.mrv.com 339


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

<1-4095>: Local MEP ID to be selected from the range 1 to 4095

Automatic Scheduling of Delay Measurement, Loopback,


and Link Trace
To schedule an individual Delay-Measurement, Loopback, or Link Trace operation, invoke a
scheduler command, as described in Chapter 22: Scheduler.
Example
OS910> enable
OS910# configure terminal
OS910(config)# schedule extended 7
OS910(sched-7)# start-time now
OS910(sched-7)# end-time Feb 6 14:25
OS910(sched-7)# interval 1
OS910(sched-7)# command cli ethernet oam domain 4 service 1 mep 2 delay-measure
enable
OS910(sched-7)# enable

In the above example:


The first enable enables the delay-measurement function
The second enable enables the scheduler.

Clearing MEP Statistics


To clear all statistics on a MEP:
1. Enter the mode of the specific service (by invoking the command service
NUMBER) whose MEP statistics are to be cleared.
2. Invoke the command:
mep <1-4095> clear-all-statistics
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095

Debug
Type of CCM Message to Send
To select the type of message a specific MEP is to send, invoke the command:
debug ethernet oam domain <0-7> service NUMBER mep <1-4095> port PORT
(ccm-freeze|fng|rx-ccm|tx-ccm)
where,
ccm-freeze Freeze CCM
fng Fault Notification Generator
rx-ccm Received CCM PDUs
tx-ccm Transmitted CCM PDUs
To revoke the type of message a specific MEP is to send, invoke the command:
no debug ethernet oam domain <0-7> service NUMBER mep <1-4095> port
PORT (ccm-freeze|fng|rx-ccm|tx-ccm)

CCM Message Destination


To select the destination to which messages of a specific MEP are to be sent, invoke the
command:
debug ethernet oam target (all|cli|console|current-session|log)
where,
all All targets
cli CLI (Telnet/Ssh) sessions

340 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM

console System console


current-session Current CLI session
log System log
To revoke the destination to which messages of a specific MEP are to be sent, invoke
the command:
To revoke the destination to which messages of a specific MEP are to be sent, invoke the
command:
no debug ethernet oam target (all|cli|console|current-session|log)

References
[1] IEEE 802.1ag, Virtual Bridged Local Area Networks – Amendment 5: Connectivity Fault
Management, Draft 8, February 2007, IEEE 802.1 Committee
[2] Draft Recommendation Y.1731 – OAM Functions and Mechanisms for Ethernet based
Networks, January 2006 Draft, ITU-T SG 13 WP /Q5
[3] Fujitsu – Ethernet Service OAM: Overview, Applications, Deployment, and Issues, Copyright
2006 Fujitsu Network Communications Inc.

January 2009 URL: http://www.mrv.com 341


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

342 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 19 IEEE 802.3ah OAM for Ethernet in the First Mile

Chapter 19 IEEE 802.3ah OAM


for Ethernet in the First Mile
Terminology
The terms and their meanings as used in this chapter are as follows:
Term Meaning
EFM (Ethernet in the First Technology used to implement the OAM protocol over the
Mile) link connecting a Central Office OAM device port (e.g.,
MRV OS9000 port) to a Branch47 OAM device port (e.g.,
MRV OS900 port).
OS900 (OptiSwitch 900) MRV Branch OAM device.
OS9000 (OptiSwitch 9000) MRV Central Office OAM device.
OUI (Organization Unique Vendor-specific information.
Identifier)

General
Implementation of the OAM (for Ethernet in the First Mile) in the OS900 is based on the IEEE
802.3ah standard. This standard specifies OAM protocols and Ethernet interfaces for management
over Ethernet in the First Mile (EFM). The OAM sublayer is within the Data Link Layer of the OSI
model. The OAM protocol defines mechanisms to monitor the health of a network link and locate
faults using the transport layer [IEEE 802.3ah clause 57]. These mechanisms include the following
set of functions:
− Branch link performance monitoring
− Fault detection
− Loopback testing
− Setting of network event types to be announced
The number of OAM frames is usually limited to as little as ten per second, so there should be no
appreciable impact on the user traffic stream under normal conditions.
The OAM frames are fixed-size and can be distinguished from other frames by the Destination
MAC address and the Ethernet type & subtype.

Purpose
The OAM model provides reliable service assurance mechanisms for provider as well as customer
networks so as to avoid expensive time-consuming in-the-field truck rolls for isolating faults.

Application
A common application for the OAM functions is to Ethernet in the First Mile (EFM) networks. Each
such network consists of:
− A port of a Central Office OAM device (e.g., OS9000 located at a
central office)
− The cable connecting a Central Office OAM device port to a port of a
Branch OAM device (e.g., OS900 located at a customer’s premises),
and

47
CPE

January 2009 URL: http://www.mrv.com 343


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

− The Branch OAM device port


As shown in Figure 32, below:

Figure 32: EFM Link for Running the IEEE 802.3ah OAM Protocol

Advantages
EFM networks implemented with MRV’s OS9000 and OS900s provide the following advantages:
• Single-point of management
• Low-cost simple IP-less solution (i.e., the devices do not need IP
provisioning or IP addresses)
• Branch power failure indication
• End-to-end built-in self test for the fiberoptic link
• Independent of traffic loads, network configuration changes, and IP
connectivity failure

OAM Functionality
OAM Review
The OAM sublayer provides mechanisms to monitor the health of a network link and locate faults.
Vendor specific extensions are allowed to provide functions such as station management,
bandwidth allocation, and provisioning. The OAM sublayer software:
− Supports a single instance of the OAM entity and OAM client [ah 57.2-57.6];
− Operates in passive mode [ah 57.2.9];
− Facilitates the notification of critical events [ah 57.2.10];
− Provides a data link layer frame-level loopback mode [ah 57.2.11]; and

344 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 19 IEEE 802.3ah OAM for Ethernet in the First Mile

− Utilizes basic (untagged) IEEE 802.3 frames, or OAM Protocol Data Units
(OAMPDUs), to convey standard and vendor specific information [ah 57.4].

Operational Mode
As a passive OAM sublayer, the OS900 begins transmitting Information OAMPDUs only after
receiving one. The exchange of Information OAMPDUs and agreement on parameters advances
the discovery process to the SEND_ANY state, allowing any OAMPDU to be sent.
The OAM sublayer uses a timer to limit transmission of OAMPDUs (ten per second), and to ensure
that at least one is sent every second. A second timer detects loss of expected traffic.

Critical Events
Critical events are signaled using flag bits that are present in every OAMPDU sent.

Dying Gasp
Indicates time to failure due to power outage.

Note
The dying gasp indication is always sent to the Central Office device.
If a Layer 3 connection is present between the OS900 and an SNMP
host (manager) the dying gasp trap is sent directly to the SNMP host.
The procedure for configuring hosts that are to receive dying gasps and
other traps is described in the section Trap Host Specification, page 110.

Loopback
Loopback is performed on the OS900 port that is connected to the Central Office OAM device.
The OS9000 or another IEEE 802.3ah-capable manager (CO) may instruct the Branch OS900 to
enter loopback mode. In this mode, the Branch end OAM sublayer will return all packets received
and the initiating OAM sublayer will discard them. Packet and byte count statistics will be kept to
assist in diagnosing link problems.
The OS900 PHY interfaces can be tested in a loopback mode. Performing a loopback on a port via
a Branch management interface may cause loss of connectivity to that management port.

Requirement
Before activating the IEEE 802.3ah Ethernet OAM protocol, make sure that the ports of the OS900
to participate in this protocol are not set to tagged mode. For setting of modes, refer to the section
Outbound Tag Mode, page 139.

Activation
To activate the IEEE 802.3ah Ethernet OAM protocol, invoke the command:
1. Enter configure terminal mode.
2. Invoke the command:
efm-cpe ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports to operate with IEEE 802.3ah OAM.
Example
OS900(config)# efm-cpe ports 2-4
OS900(config)#

To deactivate the IEEE 802.3ah Ethernet OAM protocol, invoke the command:
no efm-cpe ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports to operate with IEEE 802.3ah OAM.

January 2009 URL: http://www.mrv.com 345


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

346 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 20: Authentication, Authorization, and Accounting (AAA)

Chapter 20: Authentication,


Authorization, and Accounting
(AAA)
General
The best way to allow management access (especially remote access) to the OS900 by multiple
administrators is to have a single database of administrators and a service mechanism that can
perform the following AAA functions with this database:
− Authentication: Identification of requester profile [username, password,
and privilege level] on a per-request basis.
− Authorization: Permission/denial of access subject to authentication
success/failure.
− Accounting: Reporting of information on requesters (identities, number
of access attempts per requester, start and stop times, executed
commands, etc.)
RADIUS (Remote Authentication Dial-In User Service) and TACACS+ (Terminal Access Controller
Access-Control System) are such service mechanisms. Both RADIUS and TACACS+ are Layer 7
(Application Layer) protocols. This chapter compares them and shows how they can be used on
the OS900.

RADIUS versus TACACS+


Table 14, below, compares the AAA protocols RADIUS and TACACS+ run on the OS900.
Table 14: RADIUS versus TACACS+

No. RADIUS TACACS+


1 Industry standard. Complies with RFC Cisco proprietary. Complies with RFC
2865. 1492.
2 UDP-based, offering best-effort delivery. TCP-based, offering connection-oriented
Utilizes UDP Port 1812. determinism. Utilizes TCP Port 49.
3 RADIUS UDP is simpler to implement. TCP makes TACACS+ more scalable.
4 Combines Authentication and Separates Authentication and
Authorization. Authorization.
5 Encrypts only the password in the Encrypts the whole connection request
connection request packet. packet.

Principles of Operation
The OS900 acts as a Network Access Server (NAS) for requesters, and therefore functions as an
AAA client passing requester information (e.g. username, password, etc.).
The AAA Server, on the other hand, is responsible for receiving requester connection requests,
authenticating or disqualifying the requester, and sending the permit or deny response to the client
OS900.
Transactions between the OS900 and the AAA Server are permitted by shared secrets, which are
never sent over the network. In addition, every administrator password is encrypted before it is
sent between the OS900 and the AAA Server in order to prevent deciphering.
The AAA Server can also provide accounting of requester commands and of changes in
authorization level. This information is recorded in a special log file that enables a supervisor to

January 2009 URL: http://www.mrv.com 347


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

view the activities of all the administrators. Accounting can include logging of commands or logging
of transitions from one mode to another.

Configuring the AAA Server


To configure an AAA Server48 to communicate with an OS900, do the following:
1. At the AAA Server, configure the OS900 as a NAS.
2. Set up shared secrets. In particular, enter the same encryption/decryption key on
the AAA Server as that entered (or to be entered) on the OS900.
3. If AAA is to mediate when an attempt is made to access the OS900 at login
mode, log the username & associated password of each administrator.
If AAA is to mediate when an attempt is made to access the OS900 at enable
mode, log a username and password for enable mode.
If AAA is to mediate when an attempt is made to access the OS900 at
configure mode, log a username and password for configure mode. The
username logged at the AAA Server must be the username to be entered at the
OS900 indexed with the string .config. For example, if the username to be
entered at the OS900 is Jojo, the username logged at the AAA Server must be
Jojo.config.
If AAA is to mediate when an attempt is made to access the OS900 at debug
mode, log a username and password for debug mode.

Note
To allow a user attempting to enter enable mode of the OS900
immediately after49 successfully logging onto the OS900 using the admin
password, set the ‘Service Type’ parameter on the AAA Server to the
value ‘administrative user.’

Configuring the OS900


General
To configure an OS900 to communicate with an AAA Server, the following need to be done:
1. Setting Authentication Criteria
This includes:
a. IP address of AAA Server that can be accessed by the OS900.
b. Encryption/decryption key – global or per AAA Server. This is a
text of the shared encryption key between the OS900 and the
AAA Server.
c. Timeout – (optional) Global or per AAA Server. This is the time
the OS900 waits for a response from the AAA Server.
d. Application port – (optional) Per AAA Server. This is the protocol
or service used by the OS900 to access the AAA Server. For
RADIUS it is UDP Port 1812. For TACACS+ it is TCP Port 49.
e. If AAA is to be applied when an attempt is made to access the
OS900 at enable mode, the username and password that are
configured for enable mode on the AAA Server.
If AAA is to be applied when an attempt is made to access the
OS900 at debug mode, the username and password that are
configured for debug mode on the Server.
If AAA is to be applied when an attempt is made to access the
OS900 at configure mode, the username and password that

48
The AAA server may be the AAA server itself or a device via which the OS900 communicates with the AAA server.
49
‘immediately after’ means without having to type the password required to enter enable mode.

348 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 20: Authentication, Authorization, and Accounting (AAA)

are configured for configure mode on the Server.


On the OS900, only one username can be defined for enable
mode,only one username can be defined for debug mode and
only one username can be defined for configure mode. Each of
these usernames is generic, meaning that, administrators with
different login usernames can access these modes. This is so
because the OS900 sends the generic username and not the
login username to the Authentication Server.
2. Setting Authentication
3. Activating Accounting
4. Viewing Accounting

Setting Authentication Criteria


To set the authentication criteria:
1. Enter configure terminal mode.
2. Several Server IP addresses can be specified for AAA by invoking the same
command repeatedly and/or different commands given in this step. For AAA, the
OS900 will attempt to access the AAA Servers in the order in which they were
specified till it succeeds.
To set authentication criteria for specific AAA Servers, invoke any one of the
following commands:
a. This command is used to specify the AAA Server IP address. The
default encryption/decryption key is testing123. The default
timeout is 3 seconds.
radius-server host <A.B.C.D>
Or
tacacs-server host <A.B.C.D>
where,
A.B.C.D: IP address of the AAA Server
b. This command is used to specify the AAA Server IP address and
encryption/decryption key. The default timeout is 3 seconds.
radius-server host <A.B.C.D> key LINE
Or
tacacs-server host <A.B.C.D> key LINE
where,
A.B.C.D: IP address of the AAA Server
LINE: Text of shared encryption key between the OS900 and the AAA
Server. Any alphanumeric unbroken string may be entered. The default
encryption/decryption key is testing123.
c. This command is used to specify the AAA Server IP address,
encryption/decryption key, and timeout.
radius-server host <A.B.C.D> key LINE timeout NUMBER
Or
tacacs-server host <A.B.C.D> key LINE timeout NUMBER
where,
A.B.C.D: IP address of the AAA Server
LINE: Text of shared encryption key between the OS900 and the AAA
Server. Any alphanumeric unbroken string may be entered. The default
encryption/decryption key is testing123.
NUMBER: Timeout time, i.e., the time (in seconds) the OS900 waits for a
response from the AAA Server. If the AAA Server gives a negative response
or if it does not a respond within this time, access to the OS900 is denied.
The default timeout is 3 seconds.

January 2009 URL: http://www.mrv.com 349


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

d. This command is used to specify the AAA Server IP address and


timeout. The default encryption/decryption key is testing123.
radius-server host <A.B.C.D> timeout NUMBER
Or
tacacs-server host <A.B.C.D> timeout NUMBER
where,
A.B.C.D: IP address of the AAA Server
NUMBER: Timeout time, i.e., the time (in seconds) the OS900 waits for a
response from the AAA Server. If the AAA Server gives a negative response
or if it does not a respond within this time, access to the OS900 is denied.
The default timeout is 3 seconds.
e. This command is used to specify the AAA Server IP address and
application port. The default timeout is 3 seconds. The default
encryption/decryption key is testing123.
radius-server host <A.B.C.D> port PORT
Or
tacacs-server host <A.B.C.D> port PORT
where,
A.B.C.D: IP address of AAA Server that can be accessed by the OS900.
PORT: Application port (protocol or service) to be authenticated. The default
for RADIUS is 1812. The default for TACACS+ is 49. To display the port
numbers and associated services, enter linux mode (by first entering
enable mode and then typing linux), type /etc/services.
3. To allow AAA access to the OS900 enable mode by an authorized requester,
invoke the command:
radius-server enable user NAME
Or
tacacs-server enable user NAME
where,
enable: Set the OS900 to request authentication from the AAA Server
when an attempt is made to access the OS900 enable mode.
NAME: Username. This username must be the same as that on the AAA
Server. When an attempt is made to access the OS900 at enable mode,
the OS900 sends this username to the AAA Server. The AAA Server finds
the associated password, which it sends to the OS900. The OS900 then
prompts the requester to enter a password. Only if the passwords match,
access is granted.
On the OS900, only one username can be defined for enable mode. This means that the
same username must be configured on all AAA Servers if they are to provide their service
to the OS900. This username is generic, meaning that, administrators with different login
usernames can access this mode. This is so because the OS900 sends the generic
username and not the login username to the AAA Server.

Note
Invocation of the command radius-server enable user NAME or
tacacs-server enable user NAME is a prerequisite for the AAA-
involving commands in step 4, page 352.

4. To allow AAA access to the OS900 debug mode by an authorized requester,


invoke the command:
radius-server debug user NAME
Or
tacacs-server debug user NAME
where,

350 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 20: Authentication, Authorization, and Accounting (AAA)

debug: Set the OS900 to request authentication from the AAA Server when
an attempt is made to access the OS900 at debug mode.
NAME: Username. This username must be the same as that on the AAA
Server. When an attempt is made to access the OS900 at debug mode, the
OS900 sends this username to the AAA Server. The AAA Server finds the
associated password, which it sends to the OS900. The OS900 then
prompts the requester to enter a password. Only if both the username and
password match, access is granted.
On the OS900, only one username can be defined for debug mode. This means that the
same username must be configured on all AAA Servers if they are to provide their service
to the OS900. This username is generic, meaning that, administrators with different login
usernames can access this mode. This is so because the OS900 sends the generic
username and not the login username to the AAA Server.

Note
Invocation of the command radius-server debug user NAME or
tacacs-server debug user NAME is a prerequisite for an AAA-
involving command in step 6, page 354.

5. To set a common key for all AAA Servers, invoke the command:
radius-server key LINE
Or
tacacs-server key LINE
where,
LINE: Text of shared encryption key between the OS900 and any AAA
Server. Any alphanumeric unbroken string may be entered. The default
encryption/decryption key is testing123.
6. To set a common timeout for all AAA Servers, invoke the command:
radius-server timeout NUMBER
Or
tacacs-server timeout NUMBER
where,
NUMBER: Timeout time, i.e., the time (in seconds) the OS900 waits for a
response from the AAA Server. If the AAA Server gives a negative response
or if it does not a respond within this time, access to the OS900 is denied.
The default timeout is 3 seconds.

Setting Authentication
For each mode (login, enable, debug or configure), any one of the following authentication
options can be selected:
local Perform authentication locally and without AAA Server mediation, i.e.,
using only the login username and password stored in the OS900’s
memory.
radius-local Perform authentication with the RADIUS Server first. If no response is
received from the RADIUS Server within the timeout time, perform
authentication using only the login username and password stored in the
OS900’s memory.
tacacs-local Perform authentication with the TACACS+ Server first. If no response is
received from the TACACS+ Server within the timeout time, perform
authentication using only the login username and password stored in the
OS900’s memory.
radius Perform authentication with the RADIUS Server.
(Access to the OS900 is denied if the Server gives a negative response or

January 2009 URL: http://www.mrv.com 351


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

if no response is received from the RADIUS Server within the timeout


time.)
tacacs Perform authentication with TACACS+ Server.
(Access to the OS900 is denied if the Server gives a negative response or
if no response is received from the TACACS+ Server within the timeout
time.)
none Prevent login.
To set the authentication:
1. Enter configure terminal mode.
2. Enter aaa mode.
3. To cause the OS900 to “try to get a permit or deny response from an AAA Server
first when an attempt is made to access the OS900 at login mode, and, if no
response is received within the timeout time, perform authentication using the
login username and password stored only in the OS900’s memory”, invoke the
command:
authentication login default radius local
Or
authentication login default tacacs local
To cause the OS900 to “try to get a permit or deny response from an AAA Server when an
attempt is made to access the OS900 at login mode, and, if no response is received
within the timeout time, deny access”, invoke the command:
authentication login default radius
Or
authentication login default tacacs

WARNING!
Before selecting the argument radius or tacacs, ensure that the AAA
Server is operational and that at least the following parameters are set
correctly on the OS900: AAA Server IP address, Server TCP
authentication port number, and encryption/decryption key.
You can make sure using the following safe method: Open a CLI
session50 and a TELNET session. In the TELNET session, enter the
mode configure terminal, and invoke the command
authentication login default radius or authentication
login default tacacs. Now close the TELNET session and then
attempt to reopen another. This way, if the attempt fails (possibly
because of an incorrect AAA parameter setting) access to the CLI agent
is retained (via the CLI session) and any AAA parameter setting can be
corrected in the CLI session.
To cause the OS900 to “prevent login”, invoke the command:
authentication login default none
WARNING!
Invoking the command authentication login default none will
lock the OS900, preventing any access to it.
4. To cause the OS900 to “try to get a permit or deny response from an AAA Server
first when an attempt is made to access the OS900 at enable mode, and, if no
response is received within the timeout time, perform authentication using the
enable password stored only in the OS900’s memory”, invoke the command:
authentication enable default radius local
Or
authentication enable default tacacs local

50
Using a serial/RS-232 connection.

352 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 20: Authentication, Authorization, and Accounting (AAA)

To cause the OS900 to “try to get a permit or deny response from an AAA Server when an
attempt is made to access the OS900 at enable mode, and, if no response is received
within the timeout time, deny access”, invoke the command:
authentication enable default radius
Or
authentication enable default tacacs
WARNING!
Before selecting the argument radius or tacacs, ensure that the AAA
Server is operational and that at least the following parameters are set
correctly on the OS900: AAA Server IP address, Server TCP
authentication port number, and encryption/decryption key.
You can make sure using the following safe method: Open a CLI session
and a TELNET session. In the TELNET session, enter the mode
configure terminal, and invoke the command authentication
enable default radius or authentication enable default
tacacs. Now close the TELNET session and then attempt to reopen
another. This way, if the attempt fails (possibly because of an incorrect
AAA parameter setting) access to the CLI agent is retained (via the CLI
session) and any AAA parameter setting can be corrected in the CLI
session.
5. To cause the OS900 to “try to get a permit or deny response from an AAA Server
first when an attempt is made to access the OS900 at configure mode, and, if
no response is received within the timeout time, perform authentication using the
debug password stored only in the OS900’s memory”, invoke the command:
authentication configure default radius local
Or
authentication configure default tacacs local
To cause the OS900 to “try to get a permit or deny response from an AAA Server when an
attempt is made to access the OS900 at configure mode, and, if no response is
received within the timeout time, deny access”, invoke the command:
authentication configure default radius
Or
authentication configure default tacacs

WARNING!
Before selecting the argument radius or tacacs, ensure that the AAA
Server is operational and that at least the following parameters are set
correctly on the OS900: AAA Server IP address, Server TCP
authentication port number, and encryption/decryption key.
You can make sure using the following safe method: Open a CLI session
and a TELNET session. In the TELNET session, enter the mode
configure terminal, and invoke the command authentication
configure default radius or authentication configure
default tacacs. Now close the TELNET session and then attempt to
reopen another. This way, if the attempt fails (possibly because of an
incorrect AAA parameter setting) access to the CLI agent is retained (via
the CLI session) and any AAA parameter setting can be corrected in the
CLI session.
To cause the OS900 to “prevent login”, invoke the command:
authentication configure default none
WARNING!
Invoking the command authentication configure default
none will allow access to the OS900 without the need for entering the
‘debug’ mode password.

January 2009 URL: http://www.mrv.com 353


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

6. To cause the OS900 to “try to get a permit or deny response from an AAA Server
first when an attempt is made to access the OS900 at debug mode, and, if no
response is received within the timeout time, perform authentication using the
debug password stored only in the OS900’s memory”, invoke the command:
authentication debug default radius local
Or
authentication debug default tacacs local
To cause the OS900 to “try to get a permit or deny response from an AAA Server when an
attempt is made to access the OS900 at debug mode, and, if no response is received
within the timeout time, deny access”, invoke the command:
authentication debug default radius
Or
authentication debug default tacacs

WARNING!
Before selecting the argument radius or tacacs, ensure that the AAA
Server is operational and that at least the following parameters are set
correctly on the OS900: AAA Server IP address, Server TCP
authentication port number, and encryption/decryption key.
You can make sure using the following safe method: Open a CLI session
and a TELNET session. In the TELNET session, enter the mode
configure terminal, and invoke the command authentication
debug default radius or authentication debug default
tacacs. Now close the TELNET session and then attempt to reopen
another. This way, if the attempt fails (possibly because of an incorrect
AAA parameter setting) access to the CLI agent is retained (via the CLI
session) and any AAA parameter setting can be corrected in the CLI
session.

Accounting
General
Accounting is the reporting of information (ID and activities) on requesters. The following
information is sent by the OS900 to the AAA or RADIUS Server:
− User (requester) name
− Date of access
− Time of access
− Accounting flags. If the command accounting exec radius|tacacs (for activating
accounting – see below) is executed, each start (login) and each stop (logout) is reported.
If the command accounting commands radius|tacacs is executed, each stop
(completion of command execution) is reported.
− Service (e.g., Shell, ARAP, SLIP, PPP, etc.)
− NAS (OS900) Port name
− NAS (OS900) IP address
− Commands invoked & executed

Activating Accounting
To activate accounting:
1. Enter configure terminal mode.
2. Enter aaa mode.
3. Invoke either of the following the commands:
accounting commands radius|tacacs
Or

354 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 20: Authentication, Authorization, and Accounting (AAA)

accounting exec radius|tacacs

Configuration Examples
For convenience, the parts of the configuration example are headed with a number (1, 2, etc.). The
description of each part is given below:
1. Setting of AAA Server criteria: IP address, key, timeout.
2. Setting of application port (protocol or service) that will be common to all AAA Servers.
3. Setting the OS900 to request authentication from the AAA Server when an attempt is
made to access the OS900 enable, debug, and configure mode.
4. Setting the authentication.
5. Activating accounting.
6. Displaying configuration.
7. Saving configuration in permanent memory.
RADIUS
MRV OptiSwitch 910 version d0907-21-07-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
1.
OS900(config)# radius-server host 193.85.1.67 key testing6789 timeout 5
2.
OS900(config)# radius-server host 193.85.1.67 port 3444
3.
OS900(config)# radius-server enable user TigerEnable
OS900(config)# radius-server debug user TigerDebug
4.
OS900(config-aaa)# authentication login default radius local
OS900(config-aaa)# authentication enable default radius local
OS900(config-aaa)# authentication configure default radius local
OS900(config-aaa)# authentication debug default radius
5.
OS900(config-aaa)# accounting exec radius
6.
OS900(config-aaa)# write terminal
Building configuration...

Current configuration:
! version d0907-21-07-05
!
radius-server enable user TigerEnable
radius-server debug user TigerDebug
radius-server host 193.85.1.67 port 3444
radius-server host 193.85.1.67 key testing6789 timeout 5
!
aaa
authentication login default radius local
authentication enable default radius local
authentication configure default radius local
authentication debug default radius
accounting exec radius
7.
OS900(config-aaa)# write file

January 2009 URL: http://www.mrv.com 355


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

TACACS+
MRV OptiSwitch 910 version d0907-21-07-05
OS900 login: admin
Password:

OS900> enable
OS900# configure terminal
1.
OS900(config)# tacacs-server host 193.85.1.67 key testing6789 timeout 5
2.
OS900(config)# tacacs-server host 193.85.1.67 port 3444
3.
OS900(config)# tacacs-server enable user TigerEnable
OS900(config)# tacacs-server debug user TigerDebug
4.
OS900(config-aaa)# authentication login default local tacacs
OS900(config-aaa)# authentication enable default local tacacs+
OS900(config-aaa)# authentication configure default local tacacs+
OS900(config-aaa)# authentication debug default tacacs
5.
OS900(config-aaa)# accounting exec TACACS+
6.
OS900(config-aaa)# write terminal
Building configuration...

Current configuration:
! version d0907-21-07-05
!
tacacs-server enable user TigerEnable
tacacs-server debug user TigerDebug
tacacs-server host 193.85.1.67 port 3444
tacacs-server host 193.85.1.67 key testing6789 timeout 5
!
aaa
authentication login default local tacacs
authentication enable default local tacacs
authentication configure default local tacacs+
authentication debug default tacacs
accounting exec TACACS+
7.
OS900(config-aaa)# write file

356 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 21: Service Assurance PING

Chapter 21: Service Assurance


PING
Definition
Service Assurance PING (SA PING) or Response Time Reporter (RTR) is an ICMP application
protocol for monitoring network performance, resources, and applications. It complies with RFC
2925.

Purposes
To:
• Test connectivity between the OS900 and other devices.
• Determine whether a target (destination) device is active
• Determine the RTT51 in communicating with a target device
• Collect probe history
• Collect statistical data for predicting and remodeling network operation
• Generate SNMP traps and SNA Alerts/Resolutions when a connection
is lost, a connection is reestablished, a timeout occurs, or a user-
configured threshold is exceeded. (Thresholds can also be used to
trigger collection of additional statistics.)

Scope
• Echo probes are available for use in SA PING.
• From the same OS900, several administrators can send SA PING
requests and each administrator can send several probes.
• Set a udpEcho probe
• Reset a probe

Principle of Operation
SA PING uses a series of alternating ICMP UDP echo request and UDP echo reply messages. It
sends an echo request message (packet) towards the destination address.
The following three factors determine how the OS900 will react: 1) ‘RTT’ 2) ‘frequency’, and 3)
‘timeout'.
‘RTT’ is the time between sending an ICMP request and receiving the corresponding response.
The ‘frequency’ is the number of milliseconds to wait before repeating a PING test. This time is
user-settable to any value in the range 1 to 107 (in milliseconds) in the CLI mode ‘rtr.’
The ‘timeout' is the time the OS900 waits (from the moment it sends an echo request) for an
echo response. If no echo response is received within this time, the OS900 registers a failed
response. This time is user-settable to any value in the range 1 to 107 (in milliseconds) in the mode
‘rtr.’
1. RTT < timeout; timeout < frequency: The OS900 waits until the end of the current
‘frequency’ time interval before sending the next echo.
2. RTT > timeout; timeout < frequency: The OS900 registers a failed request and
waits until the end of the current ‘frequency’ time interval before sending the next echo
request.

51
RTT is Round-Trip Time

January 2009 URL: http://www.mrv.com 357


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

3. RTT < timeout; timeout > frequency: The OS900 waits until the end of the current
‘frequency’ time interval that is overlapped by the ‘timeout‘ time before sending the next
echo request.
4. RTT > timeout; timeout > frequency: The OS900 registers a failed request and
waits until the end of the current ‘frequency’ time interval before sending the next echo
request.

Actions
Creating an SA PING Probe or Entering its Mode
To create an SA PING probe and/or to enter the mode of an existing SA PING probe:
1. Enter configure terminal mode.
2. Invoke the command:
rtr echo OWNER [NAME]
where,
OWNER: Owner name (e.g., Tarzan)
NAME: Probe name (e.g., Probe-1)
Note that several probe names can be defined per owner name!
Example
OS900(config)# rtr echo ?
OWNER Owner name
OS900(config)# rtr echo Edi ?
<cr>
NAME Probe name
| Output modifiers
OS900(config)# rtr echo Edi first
OS900(config-rtr)#

Displaying the Commands in the SA PING Mode


To display the list of commands in the SA PING mode:
1. Enter the mode of an SA PING probe by invoking the command:
rtr echo OWNER [NAME]
where,
OWNER: Owner name (e.g., Tarzan)
NAME: Probe name (e.g., Probe-1)
2. Press ? .

358 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 21: Service Assurance PING

Example
OS900(config)# rtr echo Edi
OS900(config-rtr)# ?
alias Command alias
buckets-of-history-kept The maximum number of entries allowed in the History table
count Number of times to perform a probe
default Set a command to its defaults
description Set a description for current rtr entry
end End current mode and down to previous mode
exit Exit current mode and down to previous mode
frequency Probe frequency for current rtr entry (in milliseconds)
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
pattern Set pattern of a data portion of a probe packet
quit Exit current mode and down to previous mode
request-data-size Size of the data portion to be transmitted
show show current rtr entry
start Start current rtr entry
stop Stop current rtr entry
target Set target address
timeout Probe timeout for current rtr entry (in milliseconds)
trap Probe notifications control
ttl Time-to-live field of sending packet
write Write running configuration to file or terminal
OS900(config-rtr)#

Configuring/Reconfiguring an SA PING Probe


To configure or reconfigure a created SA PING probe:
1. Enter configure terminal mode.
2. Enter the rtr mode of the specific probe by invoking the command:
rtr echo OWNER [NAME]
where,
OWNER: Owner name (e.g., Tarzan)
NAME: Probe name (e.g., Probe-1)
3. On entry into the mode rtr (indicated by the system prompt ‘OS900(config-
rtr)#), type target, the IP address of the destination device, and press Enter .
4. Type count, the number of times to perform the probe, and press Enter .
5. Type buckets-of-history-kept, the maximum number of entries allowed in
the History table, and press Enter .
6. Type trap, the Probe notification control, which may be:
all Generate all notifications
pathChange Generate pathChange notification
probeFailure Generate pingProbeFailed notification
testCompletion Generate testCompletion notification
testFailure Generate testFailure notification
filter Filter probeFailure notifications
and press Enter .
7. Type timeout, the time the OS900 waits (from the moment it sends an echo
request) for an echo response (this time is settable to any value in the range 1 to
107 milliseconds), and press Enter .
8. Type frequency, the time interval between any two successive echo requests
(this time is settable to any value in the range 1 to 107 milliseconds), and press
Enter .

January 2009 URL: http://www.mrv.com 359


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

9. Type request-data-size, the size of the data portion to be transmitted, and


press Enter .
Example
OS900(config)# rtr echo Edi
OS900(config-rtr)# target ?
TARGET Target address or hostname
OS900(config-rtr)# target 191.93.235.170

OS900(config-rtr)# count ?
<0-10000000> Probe count (0 - forever)
OS900(config-rtr)# count 0

OS900(config-rtr)# buckets-of-history-kept ?
<0-10000> Value of mximum number of entries allowed in the History table
OS900(config-rtr)# buckets-of-history-kept 20

OS900(config-rtr)# trap ?
all Generate all notifications
pathChange Generate pathChange notification
probeFailure Generate pingProbeFailed notification
testCompletion Generate testCompletion notification
testFailure Generate testFailure notification
filter Filter probeFailure notifications
OS900(config-rtr)# trap all

OS900(config-rtr)# trap filter testFailur


testFailure Number of events before sending a notification
OS900(config-rtr)# trap filter testFailure 3
OS900(config-rtr)#

Running an SA PING Probe


To operate a specific SA PING probe:
1. Enter the mode of the specifc SA PING probe by invoking the command:
rtr echo OWNER [NAME]
2. Invoke the command:
start
Example
OS900(config)# rtr echo Edi
OS900(config-rtr)# start
OS900(config-rtr)#

Stopping an SA PING Probe


To stop a currently running SA PING process between the OS900 and another device, invoke the
command:
1. Enter rtr mode.
2. Invoke the command
stop
Example
OS900(config-rtr)# stop
probe ended :ping target 191.93.235.170
199 packets transmitted; 199 packets received, 0.00% packet loss
round-trip min/avg/max = 0.438/0.463/0.672 ms : Sun September 8 12:07:33 2006

Viewing an SA PING Probe


To display information on SA PING:

360 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 21: Service Assurance PING

1. Enter rtr mode.


2. Invoke the command:
show all|configuration|results|history|rtr-history|alias
all Both configuration and results
configuration Response Time Reporter running configuration
results Results of probes
history List of commands invoked in the current session
rtr-history History table
alias Command alias
Example 1
OS900(config-rtr)# show

----------- type:echo owner:'Edi' testname:'*' 191.93.235.170 running


count: forever timeout: 3000 ms
size: 56 frequency: 1000 ms
bypass-route-table: No interface: <none>
maxrows: 20 ttl: 128
TestFailureFilter: 3
probeFailure testFailure testCompletion
Resolved target : 191.93.235.170
20 lines in history table.
30 packets transmitted; 30 packets received, 0.00% packet loss
Round-trip min/avg/max: 0.438/0.459/0.511 ms
Neg.Jitter min/avg/max: 0.003/0.021/0.055 ms; number=13
Pos.Jitter min/avg/max: 0.000/0.016/0.058 ms; number=16
Last good probe: Sun September 8 12:04:45 2006

Jitter, RTT, and packet loss values, in addition to bandwidth, serve to determine whether the
network in its present configuration can provide the requisite level of service essential for time-
sensitive applications such as VoIP and video streaming. For VoIP, a delay (time it takes for an
ICMP request to reach its destination) of up to 150 ms is usually acceptable.
Jitter is defined as the current RTT – previous RTT. Accordingly, jitter may be positive or
negative. Six types of jitter are measured by the OS900:
Neg. Jitter min – The minimum negative jitter recorded.
Neg. Jitter avg – The average of the negative jitters recorded.
Neg. Jitter max – The maximum negative jitter recorded.
Pos. Jitter min– The minimum positive jitter recorded.
Pos. Jitter avg – The average of the positive jitters recorded.
Pos. Jitter max – The maximum positive jitter recorded.
The number of positive and negative jitters are also recorded. The example above shows that the
‘number’ of negative jitters is ‘13’ and the ‘number’ of positive jitters is ‘16’.
RTT is defined as the time between sending an ICMP request and receiving the corresponding
response.
Packet loss is defined as ‘packets sent’ – ‘packets received’.

January 2009 URL: http://www.mrv.com 361


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example 2
OS900(config-rtr)# show history
## Responce Status Time
127. 0.45 OK Sun September 8 12:06:21 2006
128. 0.45 OK Sun September 8 12:06:22 2006
129. 0.45 OK Sun September 8 12:06:23 2006
130. 0.45 OK Sun September 8 12:06:24 2006
131. 0.49 OK Sun September 8 12:06:25 2006
132. 0.46 OK Sun September 8 12:06:26 2006
133. 0.45 OK Sun September 8 12:06:27 2006
134. 0.45 OK Sun September 8 12:06:28 2006
135. 0.46 OK Sun September 8 12:06:29 2006
136. 0.47 OK Sun September 8 12:06:30 2006
137. 0.44 OK Sun September 8 12:06:31 2006
138. 0.44 OK Sun September 8 12:06:32 2006
139. 0.46 OK Sun September 8 12:06:33 2006
140. 0.44 OK Sun September 8 12:06:34 2006
141. 0.47 OK Sun September 8 12:06:35 2006
142. 0.48 OK Sun September 8 12:06:36 2006
143. 0.45 OK Sun September 8 12:06:37 2006
144. 0.45 OK Sun September 8 12:06:38 2006
145. 0.49 OK Sun September 8 12:06:39 2006
146. 0.50 OK Sun September 8 12:06:40 2006
OS900(config-rtr)#

To display brief information on SA PING probes of all owners (administrators):


1. Enter enable mode.
2. Invoke the command:
show rtr brief
Example
OS900# show rtr brief
echo alex my1 localhost running
echo alex my2 191.93.235.170 stopped
echo Edi * 192.84.137.212 stopped
echo Edi first www.cursorinfo.c stopped
echo first * www.walla.co.il stopped
So, 5 entries, 1 is/are running
OS900#

To display detailed information on SA PING probes of all owners:


1. Enter enable mode.
2. Invoke the command:
show rtr all
Example
OS900# show rtr all

----------- type:echo owner:'alex' testname:'my1' localhost running


count: forever timeout: 3000 ms
size: 56 frequency: 1000 ms
bypass-route-table: No interface: <none>
maxrows: 10 ttl: 128
zero trap mask
Resolved target : 183.44.216.71 (dns); host : localhost
10 lines in history table.
379 packets transmitted; 379 packets received, 0.00% packet loss
Round-trip min/avg/max: 0.317/0.338/0.431 ms
Neg.Jitter min/avg/max: 0.001/0.005/0.042 ms; number=182
Pos.Jitter min/avg/max: 0.000/0.005/0.027 ms; number=196
Last good probe: Sun September 8 12:28:25 2006

362 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 21: Service Assurance PING

----------- type:echo owner:'alex' testname:'my2' 194.90.136.180 stopped


count: 49 timeout: 3000 ms
size: 56 frequency: 1000 ms
bypass-route-table: No interface: <none>
maxrows: 10 ttl: 128
zero trap mask
0 packets transmitted.

----------- type:echo owner:'Edi' testname:'*' 191.93.235.170 stopped


count: forever timeout: 3000 ms
size: 56 frequency: 1000 ms
bypass-route-table: No interface: <none>
maxrows: 20 ttl: 128
TestFailureFilter: 3
probeFailure testFailure testCompletion
Resolved target : 191.93.235.170
20 lines in history table.
199 packets transmitted; 199 packets received, 0.00% packet loss
Round-trip min/avg/max: 0.438/0.463/0.672 ms
Neg.Jitter min/avg/max: 0.001/0.025/0.213 ms; number=97
Pos.Jitter min/avg/max: 0.000/0.023/0.215 ms; number=101
Last good probe: Sun September 8 12:07:33 2006

----------- type:echo owner:'first' testname:'*' www.walla.co.il stopped


count: 1 timeout: 3000 ms
size: 56 frequency: 1000 ms
bypass-route-table: No interface: <none>
maxrows: 10 ttl: 128
zero trap mask
0 packets transmitted.
OS900#

Viewing SA PING Events as CLI Traps


To view SA PING Events as CLI Traps:
1. Enter enable mode.
2. Invoke the command:
debug event

An SNMP trap is sent as defined in PING.txt of RFC 2925.

January 2009 URL: http://www.mrv.com 363


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

364 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 22: Scheduler

Chapter 22: Scheduler

Definition
The scheduler function of the OS900 is used to schedule execution of administrator-specified
commands at times pre-set by the administrator. The command types may be CLI or Linux. A CLI
command may be a regular command or a script52.

Purpose
The scheduler allows the administrator to ensure that certain actions by/on the OS900 will be
performed at the right time and automatically.
Examples of uses of the scheduler are: reboot the OS900 at the end of the day, load a new
configuration at a pre-specified time, etc.

Types of Scheduler Commands


There are four types of scheduler commands:
• Single-Execution
• Periodic-Execution
• Extended
• No-Execution
• Show Scheduler Configuration
These types of scheduler commands can be CLI or Linux commands.
To execute these commands, first enter the configure terminal mode as shown below:
OS900 login: admin
Password:
Last login: Wed Jun 8 09:24:24 2006 on ttyS0
Welcome to MRV's distribution for MPC8245.
OS900> enable
OS900# configure terminal

Scope
If the type of a Single-Execution, Periodic-Execution, or Extended scheduler command is CLI, it is
required to belong to enable mode.
The execution time for these scheduler commands can be set to within a 1-minute margin.
The Single-Execution and Periodic-Execution scheduler commands provide for sending event
notification following execution.
The Single-Execution scheduler command is used to execute a command just once.
The Periodic-Execution scheduler command is used to execute a command periodically as follows:
− Every minute
− Every hour at a specific minute
− Every day at a specific hour and minute
− Every month on a specific day and at a specific hour and minute

52
A script is a set of CLI commands that the OS900 can execute in succession without user intervention. For details, refer
to the section Scripts, page 120.

January 2009 URL: http://www.mrv.com 365


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

− At a specific day of the week (e.g., Sunday) every month or a specific month at a specific
hour and minute
The Periodic-Execution scheduler command cannot be used to execute a command periodically if
the period is in the range:
− 2 and 59 minutes (e.g., every 2 minutes)
− 2 and 23 hours (e.g., every 2 hours)
− 2 or more days (except 7, because it can be executed every weekday)
−2 or more months
The Extended scheduler command has more capability than the Periodic-Execution scheduler
command. It can be used to execute a command periodically for any period (e.g., every 2
minutes). Further, unlike the Single-Execution Scheduler Command and Periodic-Execution
Scheduler Command, several (up to 65535) such scheduler commands can be pre-configured
concurrently for execution.

Single-Execution Scheduler Command


Purpose
This type of scheduler command causes execution of a CLI or Linux command just once.

Syntax
The command syntax is as follows:
schedule once MONTH DAY TIME [notifying] (cli|linux) COMMAND
where,
MONTH: Month (e.g., June) during which the command is to be executed. Either type the
full name of the month or at least the first three letters (e.g., Jun). In any case, the month
name must begin with capital (upper case) letter.
DAY: Day (e.g., 27) on which the command is to be executed. The day can be any number
in the range 1-31, provided the day is valid for the month. (For e.g., 31 for the month of
June is not valid.)
TIME: Time (e.g., 13:15) at which the command is to be executed. The time must typed
in the following format:
HH:MM
where,
HH: Hour as a 2-digit number.
The hour can be any number in the range 0-23.
MM: Minute as a 2-digit number.
The minute can be any number in the range 0-59.
[notifying]: Send event notification following execution of the scheduling command.
(cli|linux): Choice between cli and linux.
cli is CLI command type.
linux is Linux command type.
COMMAND: The specific CLI or Linux command to be executed by the OS900. If the
command type is CLI, it is required to belong to enable mode.
Example 1:
In order to cause a configuration to be saved on June 15 at the time 23 hr and 51 min, invoke the
following CLI command:
schedule once Aug 7 23:51 cli write file
Example 2:
In order to cause the OS900 to reboot on December 7 at the time 18 hr and 35 min, invoke the
following CLI command:
schedule once Dec 7 18:35 cli reboot

366 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 22: Scheduler

Periodic-Execution Scheduler Command


Purpose
This type of scheduler command causes periodic execution of CLI or Linux commands.

Syntax
The command syntax is as follows:
schedule period MINUTE HOUR DAY MONTH WDAY [notifying] (cli|linux)
COMMAND
where,
MINUTE: Minute at which the command is to be executed.
Either type:
− A number in the range 0-59, e.g., 43
Or
− * for execution every minute.
HOUR: Hour at which the command is to be executed.
Either type:
− A number in the range 0-23, e.g., 16
Or
− * for execution every hour.
DAY: Day on which the command is to be executed.
Either type:
− A number in the range 1-31, e.g., 27. (For example, 31 for the month of
February, April, June, etc. is not valid since each of these months has less than
31 days!)
Or
− * for execution every day.
MONTH: Month during which the command is to be executed.
Either type:
− The full name of the month (e.g., June) or at least the first three letters (e.g.,
Jun). In any case, the month name must begin with capital (upper case) letter.
Or
− * for execution every month.
WDAY: Day of the week on which the command is to be executed.
Either type:
− The full name of the weekday (e.g., Sunday)
Or

* for ignoring what day it is of the week.
[notifying]: Send event notification following execution of the scheduling command.
(cli|linux): Choice between cli and linux.
cli is CLI command type.
linux is Linux command type.
COMMAND: The specific CLI or Linux command to be executed by the OS900. If the
command type is CLI, it is required to belong to enable mode.

Note
In selecting the values for MONTH and WDAY, make sure that they are
compatible according to the calendar!

January 2009 URL: http://www.mrv.com 367


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
In order to cause the OS900 configuration to be saved on the FTP server whose IP address is
195.90.123.5 in the directory c:/config_bak every day at the time 23 hr and 0 min, invoke
the following CLI command:
schedule period 00 23 * * * cli copy startup-config ftp 195.90.123.5
c:/config_bak

Extended Scheduler Command


Purpose
This type of scheduler command is used to cause execution of a CLI or Linux command once,
several times, or periodically.

Configuration
Setup
1. Enter configure terminal mode.
2. Invoke the command:
schedule extended <1-65535>|new
where,
<1-65535>: Range of schedule IDs from which one is to be selected by the user.
new: Schedule ID to be selected by the OS900. The OS900 assigns the highest ID
in the range that is available. For e.g., if 65535 and 65533 are assigned and 65534
is available, the use of the argument new will assign the ID 65534 to the next
scheduler command that is set up.
3. Invoke the command:
command cli|linux COMMAND
where,
cli: CLI command type.
linux: Linux command type.
COMMAND: The specific CLI or Linux command to be executed by the OS900. If the
command type is CLI, it is required to belong to enable mode.
enable mode.
4. Invoke the command:
interval <1-527040>
where,
<1-527040>: Interval between two consecutive command executions in minutes.
5. Invoke the command in one of the following two options:
Option 1: Number of times command is to be executed.
number-of-times <1-527040>
where,
<1-527040>: Number of times command is to be executed.
Option 2: Time by which the schedule will stop.
end-time forever|(MONTH DAY TIME)
where,
forever: Schedules the command to run indefinitely.
MONTH: The Month (e.g., March, * for this month).
DAY: The day (e.g., 10, * for this day).
TIME: The time (e.g., 13:15).
6. Set the time at which the schedule can start by invoking the command:
start-time now|(MONTH DAY TIME)

368 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 22: Scheduler

where,
now: The schedule is to start immediately.
MONTH: The Month (e.g., March, * for this month).
DAY: The day (e.g., 10, * for this day).
TIME: The time (e.g., 13:15).
7. (Optional) Add a user comment on the scheduler command by invoking the command:
remark STRING
where,
STRING: User comment on the scheduler command. The comment may be up to
132 characters long.

Enabling
A scheduler command can be enabled for execution only after it has been set up as described in
the section Setup, page 368, just above.
To enable execution of a scheduler command that has already been set up:
1. Enter configure terminal mode.
2. Enter the mode of the scheduler command that is to be enabled by invoking the command:
schedule extended <1-65535>
where,
<1-65535>: Range of schedule IDs from which the ID of the scheduler command
that is to be enabled must be selected.
3. Invoke the command:
enable

Example 1
In this example, running of loopback test is configured. The test starts on the 20th of November at
13:15, will be run every hour (60 minutes) indefinitely.
schedule extended 1
remark run loopback test with burst of 10 frames
start-time Nov 20 13:15
end-time forever
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable

Example 2
In this example too, running of loopback test is configured. However, the test is set to start
immediately, will run every hour in the 3 following hours.
schedule extended 2
remark run loopback test with burst of 10 frames
start-time now
number-of-times 3
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable

Notes
1. In case of conflicting configuration commands, for example, end-time
forever and number-of-times <1-527040>, the last command is
reinforced.
2. If entry configured to “start-time now” and “enable”, then in case of device
reset, the scheduler will run the scheduled command immediately, even if
it had been completed before the reset.
3. The old extended scheduler entry format is supported only from start up
configuration.

January 2009 URL: http://www.mrv.com 369


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Viewing
All Configured Scheduler Commands
In Brief
To view all the configured scheduler commands in brief:
1. Enter enable mode.
2. Invoke the command
show schedule
Example
OS900(config)# show schedule
Schedule table is empty.
Id Enable Complete Start-time End-time Number Interval Type Command
==============================================================================
1 Yes No Nov 20 13:15 Forever - 60 cli etherne
2 Yes No Now - 3 60 cli etherne
OS900(config)#

In Detail
To view all the configured scheduler commands in detail:
1. Enter enable mode.
2. Invoke the command:
show schedule extended details
Example
OS900# show schedule extended details
Shedule 1 details:
-------------------
Enable : Yes
Complete : No
Start-time : Nov 20 13:15
End-time : Forever
Number of times: -
Interval : 60
Command type : cli
Command : ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 1

Shedule 2 details:
-------------------
Enable : Yes
Complete : No
Start-time : Now
End-time : -
Number of times: 3
Interval : 60
Command type : cli
Command : ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 1
OS900#

Specific Configured Scheduler Command


Method 1
To view a specifc configured scheduler command:
1. Enter enable mode.
2. Invoke the command:
show schedule extended details [INDEX]
where,

370 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 22: Scheduler

[INDEX]: ID (in the range <1-65535>) of the scheduler command about which
information is to be viewed.
Example
OS900# show schedule extended details 1
Shedule 1 details:
-------------------
Enable : Yes
Complete : No
Start-time : Nov 20 13:15
End-time : Forever
Number of times: -
Interval : 60
Command type : cli
Command : ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 1
OS900#

Method 2
1. Enter configure terminal mode.
2. Invoke the command:
schedule extended <1-65535>
where,
<1-65535>: Range of schedule IDs from which one is to be selected by the user.
3. Invoke the command:
show scheduler
Example
OS900# configure terminal
OS900(config)# schedule extended 1
OS900(sched-1)# show scheduler
remark run loopback test with burst of 10 frames
start-time Nov 20 13:15
end-time forever
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable
OS900(sched-1)#

Run-time Configuration of Extended Scheduler Commands


To view the run-time configuration of extended scheduler commands:
1. Enter enable mode.
2. Invoke the command:
show running-config schedule extended

January 2009 URL: http://www.mrv.com 371


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900# show running-config schedule extended
schedule extended 1
remark run loopback test with burst of 10 frames
start-time Nov 20 13:15
end-time forever
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable
schedule extended 2
remark run loopback test with burst of 10 frames
start-time now
number-of-times 3
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable
OS900#

OAM Operation Scheduler Command


To schedule an IEEE 802.1ag or ITU-T SG 13 Y.1731 standard OAM operation, use the command
described in the section Automatic Scheduling of Delay Measurement, Loopback, and Link Trace,
page 340.

No-Execution Scheduler Command


Purpose
This type of scheduler command cancels a scheduled command.

Syntax
The command syntax is as follows:
no schedule COMMAND
where,
COMMAND – Specific CLI or Linux command to be canceled.
Example
In order to stop the saving of the OS900 configuration on the FTP server whose IP address is
195.90.123.5 in the directory c:/config_bak every day (at the time 23 hr and 0 min), invoke the
following CLI command:
no schedule copy startup-config ftp 195.90.123.5 c:/config_bak

Show Scheduler Configuration Command


Purpose
This type of scheduler command shows the commands that will be executed by the scheduler.

Syntax
The command syntax is as follows:
show schedule [COMMAND]
where,
[COMMAND] – (optional) The specific CLI or Linux command schedule to be viewed. If the
argument is typed, all arguments of this scheduled command will be shown. If the
argument is not typed, all defined scheduled commands and their arguments will be
shown.
Below is an example showing two schedules.

372 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 22: Scheduler

OS900(config)# show schedule


Complete Month Day Weekday Hour Min Type Notif Command
=========================================================
No Aug 7 23 51 cli write file
No Aug 7 23 58 cli reboot
End Of Schedule Table
OS900(config)#
The entry No in the column Complete means the command has not been executed. After the
command is executed, ‘No‘ changes to ‘Yes.‘

January 2009 URL: http://www.mrv.com 373


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

374 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 23: Transparent Mode Media Cross Connect

Transparent Mode
Chapter 23:
Media Cross Connect
General
The Media Cross Connect application provides it with intelligent patchpanel-like functionality. In
typical patchpanels, wires must be physically disconnected, moved, and reconnected to change
the network configuration. In the OS900, (and herein lies its great advantage) physical connections
are left unchanged; only logical connections are changed – purely by software control – to give the
desired port-to-port interconnections.
One application of Media Cross Connect is to forward data via a WDM technology port.

Principle of Operation
Media Cross Connect allows the administrator to program the OS900 to forward traffic entering
one user-specified port to another or to flood another user-specified port group – in transparent
mode. In this mode, the forwarding is done like that by a repeater; fully transparently (i.e., with no
MAC address learning and no processing).
Figure 33, below, illustrates Media Cross Connect.

Figure 33: Examples of Media Cross Connections in the OS900

Examples
Example 1
The example below shows how to configure Media Cross Connection between ports 3 and 4.
OS900(config)# port tag-outbound-mode q-in-q 3-4 20
OS900(config)# interface vlan vif20
OS900(config-vif20)# tag 20
OS900(config-vif20)# ports 3-4
OS900(config-vif20)# exit
OS900(config)# no port lt-learning 3-4
OS900(config)#

January 2009 URL: http://www.mrv.com 375


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example 2
This example shows use of a script to program media cross connect.
OS900(config)# script cross-connect

OS900(script-cross-connect)# parameter 10 ID type vifN description IF for X-connect


OS900(script-cross-connect)# parameter 20 POID type ports description Ports for X-connect

OS900(script-cross-connect)# line 20 port tag-outbound-mode q-in-q $POID $ID


OS900(script-cross-connect)# line 30 interface vlan vif$ID
OS900(script-cross-connect)# line 40 tag $ID
OS900(script-cross-connect)# line 50 ports $POID
OS900(script-cross-connect)# line 60 no port lt-learning $POID

OS900(script-cross-connect)# write terminal


Building configuration...

Current configuration:
! version 1-0-0
!
script cross-connect
parameter 10 ID type vifN description IF for X-connect
parameter 20 POID type ports description Ports for X-connect
line 20 port tag-outbound-mode q-in-q $POID $ID
line 30 interface vlan vif$ID
line 40 tag $ID
line 50 ports $POID
line 60 no port lt-learning $POID
!
OS900(script-cross-connect)# exit
OS900(config)# exit

OS900# cross-connect ?
<1-4095> cross-connect_ID(range:2-4095)
OS900# cross-connect 20 ?
PORT_GROUP_STR cross-connect_ports(e.g 2-3)
OS900# cross-connect 20 8-10
execute: port tag-outbound-mode q-in-q 3-4
execute: interface vlan vif20
execute: tag 20
execute: ports 3-4
Interface is activated.
execute: no port lt-learning 3-4 entries 0
OS900#

376 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 24: Firmware Viewing and Upgrading/Downloading

Firmware Viewing
Chapter 24:
and Upgrading/Downloading
General
This chapter provides general information on the:
− OS900 image (operative-program firmware)
− FPGA firmware
And shows how to upgrade/download an OS900 image, and how to reboot the OS900 so that it
runs with the new firmware.
The image, containing the executable code that runs on the OS900, is preinstalled at the factory in
the OS900 storage device in compressed form. The OS900 automatically decompresses the file
before activating the image. The image should be upgraded as new versions are released. For the
latest image, you can: Contact your local MRV representative, E-mail us at
[email protected], or Visit our MRV Web site at http://www.mrv.com
The image is upgraded using a download procedure from a File Transfer Protocol (FTP) server on
the network.
The OS900 storage device has the following partitions:
− 2 partitions for firmware images (current, backup)
− 2 partitions for configuration files (current, backup) – see Chapter 25: Configuration ,
page 383.
During upgrading/downloading of a new image, the partition that does not contain the image being
run is formatted and the new image is downloaded in a backup store there. The boot sector is then
updated in such a way that at the next boot the image in the backup store becomes the current
OS900 image. As part of the upgrade procedure the relevant configuration files are upgraded
without affecting the custom configurations.

Requirements
To upgrade/download the OS900 image from a version that is lower than 1.0.11 to version 3.1.2,
the OS900 image must first be upgraded to version 1.0.11. The image must then be run (by
rebooting) and only then the version 1.0.11 can be upgraded to version 3.1.2. You can use the
procedure given below without Step 5 to upgrade to 1.0.11
In order to upgrade an OS900 unit to firmware version 3.1.2 (or later), its associated activation key
is required. To receive the activation key, email your request to [email protected].

Downloading a New Image


To upgrade/download a new image:
1. Load the new image onto an FTP remote directory on your network (if you will be
using FTP).
2. Log into the OS900.
3. Enter enable mode.
4. Download the new image to the OS900 using the command:
upgrade ftp FTP-SERVER REMOTE-DIR REMOTE-FILENAME [USERNAME]
[PASSWORD]
where,
FTP-SERVER: Host name or IP address of the FTP server containing the
image to be downloaded.
REMOTE-DIR: Full path to the directory containing the image on the FTP
server.

January 2009 URL: http://www.mrv.com 377


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

REMOTE-FILENAME: Name of the image file in the directory.


USERNAME: Name of the user authorized to access the FTP server.
PASSWORD: Password for accessing the FTP server.
(Alias copy ftp firmware: VERSION FTP-SERVER REMOTE-DIR
[USERNAME] [PASSWORD]
5. In response to the prompt:
Enter activation key recieved from MRV:
Type in the activation key (12-characters long)
6. Wait until the completion of the upgrade process, which may last a few minutes.
7. In response to the prompt
Would you like to reboot the system now ? (y|n)
Type y if you want to run the new image now.
Type n if you want to run the new image later and let the previous image keep running in the
meantime.
The new image can be run at any time as described in the section Rebooting, page 97.
If the upgrade/download process fails (for e.g., due to an FTP problem or illegal compressed file),
the OS900 runs the previous image.

Note
Powering the OS900 off and on will also run the new image.

To revert to the previous image, use the procedure described in the section Rerunning the
Previous OS900 Image, page 379.
Example
OS900# upgrade ftp 194.90.136.241 pub OS900-1-0-4.ver

Please wait for ftpget to finish ...

Check route to 194.90.136.241


Netmask = 255.255.0.0
FTP file pub/OS900-1-0-4.ver from 194.90.136.241 user password ...
Transferring data: 19815kB 100%
FTP Succeed
Write image to Flash...
Erasing blocks: 156/156 (100%)
Writing data: 19896k/19896k (100%)
Verifying data: 19896k/19896k (100%)
Copy & Merge configuration files...
Switch to boot partition 1
Would you like to reboot the system now? (y|n)
y
The system is rebooting !!!
Stopping internet superserver: xinetd.
Stopping periodic command scheduler: cron.
Stopping OpenBSD Secure Shell server: sshd.
Stopping portmap daemon: portmap.
Saving random seed... done.
Stopping kernel log daemon: klogd.
Stopping system log daemon: syslogd.
The system is going down NOW !!
Sending SIGTERM to all procesha exited !!!
Sending SIGKILL to all processes.
Please stand by while rebooting the system.
Restarting system.

OS900#

378 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 24: Firmware Viewing and Upgrading/Downloading

Rerunning the Previous OS900 Image


General
The OS900 has two images. One image is stored on memory partition number 1, the other on 3.
When booting, the U-BOOT software reads one of the boot parameters (identified as bootpart)
in order to determine the partition from which to boot.
Upgrade/download causes the new image to be written to the partition that was not used at boot,
i.e., to the one the OS900 is not currently running. At the end of the upgrade procedure, the
OS900 modifies the bootpart value to enable the new image to be run following reboot.
In order to rerun the previous image, the bootpart value must be changed to the previous value.
bootpart can have the value 1 or 3 corresponding to the partitions. If the value is 1, you need to
change it to 3, and vice versa.

Procedure
The procedure for changing the bootpart value is as follows:
(For security reasons, this procedure cannot be performed using a remote connection, e.g.,
TELNET, SSH, or SNMP.)
1. Connect a craft terminal (e.g., PC with an ASCII terminal emulation software
application) to the OS900 CONSOLE EIA-232 port with a Serial/RS-232 line as
shown in Figure 14, page 70.
2. Boot or reboot the OS900.
3. As soon as the following first lines of U-BOOT initialization appear on your
terminal:
U-Boot 1.1.1 (Apr 18 2004 - 16:11:20)

CPU: MPC8245 Revision 1.4 at 266.666 MHz: 16 kB I-Cache 16 kB D-Cache


I2C: ready
DRAM: 256 MB
Board: MRV SBC Revision: 1.1 Serial Number: 0000000001
FLASH: 68 MB
Type:
stop, and press Enter .
The boot sequence will stop, and the U-BOOT prompt => is displayed.
4. Type:
printenv, and press Enter .
Typically, the following information is displayed.
ethaddr=00:0F:BD:00:05:B8
ethact=i82559#0
bootfile=uImage
bootretry=5
bootdelay=3
bootm
ramboot=chpart $(bootpart); fsload $(bootfile); run flashargs addmisc; bootm
flashargs=setenv bootargs root=/dev/mtdblock1 bootpart=$(bootpart)
nfsargs=setenv bootargs root=/dev/nfs rw nfsroot=$(serverip):$(rootpath)
addip=setenv bootargs $(bootargs) ip=$(ipaddr):$(serverip):$(gatewayip):$(netmas
k):$(hostname):$(netdev):off
addmisc=setenv bootargs $(bootargs) console=ttyS0,$(baudrate)
gatewayip=194.90.136.254
netmask=255.255.255.0
ipaddr=192.168.1.10
serverip=192.168.1.20
rootpath=/home/eyalm/ppc_root/
baudrate=9600
bootcmd=run ramboot

January 2009 URL: http://www.mrv.com 379


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

bootpart=1
stdin=serial
stdout=serial
stderr=serial
cpuid=1
hwver=1
boardsn=0000000001

Environment size: 797/65531 bytes


=>
5. Check the bootpart value. (The example display, above, shows bootpart=1.)
6. Change the bootpart value to the other (i.e., if it is 1 change it to 3, and vice
versa) using the command:
set bootpart 3
7. Save the configuration using the command:
saveenv
Typically, the following information is displayed.
Saving Environment to Flash...
Un-Protected 1 sectors
Un-Protected 1 sectors
Erasing Flash...
. done
Erased 1 sectors
Writing to Flash... done
Protected 1 sectors
Protected 1 sectors
=>

8. Reset the OS900 using command:


reset
The OS900 will now boot from partition 3.

FPGA
Applicability
FPGA applies only to the OS904, OS906, and OS912 models.

Firmware Versions Viewing


To view the firmware version running the FPGA and the firmware version that can be downloaded
to run the FPGA:
1. Enter enable mode.
2. Invoke the command:
show fpga version
Example
OS900# show fpga version
Current FPGA version: FirmWare version - 0x9
SW version file that stored for FPGA module: rev9.bit
OS900#

In the example above:


− The firmware version currently running the FPGA is marked in red.
If the firmware has been corrupted, 0x0 will appear instead to indicate that firmware has to
be downloaded to the FPGA.
− The file containing firmware for upgrading the FPGA is marked in blue.
This FPGA File is a temporary file, i.e., it is deleted following reboot of the OS900. It is
deleted also as described in the section File Deleting, page 381.

380 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 24: Firmware Viewing and Upgrading/Downloading

It appears in the OS900 only after it has been copied as described in the section Firmware
Copying, just below. It is only used to upgrade the FPGA.

Firmware Copying
To copy the FPGA firmware53 from an FTP server to the FPGA File (temporary) in the OS900,
invoke the command:
copy ftp fpga FTP-SERVER REMOTE-DIR REMOTE-FILENAME [USERNAME]
[PASSWORD]
where,
FTP-SERVER: Hostname of the FTP server (or IP address)
REMOTE-DIR: Full path to the directory containing the FPGA firmware on the FTP
server.
REMOTE-FILENAME: Name of the FPGA File in the directory.
USERNAME: Name of the user authorized to access the FTP server.
PASSWORD: Password for accessing the FTP server.
Example
OS900# copy ftp fpga 194.90.136.153 pub rev9.bit
/usr/local/nbase/bin/copy_ethoam_fpgaver.sh 194.90.136.153 pub rev9.bit
Check route to 194.90.136.153
Netmask = 255.255.255.0
FTP file pub/rev9.bit from 194.90.136.153 user password...
FTP Succeed
OS900#

Firmware Upgrading
Upgrading the FPGA will cause the old firmware version to be overwritten with the new one.
Before performing upgrade:
1. Enter configure terminal mode
2. Disable all scheduler commands set to perform OAM actions by entering the
modes of the commands and invoking the command:
no enable
3. Disable Ethernet OAM by invoking the command:
no ethernet oam enable
To run the FPGA with the firmware version stored in the FPGA File, invoke the command:
upgrade fpga
Example
OS900# upgrade fpga
FPGA version successfully upgraded.
OS900#

File Deleting
To delete the FPGA File, invoke the command:
remove fpga-file
Example
OS900# remove fpga-file
OS900#

53
This firmware can optionally be used, at a later stage, to replace the existing firmware running the FPGA.

January 2009 URL: http://www.mrv.com 381


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

382 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 25: Configuration Management

Configuration
Chapter 25:
Management
Viewing Configuration Files
Available
To view the available configuration files, invoke the command:
show file
Example
OS900# show file
drwxrwxrwx 2 admin admin 140 Dec 25 14:13 .
drwxrwxrwx 4 root admin 200 Dec 25 14:11 ..
-rw-rw---- 1 admin admin 231538 Dec 23 17:58 1000vc
-rwxrwxrwx 1 root admin 7709 Dec 25 10:59 System.conf
-rw-rw---- 1 admin admin 7709 Dec 25 14:13 koko
-rwxrwxrwx 1 root admin 231538 Dec 23 17:57 kuku
OS900#

Current
To view the current configuration file, invoke the command:
show boot-config-file
Example
OS900# show boot-config-file
boot config file: /usr/local/etc/sys/System.conf
OS900#

Selecting a New Configuration File


To select a new configuration file, invoke the command:
boot-config-file FILE
where,
FILE: Name of the file to be used to configure the OS900.
Example
OS900# boot-config-file System.conf
Changes will take place after reboot
OS900#

Deleting a Configuration File


To delete a configuration file, invoke the command:
delete conf NAME
Example
OS900# delete conf koko
OS900#

Saving Configuration
To save the run-time configuration to the Startup configuration file (in flash permanent memory),
use any one of the following methods:

January 2009 URL: http://www.mrv.com 383


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Method 1
1. Enter the enable mode or any other mode under it.
2. Invoke the following command:
write file [NAME]
where,
[NAME]: Name of the file in which the configuration of the OS900 is to be
saved. By default (i.e., if this optional argument is not specified), the
configuration is saved in the file system.conf.
Example
OS900# write file
Building Configuration...
[OK]
OS900#

Method 2
1. Enter the enable mode or any other mode under it.
2. Invoke the following command:
write memory
Example
OS900# write memory
Building Configuration...
[OK]
OS900#

Method 3
1. Enter the enable mode or any other mode under it.
2. Invoke the following command:
copy running-config startup-config
where,
running-config: Copy from Run-time configuration file.
startup-config: Copy to Startup configuration file.
Example
OS900# copy running-config startup-config
Building Configuration...
[OK]
OS900#

Viewing Configuration Information


To view all the configuration information on the management console, enter enable mode or any
other mode under it, and invoke the command:
write terminal

384 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 25: Configuration Management

Example
OS900# write terminal
Building configuration...

Current configuration:
! version 1-0-4
!
port flood-limiting rate 2m 1,2
port flood-limiting rate 16.96m 3,4
port flood-limiting multicast 3,4
port flood-limiting tcp-syn 4
!
port tag-outbound-mode tagged 1-2
!
interface vlan vif7
!
interface vlan vif10
tag 980
ports 1-2
!
interface vlan vif20
tag 20
ip 23.0.0.3/24
ports 3-4
management
!
interface vlan vif100
!
interface out-of-band eth0
ip 194.90.136.38/24
management
!
spanning-tree
enable
!
OS900(config)#

Restoration of Factory Default Configuration


To restore the factory default configuration to the OS900 (and to save the current configuration):
1. Enter the enable mode.
2. Invoke the command:
write erase
Example
OS900# write erase
Restore factory defaults and backup current configuration.
Ok.
OS900#

To make the factory default configuration run-time, invoke the command reboot.

Restoration of Erased Configuration


To restore the OS900 configuration that existed prior to erasure by the command write erase:
1. Enter the enable mode.
2. Invoke the command:
write old-configuration

January 2009 URL: http://www.mrv.com 385


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900> enable
OS900# write old-configuration
Restore last erased configuration.
OS900#

This action will delete all the user-configurations performed after the command write erase was
invoked.

Configuration Files Upload/Download


General
A configuration file consists of a set of configuration CLI commands that were executed on the
OS900. As configuration settings are changed, the new settings get stored in run-time memory.
The settings in run-time memory are not retained when the OS900 is rebooted. To retain the
settings in the OS900, they must be copied to the flash (permanent) memory as described in the
section Saving Configuration, page 383.
This chapter describes how to copy (upload or download) an OS900 configuration file in one of the
following ways:
− Upload (copy Startup configuration file to FTP/SSH Server)
− Download (copy configuration file from FTP/SSH Server to Startup
configuration file)

Upload
The Startup Configuration File in the OS900 can be uploaded to an FTP server on your network.
The uploaded file is ASCII coded and retains the CLI format. Once the file is uploaded, you can:
• Modify the configuration using a text editor, and later download a copy
of the file to the same OS900, or to one or more other OS900s.
• Send a copy of the configuration file to the MRV Customer Support
Department for troubleshooting.
• Automatically upload the configuration file periodically, e.g., each day,
each week, etc., so that the FTP server can archive the configuration.
(The procedure for setting the OS900 to schedule periodic upload of the
configuration – or any other CLI command action – is described in the
section Scheduler, page 365.)
To copy the Startup configuration file to an FTP or SSH Server:
1. Enter enable mode.
2. Invoke the command in either of the following methods:
Method 1: (Without Encryption using FTP)
copy startup-config ftp FTP-SERVER REMOTE-DIR [USERNAME]
[PASSWORD]
where,
copy Copy file.
startup-config From Startup configuration.
ftp To FTP server.
FTP-SERVER: DNS Host name or IP address of the FTP server.
REMOTE-DIR: Full pathname to the directory on the FTP server.
[USERNAME]: Username for FTP login.
[PASSWORD]: Password for FTP login.
Method 2: (With Encryption using Secure Copy)
copy startup-config scp SERVER REMOTE-DIR USERNAME PASSWORD
where,
copy Copy file.

386 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 25: Configuration Management

startup-config From startup configuration.


scp To SSH server.
SERVER DNS Host name or IP address of the server.
REMOTE-DIR Full pathname to the directory on the server.
USERNAME Username for login.
PASSWORD Password for login.
Example
OS900> enable
OS900# copy startup-config ftp 194.83.132.65 ./configurations Zorro Mypassword
OS900#

Download
To copy a configuration file that is on an FTP/SSH Server to the Startup configuration file:
1. Enter enable mode.
2. Invoke the command in either of the following methods:
Method 1: (Without Encryption using TELNET)
copy ftp startup-config FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
where,
copy Copy file.
ftp From FTP server.
startup-config: To Startup configuration file.
FTP-SERVER: DNS Host name or IP address of the FTP server.
REMOTE-DIR: Full pathname to the directory on the FTP server.
REMOTE-FILENAME: Filename in the directory on the FTP server.
[USERNAME]: Username for FTP login.
[PASSWORD]: Password for FTP login.
Method 2: (With Encryption using SSH)
copy scp startup-config SERVER REMOTE-DIR REMOTE-FILENAME
USERNAME PASSWORD
where,
copy Copy file.
scp From SSH server.
startup-config To Startup configuration file.
SERVER DNS Host name or IP address of the server.
REMOTE-DIR Full pathname to the directory on the server.
REMOTE-FILENAME Filename in the directory on the server.
USERNAME Username for login.
PASSWORD Password for login.
To make the downloaded configuration file run-time, reboot the OS900 using the command
reboot.
Example
OS900> enable
OS900# copy ftp startup-config 194.83.132.65 ./Configurations MyFile Zorro Mypass
OS900# reboot

January 2009 URL: http://www.mrv.com 387


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

388 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 26: Dynamic Host Configuration Protocol (DHCP)

Chapter 26:Dynamic Host


Configuration Protocol (DHCP)
General
DHCP is an IP protocol that enables management of a network by automatically giving each host
an IP address for a specific duration of time, called ‘lease time’. The lease time determines how
long an IP address remains valid for a host in the network, the default being one day. Using
DHCP, network clients can be supplied dynamically with leased IP addresses for varying lease
times.
The device that leases these IP addresses is called a DHCP server. In some networks, the DHCP
server and the hosts may be on different subnets. In such case, the DHCP server can be
accessed only via an intermediary agent called a DHCP relay. A DHCP relay sends DHCP
requests from one subnet to one or more DHCP servers on other subnets.

OS900 Operation Modes


The OS900 can operate with DHCP in one or both of the following modes:
− Server Mode
− Relay Mode

Server Mode
General
In Server Mode, the OS900 functions as a DHCP server. The administrator can specify OS900
interfaces at which the OS900 will listen for DHCP requests.

Setting
To set the OS900 in DHCP Server Mode:
1. Directing DHCP Requests to the CPU
In order to prevent DoS attacks, the OS900, by default, blocks non-ARP broadcasts to the
CPU. To enable DHCP broadcast requests to reach the DHCP server (or relay), the packets
must be explicitly trapped to the CPU using an ACL.
The procedure for enabling DHCP broadcasts requests to reach the OS900 set as a DHCP
server (or relay) is as follows:
1.1. Create an extended ACL using the command:
access-list extended WORD
where,
WORD: Name of the ACL
1.2. Create a rule as follows:
a. Create a rule that characterizes the packet as being of UDP protocol, with
destination port DHCP server (67), and destination MAC address type
broadcast using the commands:
rule [RULE_NUM]
where,
[RULE_NUM]: (optional) Index of rule. If this argument is not entered,
the rule is indexed automatically, i.e., it gets a number that is a multiple
of 10. This number is the smallest that is larger than the highest in the
group of rules created for the ACL.
protocol eq udp
dest-port eq 67

January 2009 URL: http://www.mrv.com 389


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

where,
67: DHCP server port
source-ip eq 0.0.0.0
b. Select the action that traps packets to the CPU using the command:
action trap-to-cpu
1.3. Set the default policy to permit packet forwarding (in case no rule applies for the
packet type) using the command:
default policy permit
1.4. Bind the ACL to each interface for which DHCP broadcast packets are to be trapped
to the CPU using the command:
access-group WORD
where,
WORD: ACL name
2. Enter the following modes in succession:
enable configure terminal dhcp
3. Enter the VLAN interface ID at which the OS900 will listen for DHCP requests or the Subnet
IP address/mask of the OS900 by invoking the command:
entry IFNAME|SUBNET/MASK
where,
IFNAME: VLAN interface ID at which the OS900 will listen for DHCP requests.
SUBNET/MASK: Subnet IP address/mask of the OS900.
4. Enter the range of IP addresses from which the OS900 is to allocate addresses to clients by
invoking the command:
range LOWER-RANGE [UPPER-RANGE]
where,
LOWER-RANGE: Lower limit of range of IP addresses from which the OS900 is to
allocate addresses to clients
UPPER-RANGE: Upper limit of range of IP addresses from which the OS900 is to
allocate addresses to clients
5. (Optional) Set the IP Default Gateway and Subnet Mask for the host by invoking the following
commands:
router ROUTER_IP
where,
ROUTER_IP: IP address of Default Gateway for host

subnet-mask MASK
where,
MASK: IP address mask for host
6. (Optional) Set the Domain Name to be published by the OS900 by invoking the command:
domain DOMAIN_NAME
where,
DOMAIN_NAME: Domain Name to be published by the OS900. It identifies one or more
hostnames. Examples of domain names are mrv.com and worldcharity.org. An
example of a hostname belonging to the domain mrv.com is torro.mrv.com. Every
domain name has a suffix that indicates the Top-Level Domain (TLD) to which it
belongs. In the examples above, the domain name suffixes are com and org.
(To revoke the above command, use the prefix no with the command.)
7. (Optional) Enter the IP address of the OS900 to be used by DHCP clients by invoking the
following command.
dns SERVER_IP
where,
SERVER_IP: IP address of the OS900

390 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 26: Dynamic Host Configuration Protocol (DHCP)

8. (Optional) Set the maximum lease time allowed for any client by invoking the command:
max-lease-time TIME
where,
TIME: Maximum lease time (in seconds). Any value in the range 1 to 2147483646
may be selected. Selecting 0 will set the maximum lease time to the default value,
86400.
(To revoke the above command, use the prefix no with the command.)
9. (Optional) Set the lease time that will be allotted to clients who do not specify the lease time
by invoking the command:
default-lease-time TIME
where,
TIME: Default lease time (in seconds). Default: 86400 seconds. (This time must not
exceed the maximum lease time.)
(To revoke the above command, use the prefix no with the command.)
10. (Optional) If a separate log file for the DHCP server log messages is to be assigned, invoke
the command:
separate-log
11. (Optional) To enable the OS900 to perform the ‘NetBIOS over TCP/IP Name Server’ function
of the NetBIOS service, invoke the command:
netbios name-server IP_ADDRESS
where,
IP_ADDRESS: IP address of the NetBIOS name server
For more than one name server, repeat the above command for each name server in
order of preference.
12. (Optional) To enable the OS900 to perform the ‘NetBIOS over TCP/IP Node Type’ function of
the NetBIOS service, invoke the command:
netbios node-type NODETYPE
where,
NODETYPE: 1 (B-node), 2 (P-node), 4 (M-node), or 8 (H-node).
13. Enable DHCP Server mode for the OS900 by invoking the command:
enable
(To revoke the above command, use the prefix no with the command.)

Viewing
To view DHCP server configuration details:
1. Enter configure terminal mode or dhcprelay mode.
2. Invoke the command:
show dhcp
To print out the DHCP file showing the leases, invoke the command:
show dhcp leases
where,
leases: Print out the DHCP file showing the leases.

Example
MRV OptiSwitch 910 version 2_0_10
OS910 login: admin
Password:

OS910> enable
OS910# configure terminal

---------------Creating an ACL that will trap DHCP packets to the CPU-------------

OS910(config)# access-list extended toCPU


OS910(config-access-list)# default policy permit

January 2009 URL: http://www.mrv.com 391


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS910(config-access-list)# rule 10
OS910(config-rule)# action trap-to-cpu
OS910(config-rule)# protocol eq udp
OS910(config-rule)# source-ip eq 0.0.0.0/32
OS910(config-rule)# dest-port eq 67
OS910(config-rule)# exit
OS910(config-access-list)# exit

----------Creating VLAN interfaces and binding the ACL to the interfaces----------

OS910(config)# interface vlan vif80


OS910(config-vif80)# ports 6-9
OS910(config-vif80)# tag 108
Interface is activated.
OS910(config-vif80)# ip 169.2.2.3/24
OS910(config-vif80)# access-group toCPU
OS910(config-vif80)# exit

-------------------------------Setting Server Mode-------------------------------

OS910(config)# dhcp

OS910(config-dhcp)# entry vif80


OS910(config-dhcp-subnet)# range 169.2.2.5 169.2.2.114
OS910(config-dhcp-subnet)# exit

OS910(config-dhcp)# max-lease-time 604800 (1 week)


OS910(config-dhcp)# default-lease-time 86400 (1 day)
OS910(config-dhcp)# enable

--------------------Viewing DHCP Server configuration details---------------------

OS910(config-dhcp)# show dhcp


DHCP CONFIGURATION:
default lease time = 86400
max lease time = 604800
entry: device = vif80
range: 169.2.2.5 169.2.2.114
dhcp status = enable
OS910(config-dhcp)#

Relay Mode
General
In Relay Mode, the OS900 functions as a DHCP relay. The user can specify separate OS900
interfaces for the servers and clients.

Setting
To set the OS900 in DHCP Relay Mode:
1. Enable DHCP packets to be trapped to the CPU by performing the procedure described in
Step 1, page 389.
2. Enter the following modes in succession:

392 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 26: Dynamic Host Configuration Protocol (DHCP)

enable configure terminal dhcprelay


Server IP address, Server Interfaces, and Client Interfaces
3. For each DHCP server to be accessed, invoke the command:
server IP_ADDRESS
where,
IP_ADDRESS: IP address of server
(To revoke the above command, use the prefix no with the command.)

Note
Either perform both Steps 4 and 5 (below) or skip them. If you skip them,
all the IP interfaces of the OS900 will be listened on for DHCP requests.

4. Define one or more interfaces at which server replies are to be received by invoking the
command:
entry IFNAME
where,
IFNAME: ID of DHCP server interface
(To revoke the above command, use the prefix no with the command.)
Example
OS910(config-dhcprelay)# entry vif5
OS910(config-dhcprelay)#
5. Define one or more interfaces at which DHCP client requests are to be forwarded by invoking
the command:
entry IFNAME
where,
IFNAME: ID of DHCP client interface
(To revoke the above command, use the prefix no with the command.)
Example
OS910(config-dhcprelay)# entry vif6
OS910(config-dhcprelay)#

Note
The OS900 does not assign the interfaces defined in steps 4 and 5,
above, to the servers and clients. The relays and clients must be
configured to connect to these interfaces.

6. (Optional) Option 82
The DHCP Relay Agent Information Option (No. 82) – described in RFC 3046 – can be
activated in the OS900 set in DHCP relay mode. This option enables the OS900 to include
information about itself when forwarding client-originated DHCP packets to a DHCP server.
The DHCP server can use this information (e.g., OS900 physical port for DHCP
communication) to implement policies for assignment of parameters (e.g., IP address).
To activate Option 82 in the OS900 set in DHCP relay mode:
6.1. From configure terminal mode, enter DHCP Relay mode by invoking the
command:
dhcprelay
6.2. Invoke the command:
option82
(To revoke the above command, use the prefix no with the command.)
7. Enable DHCP Relay mode for the OS900 by invoking the command:
enable

January 2009 URL: http://www.mrv.com 393


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

(To revoke the above command, use the prefix no with the command.)
Example
OS910(config-dhcprelay)# enable
OS910(config-dhcprelay)#

Viewing
To view DHCP relay configuration details:
1. Enter configure terminal mode or dhcprelay mode.
2. Invoke the command:
show dhcprelay

Example
Following is an example demonstrating configuration of the OS900 as a DHCP relay.
MRV OptiSwitch 910 version 2_0_10
OS910 login: admin
Password:

OS910> enable
OS910# configure terminal

---------------Creating an ACL that will trap DHCP packets to the CPU-------------

OS910(config)# access-list extended toCPU


OS910(config-access-list)# default policy permit
OS910(config-access-list)# rule 10
OS910(config-rule)# action trap-to-cpu
OS910(config-rule)# protocol eq udp
OS910(config-rule)# source-ip eq 0.0.0.0/32
OS910(config-rule)# dest-port eq 67
OS910(config-rule)# exit
OS910(config-access-list)# exit

----------Creating VLAN interfaces and binding the ACL to the interfaces----------

OS910(config)# interface vlan vif50


OS910(config-vif50)# ports 6,7
OS910(config-vif50)# tag 30
Interface is activated.
OS910(config-vif50)# ip 192.168.1.2/24
OS910(config-vif50)# access-group toCPU
OS910(config-vif50)# exit

OS910(config)# interface vlan vif60


OS910(config-vif60)# ports 8-10
OS910(config-vif60)# tag 40
Interface is activated.
OS910(config-vif60)# ip 192.168.10.88/24
OS910(config-vif60)# access-group toCPU
OS910(config-vif60)# exit

--------------------------------Setting Relay Mode-------------------------------

OS910(config)# dhcprelay
OS910(config-dhcprelay)# server 192.168.1.1
OS910(config-dhcprelay)# entry vif50
OS910(config-dhcp-subnet)# exit
OS910(config-dhcprelay)# entry vif60
OS910(config-dhcp-subnet)# exit
OS910(config-dhcprelay)# option82
OS910(config-dhcprelay)# enable

394 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 26: Dynamic Host Configuration Protocol (DHCP)

--------------------Viewing DHCP Relay configuration details---------------------

OS910(config-dhcprelay)# show dhcprelay


Listening on interface vif50
Listening on interface vif60
Forward to server: 192.168.1.1
dhcprelay - running
OS910(config-dhcprelay)#

January 2009 URL: http://www.mrv.com 395


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

396 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 27: BOOTstrap Protocol (BOOTP)

Chapter 27: BOOTstrap Protocol


(BOOTP)
General
The OS900 can be set to operate in client mode with BOOTP. In this mode it can receive the
following from a DHCP server:
− IP address for the OS900
− IP address of the remote TFTP server from which the configuration for the
OS900 can be downloaded
− Name of the file on the remote TFTP server containing the configuration for the
OS900

Setting Timeout Time (Optional)


Finite
To set a time limit for a response from the BOOTP server to a request from the OS900, invoke the
command:
bootp-option timeout TIMEOUT
where,
TIMEOUT: Timeout in seconds. Default: 60

Infinite
To remove the time limit for a response from the BOOTP server to a request from the OS900,
invoke the command:
bootp-option timeout unlimited

Default
To reset the time limit (for a response from the BOOTP server to a request from the OS900) to the
default value (60 seconds), invoke the command:
no bootp-option timeout

Broadcast Mode (Optional)


In this mode the DHCP client is instructed to set the BOOTP broadcast flag in request packets, so
that servers will always broadcast replies. To set this mode, invoke the command:
bootp-option broadcast-always

Usage
IP Address only from DHCP Server Automatically
To set the OS900 to do the following:
1. Create a VLAN interface via which BOOTP is to be run
2. Obtain an IP address for the OS900 from a DHCP server via the VLAN interface
3. Enter boot mode.
4. Invoke one or both of the following commands:
Enabling In-band Ethernet Ports to Receive IP Addresses
bootp VLAN-TAG PORTS TAGGED_PORTS

January 2009 URL: http://www.mrv.com 397


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

where,
VLAN-TAG: Tag of VLAN interface via which BOOTP is to be run
PORTS: Ports of the VLAN interface via which BOOTP is to be run
TAGGED_PORTS: Ports of the VLAN interface that are tagged. Enter 'none' if
all ports are untagged
Enabling the Out-of-band Ethernet Port to Receive IP Addresses
To enable the MGT ETH port54 to receive IP addresses from a BOOTP server, invoke the
command:
bootp eth0
To make the setting runtime
1. Save the settings in permanent memory by invoking the command write file
or write memory.
2. Enter enable mode.
3. Invoke the command:
reboot
or
reboot-force

IP Address and Configuration File from DHCP Server Automatically


To set the OS900, do the following:
1. Create a VLAN interface via which BOOTP is to be run
2. Obtain an IP address for the OS900 from a DHCP server via the VLAN interface
3. Obtain the configuration file for the OS900 from a DHCP server via the VLAN
interface automatically (i.e., without specifying the TFTP server IP address or
name of the configuration file)
4. Enter boot mode
5. Invoke one or both of the following commands:
Enabling In-band Ethernet Ports to Receive IP Addresses and Configuration Files
bootp VLAN-TAG PORTS TAGGED-PORTS get-cfg-via-tftp
where,
VLAN-TAG: Tag of VLAN interface via which BOOTP is to be run
PORTS: Ports of the VLAN interface via which BOOTP is to be run
TAGGED_PORTS: Ports of the VLAN interface that are tagged. Enter 'none' if
all ports are untagged
get-cfg-via-tftp: Get configuration file using TFTP
Enabling the Out-of-band Ethernet Port to Receive IP Addresses
To enable the MGT ETH port to receive IP addresses from a BOOTP server, invoke the
command:
bootp eth0
Enabling the Out-of-band Ethernet Port to Receive Configuration Files
bootp eth0 get-cfg-via-tftp CFG-FILENAME TFTP-SERVER
where,
CFG-FILENAME: Name of the configuration file located on the TFTP server
TFTP-SERVER: Hostname or IP address of the TFTP server
To make the setting runtime
1. Save the settings in permanent memory by invoking the command write file
or write memory.
2. Enter enable mode
3. Invoke the command:

54
Out-of-band Ethernet 10/100Base-TX port for TELNET, SSH, and/or SNMP out-of-band connection and marked
Management Ethernet Port in Figure 2, page 54.

398 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 27: BOOTstrap Protocol (BOOTP)

reboot
or
reboot-force

IP Address only Automatically and Configuration File Manually from DHCP


Server
To set the OS900, do the following:
1. Create a VLAN interface via which BOOTP is to be run

2. Obtain an IP address for the OS900 from a DHCP server via the VLAN interface

3. Obtain the configuration file for the OS900 from a DHCP server via the VLAN
interface manually (i.e., by specifying the TFTP server IP address and name of the
configuration file)

4. Enter boot mode
5. Invoke the command:
Enabling In-band Ethernet Ports to Receive IP Addresses and Configuration Files
bootp VLAN-TAG PORTS TAGGED-PORTS get-cfg-via-tftp CFG-FILENAME
TFTP-SERVER
where,
VLAN-TAG: Tag of VLAN interface via which BOOTP is to be run
PORTS: Ports of the VLAN interface via which BOOTP is to be run
TAGGED_PORTS: Ports of the VLAN interface that are tagged. Enter 'none' if
all ports are untagged
get-cfg-via-tftp: Get configuration file using TFTP
CFG-FILENAME: Name of configuration file on the TFTP server
TFTP-SERVER: TFTP server hostname or IP address
Enabling the Out-of-band Ethernet Port to Receive IP Addresses
To enable the MGT ETH port to receive IP addresses from a BOOTP server, invoke the
command:
bootp eth0
Enabling the Out-of-band Ethernet Port to Receive Configuration Files
bootp eth0 get-cfg-via-tftp CFG-FILENAME TFTP-SERVER
where,
CFG-FILENAME: Name of the configuration file located on the TFTP server
TFTP-SERVER: Hostname or IP address of the TFTP server
To make the setting runtime
1. Save the settings in permanent memory by invoking the command write file
or write memory.
2. Enter enable mode
3. Invoke the command:
reboot
or
reboot-force

January 2009 URL: http://www.mrv.com 399


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

400 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 28: Network Time Protocol (NTP) and Timezone

Chapter 28:Network Time


Protocol (NTP) and Timezone
General
Network Time Protocol (NTP) is an Internet standard protocol (built on top of TCP/IP) for
synchronizing clocks of network devices (PCs, routers, switches, etc.) to Standard Time (ST). ST
is a combination of Universal Time (UT), zonetime, and summertime.
UT is the time for points located at longitude zero on the Earth (e.g., Greenwich). It is usually
based on UTC55. UT can be accessed from any of a large number of NTP servers available on the
Internet or GPS, for e.g., MRV’s NTP server.
Zonetime is the number of hours offset from UT. It depends on the zone (geographical location) in
which the device is located.
Summertime is an integral number of hours offset from the zonetime. It depends on whether it is
currently in force for the country/zone.
Coded zonetime merged with summertime can be accessed from MRV’s FTP server.
NTP runs in the background as a continuous client program sending periodic requests to the UT
server for timestamps, which it uses to adjust the OS900’s system clock.
The NTP versions (1, 2, or 3) running on the OS900 are based on RFC 1305. Version 3 is
accurate to the millisecond.

Configuration
To configure the OS900 to run NTP, do the following:
1. Enter configure terminal mode.
2. To set any zonetime, invoke the command:
clock timezone NAME ABBREVIATION HH [0-59]
where,
NAME: Name for the time zone
ABBREVIATION: Abbreviation for the time zone (e.g., GMT, E%sT, etc. ‘%s’ is a
2-value variable. The value of the variable is automatically set and is displayed
when the command show time is invoked as shown in the example below. The
value of the variable may be ‘S’ or ‘D’. The value ‘S’ designates non-summer time.
The value ‘D’ designates summer (daylight-saving) time.
HH: Hours offset from UTC/GMT in the interval [-12, +12]
[0-59]: Minutes offset from UTC (in addition to hours offset) in the interval [0, 59]
Default: 0
To set the zonetime to that of Central Europe or Sweden, invoke the command:
clock timezone central-europe|sweden
Example
OS900(config)# clock timezone NAME E%sT -2 31
Please login again following execution of this command.
OS900(config)#
3. To set the start and end times for the summer, invoke the command:
clock summer-time MONTH DAY <1993-2035> HH:MM MONTH DAY <1993-
2035> HH:MM [OFFSET]
where,

55
UTC is a time scale that couples GMT, which is based solely on the Earth's varying rotation rate, with the time of highly
accurate atomic clocks.

January 2009 URL: http://www.mrv.com 401


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

MONTH: (First appearance) Month in which summer starts. Any one of the following
may be entered: jan, feb, mar, apr, may, jun, jul, aug, sep, oct, nov, dec
DAY: (First appearance) Day in the month in which summer starts. Examples of
valid entries are: 5, 18, lastSun, lastMon, Sun>=8, Mon>=8, Sun<=7, Mon<=7
where,
lastSun: Last Sunday in the month
lastMon: Last Monday in the month
Sun>=8: Earliest Sunday on or after the 8th of the month
Mon>=8: Earliest Monday on or after the 8th of the month
Sun<=7: Latest Sunday on or before the 7th of the month
Mon<=7: Latest Monday on or before the 7th of the month
<1993-2035>: (First appearance) Year in which summer starts in the interval
[1993, 2035]
HH:MM: (First appearance) Time-of-day at which summer starts
MONTH: (Second appearance) Month in which summer ends. Any one of the
following may be entered: jan, feb, mar, apr, may, jun, jul, aug, sep, oct,
nov, dec
DAY: (Second appearance) Day in the month in which summer ends. Examples of
valid entries are: 5, 18, lastSun, lastMon, Sun>=8, Mon>=8, Sun<=7, Mon<=7
where,
lastSun: Last Sunday in the month
lastMon: Last Monday in the month
Sun>=8: Earliest Sunday on or after the 8th of the month
Mon>=8: Earliest Monday on or after the 8th of the month
Sun<=7: Latest Sunday on or before the 7th of the month
Mon<=7: Latest Monday on or before the 7th of the month
<1993-2035>: (Second appearance) Year in which summer ends in the interval
[1993, 2035]
HH:MM: (Second appearance) Time-of-day at which summer ends
[OFFSET]: The forward offset (in the format HH:MM) to add to the time-of-day at
which summer starts, i.e., to HH:MM. Default: 01:00
Example
OS900(config)# clock summer-time mar 17 2009 23:30 sep 4 2010 23:30 01:30
Please login again following execution of this command.
OS900(config)#
4. Get the Zonetime and summertime information by invoking the command:
clock timezone ftp FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
where,
clock: Clock
timezone: Time zone.
ftp: FTP.
FTP-SERVER: IP address or DNS name of the zonetime FTP server.
REMOTE-DIR: Name of the directory containing the file that contains the zone
information.
REMOTE-FILENAME: Name of the file containing the zone information.
[USERNAME]: (optional) Username that will be requested when attempting to
access the NTP server on reentry to configure terminal mode.
[PASSWORD]: (optional) Password that will be requested when attempting to
access the NTP server on reentry to configure terminal mode.

402 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 28: Network Time Protocol (NTP) and Timezone

As a result, a binary file with filename localtime is created containing zonetime and
summertime information. The file is located in the directory /etc.
Example
OS900(config)# clock timezone ftp 194.90.136.190 ./File Tiger MyPassWord
OS900(config)#
5. Enter ntp mode.
6. Set the OS900 to operate in either of the following modes:
Client Mode
In this mode, the OS900 can be synchronized to the remote NTP server but not vice versa.
To set the OS900 to operate in client mode with a remote NTP server, invoke the
command:
server IPADDR [key KEYNUM] [version VERNUM] [prefer]
where,
IPADDR: IP address of the remote NTP server that is to provide UT timestamps to
the OS900.
key: Authentication key.
KEYNUM: Code number with which authentication fields of each packet sent to a
remote NTP server are to be encrypted. (This number must match the code
number configured on the NTP server.)
version: NTP version.
VERNUM: NTP Version number to be used with outgoing NTP packets. Valid
numbers are 1 to 3.
prefer: Mark the remote NTP server as the preferred source.
Below is an example showing the administrator inputs (in bold) for obtaining a UT
timestamp.
OS900(config-ntp)# server 194.90.136.183 key 213213587 version 3 prefer
OS900(config-ntp)#

Peer Mode
In this mode, the OS900 can be synchronized to the NTP server or vice versa. The OS900
operates in symmetric active mode with the remote NTP server. To set the OS900 to
operate in peer mode with a remote NTP server, invoke the command:
peer IPADDR [key KEYNUM] [version VERNUM] [prefer]
where,
IPADDR: IP address of the remote NTP server that is to provide UT timestamps to
the OS900 or vice versa.
key: Authentication key.
KEYNUM: Code number with which authentication fields of each packet sent to a
remote NTP server are to be encrypted. (This number must match the code
number configured on the NTP server.)
version: NTP version.
VERNUM: NTP Version number to be used with outgoing NTP packets. Valid
numbers are 1 to 3.
prefer: Mark the remote NTP server as the preferred source.
7. (Optional) Include additional remote NTP servers by repeating step 6, above.
8. (Optional) Enable the NTP authentication feature of the OS900 by invoking the
command:
authenticate
9. (Optional) Define an authentication key by invoking the command:
authentication-key KEYNUM md5 KEYVALUE
where,

January 2009 URL: http://www.mrv.com 403


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

KEYNUM: Code number for accessing the remote NTP server in order to
synchronize with it. (This number must match the code number configured on the
remote NTP server.)
md5: Message Digest 5 encryption code/algorithm.
KEYVALUE: Authentication key value.
10. (Optional) Specify an encryption key that is trusted for the purpose of
authenticating peers suitable for synchronization by invoking the command:
trusted-key KEYNUM
where,
KEYNUM: Code number to be used with the NTP xntpc query/control program that
diagnoses and fixes problems that affect the xntpd daemon operation. (This
number must match the code number configured on the remote NTP server.)
11. Run NTP by invoking the command:
enable

Viewing
NTP Status
To view the status of the NTP on the OS900, invoke the command:
show ntp status
There are three possible statuses:
1. ntp status = disable. This means that NTP is not running.
2. ntp status = enable but not running. This means that the OS900 cannot access the
NTP server. In such case, there is no need to re-invoke the command enable (in
step 11, above) since the OS900 will attempt to connect to the NTP server about
once every minute.
3. ntp status = enable and running. This means that the OS900 cannot access the
NTP server and NTP is running.
Below, are three examples, one for each status. The administrator inputs are marked bold. The
line applicable to the status is marked red.
Example 1
OS900(config-ntp)# show ntp status The answer may take some seconds.
NTP STATUS:
SERVERS:
server=194.90.136.183
PEERS:
peers are not defined
BROADCAST SERVER:
broadcast is disable
BROADCAST CLIENT:
broadcast client is disable
AUTHENTICATE:
authentication parameters are not defined
MISCELANIOUS:
broadcast delay is not defined
NTP ACTIVE MODE:
ntp status = disable
OS900(config-ntp)#

Example 2
OS900(config-ntp)# show ntp status
The answer may take some seconds.
NTP STATUS:
SERVERS:
server=194.90.136.254
PEERS:

404 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 28: Network Time Protocol (NTP) and Timezone

peers are not defined


BROADCAST SERVER:
broadcast is disable
BROADCAST CLIENT:
broadcast client is disable
AUTHENTICATE:
authentication parameters are not defined
MISCELANIOUS:
broadcast delay is not defined
NTP ACTIVE MODE:
ntp status = enable but not running
(no defined servers are accessible).
OS900(config-ntp)#

Example 3
OS900(config-ntp)# show ntp status The answer may take some seconds.
NTP STATUS:
SERVERS:
server=194.90.136.183
PEERS:
peers are not defined
BROADCAST SERVER:
broadcast is disable
BROADCAST CLIENT:
broadcast client is disable
AUTHENTICATE:
authentication parameters are not defined
MISCELANIOUS:
broadcast delay is not defined
NTP ACTIVE MODE:
ntp status = enable and running.
OS900(config-ntp)#

NTP Associations
To view the NTP associations, invoke the command:
show ntp associations
If the OS900 cannot access an NTP server, the message ntpq: read: Connection refused is
displayed.
If the OS900 is connected to an NTP server, the NTP associations are displayed.
Example
OS900(config-ntp)# show ntp associations
remote refid st t when poll reach delay offset jitter
===============================================================================
194.90.136.183 128.139.6.30 2 u 7 64 7 0.634 385.097 37.608
OS900(config-ntp)#

NTP associations are displayed with variables and indicators, as shown in the example above.

Variables
remote (peer)– IP address of peer.
refid (reference clock) – IP address of the server from which the NTP server obtained its
timestamp (for the OS900).
st (Peer’s stratum) – The downstream order of the peer. The stratum of the primary peer (source)
is 1. Accordingly, if a peer stratum is 2, it means that it receives directly from the primary peer. If a
peer stratum is 3, it means that it receives from the peer whose stratum is 2.
t – Time scale. (The value u designates UTC scale)
when – Time since last NTP packet received from peer.
poll – Polling interval (seconds)
reach – Peer reachability (bit string, octal)

January 2009 URL: http://www.mrv.com 405


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

delay – Round-trip delay to peer (milliseconds)


offset – Relative time of peer’s clock to local time (milliseconds)
jitter – Short-time variation in frequency with components greater than 10 Hz

Indicators
Following are indicators and a
* (if present) – Synchronized to this peer (NTP server).
# (if present) – Almost synchronized to this peer.
+ (if present) – Peer selected for possible synchronization.
- (if present) – Peer is a candidate for selection.
~ (if present) – Peer is statically configured.

Time and Date


To display the time, invoke the command: show time (or do show time if not in enable
mode).
Example
OS900# show time
Thu Dec 18 09:38:05 GMT 2008
OS900#
To display the date, invoke the command: show date (or do show date if not in enable
mode).
Example
OS900# show date
Thu Dec 18 09:39:13 GMT 2008
OS900#

406 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 29: Network Address Translation (NAT)

Chapter 29: Network Address


Translation (NAT)
Definition
Network Address Translation (NAT) is a function that replaces an IP address and/or port ID in a
packet with another IP address and/or port ID when the packet crosses a specific network
interface.

Purpose
NAT is used to:
− Connect hosts with non-registered (non-globally routable) IP addresses
− Save on registered (globally routable) IP addresses
− Provide security (by making an organization appear from the outside as using an
IP address space that is in fact different from what the organization is using
internally)
− Improve administration (by partitioning local/private IP addresses into groups,
each having just one registered IP address or by renumbering into CIDR blocks)

Compliance
NAT complies with RFC 1631.

Types
There are two types of NAT:
Source NAT – One or more local (private) IP addresses are translated (mapped) into one
global (public) IP address.
Destination NAT – One global IP address is translated (mapped) into one or more local IP
addresses.

Modes
There are two modes of NAT:
Inband – For this mode only inband ports are used. Additional processing is performed by
software in the address translation process. As a result, the throughput rate is only one-third
that of out-of-band mode.
Out-of-band – For this mode the out-of-band port as well is used. Address translation is
performed directly. As a result, the throughput rate is triple that of inband mode.

Principles of Operation
Figure 34, page 408, schematically describes the principles of operation of Source NAT (SNAT)
and Destination NAT (DNAT).

Source NAT
In SNAT, the source IP address and/or source port ID is replaced.

Destination NAT
In DNAT, the destination IP address and/or destination port ID is replaced.

January 2009 URL: http://www.mrv.com 407


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Figure 34: NAT Operation

Data Paths
Inband Mode
Source NAT
Assuming that Source NAT has been activated, a packet from the LAN (local or private side)
enters Local Interface. From the Local Interface it is sent to the CPU. The CPU translates the
Local IP address into the appropriate Global IP address. The packet with the Global IP address is
sent to the Global Interface and out to the WAN.

Destination NAT
Assuming that Destination NAT has been activated, a packet from the WAN (global or public side)
enters the Global Interface. From the Global Interface it is sent to the CPU. The CPU translates
the Global IP address into the appropriate Local IP address. The packet with the Local IP address
is sent to the Local Interface and in to the LAN.

Out-of-band Mode
Source NAT
Assuming that Source NAT has been activated, a packet from the LAN (local or private side)
enters Local Port (Port 1 in the example). From the Local Port it is duplicated to the Co-Port56 of
the Out-of-band Port (Port 8 in the example), which is in the same VLAN as the Local Port. From
Co-Port it is sent to the Out-of-Band Port and thereon to the CPU. The CPU translates the Local IP
address into the appropriate Global IP address. The packet with the Global IP address is resent to
the Out-of-Band Port and thereon to the Co-port. Using the ACL (which uses the direction of the
packet to determine whether the packet is to be sent to the Local or Global VLAN), the Co-port
selects the Global VLAN as the VLAN to which the packet belongs.

Destination NAT
Assuming that Destination NAT has been activated, a packet from the WAN (global or public side)
enters the Global Port (Port 2 in the example). From the Global Port it is duplicated to the Co-port
of the Out-of-band Port (Port 8 in the example), which is in the same VLAN as that of the Global
Port. From the Co-port it is sent to the Out-of-Band Port and thereon to the CPU. The CPU
translates the Global IP address into the appropriate Local IP address. The packet with the Local
IP address is resent to the Out-of-Band Port and thereon to the Co-port. Using the ACL (which
uses the direction of the packet to determine whether the packet is to be sent to the Local or
Global VLAN), the Co-port selects the local VLAN as the VLAN to which the packet belongs.

56
The Co-port of an Out-of-band Port is a physical network port of the OS900 that is directly connected (with a patch
cable) to the out-of-band port. The out-of-band port is marked MGT ETH on the front panel of the OS900.

408 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 29: Network Address Translation (NAT)

Implementation
General
If the number of Local and Global IP addresses are different (e.g., several Local IP addresses and
one Global IP address) NAT as well as Layer 4 port translation is performed.
NAT can be implemented to function in either of the following modes:
− Inband Mode
− Out-of-band Mode

Inband Mode
Source NAT
To implement Source NAT in inband mode:
1. Enter configure terminal mode.
2. Invoke the command:
ip nat local IPV4_ADDR global IPV4_ADDR
where,
IPV4_ADDR (first appearance): IP address & mask of the local (private)
interface in the format a.b.c.d[/mask]
IPV4_ADDR (second appearance): IP address & mask of the global (public)
interface in the format a.b.c.d[/mask]
Example
Required: The Local (Private) network IP address is 10.80.80.0/24 and is to be represented
in the Global (Public) network (e.g., Internet) by the IP address 194.20.2.1.
Solution: Invoke the following Source NAT command:
ip nat local 10.80.80.0/24 global 194.20.2.1/32
where,
10.80.80.0/24: Local network IP address range
194.20.2.1/32: Global IP address representing it

Destination NAT
To implement Destination NAT in inband mode:
1. Enter configure terminal mode.
2. Invoke the command:
ip nat global IPV4_ADDR local IPV4_ADDR
where,
IPV4_ADDR (first appearance): IP address & mask of the global (public)
interface in the format a.b.c.d[/mask]
IPV4_ADDR (second appearance): IP address & mask of the local (private)
interface in the format a.b.c.d[/mask]
Example
Required: To permit Public (Internet) access to a server (e.g., TELNET server) in the local
network using NAT. The local network IP address of the Server is 10.80.80.1 and
the Internet IP address used for the access is 194.20.2.1.
Solution: Invoke the following Destination NAT command:
ip nat global 194.20.2.1/32 local 10.80.80.1/32
where:
194.20.2.1/32: Public IP address of the server

January 2009 URL: http://www.mrv.com 409


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

10.80.80.1/32: Local IP address of the server

Out-of-band Mode
To implement Source or Destination NAT in out-of-band mode:
1. Interconnect the out-of-band Management Port (MGT ETH) of the OS900 and a network
port (e.g., Port 8) with an Ethernet Cross- or Straight-wired patch cable – see Figure 63 or
2. Figure 64. (This network port will be referred to as the Co-port.)
3. Create a ‘Local’ VLAN interface as follows:
3.1. Include the Co-port and a network port that will serve as the Local Port (e.g., Port
1).
3.2. Define a tag for the VLAN interface (e.g., Tag 10).
4. Create a ‘Global’ VLAN interface as follows:
4.1. Include the Co-port and a network port that will serve as the Global Port (e.g.,
Port 2).
4.2. Define a tag for the VLAN interface (e.g., Tag 20).
5. In the out-of-band Ethernet interface mode (entered by invoking the command
interface out-of-band eth0):
5.1. Enter the Destination IP address of the packets to be sent to the Local Port.
5.2. Enter the Destination IP address of the packets to be sent to the Global Port.
6. Create an ACL that will enable the Co-port to direct an ingress packet to the Local Port or
according to the Destination IP address as follows:
6.1. To forward IP packets, create a rule that specifies the:
6.1.1. Destination IP address of the packet to be forwarded to the
Local Port using the command:
dest-ip eq DEST_IP
6.1.2. Action that swaps the VLAN Tag of the packet to that of the
Local VLAN interface using the command:
action tag swap TAG
6.2. To forward ARP packets, create a rule that specifies the:
6.2.1. Destination IP address of the packet to be forwarded to the
Local Port using the command:
dest-ip eq DEST_IP
6.2.2. Packet ethertype after the VLAN header using the
command:
ethertype eq ETHERTYPE
6.2.3. Action that swaps the VLAN Tag of the packet to that of the
Local VLAN interface using the command:
action tag swap TAG
6.3. To forward IP packets, create a rule that specifies the:
6.3.1. Destination IP address of the packet to be forwarded to the
Global Port using the command:
dest-ip eq DEST_IP
6.3.2. Action that swaps the VLAN Tag of the packet to that of the
Global VLAN interface using the command:
action tag swap TAG
6.4. To forward ARP packets, create a rule that specifies the:
6.4.1. Destination IP address of the packet to be forwarded to the
Global Port using the command:
dest-ip eq DEST_IP
6.4.2. Packet ethertype after the VLAN header using the
command:
ethertype eq ETHERTYPE

410 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 29: Network Address Translation (NAT)

6.4.3. Action that swaps the VLAN Tag of the packet to that of the
Global VLAN interface using the command:
action tag swap TAG
7. Bind the ACL to the Co-port using the command:
port acl-binding-mode by-port CO-PORT
8. Activate the ACL at the Co-port using the command:
port access-group ACL CO-PORT
9. The out-of-band management port (MGT ETH) can operate only with untagged packets.
Since the Co-port is directly connected to the out-of-band management port, it to can
operate only with untagged packets. As a result, the Co-port normally can be a member of
only one VLAN. To enable the Co-port to be a member of two (or more) VLANs, invoke
the command:
port untagged-multi-vlans CO-PORT
10. To implement Source NAT (in out-of-band mode), invoke the command:
ip nat local IPV4_ADDR global IPV4_ADDR
where,
IPV4_ADDR (first appearance): IP address & mask of the local (private)
interface in the format a.b.c.d[/mask]
IPV4_ADDR (second appearance): IP address & mask of the global (public)
interface in the format a.b.c.d[/mask]
11. To implement Destination NAT (in out-of-band mode), invoke the command:
ip nat global IPV4_ADDR local IPV4_ADDR
where,
IPV4_ADDR (first appearance): IP address & mask of the global (public)
interface in the format a.b.c.d[/mask]
IPV4_ADDR (second appearance): IP address & mask of the local (private)
interface in the format a.b.c.d[/mask]
Example
OS910(config)# write terminal

Building configuration...

Current configuration:

! version 2-0-3

interface vlan vif10


tag 10
ports 1,8
!
interface vlan vif20
tag 20
ports 2,8
!
interface out-of-band eth0
ip 11.1.0.1/24
ip 194.90.136.192/24
!
!
access-list extended acl1
rule 10
action tag swap 10
dest-ip eq 11.1.0.0/24

January 2009 URL: http://www.mrv.com 411


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

rule 20
action tag swap 10
ethertype eq 0x806
dest-ip eq 11.1.0.0/24
rule 30
action tag swap 20
dest-ip eq 194.90.136.0/24
rule 40
action tag swap 20
ethertype eq 0x806
dest-ip eq 194.90.136.0/24
!
port acl-binding-mode by-port 8
port access-group acl1 8
port untagged-multi-vlans 8
!
ip nat local 11.1.0.10/24 global 194.90.136.192/32
!
ip nat global 194.90.136.207/32 local 11.1.0.10/32
!

412 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 30: WDM Module

Chapter 30: WDM Module

Purpose
The WDM module is utilized to add or drop optical data carrier wavelengths.

Application
To form (or participate in) WDM networks having point-to-point, multipoint, and ring topologies –
see the section Data paths in Networks of Various Topologies, page 414.

Types
The following three types of WDM module are available:
OADM Scalable, passive optical “add” and “drop” multiplexer/demultiplexer that can add
and/or drop a specific channel (wavelength) to/from an optical WDM signal, while all
other channels are routed from the input to the output with minimal attenuation.
OADMs are required in ring and multipoint network topologies.
OADMs can be used to create a network topology in which a single wavelength can
be added or dropped on demand, allowing an Optical Service Channel (OSC) to be
provided at any point along a trunk. The technology enables flexible and intelligent
planning and provisioning of optical services while at the same time simplifying
deployment and maintenance of optical networks.
Dual-interface OADMs are available for building carrier networks protected by
redundancy.
Models with 1 to 8 channels are available. The modules are passive and use optics
only for their operation.
EXP ports IN and OUT carry only channels to be continued to the next OS900, and
are used only in ring network topologies.
Mux Multiplexes egress data coming over WDM channels57 onto a single physical fiber.
The module can multiplex up to 8 channels. The modules are passive and use optics
only for their operation.
Demux Demultiplexes ingress58 data coming over WDM channels onto a single physical fiber.
The multiplexer can demultiplex up to 8 channels. The modules are passive and use
optics only for their operation.

57
WDM channels carry data from one WDM unit (e.g., OS900, LambdaDriver) to another.
58
Data entering the OS900.

January 2009 URL: http://www.mrv.com 413


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Layout

Figure 35: WDM Module (Model 09ADCD)

Mounting
WDM modules (up to two) can only be mounted in the OS910-M. To mount a WDM module:
1. Choose a receptacle59 in the OS910-M into which the WDM module is to be inserted.
2. Holding the WDM module with the right side up, place the edges of the module’s PCB
between the left and right rails in the receptacle and slide it until its panel is level with the
front panel of the OS910-M.
3. With a flat-head No.1 screwdriver, fasten the module with the two captive screws that are
located on its edges.
4. With a philips screwdriver no. 1, fasten the module with the two captive screws that are
located on its edges.

Network Connection
The WDM module ports to be connected depend on the network configuration – see Data paths in
Networks of Various Topologies, in below.

Operation
The WDM Module is a plug-and-play passive device that does not require the user to set it into
operation.

Data paths in Networks of Various Topologies


General
This appendix describes the data paths in networks of various topologies using OS910-Ms fitted
with WDM modules.

Point-to-Point Topology
The data flow through the WDM part of the network in point-to-point topology is shown in Figure
36, below.

59
Going from left to right across the front panel of the OS910-M model, the first receptacle (slot) for a service module is
identified as number 2 and the second as number 3.

414 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 30: WDM Module

Figure 36: Data Flow in a WDM Point-to-Point Topology


The data flow through the OADM part of the network in point-to-point topology is shown in Figure
37, below.

January 2009 URL: http://www.mrv.com 415


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Multipoint Topology
The data flow through the WDM part of the network in multipoint topology is shown in Figure 38,
below.

Figure 37: Data Flow in a WDM Multipoint Topology

Ring Topology
The data flow through the WDM part of the network in ring topology is shown in Figure 38, below.
The WDM module used is a dual-sided OADM module like that shown in Figure 35, page 414. The
connection of three long-haul fiber pairs instead of two provides fiber redundancy protection. This
means that even if two of any of the long-haul fibers fail, the network will recover automatically
within milliseconds and continue normal operation.
OS910-M A ports 1-4 are logically connected to OS910-M B ports 5-8. OS910-M B ports 1-4 are
logically connected to OS910-M C ports 5-8. OS910-M C ports 1-4 are logically connected to
OS910-M A ports 5-8.

416 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 30: WDM Module

Figure 38: Data Flow in a WDM Ring Topology having Fiber Redundancy

January 2009 URL: http://www.mrv.com 417


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

418 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Chapter 31: E1/T1 CES Module

Applicability
The E1/T1 CES module applies to OS910-M only.

Terminology
E1: European digital transmission format of thirty-two 8-bit voice channels
(time slots) together having a total bandwidth of 2.048 Mbps.
T1: American digital Transmission format of twenty-four 8-bit voice channels
(time slots) together having a total bandwidth of 1.544 Mbps.
CES: (Circuit-Emulation Service) Service that emulates synchronous circuits
(e.g., E1 or T1) over asynchronous networks (e.g., Ethernet).
Pseudowire Network: An emulated synchronous circuit (e.g., E1 or T1) in a packet-switching
network.
Pseudowire: Stream of packets (in a pseudowire network) between two E1/T1 CES
modules and containing data from one or more synchronous E1/T1
channels.
Session: Specification of the source E1/T1 CES module port, pseudowire packet
format, maximum jitter, header format, and address of target E1/T1 CES
module.
Gateway: A device interfacing networks of different protocols and functioning as a
protocol converter in order to provide interoperability of systems
interconnected across the networks.
TDM: (Time-Division Multiplexing) A method of placing multiple data streams in
a single signal. The segments of each specific stream are time-separated
from one another by segments of other streams in a periodic manner. At
the receiving end, the segments of each data stream are reassembled
using timing.

Overview
Purpose
The E1/T1 CES module is an E1/T1 CES gateway TDM for IP/Ethernet networks. It is used to
perform the following primary functions:
− Multiplex voice/data signals coming from local E1/T1 channels and send them over
Ethernet
− Receive multiplexed voice/data signals coming from remote E1/T1 channels over Ethernet
and demultiplex them to their respective local E1/T1 channels.

Models
The models of the E1/T1 CES Module for the OS910-M are described in Table 1, below.

January 2009 URL: http://www.mrv.com 419


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Table 15: Models of the E1/T1 TDM Module

Model Description
EM9-CES-E1 1-port E1 Circuit Emulation Service TDM over packet.
Can operate only one unstructured pseudowire session.
EM9-CES-4E1 4-port E1 Circuit Emulation Service TDM over packet.
Can operate up to thirty-two pseudowire sessions.
EM9-CES-4E1c 4-port E1 Circuit Emulation Service TDM over packet with high-precision
clock.
Can operate up to thirty-two pseudowire sessions.
EM9-CES-T1 1-port T1 Circuit Emulation Service TDM over packet.
Can operate only one unstructured pseudowire session.
EM9-CES-4T1 4-port T1 Circuit Emulation Service TDM over packet.
Can operate up to thirty-two pseudowire sessions.
EM9-CES-4T1c 4-port T1 Circuit Emulation Service TDM over packet with high-precision
clock.
Can operate up to thirty-two pseudowire sessions.

Application
General

Figure 39: E1/T1 CES over Ethernet

Specific

Figure 40: Cellular Backhaul for GSM, UMTS and GPRS Networks

420 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Figure 41: PSTN-to-PBX and PBX-to-PBX over Ethernet

Network Topologies
Point-to-Point
In the point-to-point topology two E1/T1 CES modules are interconnected over an Ethernet
network.

Star
In the star topology one E1/T1 CES 4-port module is connected to multiple E1/T1 CES modules
over an Ethernet network. The multiple E1/T1 CES modules can be 1-port or 4-port models.

Requirements
• 6-inch flat-tip screwdriver (for fastening clock input)
• One OS910-M for housing up to two E1/T1 CES modules
• E1/T1 CES modules (per the network topology)
• For external clock input: RG-174 cable with SMB male connector, up to 5 m (16.5 ft), and
having 50 Ω impedance (1 cable per E1/T1 CES module)
• Ethernet cables (per the network topology)

Layout

Figure 42: E1/T1 CES module

Mounting
1. Choose slot 2 or 360 in the OS910-M into which the E1/T1 CES module is to be
inserted.

60
Slots 2 and 3 are indicated in the Front view of the OS910-M, page 52.

January 2009 URL: http://www.mrv.com 421


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

2. If a Blank Panel is covering the slot, using a philips screwdriver no. 1 remove it by
undoing the two philips screws.
3. Holding the E1/T1 CES module with the right side up, place the edges of the
module’s PCB between the left and right rails in the slot and slide it until its panel
is level with the front panel of the OS910-M. (This assures that the module’s
connector is inserted into place.)
4. With a flat-head No.1 screwdriver, fasten the module with the two captive screws
that are located on its edges.

Cabling
1. Connect the E1/T1 lines to the E1/T1 ports of the E1/T1 CES modules.
2. Connect the Ethernet ports of the OS910-Ms to Ethernet network.

Power
Make sure that the OS910-Ms are powered up.

LEDs
Table 16: Front Panel LEDs

LEDs Significance

L (Link) AL (Alarm)
ON-Green OFF Link to TDM port OK.
ON-Green ON-Red Red alarm due to framing error.
(Red alarm means that the EM9-CES is unable to recover
the framing reliably. As a result, connectivity to the EM9-
CES is lost. Red alarm is caused by corruption or loss of
signal. In this state, the status of connectivity to the far end
is not known.)
OFF ON-Red Red alarm due to loss of carrier.
OFF ON-Yellow Yellow alarm.
(Yellow alarm means that a Red alarm is present at the far
end of the link. There is reception from the far end of a data
or framing pattern that reports the far end is in the Red
alarm state. Red alarm and Yellow alarm states cannot
coexist on the same EM9-CES because the Yellow alarm
pattern must be received within a framed signal.)
ON-Green BLINKING- Blue alarm.
Yellow (Blue alarm means that the incoming signal is absent. There
is a disruption in the communication path between the
terminal equipment connected to the EM9-CES.
Communication integrity is maintained but no framing to the
terminal equipment is provided.
BLINKING- Yellow Port in loopback mode.
Green

Principle of Operation
Pseudowire Modes
There are two modes in which a pseudowire can be formed:
− Unstructured
− Structured

422 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Unstructured
In unstructured mode all channels (timeslots) from a port are assigned to one destination. The bit
stream is packetized according to the session header and other session parameters and then sent
to the Packet-Switching Network (PSN). The packet stream has no discernible channel boundaries
or any other signaling information.

Structured
In structured mode, all channels or specific channels from a port can be sent to the destination.
The E1/T1 CES module at the receiving end of the pseudowire samples the bit stream on the
basis of the type of PCM (whether for E1 or T1) specified in the session . The E1/T1 CES module
uses this basis to obtain the signaling information, strips the bit stream of its signaling information,
and sends only the data. When necessary it sends a signaling packet stream to indicate change in
signaling information.

TDM over Packet Session


The source and target TDM modules require matching session specifications. According to these
specifications, the TDM-over-Packet application divides the E1 or T1 data stream received on the
E1/T1 port into pseudowire packets, adds a special header, and transmits the packets via the
Ethernet towards the target E1/T1 CES module. The application at the other end of the pseudowire
receives the psedowire packets, removes the header, unpacks the data, and transmits it to the E1
or T1 circuit via the E1/T1 ports.

Packet Header Formats


Packet headers can have any of the following three formats:
• SAToP
• CESoPSN
• CESoETH

SAToP
This header format complies with the IETF PWE3 SAToP standard for unstructured TDM over
PSNs. The header requires 62 bytes per packet, including Ethernet, IP, UDP, and RTP headers
and the SAToP control word.

CESoPSN
This header format complies with the IETF PWE3 CESoPSN standard for structured TDM over
PSNs. The header requires 62 bytes per packet, including Ethernet, IP, UDP, and RTP headers
and the CESoPSN control word.

CESoETH
This header format complies with the MEF 8 specification Implementation Agreement for the
Emulation of PDH Circuits over Metro Ethernet Networks. It supports both unstructured and
structured pseudowires. The header consists of an Ethernet header, an emulation circuit definition
(ECID), and a CESoETH control word having a length of 22 bytes.

Interfaces
Names
Four VLAN interfaces are reserved for two E1/T1 CES modules in an OS910-M. These VLAN
interfaces are TDMS2W, TDMS3W, TDMS2L, and TDMS3L. Their relation to configuration,
management, and the slots in the OS910-M housing the E1/T1 CES module are shown in Table
17, below.

January 2009 URL: http://www.mrv.com 423


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Table 17: OS910-M-controlled VLAN Interfaces for E1/T1 CES modules

Slot 2 Slot 3
CES Configuration TDMS2W TDMS3W
CES Management TDMS2L TDMS3L

If no E1/T1 CES module is inserted (sensed) in slot 2 the VLAN interfaces TDMS2W and TDMS2L
are not created. The VLAN interfaces are created automatically when an E1/T1 CES module is
inserted in slot 2.

Similarly, if no E1/T1 CES module is inserted (sensed) in slot 3 the VLAN interfaces TDMS3W and
TDMS3L are not created. The VLAN interfaces are created automatically when an E1/T1 CES
module is inserted in slot 3.
The user cannot manipulate these interfaces in any other way!
To view these interfaces:
1. Enter enable mode.
2. Invoke the command:
show interface
Example
OS910-M# show interface

INTERFACES TABLE

================

Name M Device IP State MAC Tag Ports


-------------------------------------------------------------------------------
TDMS2W. vif4090 10.10.10.1/28 NA 00:0F:BD:FF:53:B7 4090
TDMS3W. vif4091 10.10.10.17/28 NA 00:0F:BD:FF:53:B7 4091
TDMS2L. vif4092 10.10.10.33/28 UP 00:0F:BD:FF:53:B7 4092
TDMS3L. vif4093 10.10.10.49/28 UP 00:0F:BD:FF:53:B7 4093
vif0 vif0 - UP 00:0F:BD:00:53:B7 0001 1,3-4

- 'vif0' is the default forwarding interface.


- drop-tag is 4094.

OS910-M#
The four VLAN interfaces TDMS2W, TDMS3W, TDMS2L, and TDMS3L are displayed as in the above
example when two E1/T1 CES modules are present in the OS910-M.

Tags
When E1/T1 CES modules are inserted into an OS910-M, VLAN tags are automatically assigned
to the VLAN interfaces of the E1/T1 CES modules according to Table 18, below. The user cannot
assign these VLAN tags to other VLAN interfaces while the E1/T1 CES modules are in the slots.
Table 18: VLAN Names and Associated VLAN Tags

VLAN Names VLAN Tags


TDMS2W 4090
TDMS3W 4091
TDMS2L 4092
TDMS3L 4093

424 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Interface Subnet
The interface subnet 10.10.10.0/24 is reserved for the VLAN interfaces TDMS2W, TDMS3W,
TDMS2L, and TDMS3L.
During initialization61 of the E1/T1 CES modules, the VLAN interfaces are continually updated until
TDMS2W and TDMS3W are set in NA (Not Active) state while the VLAN interfaces TDMS2L and
TDMS3L are set to be in the UP state permanently. These are the final states of the VLAN
interfaces required for the E1/T1 CES modules to operate properly.

Configuration
To configure a E1/T1 CES module, first enter the TDM mode from configure terminal mode
by invoking the following command:
tdm SLOT-NUM
where,
SLOT-NUM: Number of the slot occupied by the E1/T1 CES module. Valid numbers are 2
and 3.
Example
OS910-M# configure terminal
OS910-M(config)# tdm 2
OS910-M(config-tdm2)#

Clock Mode Setting


Select the clock mode for the bit streams by invoking the command:
clock mode (external|internal|line1|loopback|recovery)
where,
external: use clock provided by the administrator or the E1/T1 CES module in the other
slot of the OS910-M.
internal: use the E1/T1 CES module’s internal clock as a source.
line1: use the clock received on port 1 as the transmit clock for all ports.
loopback: use the local E1/T1 CES Module LIU clock received on the E1/T1 port.
recovery: use the recovered clock produced by the adaptive clock recovery algorithm as
the Tx (transmit) clock. This command argument sets the E1/T1 CES Module in Slave
mode.
Example
OS910-M(config-tdm2)# clock mode line1
OS910-M(config-tdm2)#

IP Address Assignment to a E1/T1 CES Module


An IP address must be assigned to the E1/T1 CES Module following clock settings. The IP
address is required for operating in the CES protocols at Layer 2 and Layer 3.
To assign an IP address to the E1/T1 CES Module, assign an IP address to a VLAN interface by
invoking the command:
module-ip A.B.C.D/M interface vifN
where,
A.B.C.D/M: E1/T1 CES module IP address with subnet prefix. This IP address should
belong to a subnet configured on one of the OS910-M VLAN interfaces.
vifN: ID of existing VLAN interface having the format vifX, where X is a decimal number
in the range 1-4089. Example: vif3. The IP address of the interface must belong to the
same subnet on which the E1/T1 CES module resides. This VLAN interface will be
permanently in the UP state.

61
Initialization of the E1/T1 CES modules starts when the hosting OS910-M is powered up.

January 2009 URL: http://www.mrv.com 425


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
interface vlan vif10
tag 10
ip 1.1.1.1/8
port 1

tdm 2
clock mode internal
module-ip 1.1.1.10/8 interface vif10
session s1 description port_1
session s1 port 1
session s1 header-proto l3 target-ip 2.2.2.10
session s1 local-udp-port 49152
session s1 target-udp-port 49152

In the above example, an E1/T1 CES module is in slot 2 (as indicated by the 2 in tdm 2). The IP
address assigned to the E1/T1 CES module is 1.1.1.10, taken from the interface subnet of the
VLAN interface vif10.
vif10 will remain permanently UP independently of its member port 1, i.e., even if the port has no
link, is unconnected, or connected to another device! Accordingly, vif10 can be configured without
any port as a member as shown for VLAN interfaces vif6 and vif8 in the section Configuration
Example 3, page 448.

Deleting IP Address Assigned to a E1/T1 CES Module


To delete the IP address assigned to the E1/T1 CES Module, invoke the command:
no module-ip
Example
OS910-M(config)# tdm 2
OS910-M(config-tdm2)# no module-ip
OS910-M(config-tdm2)#

External Clock Input Selection


If an external clock is to be used, specify the clock source by invoking the command:
clock input-ext (default|bnc|other-slot-recovered)
where,
default: Ignore external clock. Default.
bnc: Select the external clock source connected to the E1/T1 CES Module.
other-slot-recovered: Select the clock from neighbor slot (set using the command
clock output bnc or clock mode recovery).
Example
OS910-M(config-tdm2)# clock input-ext other-slot-recovered
OS910-M(config-tdm2)#

Clock Exportation
When clock mode is set to external, recovery, or line1 source mode, the received clock
can be exported to the E1/T1 CES module located in the neighbor slot by invoking the command:
clock output (default|bnc|recovered)
where,
default: Do not export the clock to the neighbor slot. Default.
bnc: Export the clock from the external clock source to the neighbor slot.
recovered: Export recovered clock (set using the command clock mode recovery)
or TDM clock (set using the command clock mode line1) for the neighbor slot.

426 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Example
OS910-M(config-tdm2)# clock output recovered
OS910-M(config-tdm2)#

Transport Emulation Type Configuration


Transport emulation can be configured either in unstructured or structured mode. In unstructured
mode, the entire E1/T1 circuit is transferred regardless of frame structure and time slot boundaries.
This is called “structure agnostic” emulation. In structured mode, full or fractional frames can be
packetized and transferred to the E1/T1 CES Modules.
E1 and T1 data is structured as frames based on 8 KHz frame synchronization (sampling rate).
Each frame is divided into 8-bit time slots (32 slots for E1, 24 slots for T1). The traffic is
depacketized at the other end of the pseudowire to reconstruct frames with the selected time slots
in their corresponding time slot positions.
To select the pseudowire mode, invoke the command:
port PORT transport-emulation-type (struct|unstruct|default)
where,
PORT: Number of E1 or T1 port in the E1/T1 CES Module.
struct: Structured (framed) pseudowire mode.
unstruct: Unstructured (unframed) pseudowire mode.
default: Pseudowire mode set by E1/T1 CES Module. (Default.)
Example
OS910-M(config-tdm2)# port 4 transport-emulation-type struct
OS910-M(config-tdm2)#

Port LIU Channel Bandwidth Configuration


A T1 frame consists of 193 bits: 8 x 24 time slots plus the F-bit. The F-bit is not sent in a
pseudowire. When the E1/T1 CES Module operates in T1 and the channel bandwidth is 64 Kbps,
all eight bits of a time slot are dedicated to data. If the channel bandwidth is configured for 56
Kbps, the F-bit is used for channel associated signaling and transmitted out-of-stream. This
configuration is valid for T1 ports in structured mode only!
To select the channel bandwidth, invoke the command:
port PORT liu-channel-bandwidth (64K|56K|default)
where,
PORT: Number of T1 port in the E1/T1 CES Module.
64K: Framed 64 Kbps for T1 only.
56K: Framed 56 Kbps for T1 only.
default: Channel bandwidth set by E1/T1 CES Module. (Default.)
Example
OS910-M(config-tdm2)# port 4 liu-channel-bandwidth 64K
OS910-M(config-tdm2)#

Port LIU Frame Format Setting


For each E1 port, the framing format PCM30 or PCM31can be selected.
For each T1 port, the framing format D4 or ESF can be selected.
T1 Framing
The Extended Super Frame (ESF) mode and the D4 mode are valid for T1 in the structured mode.
The T1 data is divided into 24 time slots, each of 8 bits, thus totaling 192 bits. The selected
protocol defines a bit pattern in the 193rd bit across a predetermined number of frames. When the
port has a channel data rate of 64 Kbps, all eight bits of the channel are dedicated; no signaling
information is carried. However, when the port has a channel rate of 56 Kbps, only seven bits of
the channel are dedicated, and the eighth bit is reserved for signaling information, contained in the
“not sent bit t” in every sixth frame.
E1 Framing

January 2009 URL: http://www.mrv.com 427


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

The E1 data, in PCM 30 format, divided into 32 time slots, each of 8 bits. Each of the time slot
sends and receives an 8-bit sample 8000 times per second. One timeslot (TS0) is reserved for
framing purposes, and alternately transmits a fixed pattern. This allows the receiver to lock onto
the start of each frame and match up each channel in turn. The standard allows for a full Cyclic
Redundancy Check to be performed across all bits transmitted in each frame, and to detect
whether the circuit is losing bits (information). Another timeslot (TS16) is reserved for signaling
purposes, to control call setup and tear down according to one of several standard
telecommunications protocols.
To set the frame format, invoke the command:
port PORT liu-frame-format (e1_pcm30|e1_pcm31|t1_d4|t1_esf|default)
where,
PORT: Number of E1 or T1 port in the E1/T1 CES Module .
e1_pcm30: Framing format PCM30 (for E1 only).
e1_pcm31: Framing format PCM31 (for E1 only).
t1_d4: Framing format D4 (for T1 only).
t1_esf: Framing format ESF (for T1 only).
default: Frame format set by E1/T1 CES Module. (Default.)
Example
OS910-M(config-tdm2)# port 4 liu-frame-format e1_pcm30
OS910-M(config-tdm2)#

Port LIU Receive Equalizer Gain Limit


The LIU Receive Equalizer Gain Limit to be set for a port depends on the characteristics of the line
connected to the port.
To set the LIU Receive Equalizer Gain Limit, invoke the command:
port PORT liu-gain-limit (short|long|default)
where,
PORT: Number of E1 or T1 port in the E1/T1 CES Module.
long: For E1: -43dB; For T1: -36dB
short: For E1: -15dB; For T1: -15dB
default: LIU Receive Equalizer Gain Limit set by E1/T1 CES Module. (Default.)
Example
OS910-M(config-tdm2)# port 4 liu-gain-limit long
OS910-M(config-tdm2)#

Port LIU Line Build Out Configuration


LIU Line Build Out function for a port depends on the impedance or length of the E1 or T1 line
between the E1/T1 CES Module and the E1/T1 source.
E1 options: E1_75, E1_120, E1_75_HRL, or E1_120_HRL.
T1 options: T1_133, T1_266, T1_399, T1_533, T1_655, T1_7.5, T1_15, or T1_22.5.
To set the LIU Line Build Out function for an E1 line, invoke the command:
port PORT liu-line-build-out (e1_75|e1_120|e1_75_hrl|e1_120_hrl)
where,
PORT: Number of E1 port in the E1/T1 CES Module.
To set the LIU Line Build Out function for an T1 line, invoke the command:
port PORT liu-line-build-out
(t1_133|t1_266|t1_399|t1_533|t1_655|t1_7.5|t1_15|t1_22.5)
where,
PORT: Number of T1 port in the E1/T1 CES Module.
To set the LIU Line Build Out function for an E1 or T1 line to the default value, invoke the
command:
port PORT liu-line-build-out default

428 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Port LIU Line Code Configuration


This configures LIU line coding for the E1/T1 ports
port PORT liu-line-coding (hdb3|ami|b8zs|default)
where,
PORT: Number of E1 or T1 port in the E1/T1 CES Module.
ami: AMI for E1 and T1.
b8zs: B8ZS for T1 only.
hdb3: HDB3 for E1 only.
default: Line Code set by E1/T1 CES Module. (Default.)

Enabling an E1/T1 Port


By default, an E1/T1 port is enabled. To enable an E1/T1 port, invoke the command:
port PORT state enable
where,
PORT: Number of E1 or T1 port in the E1/T1 CES Module.

Disabling an E1/T1 Port


To disable an E1/T1 port, invoke the command:
port PORT state disable
where,
PORT: Number of E1 or T1 port in the E1/T1 CES Module.

Creating a New Session


To create a new pseudowire session, invoke the command:
session NAME description DESCR
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
DESCR: Alphanumeric string of up to 31 characters.
To enable a session a port must be assigned to it!

Deleting a Session
To delete an existing session, invoke the command:
no session NAME
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
Example
OS910-M(config-tdm2)# no session s05
OS910-M(config-tdm2)#

E1/T1 Port Assignment to a Session


Session activation on a specific E1/T1 port depends on whether the port is configured to structured
or unstructured mode.
In unstructured mode all timeslots from the port are assigned to one destination. The data stream
from the port, by definition, has no discernible time slots or other signaling information. The data
stream is packetized according to the session header and other session parameters and then sent
to the PSN.
In structured mode, all or a portion of the traffic from the port can be sent to the target destination.

January 2009 URL: http://www.mrv.com 429


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

To assign an E1/T1 port to a session in structured mode with all timeslots or in unstructured mode,
invoke the command:
session NAME port PORT
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
PORT: E1/T1 port number in the module.
To assign an E1/T1 port to a session in structured mode with some timeslots, invoke the
command:
session NAME port PORT timeslots VALUE
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
PORT: E1/T1 port number on the TDM module.
VALUE: Timeslots list.
Example
OS910-M(config-tdm2)# session s05 port 4
OS910-M(config-tdm2)#

OS910-M(config-tdm2)# session s06 port 3 timeslots 2-10


OS910-M(config-tdm2)#

The session is enabled once a port is assigned to it!

Setting CES Protocol Header Format and Target Address


To set a SAToP or CESoPSN Header Format and a Target Address, invoke the command:
session NAME header-proto l3 target-ip A.B.C.D
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
l3: CES using Layer 3 SAToP or CESoPSN session header format.
A.B.C.D: Target IP address.
To set a CESoETH Header Format and a Target Address, invoke the command:
session NAME header-proto l2 target-mac MAC_ADDRESS
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
L2: CES using Layer 2 CESoETH session header format.
MAC_ADDRESS: Target MAC address in the format xx:xx:xx:xx:xx:xx, where x is a
hexadecimal digit, e.g., 8b: d0:e3:ac:28:f9.
Example
OS910-M(config-tdm2)# session s03 header-proto l2 target-mac 00:12:72:00:5e:4e
OS910-M(config-tdm2)#

or

OS910-M(config-tdm2)# session s02 header-proto l3 target-ip 60.1.1.2


OS910-M(config-tdm2)#

Modifying the Description of an Existing Session


To modify the description of an existing session, invoke the command:
session NAME description DESCR
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.

430 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

DESCR: Description. String upto 31 characters.


Example
OS910-M(config-tdm2)# session s05 description TEST-SESSiON-2
OS910-M(config-tdm2)#

Setting a Session's UDP Local Port


To set a session's UDP local port, invoke the command:
session NAME local-udp-port (UDP-PORT|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
UDP-PORT: UDP local port number in the range 49152 to 57343.
default: Default UDP Port number.
Example
OS910-M(config-tdm2)# session s02 local-udp-port 49152
OS910-M(config-tdm2)#

Setting a Session's UDP Target Port


To set a session's UDP target port, invoke the command:
session NAME target-udp-port (UDP-PORT|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
UDP-PORT: UDP target port number in the range 49152 to 57343.
default: Default UDP Port number.
Example
OS910-M(config-tdm2)# session s02 target-udp-port 49152
OS910-M(config-tdm2)#

Setting a Session's Out-of-stream (Signaling) UDP Local Port


To set a session's out-of-stream (signaling) UDP local port, invoke the command:
session NAME local-oos-udp-port (UDP-PORT|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
UDP-PORT: UDP target port number in the range 49152 to 57343.
default: Default UDP Port number.
Example
OS910-M(config-tdm2)# session s02 local-oos-udp-port 49152
OS910-M(config-tdm2)#

Setting a Session's Out-of-stream (Signaling) UDP Target Port


To set a session's out-of-stream (signaling) UDP target port, invoke the command:
session NAME target-oos-udp-port (UDP-PORT|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
UDP-PORT: UDP target port number in the range 49152 to 57343.
default: Default UDP Port number.

January 2009 URL: http://www.mrv.com 431


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910-M(config-tdm2)# session s02 target-oos-udp-port 49152
OS910-M(config-tdm2)#

Setting the IP-ToS Field in the IP header of the CES Packet


The IP ToS field controls the priority of the CES traffic in an L3 session.
To set the IP ToS field, invoke the command:
session NAME ip-tos (TOS|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
TOS: IP ToS value selectable from the range 0 to 255.
default: Default ToS value.
Example
OS910-M(config-tdm2)# session s02 ip-tos 184
OS910-M(config-tdm2)#

Setting the Local Emulation Circuit ID


To set the local Emulation Circuit ID (ECID) for a CESoETH Header, invoke the command:
session NAME local-ecid (ECID|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
ECID: Emulation Circuit ID selectable from the range 0 to 0xFFFFF.
default: Emulation Circuit ID set by E1/T1 CES Module. (Default.)
Example
OS910-M(config-tdm2)# session s02 local-ecid 20
OS910-M(config-tdm2)#

Setting the Remote Emulation Circuit ID


To set the remote Emulation Circuit ID (ECID) for a CESoETH Header, invoke the command:
session NAME target-ecid (ECID|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
ECID: Emulation Circuit ID selectable from the range 0 to 0xFFFFF.
default: Emulation Circuit ID set by E1/T1 CES Module. (Default.)
Example
OS910-M(config-tdm2)# session s02 target-ecid 20
OS910-M(config-tdm2)#

Setting the Max Jitter Delay for a Session


To set the maximum jitter in milliseconds allowed for a session, invoke the command:
session NAME jitter (MSEC|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
MSEC: Max jitter delay selectable from the range 1 to 200).
default: Jitter set by E1/T1 CES Module. (Default.)

432 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Example
OS910-M(config-tdm2)# session s02 jitter 10
OS910-M(config-tdm2)#

Setting the Number of TDM Frames in Payload


To set the maximum number of E1/T1 frames in the payload for a session, invoke the command:
session NAME payload-length (NUM|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
NUM: Number of TDM frames in payload.
For E1 the maximum allowed is 25.
For T1 the maximum allowed 33.
default: Payload length set by E1/T1 CES Module. (Default.)
Example
OS910-M(config-tdm2)# session s02 payload-length 16
OS910-M(config-tdm2)#

Enabling/Disabling Payload Suppression


To enable or disable payload-suppression for a session, invoke the command:
session NAME payload-suppression (enable|disable|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
enable: Enable payload suppression.
disable: Disable payload suppression.
default: Disable payload suppression.
Example
OS910-M(config-tdm2)# session s02 payload-suppression enable
OS910-M(config-tdm2)#

Enabling/Disabling RTP Header Enable/Disable


To enable or disable RTP Header, invoke the command:
session NAME rtp-header (enable|disable|default)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
enable: Enable RTP header.
disable: Disable RTP header.
default: Disable RTP header.
Example
OS910-M(config-tdm2)# session s02 rtp-header enable
OS910-M(config-tdm2)#

Enabling or Disabling a Session


To enable or disable a session, invoke the command:
session NAME state (enable|disable)
where,
PORT: E1/T1 port number in the module.
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.

January 2009 URL: http://www.mrv.com 433


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

enable: Enable state.


disable: Disable state.
default: Disable state.
Example
OS910-M(config-tdm2)# session s02 state enable
OS910-M(config-tdm2)#

Recovery Clock
General
The clock rate of a TDM circuit over a pseudowire must be consistent so that there is no overflow
or underflow due to clock differences. That is, the clock rate for the TDM data transmitted at one
end of the emulated circuit (Tx clock) must be the same as the clock rate of the same TDM stream
received at the other end of the emulated circuit (Rx clock).
To maintain clock continuity of the E1/T1 circuits across a PSN and to meet the ITU G.823 and
G.824 standards, the E1/T1 CES Module recovers the clock from the pseudowire data stream.
One E1/T1 CES Module is designated as Master while the others are designated as Slaves. Slave
E1/T1 CES Modules derive the local Tx clock from the received pseudowire packets.
The E1/T1 CES Module employs an adaptive clock recovery algorithm based on criteria such as:
the number of packets received over certain time intervals, the measured Packet Delay Variation
(PDV), and the state of the jitter buffer. The algorithm accuracy depends on the 1 Part Per Million
(PPM) system clock provided by the module’s temperature-compensated crystal oscillator (TCXO).
The TCXO is sufficiently accurate to meet the ITU standards for jitter and wander. If a more
stringent standard is to be met, a more accurate and stable clock source, such as the oven-
controlled crystal oscillator OCXO, may be provided to the user.
To determine whether the crystal oscillator in the E1/T1 CES Module is of type TCXO or OCXO, in
the TDM mode (entered using the command tdm SLOT-NUM), invoke the command show
module.
Modes
The E1/T1 CES Module can be set to attempt clock recovery in either of the following modes:
Single-Recovery-Clock Mode: The single-recovery-clock mode allows the use of one clock
(recovered from one currently active session) for all E1/T1 ports
of a E1/T1 CES Module.
A recovery clock has two clock input controllers. The single-
recovery-clock mode allows connection of one session (PW-1)
to the clock input controller 1 (primary) and a second session
(PW-2) to clock input controller 2 (secondary). One clock input
controller is active (for example, the controller connected to the
session PW-1), while the second serves as backup. The second
session will become active instead of the first in the event that
the first fails).
Multiple-Recovery-Clocks Mode: The multiple-recovery-clocks mode allows the use of one clock
(recovered from one currently active session) per E1/T1 port of
a E1/T1 CES Module. The recovery clocks are independent of
one another.
Every clock utilizes the primary pseudowire for clock recovery
and switches to the secondary pseudowire, if the primary one is
disabled by the user.

Setting Recovery-clock Mode


To set the mode in which clock recovery will be attempted, invoke the command:
recovery-clock independent-domain-cfg (single|multiple)
where,
single: Single-Recovery-Clock Mode.
multiple: Multiple-Recovery-Clocks Mode.

434 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Example
OS910-M(config-tdm2)# recovery-clock independent-domain-cfg single
OS910-M(config-tdm2)#

Connecting a Recovery-clock Controller to a Session


To connect a recovery-clock controller to a session, invoke the command:
recovery-clock session NAME controller (1|2)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
1: Connect Controller 1 of the clock (connected to the port) to the session.
2: Connect Controller 2 of the clock (connected to the port) to the session.
Example
OS910-M(config-tdm2)# recovery-clock session s02 controller 1
OS910-M(config-tdm2)#

Disconnecting a Recovery-clock Controller from a Session


To disconnect a recovery-clock controller from a session, invoke the command:
no recovery-clock session NAME controller (1|2)
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
1: Use controller #1 of the Clock connected to the port attached to session.
2: Use the controller #2 of the Clock that is connected to the port is attached to session.
Example
OS910-M(config-tdm2)# no recovery-clock session s02 controller 1
OS910-M(config-tdm2)#

Default SL
To set the DiffServ level (SL) for CES traffic sent to an Ethernet port to the default value (1, lowest
priority), invoke the command:
no ces-traffic egress sl
Example
OS910-M(config-tdm2)# no ces-traffic egress sl
OS910-M(config-tdm2)#

User-defined SL
To set the SL for CES traffic sent to an Ethernet port, invoke the command:
ces-traffic egress sl <1-8>
where,
<1-8>: SL selectable from the range 1 to 8.
Example
OS910-M(config-tdm2)# ces-traffic egress sl 8
OS910-M(config-tdm2)#

Viewing
General Configuration and Status Information
Viewing MAC Address
To view the MAC address of the E1/T1 CES Module, invoke the command:

January 2009 URL: http://www.mrv.com 435


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

show module mac-addr


Example
OS910-M(config-tdm3)# show module mac-addr

MAC-addr : 00:12:72:00:5e:54
OS910-M(config-tdm3)#

Viewing Ethernet Statistics


To view the Ethernet statistics of the E1/T1 CES Module, invoke the command:
show eth-statistics
Example
OS910-M(config-tdm3)# show eth-statistics

Item : Value
------------------------------------------------------
In octets : 1627156548
Out octets : 1525313958
Frames received : 5770059
Frames transmited : 5777704
In multicast : 0
Out multicast : 0
In broadcast : 3
Out broadcast : 6
Single collisions : 0
Multicast collisions : 0
Defered frames : 0
Excessive defered frames : 0
late collisions : 0
Excessive collisions : 0
Mac in pause frames : 0
Mac out pause frames : 0
Ip datagram received : 0
Align errors : 0
Crc errors : 0
Frames too long : 0
Mac rx error : 0
Short frames : 0
Mac tx errors : 0
Code errors : 0
Mac in unknown opcode : 0
Ip header errors : 0
Rx fifo overrun : 0
Tx underrun : 0
Bundle overflow : 0
Range length errors : 0
Out of range length errors : 0
Retransmits timeout : 0
No buffer discards : 0
Rx discards : 0
OS910-M(config-tdm3)#

Viewing System Information


To view the system information of the E1/T1 CES Module, invoke the command:
show module

436 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Example
OS910-M(config-tdm3)# show module-system-info
SW version : AG1624R01.00.00_D017
DB model template : R1624ETEA1001
Board Type : 18
Board Revision : 0
CPLD Revision : 2
FPGA ID : 12
FPGA version : 105
CM PLL Type : 0
DB product enum : 5
DB model enum : 9
Detect card : 1
Redux_board : 1
Application ct : 18
Current system tick : 592763
Silicon ID : 1
Silicon version : 0
ROM archit : 0
MAC-addr : 00:12:72:00:5e:54
Shift register value : 0
OS910-M(config-tdm3)#

Clock
Viewing Clock Configuration
To view the current clock configuration, invoke the command:
show clock
Example
OS910-M(config-tdm2)# show clock

Parameter : Slot-2 Slot-3


-----------------------------------------------------------------
Clock mode : LINE_1 RECOVERY
Input External : NONE NONE
Input Reference : OWN_OCXO OWN_OCXO
Output : NONE NONE
OS910-M(config-tdm2)#

Port
Viewing E1/T1 Port LIU Information
To view the configuration and status information on the ports of the E1/T1 CES Module, invoke the
command:
show tdm-ports

January 2009 URL: http://www.mrv.com 437


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910-M(config-tdm2)# show tdm-ports

Clocking_mode : LINE_1
LIU line format : E1
--------------------Configuration Information--------------------

Modified Running_config : Port1 Port2 Port3 Port4


-------------------------- : ----- ------ ----- -----
Port state : Enabled Enabled Enabled Enabled
LIU framer type : DS26524 DS26524 DS26524 DS26524
LIU line code : HDB3 HDB3 HDB3 HDB3
LIU line build out : 120NORM 120NORM 120NORM 120NORM
LIU monitor gain : NORMAL NORMAL NORMAL NORMAL
LIU Rx equalizer gain limit: Short Short Short Short
LIU jitter attenuation : Disabled Disabled Disabled Disabled
LIU loopback : Disabled Disabled Disabled Disabled
Framed mode : Unframed Unframed Unframed Framed
Frame format : - - - PCM31
Channel bandwidth : - - - Fram_64K
TDM signaling type : - - - CCC
OS910-M(config-tdm2)#

--------------------Status Information--------------------

Status : Port1 Port2 Port3 Port4


---------------: ----- ----- ----- -----
Port status : ACTIVE ACTIVE ACTIVE ACTIVE
Link : UP DOWN DOWN DOWN
LIU loopback : DISABLE DISABLE DISABLE DISABLE
NoAlarm : no alarm - - -
RcvFarEndLOF : - - - -
XmtFarEndLOF : - - - -
RcvAIS : - - - -
XmtAIS : - ais (tx) ais (tx) -
LossOfFrame : - - - -
LossOfSignal : - los los los
LoopbackState : - - - -
T16AIS : - - - -
RcvFarEndLOMF : - - - -
XmtFarEndLOMF : - - - -
Others : - - - -
OS910-M(config-tdm2)#

Viewing E1/T1 Port LIU Configuration


To view only the LIU configuration for the ports of the E1/T1 CES Module, invoke the command:
show tdm-ports config

438 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Example
OS910-M(config-tdm2)# show tdm-ports config

Clocking_mode : LINE_1
LIU line format : E1

Modified Running_config : Port1 Port2 Port3 Port4


----------------------------: ----- ----- ----- -----
Port state : Enabled Enabled Enabled Enabled
LIU framer type : DS26524 DS26524 DS26524 DS26524
LIU line code : HDB3 HDB3 HDB3 HDB3
LIU line build out : 120NORM 120NORM 120NORM 120NORM
LIU monitor gain : NORMAL NORMAL NORMAL NORMAL
LIU Rx equalizer gain limit : Short Short Short Short
LIU jitter attenuation : Disabled Disabled Disabled Disabled
LIU loopback : Disabled Disabled Disabled sabled
Framed mode : Unframed Unframed Unframed Framed
Frame format : - - - PCM31
Channel bandwidth : - - - Frame_64K
TDM signaling type : - - - CCC
OS910-M(config-tdm2)#

Viewing E1/T1 Port LIU Status


To view only the LIU status for the ports of the E1/T1 CES Module, invoke the command:
show tdm-ports status
Example
OS910-M(config-tdm2)# show tdm-ports status

Status : Port1 Port2 Port3 Port4


---------------: ----- ----- ----- -----
Port status : ACTIVE ACTIVE ACTIVE ACTIVE
Link : UP DOWN DOWN DOWN
LIU loopback : DISABLE DISABLE DISABLE DISABLE
NoAlarm : no alarm - - -
RcvFarEndLOF : - - - -
XmtFarEndLOF : - - - -
RcvAIS : - - - -
XmtAIS : - ais (tx) ais (tx) -
LossOfFrame : - - - -
LossOfSignal : - los los los
LoopbackState : - - - -
T16AIS : - - - -
RcvFarEndLOMF : - - - -
XmtFarEndLOMF : - - - -
Others : - - - -
OS910-M(config-tdm2)#

Viewing E1/T1 Port LIU Default Configuration


To view the LIU default configuration for the ports of the E1/T1 CES Module, invoke the command:
show tdm-ports default-config

January 2009 URL: http://www.mrv.com 439


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910-M(config-tdm2)# show tdm-ports default-config

Items : Default Values


----------------------------- : -----
LIU line format : E1
LIU type : DS26524
LIU line code : HDB3
LIU line build out : 120NORM
LIU monitor gain : NORMAL
LIU Rx equalizer gain limit : Short
LIU jitter attenuation : Disabled
LIU loopback : Disabled
Framed mode : Unframed
Frame format : -
Channel bandwidth : -
TDM signaling type : -
OS910-M(config-tdm2)#

Session
Viewing Sessions
To view the sessions created on the E1/T1 CES Module, invoke the command:
show session
Example
OS910-M(config-tdm2)# show session

Name Description modified_config running_config


------------------------------------------------------------------
S02 SESSiON-2-1 Session Enabled Session running
S03 SESSiON-2-2 Session Enabled Session running

OS910-M(config-tdm2)#
--------------------------------------------------------------------------

Viewing Information about a Specific Session


To view configuration and status information on a session, invoke the command:
show session detail NAME
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.

440 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Example
OS910-M(config-tdm2)# show session detail s02

CONFIGURATION
Item : Value
------------------------------: ---------
Session mode : Enable
Header type : CESoETH
Local ECID : 34
Target ECID : 34
Target MAC : 00:12:72:00:5e:54
Layer 2 support mode : VLAN
Payload length (frames) : 8
Jitter maximum level (ms) : 5
VLAN enable : Disable
MPLS enable : Disable
RTP enable : Disable
Transport emulation type : Unstructured
Session bandwidth (in Kbps) : 2256
Payload suppresion : Disable
Port : 1
Time Slots : 1-32

STATUS/STATISTICS
Item : Status/Value
-----------------------------------: ---------
Clocking mode : LINE1
Eth to TDM direction : UP
TDM to Eth direction : UP
Current jitter buffer delay (ms) : 4.492
Jitter maximum level (ms) : 4.996
Jitter minimum level (ms) : 3.996
Valid Eth packets per sec : 100
Handled Eth packets : 229302
Late Eth packets : 0
Lost Eth packets : 0
Packets per seconds : 1000
Underrun Eth packets : 406
Overrun Eth packets : 0
Malformed packets counter : 0
Duplicate Eth packets : 0
OS910-M(config-tdm2)#

Viewing only Configuration Information about a Specific Session


To view only configuration information on a session, invoke the command:
show session detail NAME config
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.

January 2009 URL: http://www.mrv.com 441


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910-M(config-tdm2)# show session detail s02 config

CONFIGURATION

Item : Value
------------------------------: ---------
Session mode : Enable
Header type : CESoETH
Local ECID : 34
Target ECID : 34
Target MAC : 00:12:72:00:5e:54
Layer 2 support mode : VLAN
Payload length (frames) : 8
Jitter maximum level (ms) : 5
VLAN enable : Disable
MPLS enable : Disable
RTP enable : Disable
Transport emulation type : Unstructured
Session bandwidth (in Kbps) : 2256
Payload suppresion : Disable
Port : 1
Time Slots : 1-32
OS910-M(config-tdm2)#

Viewing only Status Information about a Session


To view only status information on a session, invoke the command:
show session detail NAME status
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
Example
OS910-M(config-tdm2)# show session detail s02 status

STATUS/STATISTICS

Item : Status/Value
-----------------------------------: ---------
Clocking mode : LINE1
Eth to TDM direction : UP
TDM to Eth direction : UP
Current jitter buffer delay (ms) : 4.492
Jitter maximum level (ms) : 4.996
Jitter minimum level (ms) : 3.996
Valid Eth packets per sec : 100
Handled Eth packets : 229302
Late Eth packets : 0
Lost Eth packets : 0
Packets per seconds : 1000
Underrun Eth packets : 406
Overrun Eth packets : 0
Malformed packets counter : 0
Duplicate Eth packets : 0
OS910-M(config-tdm2)#

Viewing the Default Configuration for a Session


To view the default configuration for a session, invoke the command:
show session detail NAME default-cfg
where,

442 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
Example
OS910-M(config-tdm2)# show session detail s02 default-cfg

Items Default values


----------------------------- : -----
Header type : SAToP
Local UDP-port/ECID : 49152
Target UDP-port/ECID : 49152
IP TOS : 0x2e
Target IP address : 169.254.01.101
Payload length (frames) : 8
Jitter maximum level (ms) : 5
Target MAC : 00.00.00.00.00.00
VLAN enable : Disable
MPLS enable : Disable
RTP enable : Disable
Transport emulation type : Unstructured
Payload suppresion : Disable
OS910-M(config-tdm2)#

Viewing Recovery-clock Information


To view configuration and status information on a recovery-clock, invoke the command:
show recovery-clock

Viewing Recovery-clock Configuration


To view only configuration information on a recovery-clock, invoke the command:
show recovery-clock config
Example
OS910-M(config-tdm3)# show recovery-clock-config
OS910-M(config-tdm3)#
Recovery Clock mode: Single.
controller: 1; connected session: s03; active: Yes;
controller: 2; connected session: ; active: No;
OS910-M(config-tdm3)#

Viewing Recovery-clock Status


To view only status information on a recovery-clock, invoke the command:
show recovery-clock INDEX status
In the display for Single-Recovery-Clock Mode:
1 designates clock 1 input controller 1
2 designates clock 1 input controller 2
In the display for Multiple-Recovery-Clocks Mode:
1 designates clock 1 input controller 1 (used for port 1)
2 designates clock 1 input controller 2 (used for port 1)
3 designates clock 2 input controller 1 (used for port 2)
4 designates clock 2 input controller 2 (used for port 2)
5 designates clock 3 input controller 1 (used for port 3)
6 designates clock 3 input controller 2 (used for port 3)
7 designates clock 4 input controller 1 (used for port 4)
8 designates clock 4 input controller 2 (used for port 4)

January 2009 URL: http://www.mrv.com 443


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Configuration Example 1

Figure 43: Interconnection for Layer-3 Traffic and using Internal Clock
In the above setup:
− Three sessions are defined on E1 ports P1, P2, P4 on OS910-M (A) as well as on OS910-
M (B)
− Layer-3 protocol is used for circuit emulation
− Unstructured pseudowire is used on port P1 and P2 while structured pseudowire is used
on port P4
− Both E1/T1 CES modules are on the same subnet. As a CES transport interface, a VLAN
interface (vif6) is configured (on each module, and with the same subnet mask) to
enable internal switching.
− The IP modules addresses belong to the subnet configured on vif6.
− CES (L) in OS910-M (A) is set to use its internal clock (for clock mode).
− CES (L) in OS910-M (B) is set to use attempt clock recovery in Single-Recovery-Clock
mode (using the command recovery-clock independent-domain-cfg single)
− The Transmit Clock used on OS910-M (B)ports P1 and P4 is recovered from session s02.
The following three routes between OS910-M (A) and OS910-M (B) are defined:
Route 1
P1 on OS910-M (A) s02 on OS910-M (A) (Ethernet VLAN interface vif6) s02 on
OS910-M (B) P1 on OS910-M (B).
Route 2
P2 on OS910-M (A) s03 on OS910-M (A) Ethernet VLAN interface vif6 s03 on
OS910-M (B) P2 on OS910-M (B).
Route 3
P4 on OS910-M (A) s04 on OS910-M (A) Ethernet VLAN interface vif6 s04 on
OS910-M (B) P4 on OS910-M (B).
The following session parameter values on OS910-M (A) and on OS910-M (B) must be the same:
Header protocol, Timeslots (for structured pseudowire), UDP local and target ports, Target and
Source IP. E1/T1 port numbers, however, may be different.
E1/T1 Analyzer 1 and 2 clock source can be from the E1/T1 CES Module or the analyzer itself.

444 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

OS910-M (A) Configuration


The sequence of CLI commands to be invoked to implement the required configuration for OS910-
M (A) is shown below.
OS910-M# write terminal
Building configuration

Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.11/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode internal
module-ip 60.1.1.4/24 interface vif6
port 4 transport-emulation-type struct
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.2
session s02 local-udp-port 49152
session s02 target-udp-port 49152
session s03 description SESSiON-1-2
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.2
session s03 local-udp-port 49155
session s03 target-udp-port 49155
session s04 description SESSiON-3-1
session s04 port 4 timeslots 2-10
session s04 header-proto l3 target-ip 60.1.1.2
session s04 local-udp-port 49156
session s04 target-udp-port 49156
!
OS910-M#

January 2009 URL: http://www.mrv.com 445


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS910-M (B) Configuration


The sequence of CLI commands to be invoked to implement the required configuration for OS910-
M (B) is shown below.
OS910-M# write terminal
Building configuration

Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.1/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 60.1.1.2/24 interface vif6
port 4 transport-emulation-type struct
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.4
session s02 local-udp-port 49152
session s02 target-udp-port 49152
session s03description SESSiON-2-1
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.4
session s03 local-udp-port 49155
session s03 target-udp-port 49155
session s04 description SESSiON-3-1
session s04 port 4 timeslots 2-10
session s04 header-proto l3 target-ip 60.1.1.4
session s04 local-udp-port 49156
session s04 target-udp-port 49156
recovery-clock independent-domain-cfg single
recovery-clock session s02 controller 1
!

Configuration Example 2
The setup & configuration is the same as in the Configuration Example 1, page 444 except for the
following differences:
− Multiple-Recovery-Clocks mode instead of Single-Recovery-Clock mode is set
on OS910-M (B). Transmit Clock used on port P1 is recovered from session
s02, while Transmit Clock used on port P4 of OS910-M (B) is recovered from
session s04.
− The clock configurations are as follows:
E1/T1 Analyzer 1 and 2 clock source can be from the E1/T1 CES Module or the analyzer
itself.
OS910-M (A): Clock mode is loopback
OS910-M (B): Clock mode is recovery; Recovery clock mode is multiple.

446 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

OS910-M (A) Configuration


OS910-M# write terminal
Building configuration

Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.11/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode loopback
module-ip 60.1.1.4/24 interface vif6
port 4 transport-emulation-type struct
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.2
session s02 local-udp-port 49152
session s02 target-udp-port 49152
session s03 description SESSiON-1-2
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.2
session s03 local-udp-port 49155
session s03 target-udp-port 49155
session s04 description SESSiON-3-1
session s04 port 4 timeslots 2-10
session s04 header-proto l3 target-ip 60.1.1.2
session s04 local-udp-port 49156
session s04 target-udp-port 49156
!
OS910-M#

January 2009 URL: http://www.mrv.com 447


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS910-M (B) Configuration


OS910-M# write terminal
Building configuration.

Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.1/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 60.1.1.2/24 interface vif6
port 4 transport-emulation-type struct
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.4
session s02 local-udp-port 49152
session s02 target-udp-port 49152
session s03 description SESSiON-2-1
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.4
session s03 local-udp-port 49155
session s03 target-udp-port 49155
session s04 description SESSiON-3-1
session s04 port 3 timeslots 2-10
session s04 header-proto l3 target-ip 60.1.1.4
session s04 local-udp-port 49156
session s04 target-udp-port 49156
recovery-clock independent-domain-cfg multiple
recovery-clock session s02 controller 1
recovery-clock session s04 controller 1
!

Configuration Example 3

Figure 44: Interconnection for Layer-3 Traffic and using Different Subnets
In the above setup:
− The E1/T1 CES Modules in the OS910-M (A) and OS910-M (B) have source IP addresses
of different subnets.

448 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

− The subnet used for Ethernet connectivity (CES transport) between OS910-M (A) and
OS910-M (B) is different from those of the E1/T1 CES Modules. This means that the
E1/T1 CES Module in OS910-M (A) and in OS910-M (B) need to route traffic between
them (using a static route).
If a subnet (VLAN interface) is to be used only by the E1/T1 CES Module in OS910-M (A)
or in OS910-M (B), it is enough to configure the tag and IP address for the VLAN interface.
That is, there is no need to include ports in the VLAN interface.
The Layer-3 traffic route between the E1/T1 CES Module in OS910-M (A) and the E1/T1 CES
Module in OS910-M (B) is as follows:
E1/T1 CES Module in OS910-M (A) (IP 60.1.1.4) OS910-M (A) VLAN Interface (IP
60.1.1.11/24) OS910-M (A) subnet (IP 70.1.1.11/24) OS910-M (B) subnet (IP
70.1.1.1/24) OS910-M (B) VLAN Interface (IP 80.1.1.1/24) E1/T1 CES Module in
OS910-M (B) (IP 80.1.1.2).
OS910-M (A) Configuration
OS910-M# write terminal
Building configuration

Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.11/24
!
interface vlan vif7
tag 70
ip 70.1.1.11/24
ports 7
!
ip route 80.1.1.0/24 70.1.1.1
!
dhcp
enable
!
tdm 2
clock mode internal
module-ip 60.1.1.4/24 interface vif6
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 80.1.1.2
session s02 local-udp-port 49152
session s02 target-udp-port 49152
!
OS910-M#

January 2009 URL: http://www.mrv.com 449


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS910-M (B) Configuration


OS910-M# write terminal
Building configuration

Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif7
tag 70
ip 70.1.1.1/24
ports 7
!
interface vlan vif8
tag 80
ip 80.1.1.1/24
!
ip route 60.1.1.0/24 70.1.1.11
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 80.1.1.2/24 interface vif80
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.4
session s02 local-udp-port 49152
session s02 target-udp-port 49152
recovery-clock independent-domain-cfg single
recovery-clock session s02 controller 1
!
OS910-M#

Configuration Example 4

Figure 45: Interconnection for Layer-2 Traffic and using IP and DHCP
In the above setup:
− Layer-2 protocol is used.
− The interface used for CES transport is an IP VLAN interface and source IP address is
defined for the E1/T1 CES Modules.
To get the MAC address of the partner E1/T1 CES Module invoke the following command on the
partner CLI:
show module mac-addr

450 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

OS910-M (A) Configuration


!
! version main-d1550-10-11-06
!
interface vlan vif6
tag 70
ip 60.1.1.11/24
ports 7
!
dhcp
enable
!
tdm 2
clock mode internal
module-ip 60.1.1.4/24 interface vif6
session s03 description SESSiON-1-2
session s03 port 1
session s03 header-proto l2 target-mac 00:12:72:00:5e:58
session s03 local-ecid 34
session s03 target-ecid 34
!
#
OS910-M (B) Configuration
!
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.1/24
ports 7
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 60.1.1.2/24 interface vif6
session s03 description SESSiON--2
session s03 port 1
session s03 header-proto l2 target-mac 00:12:72:00:5e:54
session s03 local-ecid 34
session s03 target-ecid 34
recovery-clock session s03 controller 1
!

January 2009 URL: http://www.mrv.com 451


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Configuration Example 5

Figure 46: Interconnection using Clock Exportation


In the above setup:
− Two sessions are defined, one on E1 port 1 (P1) of the left E1/T1 CES Module (CES (L)),
the other on E1 port 2 (P2) of the right E1/T1 CES Module (CES (R)) on OS910-M (A) as
well as on OS910-M (B).
− Clock exported to the neighbor E1/T1 CES Module.
− CES (L) in OS910-M (A): Clock mode is line1.
− CES (R) in OS910-M (A): Clock mode is external (received from the neighbor CES (L)).
− CES(L)-OS910-M (B): Clock mode is recovery. Adaptive clock from pseudowire session.
− CES(R)-OS910-M (B): Clock mode is external (received from the neighbor CES (L) in
OS910-M (B))

452 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

OS910-M (A) Configuration


OS910-M# write terminal
Building configuration...

Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.1/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode line1
module-ip 60.1.1.2/24 interface vif6
clock output recovered
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.12
session s02 local-udp-port 49152
session s02 target-udp-port 49152
!
tdm 3
clock mode external
module-ip 60.1.1.3/24 interface vif6
clock input-ext other-slot-recovered
session s03 description SESSiON-2-1
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.13
session s03 local-udp-port 49153
session s03 target-udp-port 49153
!
#OS910-M#

January 2009 URL: http://www.mrv.com 453


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS910-M (B) Configuration


OS910-M# write terminal
Building configuration...

Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.11/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 60.1.1.12/24 interface vif6
clock output recovered
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.2
session s02 local-udp-port 49152
session s02 target-udp-port 49152
recovery-clock independent-domain-cfg single
recovery-clock session s02 controller 1
!
tdm 3
clock mode external
module-ip 60.1.1.13/24 interface vif6
clock input-ext other-slot-recovered
session s03 description SESSiON-2-1
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.13
session s03 local-udp-port 49153
session s03 target-udp-port 49153
!

Configuration Example 6

Figure 47: Interconnection using High DiffServ Level


In the above setup:
− A high DiffServ level is set for the TDM traffic. The high DiffServ level is useful when TDM
and data traffic between two switches (OS910-Ms) pass through the same VLAN interface
(vif10).

454 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

− CES (L) in OS910-M (A): Clock mode is line1, Clock exportation is recovered, Diffserv
Level is highest (8)
− CES(R)-OS910-M (A): Clock mode is external, Clock selected from neighbor slot (using
the command clock input-ext other-slot-recovered), Diffserv Level is highest
(8)
− CES (L) in OS910-M (B): Clock mode is line1, Clock mode is recovery, Diffserv Level
is highest (8)
The DSCP value = 46 corresponds to ToS value=184.
OS910-M (A) Configuration
access-list extended acl1
rule 10
dscp eq 0xb8
action mark sl 8
!
!
interface vlan vif10
tag 10
ip 192.168.1.1/24
ports 1-2
access-group acl1 1
!
dhcp
enable
!
tdm 2
clock mode line1
module-ip 192.168.1.10/24 interface vif10
clock output recovered
ces traffic egress sl 8
session s01 description s01
session s01 port 1
session s01 header-proto l3 target-ip 192.168.1.30
session s01 ip-tos 184
session s01 local-udp-port 49152
session s01 target-udp-port 49152
!
tdm 3
clock mode external
module-ip 192.168.1.20/24 interface vif10
clock input-ext other-slot-recovered
ces traffic egress sl 8
session s02 description s02
session s02 port 4
session s02 header-proto l3 target-ip 192.168.1.40
session s02 ip-tos 184
session s02 local-udp-port 57343
session s02 target-udp-port 57343

Note
0xb8 (= decimal 184) is the highest priority value for ToS.
0x0 (= decimal 0) is the lowest priority value for ToS, and is the default
value.
For SL mapping details, refer to Chapter 13: Quality of Service
(QoS).

January 2009 URL: http://www.mrv.com 455


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS910-M (B) Configuration


access-list extended acl1
rule 10
dscp eq 0xb8
action mark sl 8
!
port sl 8 21,23
!
interface vlan vif10
tag 10
ip 192.168.1.2/24
ports 1-2
access-group acl1 1
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 192.168.1.30/24 interface vif10
clock output recovered
ces traffic egress sl 8
session s01 description s01
session s01 port 4
session s01 header-proto l3 target-ip 192.168.1.10
session s01 ip-tos 184
session s01 local-udp-port 49152
session s01 target-udp-port 49152
recovery-clock session s01 controller 1
!
tdm 3
clock mode external
module-ip 192.168.1.40/24 interface vif10
clock input-ext other-slot-recovered
ces traffic egress sl 8
session s02 description s02
session s02 port 4
session s02 header-proto l3 target-ip 192.168.1.20
session s02 ip-tos 184
session s02 local-udp-port 57343
session s02 target-udp-port 5734

456 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Upgrading/Downloading
Requirements
− Connection of the OS910-M to an external FTP server having the EM9-CES image
(operative firmware)
− Connection of a craft terminal62 or TELNET station to the OS910-M.
(The baud rate of the craft terminal/TELNET station must be 9600 baud.)

Procedure
The procedure for upgrading/downloading an EM9-CES image is as follows:
1. From configure terminal mode enter tdm mode by invoking the command:
tdm SLOT-NUM
where,
SLOT-NUM: Number of the slot hosting the EM9-CES.
2. Copy the EM9-CES image from the FTP server to the OS910-M by invoking the
command:
copy tdm-ver ftp FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
where,
FTP-SERVER: Host name or IP address of the FTP server containing the
image to be downloaded.
REMOTE-DIR: Full path to the directory containing the image on the FTP
server.
REMOTE-FILENAME: Name of the image file in the directory
USERNAME: Name of user authorized to access the FTP server.
PASSWORD: Password for accessing the FTP server.
Example
OS910-M# configure terminal
OS910-M(config)# tdm 2
OS910-M(config-tdm2)# copy tdm-ver ftp 192.32.32.32 versions CMX1624-v18.bin Tarzan
MyPassword

sudo /usr/local/nbase/bin/copy_tdmver.sh 192.32.32.32 versions CMX1624-v18.bin Tarzan


MyPassword
Check route to 192.32.32.32
Netmask = 255.255.255.0
FTP file versions/CMX1624-v18.bin from 192.32.32.32 user Tarzan password MyPassword ...
FTP Succeed
OS910-M(config-tdm2)#

In the above example:


Number ‘2’ in the prompt ‘OS910-M(config-tdm2)#’ signifies that the E1/T1 CES module
to which the image will be downloaded is in slot 2 of the OS910-M.
To verify that the E1/T1 CES E1/T1 CES module image has been copied from the FTP
server to the OS910-M, invoke the command:
show module firmware-download-info

62
Asynchronous ASCII terminal, e.g., VT100 terminal capable of operating with the Serial/RS-232 protocol

January 2009 URL: http://www.mrv.com 457


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS910-M(config-tdm2)# show module firmware-download-info

SW version file of TDM module is stored in the switch : CMX1624-v18.bin


SW version is running on the TDM module : CMX1624-R01.00.00_D017.bin
TFTP server IP : 0.0.0.0
OS910-M(config-tdm2)#

In the above example:


‘SW version file of TDM module is stored in the switch’ signifies that the image has
been copied to the OS910-M. ‘CMX1624-v18.bin’ is the name of the copied image file.
‘SW version is running on the TDM module ...’ signifies the image version currently
running.
3. Copy the EM9-CES image from the OS910-M to the EM9-CES Flash memory by invoking
the command:
sw-dnld FILENAME
where,
FILENAME: Name of the image file
Example
OS910-M(config-tdm2)# sw-dnld CMX1624-v18.bin
The download process of the TDM module (slot 2) started.
........................................................
........................................................
TDM module restarted after downloaded.
The TDM module download process is finished.

OS910-M(config-tdm2)#

At the end of the download process the EM9-CES is automatically reset and run with the
new image.
4. Clear the EM9-CES image from the OS910-M by invoking the command:
remove firmware-download-file
Example
OS910-M(config-tdm2)#remove firmware-download-file
OS910-M(config-tdm2)#

458 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 31: E1/T1 CES Module

Product Specification
E1 Port
Purpose Connection to E1 voice lines
Data Rate 2.048 Mbps
Line Code HDB3, AMI
Receive Level 0 to –43 dB, 0 to –12 dB
Connector RJ45 female 8-pin shielded connector

T1 Port
Purpose Connection to T1 voice lines
Data Rate 1.544 Mbps
Line Code B8ZS, AMI
Receive Level 0 to –36 dB, 0 to –15 dB
Connector RJ45 female 8-pin shielded connector

External Clock Port


Purpose Connection to external clock source
Connector Type SMB jack
Cabling
1000Base-T

Cable Type: Category 5, 4-pair, UTP or STP

Cable Impedance (max) 100 Ω

Cable Length (max): 100 m (330 ft)

Connector Type: RJ45, male, 8-pin, shielded

1000Base-X

Cable Type: Duplex, Multimode, 1310 nm, up to 2 km

Cable Length (max): 100 m (330 ft)

Connector Type: RJ45, male, 8-pin, shielded

External Clock

Cable Type RG-174

Cable Impedance 50 Ω

Cable Length (max) 5 m (16.5 ft)

Cable Connector SMB male

Protocols
Circuit Emulation SAToP, CESoPSN, CESoETH MEF-8/3

TDM Traffic SAToP structure agnostic

CESoPSN structured & unstructured

CESoETH structured & unstructured

January 2009 URL: http://www.mrv.com 459


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Fractional DS0 granularity

Signaling CAS relay as per the CES standards

Clocking Adaptive

Internal, external, loopback

Standards
E1 ITU-T Rec. G.703, G.704, G.823

T1 AT&T TR-6241/ITU-T Rec. G.703, G.704, ANSI T1.403, G.824

Framing
E1 CRC4 MF, CAS MF

T1 D4 (SF), ESF

460 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

Chapter 32: IGMP IP Multicast

Terminology
General Query: Message sent by an OS900 to learn which groups have members on an
attached network.
Group-specific Query: Message sent by an OS900 to learn if a particular group has members
on an attached network.
Membership Report: Message sent by a client (e.g., switch):
Requesting to join a multicast group, or
In response to a query (general or group-specific).
Leave: Message sent when a client attempts to terminate the service provided.
Querier Port State: The capability of an OS900 port to assume either of the following values:
Querier Port – Sends queries.
Non-Querier Port – Does not send queries.
A value of a querier port state can be changed in dynamic mode (default
mode) or static mode.
In dynamic mode, the value is assigned to the querier port state
according to the rules stated in RFC 2236. In this mode, the default value
of querier port state is Querier Port.
In static mode, the value is assigned to the querier port state by the user
with the aid of a CLI command.
Server Port State: The capability of an OS900 port to assume either of the following values:
Server Port – Sends membership reports.
Non-Server Port – Does not send membership reports.
A value of a server port state can be changed in dynamic mode (default
mode) or static mode.
In dynamic mode, the value assigned to the Server Port state depends
on the:
1) Result of the comparison between the OS900’s IP address and
its neighbor.
2) Value of the querier port state (Querier Port or Non-Querier Port)
of the OS900 port.
In this mode, the default value of server port state is Non-Server Port.
In static mode, the value is assigned to the server port state by the user
with the aid of a CLI command.

Definition
IGMP IP Multicast is the direction of selective IP multicast traffic (data, video, voice, etc.) to ports
belonging to a particular IP Multicast group.

Compliance
IGMP IP Multicast implementation in the OS900 complies IGMPv2 (IETC RFC 2236).

Purpose
IGMP IP Multicast has the following purposes:
• Selective Homing: Direction of selective IP traffic to intended clients only!
This has the following two advantages over the broadcast mode:

January 2009 URL: http://www.mrv.com 461


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

− IP traffic does not reach unintended clients. This is useful in respect to discretion,
billing, security, etc.
− It does not load ports that are not required to receive the IP traffic.
• Minimal Loading: Forwarding of only a single copy of the IP traffic over the network!
This has the following advantage over unicast mode: It does not send multiple copies of
the IP traffic over the network to multiple clients belonging to the same multicast group;
just one copy. This considerably reduces traffic load on the network. Thus a network could
continue to function properly even for a large number of such groups.

Applications
IP Multicast provides the most network bandwidth efficient means of source-to-destination
trafficking in one-to-many and many-to-many applications, such as for example Multimedia
(streaming media, remote education, audio/video conferencing, etc.)
Figure 48 is an example of an application of IP Multicast.

Figure 48: IP Multicast Application Example

Functions
The OS900 uses the IGMP Snooping and Proxy functions for IP multicast. IGMPv2 is superior to
IGMPv1 because it allows termination of group membership to be immediately reported by the

462 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

IGMP protocol. This capability is important for large-bandwidth multicast groups and subnets with
highly volatile group membership.
IGMP Snooping: The OS900 uses the IGMP Snooping function to examine IGMP packets
(e.g., query and report) to learn dynamically about multicast group
membership and to make forwarding decisions accordingly. The OS900
features a new level of efficient IP Multicast support by examining all IGMP
traffic in hardware at wire speed, and eliminating unwanted data streams so
that they cannot impact network or endstation performance.
IGMP Proxy: The IGMP proxy function is used by the OS900 to identify members of a
multicast group on a per-port basis, send ‘query’ messages, and sense
‘report’ (join) and ‘leave’ messages by which clients can join and leave
multicast groups. IGMP Proxy has the functionality of IGMP querier
interfaces (ports) as well as client interfaces. IGMP Proxy performs the
router part of the IGMP protocol on its client interfaces, and the client part of
the IGMP protocol on its querier interface. On receiving IP multicast data on
a querier or client interface, the OS900 forwards the data only to client
interfaces that are members of the specific multicast group. The OS900
forwards IGMP ‘report’ and ‘leave’ messages received from client interfaces
to the querier interfaces.

Principle of Operation
Port States
The setting of states to OS900 ports by IGMP (when all the ports of OS900 A and OS900 B are
set in dynamic mode) is described with the aid of the sample network in Figure 49, below. This
network was chosen for its simplicity in order to facilitate explanation of the state setting principle.

Figure 49: IP Multicast Principle-of-Operation Network Example

Query
When IGMP is enabled, all the ports of the OS900 are initially set as querier ports. When a
neighbor OS900 receives a query from any of these ports, the neighbor compares the IP address
in the query with its own. If its own IP address is lower, the port at which it received the query
remains as a querier port. If its own IP address is higher, the port at which it received the query

January 2009 URL: http://www.mrv.com 463


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

becomes a non-querier port, i.e., it will not send query packets. According to Figure 49, Port 4
remains a querier port because the Multicast Server does not send queries and therefore IP
addresses are not compared. When Port 2 receives a query from Port 4 it remains as a querier
port because the IP address of OS900 A is lower than the IP address of OS900 B. When Port 4
receives a query from Port 2 it changes its state from a querier port into a non-querier port
because the IP address of OS900 B is higher than the IP address of OS900 A. Since ports 1, 2,
and 3 are connected to clients, they will not receive queries and, therefore, will continue to remain
as querier ports.

Server
When IGMP is enabled, all the ports of the OS900 are initially set as Non-Server Ports.
In dynamic mode, when a port whose ‘server port state’ is:
− Non-Server Port changes its ‘querier port state’ from Querier Port to
Non-Querier Port, the port will change its ‘server port state’ from Non-
Server Port to Server Port.
− Server Port changes its ‘querier port state’ from Non-Querier Port to
Querier Port, the port will change its ‘server port state’ from Server Port
to Non-Server Port.
According to Figure 49, when Port 4 (after it has changed to Non-Querier Port) receives a query
from Port 2, it changes its ‘server port state’ to Server Port.
Summary:
Ports that transmit queries in the direction of multicast clients will become querier ports. Ports that
respond to a query with a report message sent in the direction of multicast servers will become
server ports.
For Figure 49, Ports 1, 2, 3, 2, and 4 become querier ports; Port 4 becomes a server port.

Leave Modes
The OS900 can be configured to respond to a client requesting to leave a multicast group in either
of the following modes:
− Regular (per the standard)
− Fast
Regular
In regular leave mode, when an OS900 receives a ‘leave’ message from a client, it sends a
‘’group-specific query’ to the client and waits until the end of the standard response time. If no
‘report’ is received from this client during this wait, the specific client is removed from the multicast
group. If a ‘report’ is received from this client during this wait, the client is retained in the multicast
group.
This mode may delay a client by a few seconds from joining another multicast group.

Fast
In fast leave mode, unlike in regular leave mode, a client can switch to another multicast group
immediately. The OS900 sends the ‘group-specific query afterward. Fast leave mode is the default
mode.

Rules
1. If dynamic mode (i.e., IGMP mode of registration) is selected for ‘querier port
state’ and ‘server port state’, mediation devices (e.g., OS900s) in any path from a
multicast server to a multicast client must have progressively higher IP addresses.
2. In static mode:
− Ports that are to direct traffic to multicast clients must be
configured as query and non-server ports.
− Ports that are to direct reports to servers must be configured as
server and non-querier ports.

464 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

IGMP does this automatically in dynamic mode (default mode) of the OS900.
3. For each port, either both ‘querier port state’ and ‘server port state’ must be set to
dynamic mode or both must be set to static state.
4. ‘no aging’ of a port of a Multicast group can be selected only for ‘fast-leave’ mode
(and not for ‘regular’).
5. If IGMP is disabled (using the command no enable in igmp mode), static
multicast entries can be viewed using the command write terminal or show
running-config in enable mode.
6. The multicast group IP address must be in the range 224.0.0.0 to
239.255.255.255.
7. To distinguish between two multicast groups, their two IP addresses must differ
from each other in their 23 LSBs.
8. A static multicast group can be created (using the command mc-group
address) if all of the following conditions are met:
− An interface with a tag matching the tag of the multicast group
(to be created) exists.
− An IP address is assigned to this interface.
− IGMP is enabled on this interface.
9. A single or a range of multicast groups is automatically deleted if any of the
following occurs:
− An interface with a tag matching the tag of the multicast group
created (using the command mc-group address) is deleted.
− The IP address of the interface is deleted.
− IGMP is disabled on the interface
10. Multicast groups must not overlap.
11. For a client to be able to receive traffic addressed to a multicast group, the client
needs to use an IP multicast support application that implements IGMP on
networks that support IGMP. (Such networks effectively eliminate multicast traffic
on segments that are not destined to receive this traffic.)
12. For a client to receive traffic addressed to a multicast group, it must be a member
of the group.
13. Traffic is sent to clients that joined the multicast group so long as there is at least
one member that has not requested to leave the group.

Usage
Entering IGMP Mode
To enter the mode in which the OS900 can be configured for IGMP multicast operation:
1. Enter configure terminal mode.
2. Invoke the command:
igmp.
Example
MRV OptiSwitch 910 version d0733-08-01-06
OS900 login: admin
Password: ******

OS900> enable
OS900# configure terminal
OS900(config)# igmp
OS900(config-igmp)#

January 2009 URL: http://www.mrv.com 465


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Enabling IGMP Multicast


To enable IGMP Multicast:
1. Enter igmp mode.
2. Invoke the command enable.
Example
OS900# configure terminal
OS900(config)# igmp
OS900(config-igmp)# enable
OS900(config-igmp)#

Disabling IGMP Multicast


By default, IGMP Multicast is disabled (for all VLAN interfaces).
To disable IGMP Multicast (for all VLAN interfaces):
1. Enter igmp mode.
2. Invoke the command:
no enable.
Example
OS900# configure terminal
OS900(config)# igmp
OS900(config-igmp)# no enable
OS900(config-igmp)#

Enabling IGMP Multicast for a VLAN Interface


To enable IGMP Multicast for a specific VLAN interface:
1. Enter the mode of the VLAN interface for which IGMP Multicast is to be enabled
(as described in the section Configuring, page 175).
2. Invoke the command:
igmp-enable.
Example
OS900(config)# interface vif7
OS900(config-vif7)# igmp-enable
OS900(config-vif7)#

Note
The command igmp-enable can enable IGMP Multicast for a VLAN
interface provided IGMP is globally enabled as described the section
IGMP Multicast, page 466.

Disabling IGMP Multicast for a VLAN Interface


By default, IGMP Multicast is disabled for an VLAN interface.
To disable IGMP Multicast for a specific VLAN interface:
1. Enter the mode of the VLAN interface for which IGMP Multicast is to be disabled.
2. Invoke the command:
no igmp-enable.
Example
OS900(config)# interface vif7
OS900(config-vif7)# no igmp-enable
OS900(config-vif7)#

466 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

Changing Query Interval


The query interval is the wait period (in seconds) between queries sent by a querier.
By default, the query interval is 60 seconds.
To change the query interval:
1. Enter igmp mode.
2. Invoke the command:
query TIME
where,
TIME = Query interval in seconds; a number selectable from the range 30 to 6000.
Example
OS900(config)# igmp
OS900(config-igmp)# query 285
OS900(config-igmp)#

Changing Aging Time


Aging time is the time the OS900 will wait for a ‘report’ from a multicast client before it removes
membership of the client port from the multicast group.
By default, the aging time for any multicast group is 60 seconds.
To change the current aging time:
1. Enter igmp mode.
2. Invoke the command:
aging TIME.
where,
TIME = Aging time (in seconds). Valid values are in the range 30 to 6000.
Example
OS900# configure terminal
OS900(config)# igmp
OS900(config-igmp)# aging 120
OS900(config-igmp)#

Preventing Aging
To prevent aging:
1. Enter igmp mode.
2. Invoke the command:
no aging.
Example
OS900# configure terminal
OS900(config)# igmp
OS900(config-igmp)# no aging
OS900(config-igmp)#

Selecting Fast Leave Mode


Fast leave mode of the OS900 enables a client to delete a multicast group immediately. By default,
the OS900 operates in fast leave mode.
To select fast leave mode:
1. Enter igmp mode.
2. Invoke the command:
fast-leave.

January 2009 URL: http://www.mrv.com 467


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900(config)# igmp
OS900(config-igmp)# fast-leave
OS900(config-igmp)#

Selecting Regular Leave Mode


Regular leave mode is complaint to IETC RFC 2236 standard. It forces a client attempting to
‘leave’ a multicast group to wait until the end of the standard response time.
When an OS900 receives a ‘leave’ message, it sends a group-specific query to determine whether
the ‘leave’ message can be ignored.
To set fast leave mode:
1. Enter igmp mode.
2. Invoke the command:
no fast-leave.
Example
OS900(config)# igmp
OS900(config-igmp)# no fast-leave
OS900(config-igmp)#

Creating Static Multicast Group(s)


The maximum number of multicast groups that can be created is 1000.
Multicast groups must not overlap.
To distinguish between two multicast groups, their two IP addresses must differ from each other in
their 23 LSBs.
A multicast group can be created if all of the following conditions are met:
− A VLAN interface with a tag matching the tag of the multicast group (to be created) exists.
(Configuration of VLAN interfaces is described in Chapter 7: Interfaces, in the section
Configuring, page 175.)
− An IP address is assigned to this interface. (Assignment of an IP address to a VLAN
interface is described in Chapter 7: Interfaces, in the section Configuring, page 175.)
− IGMP is enabled on this interface using the igmp-enable command as described in the
section Enabling IGMP Multicast for a VLAN Interface, page 466.

Single
To create a single static multicast group:
1. Enter igmp mode.
2. Invoke the command:
mc-group address GROUP-IP tag TAG ports PORTS-GROUP.
where,
GROUP-IP = IP address of multicast group. Valid IP addresses are in the range
224.0.0.0 to 239.255.255.255. (The range 224.0.0.0 to 224.0.0.255 is reserved
by IANA for use by network protocols on a local network segment. Packets with
an IP address in this range are local in scope and are not forwarded by IP
routers. As a result, the packets will not leave the local network.)
TAG = Tag of the interface containing the ports to be members of the multicast
group.
PORTS-GROUP = Group of ports to be members of the multicast group.
Example
OS900(config)# igmp
OS900(config-igmp)# mc-group address 224.1.1.5 tag 300 ports 1,2
Number of multicast groups is 1.
OS900(config-igmp)#

468 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

Multiple
To create multiple static multicast groups:
1. Enter igmp mode.
2. Invoke the command:
mc-group address FIRST-GROUP-IP last-address
LAST-GROUP-IP tag TAG ports PORTS-GROUP
where,
FIRST-GROUP-IP = Lowest IP address in the sequence of IP addresses to be
assigned to the multicast groups. Valid IP addresses are in the range 224.0.0.0
to 239.255.255.255.
LAST-GROUP-IP = Highest IP address in the sequence of IP addresses to be
assigned to the multicast groups.
TAG = Tag of the interface containing the ports to be members of the multicast
groups.
PORTS-GROUP = Group of ports to be members of the multicast groups.
Example
OS900(config)# igmp
OS900(config-igmp)# mc-group address 225.1.2.1 last-address 225.1.3.15 tag 10 ports 4
Number of multicast groups is 271.
OS900(config-igmp)#

Deleting Static Multicast Group(s)


A single or a range of multicast groups is automatically deleted if any of the following occurs:
− An interface with a tag matching the tag of the multicast group created (using the
command mc-group address) is deleted.
− The IP address of the interface is deleted.
− IGMP is disabled on the interface

Single
To delete a single static multicast group:
1. Enter igmp mode.
2. Invoke the command:
no mc-group address GROUP-IP tag TAG ports PORTS-GROUP.
where,
GROUP-IP = IP address of multicast group.
TAG = Tag of the interface containing the ports that are members of the
multicast group.
PORTS-GROUP = Group of ports that are members of the multicast group.
Example
OS900(config)# igmp
OS900(config-igmp)# no mc-group address 224.1.1.5 tag 300 ports 1,2
OS900(config-igmp)#

Multiple
To delete multiple static multicast groups:
1. Enter igmp mode.
2. Invoke the command:
no mc-group address FIRST-GROUP-IP last-address
LAST-GROUP-IP tag TAG ports PORTS-GROUP
where,
FIRST-GROUP-IP = Lowest IP address in the sequence of IP addresses
assigned to the multicast groups.

January 2009 URL: http://www.mrv.com 469


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

LAST-GROUP-IP = Highest IP address in the sequence of IP addresses


assigned to the multicast groups.
TAG = Tag of the interface containing the ports that are members of the
multicast groups.
PORTS-GROUP = Group of ports that are members of the multicast groups.
Example
OS900(config)# igmp
OS900(config-igmp)# no mc-group address 225.1.2.1 last-address 225.1.3.15 tag 10 ports 4
OS900(config-igmp)#

Setting Querier Port State in Dynamic Mode


In dynamic mode (default mode), a ‘querier port state’ can set to Non-Querier Port or Querier Port
depending on the network topology.
To set dynamic ‘querier port state’ for any port:
1. Enter igmp mode.
2. Invoke the command:
port querier dynamic PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set in dynamic ‘querier port state’.
all = All ports to be set in dynamic ‘querier port state’.
The default value of ‘querier port state’ in dynamic mode is Querier Port.
Example
OS900(config)# igmp
OS900(config-igmp)# port querier dynamic 2-4
OS900(config-igmp)#

Setting Server Port State in Dynamic Mode


In dynamic mode (default mode), a ‘server port state’ port can set to Non-Server Port or Server
Port depending on the network topology.
To set dynamic ‘server port state’ for any port:
1. Enter igmp mode.
2. Invoke the command:
port server dynamic PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set in dynamic ‘server port state’.
all = All ports to be set in dynamic ‘server port state’.
The default value of ‘server port state’ in dynamic mode is Non-Server Port.
Example
OS900(config)# igmp
OS900(config-igmp)# port server dynamic 1-3
OS900(config-igmp)#

Setting Querier Port State in Static Mode


‘Querier port state’ in static mode can be changed or freed to change only by the user.
‘Querier port state’ of a port may be changed from dynamic mode to static mode by setting either
one of the following values to the port:
− Querier Port
− Non-Querier Port

Querier Port
To set static ‘Querier Port’ to a port:

470 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

1. Enter igmp mode.


2. Invoke the command:
port querier static PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set to static Querier Port.
all = All ports to be set to static Querier Port.
Example
OS900(config)# igmp
OS900(config-igmp)# port querier static 2-4
OS900(config-igmp)#

Non-Querier Port
To set static ‘Non-Querier Port’ to a port:
1. Enter igmp mode.
2. Invoke the command:
port not-querier static PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set to static Non-Querier Port.
all = All ports to be set to static Non-Querier Port.
Example
OS900(config)# igmp
OS900(config-igmp)# port not-querier static 1,2
OS900(config-igmp)#

Setting Server Port State in Static Mode


‘Server port state’ in static mode can be changed or freed to change only by the user.
‘Server port state’ of a port may be changed from dynamic mode to static mode by setting either
one of the following values to the port:
− Server Port
− Non-Server Port

Server Port
To set static ‘Server Port’ to a port:
1. Enter igmp mode.
2. Invoke the command port server static PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set to static Server Port.
all = All ports to be set to static Server Port.
Example
OS900(config)# igmp
OS900(config-igmp)# port server static 3,4
OS900(config-igmp)#

Non-Server Port
To set static Non-Server Port to a port:
1. Enter igmp mode.
2. Invoke the command:
port not-server static PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set to static Non-Server Port.
all = All ports to be set to static Non-Server Port.

January 2009 URL: http://www.mrv.com 471


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900(config)# igmp
OS900(config-igmp)# port not-server static 2-4
OS900(config-igmp)#

Viewing IGMP Settings


To view the current IGMP settings:
1. Enter igmp mode.
2. Invoke the command:
show
Example
OS900(config)# igmp
OS900(config-igmp)# show
fast leave : Yes
query : 100
aging : 220
lastMemberQueryInterval : 10
query response : 100
report time : 10
enable : Yes
OS900(config-igmp)#

Viewing Port Modes and States


Single Port
To view the current mode and state of a single port:
1. Enter igmp mode.
2. Invoke the command:
show igmp-port PORT
where,
PORT = Number of port.
Example
OS900(config)# igmp
OS900(config-igmp)# show igmp-port 4

Ports QUERIER SERVER


-----------------------------------
5 YES (dynamic) NO (dynamic)

OS900(config-igmp)#

All Ports
To view the current modes and states of all the ports:
1. Enter igmp mode.
2. Invoke the command:
show igmp-port

472 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

Example
OS900(config)# igmp
OS900(config-igmp)# show igmp-port

Ports QUERIER SERVER


-----------------------------------
1 YES (dynamic) NO (dynamic)
2 YES (dynamic) NO (dynamic)
3 YES (dynamic) NO (dynamic)
4 YES (dynamic) NO (dynamic)

OS900(config-igmp)#

Viewing Multicast Groups


Single Entry
To view settings of one current IP multicast group:
1. Enter igmp mode.
2. Make sure that IGMP is enabled (using the command enable).
3. Invoke the command show mc-ip entry IP-ADDRESS.
where,
IP-ADDRESS = IP address of multicast group.
The headings of the entry (see example below) have following significance:
Group-IP: IP address of multicast group.
num-Ifs: Number of VLAN interfaces one or more of whose ports are members of the multicast group.
Flags: (Applies for all the VLAN interfaces.) Types of registration in the multicast groups.
Possible types are:
I = IGMP-implemented registration
S = User-implemented registration
SI or SI means that there are ports that have been registered by IGMP and ports that have been registered by
a user.
Tag: Tag of VLAN interface one or more of whose ports are in the multicast group.
Vidx: Index of multicast group.
Flags: (Applies for specific VLAN interfaces.) Type of registration in the multicast group.
Possible types are: I or S.
num-Ports: Number of ports (of the specific interface) that are members of the multicast group.
PORTs: ID of ports (of the specific interface) that are members of the multicast group.

Example
OS900(config)# igmp
OS900(config-igmp)# show mc-ip entry 225.1.1.1
Codes of the Flags: I - IGMP registration, S - Static registration.
Group-IP num-IFs Flags Tag Vidx Flags num-Ports PORTs
-----------------------------------------------------------------
225.1.1.1 2 SI
10 4097 S 4 1-3
20 4098 I 1 4
OS900(config-igmp)#

All Entries
To view settings of all current IP multicast groups:
1. Enter igmp mode.
2. Make sure that IGMP is enabled (using the command enable).
3. Invoke the command show mc-ip table.

January 2009 URL: http://www.mrv.com 473


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900(config-igmp)# show mc-ip table
Codes of the Flags: I - IGMP registration, S - Static registration.
Group-IP num-IFs Flags Tag Vidx Flags num-Ports PORTs
--------------------------------------------------------------------
225.1.1.1 3 I
50 4567 I 1 3
25 4844 I 1 1
16 4841 I 1 2
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
225.1.1.2 2 I
50 4568 I 1 3
25 4845 I 1 1
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
225.1.1.3 2 I
50 4569 I 1 3
25 4846 I 1 1
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
225.1.1.4 2 I
50 4570 I 1 3
25 4847 I 1 1
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
225.1.1.5 2 I
50 4571 I 1 3
25 4848 I 1 1
OS900(config-igmp)#
‘Group-IP‘ designates multicast group.
‘Tag‘ designates multicast interface ID.

Viewing Number of Multicast Groups and Entries


The number of multicast groups is the number of IP addresses assigned to all the multicast
groups. This is the number of IP addresses under the heading ‘Group-IP‘ in the Multicast IP table
shown in the example in section All Entries, page 473. The number of multicast groups in the
example is 5.
The number of multicast entries is the number of IP address assignments to all the multicast
interfaces. The IDs of the multicast interfaces appear under the heading ‘Tag‘ in the Multicast IP
table shown in the example in section All Entries, page 473. The number of multicast entries in the
example is 3 (for ’225.1.1.1’ due to tags 50, 25, and 16) + 1 (for ’225.1.1.2’ due to tags 50 and 25)
+ 1 (for ’225.1.1.3’ due to tags 50 and 25) +1 (for ’225.1.1.4’ due to tags 50 and 25) +1 (for
’225.1.1.5’ due to tags 50 and 25) = 11 (multicast entries). The maximum possible number of
multicast entries is 1020.
To view the number of current IP multicast groups:
1. Enter igmp mode.
2. Make sure that IGMP is enabled (using the command enable).
3. Invoke the command:
show mc-ip number.
Example
OS900(config-igmp)# show mc-ip number
Numbers of SW-entries: 800, HW-entries: 1000
OS900(config-igmp)#
‘SW-entries‘ designates multicast groups.
‘HW-entries‘ designates multicast entries.

474 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

Configuration
General
Setting of states to ports can be done in dynamic or static mode. In dynamic mode, IGMP sets the
states automatically. In static mode, the user sets the states. The state set to a port in static mode
can be changed or freed to change only by the user.
Dynamic mode has two advantages over static mode:
− It relieves the user of the burden of configuring each OS900 port individually in a network
that could possibly have hundreds of ports.
− It automatically (and within a few seconds) accomplishes network convergence (recovery)
when mediation devices (e.g., switches or routers) are added or removed from the
network.
Dynamic mode is the default mode.

Procedure
The detailed configuration procedure for an OS900 to operate in the IGMP multicast protocol is as
follows:
1. Create a VLAN interface that has:
a. Ports that are to be made members of a multicast group.
b. A VLAN tag.
c. An IP address.
For details, refer to Chapter 7: Interfaces, page 171.
2. Enable IGMP on the VLAN interface as described in the section Enabling IGMP
Multicast for a VLAN Interface, page 466.
3. Enable IGMP multicast as described in the section Enabling IGMP Multicast, page
466.
4. If required, create a static multicast group containing ports to be members as
described in the section Creating Static Multicast Group(s), page 468.
5. For each path from a server to a client, if an OS900 has an IP address lower than
any upstream OS900 in the path, the following must be done:
a. The port of its immediate upstream neighbor (to which it is
connected) must be set to static ‘Query Port’ (as described in the
section Querier Port, page 470).
b. Its own port must be set to static ‘Server Port’ (as described in the
section Server Port, page 471).
6. (Optional) Change the query interval as described in the section Changing Query
Interval, 467.
7. (Optional) Change the aging time as described in the section Changing Aging
Time, page 467.
8. (Optional) Change the ‘leave’ mode as described in the section Leave Modes,
464.

Example
Referring to Figure 49, page 463, ‘server port state’ and ‘querier port state’ of the OS900 ports will
be correctly set in dynamic mode by IGMP since the OS900s in any path from the multicast server
to a multicast client have progressively higher IP addresses.
If, however, in a path from a multicast server to a multicast client there is an OS900 with an IP
address lower than an upstream OS900 in the path, the setting by IGMP would be incorrect.
Figure 50, below, shows OS900s with IP addresses that do not get progressively higher in all the
paths from the multicast server to the multicast clients. For e.g., in the path to C4, C5, or C6, the IP
address gets higher in going from OS900 A to OS900 B (which complies with IGMP) but gets
lower in going from OS900 B to OS900 C (which conflicts with IGMP). Accordingly, IGMP will
succeed in correctly configuring the ports for the paths from the multicast server to C1, C2, and
C3. However, IGMP will fail to correctly configure the ports for the paths to C4, C5, and C6.

January 2009 URL: http://www.mrv.com 475


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Specifically, Port 3 will set to Non-Query Port (although it is required to set to Query Port) because
the IP address of OS900 B is higher than that of OS900 C. Port 1 will set to Query Port and Non-
Server Port (although it is required to set to Server Port).
To resolve this problem, Port 3 and Port 1 have to be set statically. Port 3 must be set using the
procedure described in the section Querier Port, page 470. Port 1 must be set using the procedure
described in the section Server Port, page 471.

Figure 50: IP Multicast Configuration Network Example


The detailed configuration procedure for each OS900 in Figure 50, page 476, is given below.

OS900 A Configuration
1. Create a VLAN interface (e.g., vif10) that includes:
a. Ports 1, 2, 3, and 4
(These ports are to be members of a multicast group. Other ports
as well may be included in the VLAN interface.)
b. A VLAN tag (e.g., 30)
c. An IP address (e.g., 195.1.1.5/24).
2. Enable IGMP on the interface, as described in the section Enabling IGMP
Multicast for a VLAN Interface, page 466.
3. Enable IGMP multicast, as described in the section Enabling IGMP Multicast,
page 466.
4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and ports 2
and 4, as described in the section Creating Static Multicast Group(s), page 468.

OS900 B Configuration
1. Create a VLAN interface (e.g., vif20) that includes:

476 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

a. Ports 2, 3, and 4
(These ports are to be members of a multicast group. Other ports
as well may be included in the VLAN interface.)
b. A VLAN tag (e.g., 30)
c. An IP address (e.g., 195.3.1.7/24).
2. Enable IGMP on the interface, as described in the section Enabling IGMP
Multicast for a VLAN Interface, page 466.
3. Enable IGMP multicast, as described in the section Enabling IGMP Multicast,
page 466.
4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and port 4,
as described in the section Creating Static Multicast Group(s), page 468.
5. Set Port 3 to Query Port, as described in the section Querier Port, page 470.
6. Set Port 3 to static Non-Server Port, as described in the section Non-Server Port,
page 471.

OS900 C Configuration
1. Create a VLAN interface (e.g., vif30) that includes:
a. Ports 1, 3, 4, and 2
(These ports are to be members of a multicast group. Other ports
as well may be included in the VLAN interface.)
b. A VLAN tag (e.g., 30)
c. An IP address (e.g., 195.2.1.6/24).
2. Enable IGMP on the interface, as described in the section Enabling IGMP
Multicast for a VLAN Interface, page 466.
3. Enable IGMP multicast as described in the section Enabling IGMP Multicast, page
466.
4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and ports 3,
4, and2, as described in the section Creating Static Multicast Group(s), page 468.
5. Set port 1 to static Server Port, as described in the section Server Port, page 471.
Execution of the procedure using the OS900 CLI is as follows:

January 2009 URL: http://www.mrv.com 477


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900-A
MRV OptiSwitch 910-M version d0733-08-01-06
OS900-A login: admin
Password:

OS900-A> enable
OS900-A# configure terminal

OS900-A(config)# interface vlan vif10


OS900-A(config-vif10)# ports 1-4
OS900-A(config-vif10)# tag 30
Interface is activated.
OS900-A(config-vif10)# ip 195.1.1.5/24
OS900-A(config-vif10)# igmp-enable
OS900-A(config-vif10)# exit

OS900-A(config)# igmp
OS900-A(config-igmp)# enable

OS900-A(config-igmp)# mc-group address 234.1.8.6 tag 30 ports 2,4


Number of multicast groups is 1.
OS900-A(config-igmp)# exit

OS900-A(config-igmp)# show igmp-port 3

Ports QUERIER SERVER


-----------------------------------
3 YES (dynamic) NO (dynamic)

OS900-A(config-igmp)# show igmp-port 4

Ports QUERIER SERVER


-----------------------------------
4 YES (dynamic) NO (dynamic)

OS900-A(config-igmp)# exit
OS900-A(config)#

478 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 32: IGMP IP Multicast

OS900-B
MRV OptiSwitch 910-M version d0733-08-01-06
OS900-B login: admin
Password:

OS900-B> enable
OS900-B# configure terminal

OS900-B(config)# interface vlan vif20


OS900-B(config-vif20)# ports 2-4
OS900-B(config-vif20)# tag 30
Interface is activated.
OS900-B(config-vif20)# ip 195.1.1.7/24
OS900-B(config-vif20)# igmp-enable
OS900-B (config-vif20)# exit

OS900-B(config)# igmp
OS900-B(config-igmp)# enable

OS900-B(config-igmp)# mc-group address 234.1.8.6 tag 30 ports 4


OS900-B(config-igmp)# port querier static 3
OS900-B(config-igmp)# port not-server static 3

OS900-B(config-igmp)# show igmp-port 3

Ports QUERIER SERVER


-----------------------------------
3 YES (static) NO (static)

OS900-B(config-igmp)# exit
OS900-B(config)#

January 2009 URL: http://www.mrv.com 479


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS900-C
MRV OptiSwitch 910-M version d0733-08-01-06
OS900-C login: admin
Password:

OS900-C> enable
OS900-C# configure terminal

OS900-C(config)# interface vlan vif30


OS900-C(config-vif30)# ports 1-4
OS900-C(config-vif30)# tag 30
Interface is activated.
OS900-C(config-vif30)# ip 195.1.1.6/24
OS900-C(config-vif30)# igmp-enable
OS900-C(config-vif30)# exit

OS900-C(config)# igmp
OS900-C(config-igmp)# enable

OS900-C(config-igmp)# mc-group address 234.1.8.6 tag 30 ports 2-4

OS900-C(config-igmp)# port server static 1

OS900-C(config-igmp)# show igmp-port 1

Ports QUERIER SERVER


-----------------------------------
1 YES (dynamic) YES (static)

OS900-C(config-igmp)# show mc-ip table

Codes of the Flags: I - IGMP registration, S - Static registration.


Group-IP num-IFs Flags Tag Vidx Flags num-Ports PORTs
--------------------------------------------------------------------
234.1.8.6 1 S
30 4097 S 3 2-4
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Number of entries: 1
OS900-C(config-igmp)# exit
OS900-C(config)#

480 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

Chapter 33: Static and Dynamic


Routing
General
Routing protocols are the formulas used by routers to determine where to forward data packets. A
routing protocol determines the path and specifies how routers communicate and share
information with each other. In addition to or instead of configuring static predetermined routes,
any of various on-board routing protocols can be run to enable the network to act dynamically and
switch paths as required.
IP routing is the selection of a preferred path for forwarding packets from one IP network to
another. IP networks are logical networks, therefore associations of one or more IP networks with
an interface is possible. When a host on an IP network needs to send a data packet to a host on
another IP network, the source host sends the packet to an IP router or gateway on its local
network. The IP router forwards this packet to the destination host's network, or to an intermediary
router along the path to the destination. The packet may be handled by several intermediary
routers before it reaches the destination network.

Blackhole (Null) Routes


A blackhole (or null) route is a network route (routing table entry) that does not have a real
destination. A mechanism in the OS900 can be activated to drop packets on such routes thereby
functioning as a kind of firewall. The advantage of this type of firewall over the conventional ones is
that it adds virtually no overhead.
To activate the blackhole route mechanism:
1. Enter configure terminal mode.
2. Invoke the command:
ip route A.B.C.D A.B.C.D null [1-255]
ip route A.B.C.D/M null [1-255]
where,
A.B.C.D: (First appearance) IP destination prefix (address) of ingress packets to be
dropped.
A.B.C.D: (Second appearance) IP destination prefix mask of ingress packets to be
dropped.
For example, if the IP destination prefix is set as 3.3.3.3 and the IP destination
prefix mask is set as 255.255.255.0 then this means all hosts whose IP
addresses are in the range 3.3.3.0 to 3.3.3.255.
A.B.C.D/M: IP destination prefix (address/mask) of ingress packets to be dropped.
[1-255]: Range of distance values from which one is to be selected for this route.
Each protocol has a pre-specified distance value. For example, OSPF has the
distance value 110, Static routes have the distance value 1. A lower distance value
designates a higher priority.
To deactivate the blackhole route mechanism for a specific destination prefix:
1. Enter configure terminal mode.
2. Invoke either of the following commands:
no ip route A.B.C.D A.B.C.D null [1-255]
no ip route A.B.C.D/M null [1-255]

Static Routes
A static route is a permanent transmission path for sending data packets to another network. The
route remains in IP routing tables until either of the following occurs:

January 2009 URL: http://www.mrv.com 481


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

− The administrator deletes it.


− The interface used to reach the next hop in the static route becomes
disabled.
To configure a static route for an OS900:
1. Enter configure terminal mode.
Example
OS900> enable
OS900# configure terminal
2. Invoke the command:
ip route A.B.C.D/M A.B.C.D [1-255]
where,
A.B.C.D/M: IP destination prefix (address/mask) of an ingress packet.
Enter 0.0.0.0/0 to enable any packet whose destination address is not
present in the IP routing table to be forwarded via the IP gateway.
A.B.C.D: IP gateway address (next hop IP address)
[1-255]: Range of distance values from which one is to be selected for
this route
Example
OS900(config)# ip route ?
default-gateway Default gateway
A.B.C.D/M IP destination prefix (e.g. 10.0.0.0/8)
A.B.C.D IP destination prefix
OS900(config)# ip route 39.1.2.3/18 ?
A.B.C.D IP gateway address
INTERFACE IP gateway interface name
null Blackhole route
OS900(config)# ip route 39.1.2.3/18 44.44.44.44 ?
<cr>
<1-255> Distance value for this route
| Output modifiers
OS900(config)# ip route 39.1.2.3/18 44.44.44.44 7
OS900(config)#OS900(config)#

Dynamic Routes
A dynamic route is a temporary transmission path to another network. The route remains in IP
routing tables until the routing protocol decides on a better route.

Routing Information Protocol (RIP)


General
The size of a RIP network can be up to 15 hops. A hop is a link between two routers on differing
networks, i.e., having differing net IDs.

Configuration
RIP is used for managing routing information within a self-contained network, such as a corporate
LAN or an interconnected group of LANs. Using RIP, the router maintains a routing table and
sends it periodically to the closest neighboring routers, so that all the routers running RIP will have
the same routing information.
RIP, a distance-vector routing protocol, measures the shortest path between two points on a
network, using the hop count as a way to determine such a distance. Each host can then use the
routing information to determine where to send the packet next. The OS900 supports both RIP-I
and RIP-II, the latter includes subnet masking.
To configure an OS900 to operate with RIP protocol:
1. Enter configure terminal mode.

482 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

Example
OS900> enable
OS900# configure terminal
OS900(config)#
2. Select RIP as the routing protocol by entering router rip mode.
Example
OS900(config)# router rip
OS900(config-rip-router)#
3. Enable RIP on the network by invoking the command:
network A.B.C.D/M
where,
A.B.C.D/M: IP prefix (network/mask), e.g., 35.0.0.0/8
Example
OS900(config-rip-router)# network 33.3.3.3/16
OS900(config-rip-router)#
4. Set the RIP version by invoking the command:
version <1-2>
where,
<1-2>: RIP versions. (Default is 2.)
Example
OS900(config-rip-router)# version 1
OS900(config-rip-router)#
5. Set a metric for redistributing routes by invoking the command:
default-metric <1-16>
where,
<1-16> Default metric
Example
OS910(config-router)# default-metric 7
OS910(config-router)#
6. Advertise the default gateway route by invoking the command:
default-information originate
Example
OS900(config-router)# default-information originate
OS900(config-router)#
7. To set the distance for a specific route, invoke the command:
distance <1-255>
where,
<1-255>: Distance
Example
OS910(config-router)# distance 5
OS910(config-router)#
8. To specify the networks to be excluded from routing updates, invoke the command:
distribute-list (prefix WORD|WORD) in|out WORD
where,
prefix WORD: Name of ACL matching a list of IP prefixes to be excluded
from routing updates
WORD: (first appearance) Name of an ACL (access list, e.g., ACL1) specifying
networks to be excluded from routing updates
in: Filter (prevent) incoming routing updates
out: Filter (prevent) outgoing routing updates

January 2009 URL: http://www.mrv.com 483


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

WORD: (second appearance) ID of an existing device/interface, e.g., vif5


Example
OS910(config-router)# distribute-list ACL1 out vif5
OS910(config-router)#
9. To set the maximum number of RIP routes, invoke the command:
maximum-prefix <1-65535>
where,
<1-65535>: Maximum number of RIP routes
<1-100>: Percentage of maximum routes to generate a warning (default is
75%)
Example
OS910(config-router)# maximum-prefix 895 34
OS910(config-router)#
10. To specify the router neighbors, invoke the command:
neighbor A.B.C.D
where,
A.B.C.D: Neighbor IP address
Example
OS910(config-router)# neighbor 192.1.23.4
OS910(config-router)# neighbor 192.1.105.8
OS910(config-router)# neighbor 192.1.26.73
OS910(config-router)#
11. To suppress routing updates on one or more interface, invoke the command:
passive-interface IFNAME
where,
IFNAME: ID of an existing device/interface (e.g., vif94)
Example
OS910(config-router)# passive-interface vif10
OS910(config-router)#
12. To set the size of the buffer that receives RIP UDP packets, invoke the command:
recv-buffer-size <8192-2147483647>
where,
<8192-2147483647>: Size (in bytes) of buffer that receives RIP UDP
packets
Example
OS910(config-router)# recv-buffer-size 10000000
OS910(config-router)#
13. To enable redistribution of the router's locally connected interface routes,
invoke the command:
redistribute connected
Example
OS900(config-rip-router)# redistribute connected
OS900(config-rip-router)#
14. To enable redistribution of the router's local static routes, invoke the command:
redistribute static
Example
OS900(config-rip-router)# redistribute static
OS900(config-rip-router)#
15. To enable redistribution of the router's BGP routes, invoke the command:
redistribute bgp [metric <0-16>] [route-map WORD]
where,

484 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

<1-16> Range of metric values


WORD Name of a route-map
Example
OS910(config-router)# redistribute bgp metric 13 route-map Bongo
OS910(config-router)#
16. To enable redistribution of the router's kernel routes, invoke the command:
redistribute kernel [metric <0-16>] [route-map WORD]
where,
<1-16> Range of metric values
WORD Pointer to route-map entries
Example
OS910(config-router)# redistribute kernel metric 7 route-map Elephant
OS910(config-router)#
17. To enable redistribution of the router's OSPF routes, invoke the command:
redistribute ospf [metric <0-16>] [route-map WORD]
where,
<1-16> Range of metric values
WORD Pointer to route-map entries
Example
OS910(config-router)# redistribute ospf metric 9 route-map Pluto
OS910(config-router)#
18. To modify the RIP metric, invoke the command:
offset-list WORD in|out <0-16> IFNAME
where,
WORD Access-list name, e.g., ACL2
in: Incoming routing updates
out: Outgoing routing updates
<0-16> Range of metric values, e.g., 7
IFNAME: ID of an existing device/interface (e.g., vif6)
Example
OS910(config-router)# offset-list ACL2 out 7 vif6
OS910(config-router)#
19. To adjust the routing timers, invoke the command:
timers basic <1-2147483647> <1-2147483647> <1-2147483647>
where,
<1-2147483647> (first appearance) Routing table update timer value in
second. Default: 30
<1-2147483647> (second appearance) Routing information timeout timer.
Default: 180
<1-2147483647> (third appearance) Garbage collection timer. Default: 120
Example
OS910(config-router)# timers basic 60 300 200
OS910(config-router)#
20. To advertise a static route (for debugging purpose), invoke the command:
route A.B.C.D/M
where,
A.B.C.D/M IP prefix <network>/<length>
Example
OS910(config-router)# route 3.3.3.3/22
OS910(config-router)#

January 2009 URL: http://www.mrv.com 485


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Below is an example showing how an OS900 can be configured to operate with RIP.
OS900# configure terminal
OS900(config)# router ?
rip Routing Information Protocol (RIP)
OS900(config)# router rip
OS900(config-router)# network ?
A.B.C.D/M IP prefix <network>/<length>, e.g., 35.0.0.0/8
WORD Interface name
OS900(config-router)# network 25.3.4.7/18
OS900(config-router)# version ?
<1-2> version
OS900(config-router)# version 1
OS900(config-router)# redistribute connected
OS900(config-router)# redistribute static
OS900(config-router)#

Authentication Customization
The OS900 provides per interface authentication for RIP messages sent and received by the
router. The router reads the RIP message and, if the correct authentication string or password is
included, authenticates it. Otherwise, it drops the message. In this way, unauthorized packets are
prevented from being processed.
To activate RIP authentication for an OS900:
1. Enter configure terminal mode.
Example
OS900> enable
OS900# configure terminal
2. Enter the mode of a configured VLAN interface by invoking the command:
interface IFNAME
where,
IFNAME: Interface ID
Example
OS900(config)# interface vif3
OS900(config-vif3)#
3. Invoke the command:
ip rip authentication key-chain|mode|string LINE
where,
key-chain: Key-chain method for authentication of RIP messages to the
router
mode: Mode method for authentication of RIP messages to the router
string: String method for authentication of RIP messages to the router
LINE: Name of key-chain
Example
OS900(config-if)# ip rip authentication key-chain Key_Chain_1
OS900(config-if)#

Below is an example showing how RIP authentication can be activated for an OS900.
OS900> enable
OS900# configure terminal
OS900(config)# interface
OS900(config)# interface vif1
OS900(config-if)# ip rip authentication key-chain 22
OS900(config-if)# ip rip authentication mode Main_Floor
OS900(config-if)# ip rip authentication string 12345
OS900(config-if)#

486 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

Open Shortest Path First (OSPF)


This section is provided to enable the user to understand the basic OSPF routing principles. OSPF
is commonly used in large service provider networks or large financial institutions. The section
assumes knowledge of IP routing principles and in particular link-state routing protocols.
The section starts by covering the basic OSPF concepts. It then briefly explains why OSPF is
considered an improved routing protocol over Routing Information Protocol (RIP) by indicating how
OSPF discovers, chooses, and maintains routing tables.
A few practical scenarios, included in the section, help your complete understanding and ensure
you have all the basic OSPF routing skills to complement your understanding of how to configure
and maintain OSPF on MRV Master-OS in the OS900.

Basic OSPF
OSPF is a link-state routing protocol. Link-state protocols use the shortest path first (SPF)
algorithm to populate the routing table. OSPF shares information with every router in the network.
OSPF is considered a difficult protocol to configure and requires a thorough understanding of
terms that are commonly used. Table 19, below, describes OSPF terminology used in this section.
Table 19: OSPF Terminology

Term Meaning
Link state Information is shared between directly connected routers. This
information propagates throughout the network unchanged and is
also used to create a shortest path first (SPF) tree.
Area A group of routers that share the same area ID. All OSPF routers
require area assignments.
Autonomous system (AS) A network under a common network administration.
Cost The routing metric used by OSPF. Lower costs are always preferred.
You can manually configure the cost with the ip ospf cost
command.
Router ID Each OSPF router requires a unique router ID. It is recommended to
manually assign the router ID.
Adjacency When two OSPF routers have exchanged information between each
other and have the same topology table. An adjacency can have the
following different states or exchange states:
1. Init state – When Hello packets have been sent and
are awaiting a reply to establish 2-way communication.
2. Establish bi-directional (2-way) communication –
Accomplished by the discovery of the Hello protocol
routers and the election of a DR.
3. Exstart – Two neighbor routers form a master/slave
relationship and agree upon a starting sequence to be
incremented to ensure LSAs are acknowledged.
4. Exchange state – Database Description (DD) packets
continue to flow as the slave router acknowledges the
master's packets. OSPF is operational because the
routers can send and receive LSAs between each
other. DD packets contain information, such as the
router ID, area ID, checksum, if authentication is used,
link-state type, and the advertising router. LSA packets
contain information, such as router ID also but in
addition include MTU sizes, DD sequence numbering,
and any options.
5. Loading state – Link-state requests are sent to
neighbors asking for recent advertisements that have
not yet been discovered.
6. Full state – Neighbor routers are fully adjacent
because their link-state databases are fully
synchronized. Routing tables begin to be populated.

January 2009 URL: http://www.mrv.com 487


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Table 19: OSPF Terminology

Term Meaning
Topology table Also called the link-state table. This table contains every link in the
whole network.
Designated router (DR) This router is responsible for ensuring adjacencies between all
neighbors on a multi-access network (such as Ethernet). This
ensures all routers do not need to maintain full adjacencies with
each other.
The DR is selected based on the router priority. In a tie, the router
with the highest router ID is selected.
Backup DR A backup router designed to perform the same functions in case the
DR fails.
Link-state advertisement (LSA) A packet that contains all relevant information regarding a router's
links and the state of those links.
Priority Sets the router's priority so a DR or BDR can be correctly elected.
Router links Describe the state and cost of the router's interfaces to the area.
Router links use LSA type 1.
Summary links Originated by area border routers (ABRs) and describe networks in
the AS. Summary links use LSA types 3 and 4.
Network links Originated by DRs. Network links use LSA type 2.
External links Originated by autonomous system boundary routers (ASBRs) and
describe external or default routes to the outside (that is, non-
OSPF) devices for use with redistribution. External Links use the
LSA type 5.
Area border router (ABR) Router located on the border of one or more OSPF areas that
connects those areas to the backbone network.
Autonomous system boundary ABR located between an OSPF autonomous system and a
router (ASBR) non-OSPF network.

Before covering various OSPF scenarios, this section covers how OSPF is configured in single
and multiple OSPF areas.

Configuring Basic OSPF Parameters


Enabling OSPF requires that you create an OSPF routing process, specify the range of IP
addresses to be associated with the routing process, and assign area IDs to be associated with
that range.
1. Enter global configuration mode by invoking the following command:
configure terminal
2. Enable OSPF routing by invoking the following command:
router ospf <0-65535>
where,
<0-65535>: OSPF process ID. The process ID is an internally used identification
parameter that is locally assigned and can be any positive integer. Each OSPF
routing process has a unique value.
3. Set OSPF router ID in IP address format by invoking the following command:
router-id A.B.C.D
where,
A.B.C.D: A.B.C.D OSPF router-ID in IP address format.
4. Define an interface on which OSPF runs and the area ID for that interface by
invoking the following command:
network A.B.C.D/M area <0-4294967295>
where,

488 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

A.B.C.D/M: A.B.C.D/M OSPF network prefix. (You can use the mask to use a
single command to define one or more multiple interfaces to be associated with a
specific OSPF area. The area ID can be a decimal value or an IP address.)
The example below shows how to configure an OSPF routing process and assign it a process
number.
Example
router ospf 1
ospf router-id 0.0.0.1
network 192.168.1.0/30 area 1

Configuring Basic OSPF Parameters


You can use the ip ospf configuration commands to modify interface-specific OSPF parameters.
You are not required to modify any of these parameters, but some interface parameters (hello
,interval, dead interval, and authentication key) must be consistent across all routers in an
attached network. If you modify these parameters, make sure all routers in the network have
compatible values.
1. Enter global configuration mode by invoking the following command:
configure terminal
2. Enter VLAN interface configuration mode by invoking the following command:
interface vlan IFNAME
where,
IFNAME: Interface ID having the format vifX, where X is a decimal number in the
range 1-4095.
3. (Optional) Explicitly specify the cost of the interface by invoking the following
command:
ip ospf cost <1-65535>
where,
<1-65535>: Cost
4. (Optional) Specify the number of seconds between link state advertisement
transmissions by invoking the following command:
ip ospf retransmit-interval <3-65535>
where,
<3-65535>: IP OSPF retransmit-interval in seconds. Default: 5 seconds.
5. (Optional) Set priority to help find the OSPF designated router for a network by
invoking the following command:
ip ospf priority <0-255>
where,
<0-255>: IP OSPF priority. Default: 1.
6. (Optional) Set the number of seconds between hello packets sent on an OSPF
interface by invoking the following command:
ip ospf hello-interval <1-65535>
where,
<1-65535>: IP OSPF hello-interval <1-65535>. The value must be the same for all
nodes on a network. Default: 10 seconds.
7. (Optional) Set the number of seconds after the last device hello packet was seen
before its neighbors declare the OSPF router to be down by invoking the following
command:
ip ospf dead-interval <1-65535>
where,
<1-65535>: The range of values (in seconds). The value must be the same for all
nodes on a network. Default: 4 times the hello interval.

January 2009 URL: http://www.mrv.com 489


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

8. (Optional) Enable MD5 authentication by invoking the following command:


ip ospf message-digest-key <1-255> md5 KEY
where,
<1-255>: Key ID.
KEY: The OSPF password (key). (An alphanumeric password of up to 16 bytes.)
The example below shows how to configure OSPF hello interval, dead-interval, and cost.
Example
R1# configure terminal
R1(config)#
R1(config)# interface vif2
R1(config-vif2)#
R1(config-vif2)# ip ospf hello-interval 1
R1(config-vif2)#
R1(config-vif2)# ip ospf dead-interval 4
R1(config-vif2)#
R1(config-vif2)# ip ospf cost 1000

Configuring OSPF Area Parameters


You can optionally configure several OSPF area parameters. These parameters include
authentication for password-based protection against unauthorized access to an area, stub areas,
and not-so-stubby-areas (NSSAs). Stub areas are areas into which information on external routes
is not sent. Instead, the area border router (ABR) generates a default external route into the stub
area for destinations outside the autonomous system (AS). An NSSA does not flood all LSAs from
the core into the area, but can import AS external routes within the area by redistribution. Route
summarization is the consolidation of advertised addresses into a single summary route to be
advertised by other areas. If network numbers are contiguous, you can use the area range router
configuration command to configure the ABR to advertise a summary route that covers all
networks in the range.
1. Enable OSPF routing, and enter router configuration mode by invoking the
following command:
router ospf <0-65535>
where,
<0-65535>: OSPF process ID. The process ID is an internally used identification
parameter that is locally assigned and can be any positive integer. Each OSPF
routing process has a unique value.
2. (Optional) Allow password-based protection against unauthorized access to the
identified area by invoking the following command:
area <0-4294967295> authentication
where,
<0-4294967295>: OSPF area ID as a decimal value.
3. (Optional) Define an area as a stub area by invoking the following command:
area <0-4294967295> authentication message-digest
where,
<0-4294967295>: OSPF area ID as a decimal value.
message-digest: The no-summary keyword prevents an ABR from sending
summary link advertisements into the stub area.
4. (Optional) Define an area as a not-so-stubby-area by invoking the following
command:
area <0-4294967295> nssa [no-redistribution]|[default-
information-originate]|[no-summary]
where,
nssa: Configure OSPF area as NSSA. Every router within the same area must
agree that the area is NSSA.

490 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

<0-4294967295>: OSPF area ID as a decimal value.


no-redistribution: Do not redistribute ext. routes to the NSSA area. Select
when the router is an NSSA ABR and you want the redistribute command to import
routes into normal areas, but not into the NSSA.
default-information-originate: Originate default information to the NSSA
area. Select on an ABR to allow importing type 7 LSAs into the NSSA.
no-summary: Do not inject inter-area routes into NSSA. Select to not send
summary LSAs into the NSSA..
5. (Optional) Specify an address range for which a single route is advertised. by
invoking the following command:
area <0-4294967295> range A.B.C.D/M
where,
<0-4294967295>: OSPF area ID as a decimal value.
A.B.C.D/M: area range prefix.
Use this command only with area border routers.

Configuring Other OSPF Parameters


You can optionally configure other OSPF parameters in router configuration mode
1. Using Route Maps to Redistribute Routing Information
The OS900 can run multiple routing protocols simultaneously, and it can redistribute
information from one routing protocol to another. Redistributing information from one
routing protocol to another applies to all supported IP-based routing protocols.
You can also conditionally control the redistribution of routes between routing domains by
defining enhanced packet filters or route maps between the two domains. The match and
set route-map configuration commands define the condition portion of a route map. The
match command specifies that a criterion must be matched. The set command specifies an
action to be taken if the routing update meets the conditions defined by the match
command. Although redistribution is a protocol-independent feature, some of the match and
set route-map configuration commands are specific to a particular protocol.
a. Enter global configuration mode by invoking the following command:
configure terminal
b. Define any route maps used to control redistribution and enter route-map
configuration mode by invoking the following command:
route-map WORD (deny|permit) <1-65535>
where,
WORD: Route map tag.
deny: Route map denies set operations. If deny is specified, the route is not
redistributed.
permit: Route map permits set operations. If permit is specified and the
match criteria are met for this route map, the route is redistributed as
controlled by the set actions.
[<1-65535>]: Sequence to insert to/delete from existing route-map entry. It
indicates the position a new route map is to have in the list of route maps
already configured with the same name.
c. Match a standard access list by specifying the name or number by invoking
one of the following commands:
match ip address WORD
where,
WORD: IP access-list name.
match ip address prefix-list WORD
where,
WORD: IP prefix-list name.
d. Match a next-hop router address passed by one of the access lists specified
by invoking one of the following commands:

January 2009 URL: http://www.mrv.com 491


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

match ip next-hop WORD


where,
WORD: IP access-list name.
match ip next-hop prefix-list WORD
where,
WORD: IP prefix-list name.
e. Match the specified interface by invoking the following command:
match interface IFNAME
where,
IFNAME: Interface ID having the format vifX, where X is a decimal number
in the range 1-4095.
f. Match the specified route-type by invoking the following command:
match route-type external (type-1| type-2)
where,
external: OSPF External route type. (Type 1 or Type 2) external routes.
type-1: Match OSPF External Type 1 metrics.
type-2: Match OSPF External Type 2 metrics.
The following example shows setting of static routes with Router-map.
Create access-list ZebOS
Example
R1(config)# access-list zebos Static permit 172.29.4.10/32
R1(config)# access-list zebos Static permit 172.29.4.11/32
create route-map and match the access-list
R1(config)# route-map static permit 1
R1(config)#match ip address Static
Redistribute this route-map in the router ospf as follows:
R1(config-router)# redistribute static route-map static
2. Virtual links: In OSPF, all areas must be connected to a backbone area. You can
establish a virtual link in case of a backbone-continuity break by configuring two
Area Border Routers as endpoints of a virtual link. Configuration information
includes the identity of the other virtual endpoint (the other ABR) and the non-
backbone link that the two routers have in common (the transit area). Virtual links
cannot be configured through a stub area.
3. Default route: When you specifically configure redistribution of routes into an OSPF
routing domain, the route automatically becomes an autonomous system boundary
router (ASBR). You can force the ASBR to generate a default route into the OSPF
routing domain.
4. Administrative distance is a rating of the trustworthiness of a routing information
source, an integer between 0 and 255, with a higher value meaning a lower trust
rating. An administrative distance of 255 means the routing information source
cannot be trusted at all and should be ignored. OSPF uses three different
administrative distances: routes within an area (inter-area), routes to another area
(inter-area), and routes from another routing domain learned through redistribution
(external). You can change any of the distance values.
5. Passive interfaces: If a specific network should be taken for OSPF calculations,
however the router shouldn’t send hello packets on this network interface, this
interface should be configured as passive.
6. Route calculation timers: You can configure the delay time between when OSPF
receives a topology change and when it starts the shortest path first (SPF)
calculation and the hold time between two SPF calculations.
a. Enter global configuration mode by invoking the following command:
configure terminal
b. Enable OSPF routing, and enter router configuration mode by invoking the
following command:

492 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

router ospf <0-65535>


where,
<0-65535>: OSPF process ID. The process ID is an internally used
identification parameter that is locally assigned and can be any positive
integer. Each OSPF routing process has a unique value.
c. (Optional) Specify an address and IP subnet mask for redistributed routes so
that only one summary route is advertised by invoking the following
command:
summary-address A.B.C.D/M
where,
A.B.C.D/M: Summary prefix designated for a range of addresses.
d. (Optional) Establish a virtual link and set its parameters by invoking the
following command:
area <0-4294967295> virtual-link A.B.C.D [dead-interval <1-
65535>] [hello-interval <1-65535>] [retransmit-interval <1-
65535>] [transmit-delay <1-65535>] [authentication-key
AUTH_KEY] [authentication AUTH_KEY] [message-digest-key
authentication-key AUTH_KEY]
where,
<1-65535>: (First appearance) Dead router detection time in seconds.
<1-65535>: (Second appearance) Hello packet interval in seconds.
<1-65535>: (Third appearance) LSA retransmit interval in seconds.
<1-65535>: (Fourth appearance) LSA transmission delay in seconds.
AUTH_KEY: Authentication key (up to 8 characters).
e. (Optional) Force the ASBR to generate a default route into the OSPF routing
domain by invoking the following command:
default-information originate [always] [metric <0-16777214>]
[metric-type 1|2] [route-map WORD]
where,
always: Always advertise default route.
<0-16777214>: OSPF metric.
1: Set OSPF External Type 1 metrics.
2: Set OSPF External Type 2 metrics.
WORD: Pointer to route-map entries.
f. (Optional) Change the OSPF distance values by invoking the following
command:
distance ospf (external <1-255>)|(inter-area <1-
255>)|(intra-area <1-255>)
where,
<1-255>: (First appearance) Distance for external routes. Default: 110.
<1-255>: (Second appearance) Distance for inter-area routes. Default: 110.
<1-255>: (Third appearance) Distance for intra-area routes. Default: 110.
g. (Optional) Suppress the sending of hello packets through the specified
interface by invoking the following command:
passive-interface IFNAME
where,
IFNAME: Interface ID having the format vifX, where X is a decimal number
in the range 1-4095.
h. Delay between receiving a change to SPF calculation by invoking the
following command:
timers spf <0-4294967295> <0-4294967295>
where,

January 2009 URL: http://www.mrv.com 493


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

<0-4294967295>: (First appearance) Delay between receiving a change to


SPF calculation.
<0-4294967295>: (Second appearance) Hold time between consecutive
SPF calculations.

Monitoring OSPF
You can display specific statistics such as the contents of IP routing tables, caches, and
databases.
Command Purpose
show ip ospf <0-65535> Display general information about OSPF
where, routing processes.
<0-65535>: OSPF process ID
show ip ospf [<0-65535>] Display lists of information related to the
database [router] [A.B.C.D] OSPF database.
where,
<0-65535>: OSPF process ID
A.B.C.D: Link State ID (as an IP
address)
show ip ospf [<0-65535>]
database [router] [self-
originate]
where,
<0-65535>: OSPF process ID
show ip ospf [<0-65535>]
database [router] [adv-router
[A.B.C.D]]
where,
<0-65535>: OSPF process ID
A.B.C.D: Advertising router IP
address
show ip ospf [<0-65535>]
database [network] [A.B.C.D]
where,
<0-65535>: OSPF process ID
A.B.C.D: Link State ID (as an IP
address)
show ip ospf [<0-65535>]
database [summary] [A.B.C.D]
where,
<0-65535>: OSPF process ID
A.B.C.D: Link State ID (as an IP
address)
show ip ospf [<0-65535>]
database [asbr-summary]
[A.B.C.D]
where,
<0-65535>: OSPF process ID
A.B.C.D: Link State ID (as an IP
address)
show ip ospf [<0-65535>]
database [external] [A.B.C.D]
where,
<0-65535>: OSPF process ID

494 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

A.B.C.D: Link State ID (as an IP


address)
show ip ospf [process-id area-
id] database [database-summary
show ip ospf border-routes Display the internal OSPF routing ABR and
ASBR table entries.
show ip ospf interface Display OSPF-related interface information
[INTERFACE]
where,
INTERFACE: Interface ID having the
format vifX, where X is a decimal
number in the range 1-4095.
show ip ospf neighbor Display OSPF interface neighbor information
[interface A.B.C.D]
where,
A.B.C.D: Interface IP address.
show ip ospf virtual-links Display OSPF-related virtual links
information.

Configuring OSPF in a Single Area


When configuring any OSPF router, you must establish which area assignment to enable the
interface for. OSPF has some basic rules when it comes to area assignment. OSPF must be
configured with areas. The backbone area 0, or 0.0.0.0, must be configured if you use more than
one area assignment. You can configure OSPF in one area; you can choose any area, although
good OSPF design dictates that you configure area 0.
To enable OSPF on a OS900 and advertise interfaces, do the following:
1. Use the command router ospf with a process ID to start OSPF.
2. Assign the router ID.
3. Use the network command to enable the interfaces.
4. Identify area assignments.
Example 1 displays OSPF with a process ID of 1 and places all interfaces configured with an IP
address in area 0. The network command network 192.168.1.0/30 (255.255.255.252)
area 0 .
Example 1: Configuring OSPF in a Single Area
router ospf 1
ospf router-id 0.0.0.1
network 192.168.1.0/30 area 0
The following is a list of reasons OSPF is considered a better routing protocol than RIP:
• OSPF has no hop count limitations. (RIP has 15 hops only.)
• OSPF understands variable-length subnet masks (VLSMs) and
allows for summarization.
• OSPF uses multicasts (not broadcasts) to send updates.
• OSPF converges much faster than RIP, because OSPF propagates
changes immediately.
• OSPF has authentication available. (RIPv2 does also, but RIPv1
does not.)
• OSPF allows for tagging of external routes injected by other
autonomous systems.
• OSPF configuration, monitoring, and troubleshooting have a far
greater Master OS™ tool base than RIP.

January 2009 URL: http://www.mrv.com 495


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Note
OSPF does have some disadvantages, including the level of difficulty
and understanding required to configure, monitor, and troubleshoot it.
You can configure more than one OSPF process, but you must be
mindful that the SPF calculations associated with multiple OSPF
processes can consume a considerable amount of CPU and memory.

Scenarios
The following scenarios are designed to draw together and further explore the content described
earlier in this section and some of the content you have seen in your own networks or practice
labs. There is not always one right way to accomplish the tasks presented, and using good
practice and defining your end goal are important in any real-life design or solution.
Scenario 1: Configuring OSPF in a Single Area
In this scenario, you configure two OS900s for OSPF routing using a variable Class network.
Figure 51, below, shows the IP addressing and area assignments for Routers R1 and R2.

Figure 51: Basic OSPF


Configure R1 for OSPF first. Assign all interfaces with the area assignment 1. Note that this
scenario uses VLSM. Use the network command and match the IP subnet exactly. Example 2
displays the OSPF configuration performed on R1.

Note
Routers R1 and R2 reside in one area; so, in fact, you could apply the
one Master OS™ command to enable all interfaces configured with an
IP address in the range 131.108.0.0 through 131.108.255.255 with the
command network 131.108.0.0 0.0.255.255 area 1.

Example 2: R1 OSPF Configuration


router ospf 1
ospf router-id 0.0.0.1
network 1.1.1.1/32 area 1
network 140.1.1.0/25 area 1
network 140.1.1.128/25 area 1
network 140.1.2.0/27 area 1
network 192.168.1.0/30 area 1
!
Example 3 displays the OSPF configuration performed on R2.
Example 3: R2 OSPF Configuration
router ospf 2
ospf router-id 0.0.0.2
network 2.2.2.1/32 area 1
network 130.1.1.0/25 area 1
network 130.1.1.128/25 area 1
network 130.1.2.0/27 area 1
network 192.168.1.0/30 area 1
!

496 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

Note
R1 has a process ID of 1 and R2 has a process ID of 2. The process ID
is locally significant only and doesn't need to match between routers.
The process ID can be any number between 1–65535.
Example 4 displays the remote networks reachable through OSPF with a cost metric of for all. The
next hop address is 192.168.1.x through Interface vif2
Example 4, which displays the IP routing table on R1.
Example: 4 R1's IP Routing Table
R1# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

O 1.1.1.1/32 [110/10] is directly connected, dummy1, 00:04:46


O> * 2.2.2.1/32 [110/11] via 192.168.1.2, vif2, 00:02:25
O> * 130.1.1.0/25 [110/2] via 192.168.1.2, vif2, 00:02:25
O> * 130.1.1.128/25 [110/2] via 192.168.1.2, vif2, 00:02:25
O 140.1.1.0/25 [110/1] is directly connected, vif10, 00:04:36
O 140.1.1.128/25 [110/1] is directly connected, vif20, 00:04:36
O 192.168.1.0/30 [110/1] is directly connected, vif2, 00:04:16
Example 5: Show the IP routing table on R2
R2# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

O> * 1.1.1.1/32 [110/11] via 192.168.1.1, vif2, 00:10:25


O 2.2.2.1/32 [110/10] is directly connected, dummy1, 00:11:21
O 130.1.1.0/25 [110/1] is directly connected, vif10, 00:11:11
O 130.1.1.128/25 [110/1] is directly connected, vif20, 00:11:11
O> * 140.1.1.0/25 [110/2] via 192.168.1.1, vif2, 00:10:25
O> * 140.1.1.128/25 [110/2] via 192.168.1.1, vif2, 00:10:25
O 192.168.1.0/30 [110/1] is directly connected, vif2, 00:10:

Example 6: Show ip ospf interface vif2 on R1


R1# show ip ospf interface vif2
vif2 (ifindex = 5) is up, line protocol is up
Internet Address 192.168.1.1/30, Area 0.0.0.1
Router ID 0.0.0.1, Network Type BROADCAST, Cost: 1, TE Metric 0
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.1, Interface Address 192.168.1.1
Backup Designated Router (ID) 0.0.0.2, Interface Address 192.168.1.2
OSPF Interface MTU 1500
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 0
The cost associated with the path on the Ethernet segment is 10. Therefore, the total cost is 1000
(as advertised by R2) plus 10, which equals 1010. Another method you can use to determine the
cost with an Ethernet segment is to use the cost calculation, cost = 108 / Bandwidth = 108 / 107 =
10. Example 7 displays the full routing configuration on R1.
Example 7: R1 Full Configuration
!
Current configuration:
! version 2_1_11
!
hostname R1
!
interface vlan vif2

January 2009 URL: http://www.mrv.com 497


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

description ** Connection To R2 ***


tag 2
ip 192.168.1.1/30
ports 24
!
interface vlan vif10
description *** Client Lan Connection **
tag 10
ip 140.1.1.1/25
ports 1
!
interface vlan vif20
description *** Client Lan Connection **
tag 20
ip 140.1.1.129/25
ports 3
!
interface vlan vif30
tag 30
ip 140.1.2.1/27
ports 5
!
interface dummy dummy1
description *** LoopBack Interface ***
ip 1.1.1.1/32
!
router ospf 1
ospf router-id 0.0.0.1
network 1.1.1.1/32 area 1
network 140.1.1.0/25 area 1
network 140.1.1.128/25 area 1
network 140.1.2.0/27 area 1
network 192.168.1.0/30 area 1
!

Example 8 displays the full routing configuration on R2.


Example 8: R2 Full Configuration
hostname R2
!
interface vlan vif2
description *** Connection to R1 **
tag 2
ip 192.168.1.2/30
ports 7
!
interface vlan vif10
description *** Client Lan Connection **
tag 10
ip 130.1.1.1/25
ports 1
!
interface vlan vif20
description *** Client Lan Connection **
tag 20
ip 130.1.1.129/25
ports 3
!
interface vlan vif30
description *** Client Lan Connection **
tag 30
ip 130.1.2.1/27
ports 5

498 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

ip ospf network point-to-point


ip ospf cost 1000
!
interface dummy dummy1
ip 2.2.2.1/32
!
router ospf 2
ospf router-id 0.0.0.2
network 2.2.2.1/32 area 1
network 130.1.1.0/25 area 1
network 130.1.1.128/25 area 1
network 130.1.2.0/27 area 1
network 192.168.1.0/30 area 1
!
R2#

Now, apply the OSPF principles to a larger, more complex network in Scenario 2.
Scenario 2: Configuring OSPF in Multiple Areas
Turn your attention to a far more complex OSPF scenario and apply some of the advanced
features in OSPF.
This scenario uses four routers: R1 and R2 from scenario 1 and two new routers named R4 and
R3. Figure 52, below, displays the routers in this scenario.

Figure 52: OSPF Topology and IP Addressing


In this scenario, you add two new routers, R3 and R4, and create an additional two new areas:
Area 0 and Area 2. That makes a total of three areas: the backbone Area 0 between R3 and R4,
Area 2 covering the link between R4and R2, and Area 1 covering the Ethernets between R1 and
R2.
Routers R2 and R4 in this case are referred to area border routers (ABRs) because more than one
area is configured on each router. OSPF includes a number of different router types. Table 20,
below, displays all the possible routers types.

January 2009 URL: http://www.mrv.com 499


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Table 20: OSPF Router Types

Router type Description


Internal router This router is within a specific area only. Internal router functions
include maintaining the OSPF database and forwarding data to other
networks. All interfaces on internal routers are in the same area.
Area border router ABRs are responsible for connecting two or more areas. ABRs contain
(ABR) the full topological database of each area they are connected to and
send this information to other areas.
Autonomous system ASBRs connect to the outside world or perform some form of
border router (ASBR) redistribution into OSPF.
Backbone router Backbone routers are connected to area 0, also know as area 0.0.0.0.
Backbone routers can be internal routers and ASBRs.

In Figure 52, above, R1 is an internal router; R2 is an ABR; R4 is a backbone router and ABR, and
R3 is a backbone router.
Router R1 requires no configuration change, but you need to modify R2 and enable OSPF on R3
and R4. Example 9 displays the modifications required on R2.
Remember that you have a link to R4, so you need to set IP addressing.
The following example shows configuration of R2 as ABR.
Example 9: Enable OSPF on R4 with Process ID 6
R2(config)# router ospf 2
R2(config-router)# network 141.108.10.0/30 area 2
Now, enable OSPF on R3 and R4. Notice the IP addressing in Figure 52, above, has a mixture of
the Class B networks 131.108.0.0 and 141.108.0.0 with different subnets.
Hence, this scenario uses VLSM extensively to illustrate the capability of OSPF to handle VLSM.
To enable OSPF on R4, start the OSPF process with the process ID 4 and enable the interfaces to
advertise the networks as displayed by Example 10.
Example 10: Enable OSPF on R4 with Process ID 4
router ospf 4
ospf router-id 0.0.0.4
network 4.4.4.1/32 area 0
network 130.108.9.0/25 area 0
network 130.108.9.128/25 area 0
network 130.108.12.0/24 area 0
network 141.108.10.0/30 area 2
network 192.168.2.0/30 area 0

Similarly, Example 11 displays the OSPF configuration required on R3.


Example 11: Enable OSPF on R3
router ospf 3
ospf router-id 0.0.0.3
network 3.3.3.1/32 area 0
network 141.1.1.0/25 area 0
network 141.1.1.128/25 area 0
network 141.1.2.0/27 area 0
network 192.168.2.0/30 area 0

Now that OSPF is configured on all four routers, examine the routing table on the backbone
network to ensure that all networks are routable. Example 12 displays the IP routing table on R4.
Example 12: IP Routing Table on R4
R4# show ip route
multipath equal cost limit: 1
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

500 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

O> * 3.3.3.1/32 [110/11] via 192.168.2.2, vif2, 00:09:15


O 4.4.4.1/32 [110/10] is directly connected, dummy1, 00:09:25
C> * 4.4.4.1/32 is directly connected, dummy1
O 130.108.9.0/25 [110/1] is directly connected, vif10, 00:09:25
C> * 130.108.9.0/25 is directly connected, vif10
O 130.108.9.128/25 [110/1] is directly connected, vif20, 00:08:09
C> * 130.108.9.128/25 is directly connected, vif20
O 130.108.12.0/24 [110/1] is directly connected, vif30, 00:07:54
C> * 130.108.12.0/24 is directly connected, vif30
O> * 141.1.1.0/25 [110/2] via 192.168.2.2, vif2, 00:09:15
O> * 141.1.1.128/25 [110/2] via 192.168.2.2, vif2, 00:07:54
O> * 141.1.2.0/27 [110/2] via 192.168.2.2, vif2, 00:07:43
O 141.108.10.0/30 [110/1] is directly connected, vif8, 00:09:25
C> * 141.108.10.0/30 is directly connected, vif8
O 192.168.2.0/30 [110/1] is directly connected, vif2, 00:09:25
C> * 192.168.2.0/30 is directly connected, vif2
Example 12 displays the remote networks on Router R3, but not the networks from R1 or R2. For
example, the Ethernet network 140.1.1.1/24 in area 1 is not routable from R4.
Examine R3's routing table. Example 13 displays R3's IP routing table.
Example 13: R3's IP Routing Table
R3# show ip route
multipath equal cost limit: 1
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

O 3.3.3.1/32 [110/10] is directly connected, dummy1, 00:25:06


C> * 3.3.3.1/32 is directly connected, dummy1
O> * 4.4.4.1/32 [110/11] via 192.168.2.1, vif2, 00:08:04
O> * 130.108.9.0/25 [110/2] via 192.168.2.1, vif2, 00:08:04
O> * 130.108.9.128/25 [110/2] via 192.168.2.1, vif2, 00:06:57
O> * 130.108.12.0/24 [110/2] via 192.168.2.1, vif2, 00:06:42
O 141.1.1.0/25 [110/1] is directly connected, vif10, 00:24:56
C> * 141.1.1.0/25 is directly connected, vif10
O 141.1.1.128/25 [110/1] is directly connected, vif20, 00:06:42
C> * 141.1.1.128/25 is directly connected, vif20
O 141.1.2.0/27 [110/1] is directly connected, vif30, 00:06:31
C> * 141.1.2.0/27 is directly connected, vif30
O> * 141.108.10.0/30 [110/2] via 192.168.2.1, vif2, 00:08:04
O 192.168.2.0/30 [110/1] is directly connected, vif2, 00:13:40
C> * 192.168.2.0/30 is directly connected, vif2

Once more, Example 13 doesn't display the networks in area 1 on Routers R1 and R2. Example
14 displays R2's IP routing table.
Example 14: R2's IP Routing Table
R2#show ip route
multipath equal cost limit: 1
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

O> * 1.1.1.1/32 [110/11] via 192.168.1.1, vif2, 00:13:44


C> * 2.2.2.1/32 is directly connected, dummy1
O 130.1.1.128/25 [110/1] is directly connected, vif20, 00:15:09
C> * 130.1.1.128/25 is directly connected, vif20
O 130.1.2.0/27 [110/1] is directly connected, vif30, 00:04:53
C> * 130.1.2.0/27 is directly connected, vif30
O> * 140.1.1.0/25 [110/2] via 192.168.1.1, vif2, 00:13:44
O> * 140.1.1.128/25 [110/2] via 192.168.1.1, vif2, 00:13:44
O 141.108.10.0/30 [110/1] is directly connected, vif8, 00:12:12
C> * 141.108.10.0/30 is directly connected, vif8

January 2009 URL: http://www.mrv.com 501


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

O 192.168.1.0/30 [110/1] is directly connected, vif2, 00:13:54


C> * 192.168.1.0/30 is directly connected, vif2
R2#

Note
Note that R2 has access to the remote networks in area 0 or on the
backbone, but not vice versa, because Router R2 is connected to area 2.

Area 2 is not partitioned from the backbone. In fact, area 2 is directly connected to the backbone
through Router R4.
Area 1 is not directly connected to the backbone. Therefore, Router R1 is missing IP networks.
The golden rule in any OSPF network is that all areas must be contiguous or all areas must be
connected to the backbone. Scenario 2 includes three areas. If an area cannot be assigned to the
backbone or is partitioned from the backbone, a virtual link is required. When designing a network,
you use a virtual link to attach areas that do not have a physical connection to the backbone or in
cases in which the backbone is partitioned, as in the example shown in Figure 52, page 499.
Figure 53, below, displays the areas and the requirement for a virtual link.

Figure 53: Area Assignments and the Virtual Link Requirement


The virtual link in this scenario is required from R2 to R4. The virtual link allows information about
area 1 to be sent to the backbone. Another solution to this problem is to change the area 1
assignment to area 2 or to connect a physical link from area 1 to the backbone.
In this scenario, configure a virtual link between R2 and R4.
To create a virtual link, you use the following command:
R4(config)# router ospf 4
R4(config-router)# area 2 virtual-link 0.0.0.2

[no] area area-id virtual-link router-id [hello-interval seconds]


[retransmit-interval seconds] [transmit-delay seconds]
[dead-interval seconds] [[authentication-key key] |
[message-digest-key keyid md5 key]]

502 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

As can be seen, this command has several options. The following is a simplification:
area area-id virtual-link router-id
The area-id is the transit network between the two partitioned areas, in this case area 2. You can
find the router-id by using the show ip ospf database command, which displays the complete
OSPF database. Example 15 shows you how to discover the router IDs on R2 and R4.
Note that the extensive amount of information typically supplied by the show ip ospf
database command is not all displayed in Example 15.
Example 15: Show ip ospf database Command on R2 and R4
R2>show ip ospf database
OSPF Router with ID (131.108.6.2) (Process ID 2)
R4>show ip ospf database
OSPF Router with ID (141.108.12.1) (Process ID 6)
You now have the information required to configure a virtual link between R3 and R4. Examples 17
and 18 display the configuration performed on Routers R2 and R4.
Example 16: Configuring a Virtual Link on R2
R2(config)#router ospf 2
R2(config-router)#area 2 virtual-link 0.0.0.2

Example 17: Configuring a Virtual Link on R4


R4(config)# router ospf 4
R4(config-router)#area 2 virtual-link 0.0.0.2
Use the show ip ospf virtual-links command on R2, demonstrated in Example 18, to
ensure that the virtual link is active.
Example 18: Show ip ospf virtual-links
R4# show ip ospf virtual-links
Virtual Link VLINK0 to router 0.0.0.2 is up
Transit area 0.0.0.2 via interface vif8
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Adajcency state Full

Example 18 displays an active link to the remote OSPF router with the ID 141.108.12.1. Now, view
the routing tables on R3 to determine whether the area 1 networks have been inserted into the IP
routing table, as demonstrated in Example 19.
Example 19: Show ip route on R3
R3# show ip route
multipath equal cost limit: 1
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

O> * 1.1.1.1/32 [110/13] via 192.168.2.1, vif2, 00:00:22


O 3.3.3.1/32 [110/10] is directly connected, dummy1, 02:05:31
C> * 3.3.3.1/32 is directly connected, dummy1
O> * 4.4.4.1/32 [110/11] via 192.168.2.1, vif2, 00:00:58
O> * 130.1.1.128/25 [110/3] via 192.168.2.1, vif2, 00:00:22
O> * 130.1.2.0/27 [110/3] via 192.168.2.1, vif2, 00:00:22
O> * 130.108.9.0/25 [110/2] via 192.168.2.1, vif2, 00:00:58
O> * 130.108.9.128/25 [110/2] via 192.168.2.1, vif2, 00:00:58
O> * 130.108.12.0/24 [110/2] via 192.168.2.1, vif2, 00:00:58
O> * 140.1.1.0/25 [110/4] via 192.168.2.1, vif2, 00:00:22
O> * 140.1.1.128/25 [110/4] via 192.168.2.1, vif2, 00:00:22
O 141.1.1.0/25 [110/1] is directly connected, vif10, 02:05:21
C> * 141.1.1.0/25 is directly connected, vif10
O 141.1.1.128/25 [110/1] is directly connected, vif20, 01:47:07
C> * 141.1.1.128/25 is directly connected, vif20
O 141.1.2.0/27 [110/1] is directly connected, vif30, 01:46:56

January 2009 URL: http://www.mrv.com 503


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

C> * 141.1.2.0/27 is directly connected, vif30


O> * 141.108.10.0/30 [110/2] via 192.168.2.1, vif2, 00:00:58
O> * 192.168.1.0/30 [110/3] via 192.168.2.1, vif2, 00:00:22
O 192.168.2.0/30 [110/1] is directly connected, vif2, 00:01:44
C> * 192.168.2.0/30 is directly connected, vif2

Router R3 discovers the remote networks from the partitioned area 1 through the virtual link
between the routers R2 and R4 as demonstrated by the IP routing table in Example 19.
Examples 20, 21, and 22 show the three configurations of routers R2, R3, and R4, respectively.
R1's configuration is unchanged from scenario 1.
Example 20: Full Configuration on R2
hostname R2
!
interface vlan vif2
description *** Connection to R1 **
tag 2
ip 192.168.1.2/30
ports 7
!
interface vlan vif8
description *** Connection To R4 **
tag 8
ip 141.108.10.1/30
ports 8
!
interface vlan vif10
description *** Client Lan Connection **
tag 10
ip 130.1.1.1/25
ports 1
!
interface vlan vif20
description *** Client Lan Connection **
tag 20
ip 130.1.1.129/25
ports 3
!
interface vlan vif30
description *** Client Lan Connection **
tag 30
ip 130.1.2.1/27
ports 5
ip ospf network point-to-point
ip ospf cost 1000
!
interface dummy dummy1
ip 2.2.2.1/32
!
router ospf 2
ospf router-id 0.0.0.2
network 2.2.2.1/32 area 1
network 130.1.1.0/25 area 1
network 130.1.1.128/25 area 1
network 130.1.2.0/27 area 1
network 141.108.10.0/30 area 2
network 192.168.1.0/30 area 1
area 2 virtual-link 0.0.0.4
!
Example 21 displays R3's full configuration.
Example 21: Full Configuration on R3
hostname R3

504 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

!
interface vlan vif2
description *** Connection to Router R4 **
tag 2
ip 192.168.2.2/30
ports 24
!
interface vlan vif10
tag 10
ip 141.1.1.1/25
ports 1
!
interface vlan vif20
tag 20
ip 141.1.1.129/25
ports 3
!
interface vlan vif30
tag 30
ip 141.1.2.1/27
ports 5
!
interface dummy dummy1
ip 3.3.3.1/32
!
router ospf 3
ospf router-id 0.0.0.3
network 3.3.3.1/32 area 0
network 141.1.1.0/25 area 0
network 141.1.1.128/25 area 0
network 141.1.2.0/27 area 0
network 192.168.2.0/30 area 0
!
R3#

Example 22 displays R4's full configuration.


Example 22: Full Configuration on R4
Building configuration...

Current configuration:
! version 2_0_10
!
hostname R4
!
interface vlan vif2
description *** Connection To R3 **
tag 2
ip 192.168.2.1/30
ports 8
!
interface vlan vif8
description *** Connection to Router R2 **
tag 8
ip 141.108.10.2/30
ports 7
!
interface vlan vif10
description *** Client Lan Connection **
tag 10
ip 130.108.9.1/25
ports 1
!

January 2009 URL: http://www.mrv.com 505


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

interface vlan vif20


tag 20
ip 130.108.9.129/25
ports 3
!
interface vlan vif30
ip 130.108.12.1/24
ports 5
!
interface dummy dummy1
ip 4.4.4.1/32
!
router ospf 4
ospf router-id 0.0.0.4
network 4.4.4.1/32 area 0
network 130.108.9.0/25 area 0
network 130.108.9.128/25 area 0
network 130.108.12.0/24 area 0
network 141.108.10.0/30 area 2
network 192.168.2.0/30 area 0
area 2 virtual-link 0.0.0.2
!
Now, you move on to learn about some common OSPF commands you can use to ensure that
remote networks are reachable.
Scenario 3: How OSPF Monitors, Manages, and Maintains Routes
In this scenario, you re-examine in detail the network in Figure 52, page 499, and discover some of
the common OSPF commands for monitoring, managing, and maintaining IP routing tables. This
scenario also looks at ways to configure OSPF to modify IP routing table entries, such as cost
metrics and DR/BDR election.
Table 21, below, displays a summary of the commands executed in this scenario.
Table 21: OSPF Commands for Monitoring, Managing, and Maintaining IP Routing Tables
Command Description
show ip ospf Displays the OSPF process and details such as OSPF process ID
and router ID.
show ip ospf Displays routers topological database.
database
show ip ospf Displays OSPF neighbors.
neighbor
show ip ospf Displays OSPF neighbors in detail, providing parameters, such as
neighbor detail neighbor address, hello interval, and dead interval.
show ip ospf Displays information on how OSPF has been configured for a given
interface interface.
ip ospf priority Interface command used to change the DR/BDR election process.
ip ospf cost Interface command used to change the cost of an OSPF interface.

Example 23 shows the output of the command show ip ospf taken from the backbone Router R3
in Figure 52, page 499. Table 22, page 507, explains how to read the most important information
contained within the output.
Scenario 2, and thus this scenario, has four routers with the following router IDs:
• R1— 0.0.0.1
• R2— 0.0.0.2
• R3— 0.0.0.3
• R4— 0.0.0.4
This information is shown in the examples that follow.

506 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

Example 23: Show ip ospf Output


R3# show ip ospf
OSPF Routing Process 3, Router ID: 0.0.0.3
Supports only single TOS (TOS0) routes
This implementation conforms to RFC2328
RFC1583Compatibility flag is disabled
MTU_ignored flag is disabled
Opaque-LSA capability is on
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Refresh timer 10 secs
Number of external LSA 0. Checksum Sum 0x0
Number of non-default external LSA 0
External LSA database is unlimited.
Traffic-Engineering advertisement: disabled
Cspf calculation: disabled
Number of areas attached to this router: 1

Area ID: 0.0.0.0 (Backbone)


Number of interfaces in this area: Total: 5, Active: 5
Number of fully adjacent neighbors in this area: 1
Area has no authentication
SPF algorithm executed 12 times
Number of LSA 14. Checksum Sum 0x75a87

Table 22: Explanation of the show ip ospf Command Output Taken from R3
Field Explanation
OSPF process Id Displays the process ID..
OSPF router Id Displays the router id in this process

Minimum LSA The amount of time that the Master OS™ waits before the SPF
interval 5
secs Minimum LSA calculation is completed after receiving an update. The minimum
arrival 1 sec LSA interval is five seconds and the minimum LSA arrival is one
second on R3.
Number of areas in Displays the number of areas configured on the local router. In
this router is 1 this example, R3 has all interfaces in the backbone, or area 0. So
only one area is displayed by this command.
Area BACKBONE(0) Displays the area the router is configured for. R3 is a backbone
router, so this output advises the area in backbone 0.
Number of interfaces Displays the number of interfaces in area 0. R3 has five
in this area is 5 interfaces in area 0 (including the dummy interface).
Area has no Displays the fact that no authentication is used on R3.
authentication

Example 24 shows the output of the command show ip ospf database taken from the backbone R3
in Figure 52, page 499. Table 23, page 508 explains how to read the most important information
contained within the output.
Example 24: Show ip ospf database Output
R3# show ip ospf database

OSPF Router process 3 with ID (0.0.0.3)

Router Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# CkSum Link count


0.0.0.2 0.0.0.2 372 0x80000005 0xa995 1
0.0.0.3 0.0.0.3 1324 0x8000000b 0x36c9 5

January 2009 URL: http://www.mrv.com 507


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

0.0.0.4 0.0.0.4 368 0x8000000e 0x1754 5

Net Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# CkSum


192.168.2.1 0.0.0.4 1795 0x80000001 0xd70e

Summary Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# CkSum Route


1.1.1.1 0.0.0.2 458 0x80000001 0x9fac 1.1.1.1/32
2.2.2.1 0.0.0.2 458 0x80000001 0x71d8 2.2.2.1/32
130.1.1.0 0.0.0.2 458 0x80000001 0xb4a0 130.1.1.0/25
130.1.1.128 0.0.0.2 458 0x80000001 0xaf25 130.1.1.128/25
140.1.1.0 0.0.0.2 458 0x80000001 0x3c0e 140.1.1.0/25
140.1.1.128 0.0.0.2 458 0x80000001 0x3792 140.1.1.128/25
140.1.2.0 0.0.0.2 458 0x80000001 0x7375 140.1.2.0/27
141.108.10.0 0.0.0.2 458 0x80000001 0xa3b5 141.108.10.0/30
141.108.10.0 0.0.0.4 936 0x80000001 0xf15c 141.108.10.0/30
192.168.1.0 0.0.0.2 458 0x80000001 0x9a58 192.168.1.0/30

Table 23: Explanation of the show ip ospf database Command

Field Explanation
OSPF Router with ID The router ID and process ID on the router
(0.0.0.3) (Process ID 3) configured by the network administrator.
Router Link States (Area 0) Displays the link-state advertisements from
connected neighbors discovered by the Hello
protocol.
Summary Net Link States (Area 0) Information displayed by ABRs.
To show you some different output, look at two more examples from Scenario 2: one from R2 and
one from R4. Example 25 displays the show ip ospf neighbor command from R2.
Example 25: Show ip ospf neighbor from R2
R2# show ip ospf neighbor

OSPF process 2:
Neighbor ID Pri State Dead Time Address Interface RXmtL
RqstL DBsmL
0.0.0.4 1 Full/Backup 00:00:36 141.108.10.2 vif8:141.108.10.1 0
0 0
0.0.0.1 1 Full/DR 00:00:30 192.168.1.1 vif2:192.168.1.2 0
0 0
0.0.0.4 1 Full/ - 00:00:39 141.108.10.2 VLINK 0 0
0 0
R2#
Router R2 has two neighbors: one across the Ethernet segment and another through the virtual
link to R4. The show ip ospf neighbor command displays the neighbor router ID and the
priority of the neighbor (both 1 in this example) as well as the DR. Notice that the DR is R1 as
seen by R2. The state of the adjacency (Full) and the dead time are displayed. The dead time is
the amount of time before the adjacency is declared dead or inactive if a Hello packet is not
received. The dead time must be the same of the adjacent router. It is advised that you
configure the dead time to be four times the hello interval. The address field displays the
remote router's IP address. In this case, the IP address assigned to R1 is The interface field
describes the outbound interface from which the neighbor was discovered. Example 26 displays
the neighbors on R4 in more detail by adding the detail parameter to the show ip ospf
neighbor command.
Example 26: Show ip ospf neighbor detail from R4
R4# show ip ospf neighbor detail
Neighbor 0.0.0.2, interface address 141.108.10.1

508 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

In the area 0.0.0.2 via interface vif8


Neighbor is dynamic (neighbor was learned via broadcast messages)
Neighbor priority is 1, State is Full, 6 state changes
DR is 141.108.10.1, BDR is 141.108.10.2
Options is 0x42 (*|O|-|-|-|-|E|-)
Dead timer due in 00:00:34
Neighbor is up for 00:18:26
Database Summary List 0
Link State Request List 0
Link State Retransmission List 0
Thread Inactivity Timer on
Thread Database Description Retransmision off
Thread Link State Request Retransmission off
Thread Link State Update Retransmission on

Neighbor 0.0.0.3, interface address 192.168.2.2


In the area 0.0.0.0 via interface vif2
Neighbor is dynamic (neighbor was learned via broadcast messages)
Neighbor priority is 1, State is Full, 6 state changes
DR is 192.168.2.1, BDR is 192.168.2.2
Options is 0x42 (*|O|-|-|-|-|E|-)
Dead timer due in 00:00:35
Neighbor is up for 00:33:27
Database Summary List 0
Link State Request List 0
Link State Retransmission List 0
Thread Inactivity Timer on
Thread Database Description Retransmision off
Thread Link State Request Retransmission off
Thread Link State Update Retransmission on
Router R4 has no adjacency across any broadcast media, such as Ethernet.
Therefore, the neighbors are all in a Full state but no DR or BDR is selected across the wide-area
network (WAN) link, because the WAN link is considered a point-to-point link. To determine what
type of OSPF network the given interface is, use the show ip ospf interface command.
Example 27 displays this command in its most basic form taken from R4. You can provide more
parameters, such as interface vif number.
Example 27: Show ip ospf interface from R4
R4# show ip ospf interface
[INTERFACE] Interface name
| Output modifiers
R4# show ip ospf interface
eth0 is down, line protocol is down
OSPF not enabled on this interface
dummy0 is down, line protocol is down
OSPF not enabled on this interface
vif2 is up, line protocol is up
Internet Address 192.168.2.1/30, Area 0.0.0.0
Router ID 0.0.0.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.4, Interface Address 192.168.2.1
Backup Designated Router (ID) 0.0.0.3, Interface Address 192.168.2.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:09
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 0
dummy1 is up, line protocol is up
Internet Address 4.4.4.1/32, Area 0.0.0.0
Router ID 0.0.0.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.4, Interface Address 4.4.4.1
No backup designated router on this network

January 2009 URL: http://www.mrv.com 509


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Neighbor Count is 0, Adjacent neighbor count is 0
Crypt Sequence Number is 0
vif10 is up, line protocol is up
Internet Address 130.108.9.1/25, Area 0.0.0.0
Router ID 0.0.0.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.4, Interface Address 130.108.9.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Neighbor Count is 0, Adjacent neighbor count is 0
Crypt Sequence Number is 0
vif20 is up, line protocol is up
Internet Address 130.108.9.129/25, Area 0.0.0.0
Router ID 0.0.0.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.4, Interface Address 130.108.9.129
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Neighbor Count is 0, Adjacent neighbor count is 0
Crypt Sequence Number is 0
vif30 is down, line protocol is down
OSPF not enabled on this interface
vif8 is up, line protocol is up
Internet Address 141.108.10.2/30, Area 0.0.0.2
Router ID 0.0.0.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State Backup, Priority 1
Designated Router (ID) 0.0.0.2, Interface Address 141.108.10.1
Backup Designated Router (ID) 0.0.0.4, Interface Address 141.108.10.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 0
R4#
Router R4 has six interfaces configured with OSPF, so you should expect details about those
interfaces. Example 27 displays all interface network types as BROADCAST. Note that because
R4 has no neighbors over the Ethernet network, no DR/BDR is elected, because there is no need.
The dead interval is four times the hello interval on all interfaces.
Now use some interface commands on the Figure 52, page 499, network to modify the behavior of
the DR/BDR election process. Start by changing the designated router in area 1 and ensure that
Router R2 becomes the DR. Example 28 displays the current DR and the configuration change on
R2 to make the priority higher than R1 by setting the priority to 255.
Example 28: Changing the IP OSPF Priority on R2
R2# show ip ospf neighbor

OSPF process 2:
Neighbor ID Pri State Dead Time Address Interface
RXmtL RqstL DBsmL
0.0.0.4 1 Full/Backup 00:00:36 141.108.10.2 vif8:141.108.1 0.1 0
0 0
0.0.0.1 1 Full/DR 00:00:30 192.168.1.1 vif2:192.168.1.2 0
0 0
0.0.0.4 1 Full/ - 00:00:39 141.108.10.2 VLINK0 0
0 0

R2(config)# interface vif2


R2(config-vif2)# ip ospf priority 255

510 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

R2# show ip ospf neighbor

OSPF process 2:
Neighbor ID Pri State Dead Time Address Interface
RXmtL RqstL DBsmL
0.0.0.4 1 Full/Backup 00:00:30 141.108.10.2 vif8:141.108.10.1 0
0 0
0.0.0.1 1 Full/DR 00:00:34 192.168.1.1 vif2:192.168.1.2 0
0 0
0.0.0.4 1 Full/ - 00:00:33 141.108.10.2 VLINK0 0
0 0

R2# show ip ospf neighbor


Neighbor ID Pri State Dead Time Address
Interface
131.108.5.1 1 FULL/DR 00:00:31 131.108.1.1
141.108.12.1 1 FULL/ - 00:00:32 141.108.10.2
Example 28 stills displays the DR as R1 and not R2 even after the configuration setting changes
the priority to 255, because the election process has already taken place and R1 is still the DR.
Example 29 displays the neighbor state as seen by R2, which is now the backup designated router
(BDR).
Example 29: Show ip ospf neighbor on R2
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address
Interface
131.108.5.1 1 FULL/BDR 00:00:34 131.108.1.1
141.108.12.1 1 FULL/ - 00:00:35 141.108.10.2
The final command in this scenario is the ip ospf cost command. You use this command to
change the cost OS900s assign by default by using the formula OSPF cost = 108 / bandwidth. This
command is not the only method you can use to change the cost. You can also use the
bandwidth command on a particular interface and let the Master-OS use the bandwidth portion of
the cost formula to calculate the new cost.

Note
You can also use the command auto-cost reference-bandwidth
referencebandwidth during the OSPF process to change the bandwidth
portion of the cost calculation. You should set this command equally
across all your routers if you choose to use it. The reference-bandwidth
is set to 108 by default.

January 2009 URL: http://www.mrv.com 511


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Table 24: Summary of OS™ Commands used in this Section

Command Purpose
show ip route ospf Displays IP routing tables.
router ospf <0-65535> Enables OSPF routing. The process ID is local to
where, the router. You can have more than one OSPF
<0-65535>: OSPF process ID. The running.
process ID is an internally used
identification parameter that is locally
assigned and can be any positive
integer. Each OSPF routing process has
a unique value.
network A.B.C.D/M area <0- Enables network advertisements out of a particular
4294967295> interface and also the routing of the same interface
where, through OSPF.
A.B.C.D/M: A.B.C.D/M OSPF network
prefix. (You can use the mask to use a
single command to define one or more
multiple interfaces to be associated with
a specific OSPF area. The area ID can
be a decimal value or an IP address.)
show ip ospf Displays the OSPF process and details, such as
OSPF process ID and router ID.
show ip ospf database Displays router's topological database.
show ip ospf neighbor Displays OSPF neighbors.
show ip ospf neighbor detail Displays OSPF neighbors in detail, providing such
parameters as neighbor address, hello interval,
and dead interval.
show ip ospf interface Displays information on how OSPF has been
configured for a given interface.
interface vlan IFNAME In configuration mode, enables you modify an
where, interface number,
IFNAME: Interface ID having the format
vifX, where X is a decimal number in
the range 1-4095.
ip ospf cost <1-65535> Interface command that changes the cost of an
where, OSPF interface.
<1-65535>: Cost
ip ospf priority <0-255> Interface command that changes the DR/BDR
where, election process.
<0-255>: IP OSPF priority. Default: 1.
ip ospf network (broadcast|non- Interface command that changes the network type.
broadcast|point-to-
multipoint|point-to-point)
show ip protocols Displays all routing protocols in use on a OS900.
hostname WORD Configures a name on a router.
where,
WORD: OS900’s network name.

512 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

Border Gateway Protocol (BGP)


General
The Border Gateway Protocol (BGP) is a routing protocol whose primary function is to designate
reachability within and between autonomous systems63. This function is performed by
exchanging routing information between routers in the network of autonomous systems. The
information is sufficient to construct a graph of AS connectivity from which routing loops can be
opened and some policy decisions at the AS level can be enforced. To characterize the set of
policy decisions that can be enforced using BGP, the rule that a BGP operating system advertise
to its peers in neighboring ASs only those routes that it itself uses has to be applied. This rule
reflects the “hop-by-hop” routing paradigm generally used throughout the current Internet. Note
that some policies cannot be supported by the “hop-by-hop” routing paradigm and thus require
techniques such as source routing to enforce them. For example, BGP does not enable one AS to
send traffic to a neighboring AS intending that the traffic take a different route from that taken by
traffic originating in the neighboring AS. On the other hand, BGP can support any policy
conforming to the “hop-by-hop” routing paradigm. Since the current Internet uses only the “hop-by-
hop” routing paradigm and since BGP can support any policy that conforms to that paradigm, BGP
is highly applicable as an inter-AS routing protocol for the current internet as well as for very large
private IP networks.
BGP runs over the reliable transport protocol TCP. This eliminates the need to implement explicit
update fragmentation, retransmission, acknowledgement, and sequencing. Any authentication
scheme used by the transport protocol may be used in addition to BGP's own authentication
mechanisms. The error notification mechanism used in BGP assumes that the transport protocol
supports a "graceful" close, i.e., that all outstanding data will be delivered before the connection is
closed.
TCP meets BGP's transport requirements and is present in virtually all commercial routers and
hosts. In the following descriptions, the phrase "transport protocol connection" can be understood
to refer to a TCP connection. BGP uses TCP port 179 for establishing its connections.
Hosts using BGP communicate using the Transmission Control Protocol (TCP) and send updated
router table information only when a host has detected a change. Only the affected part of the
routing table is sent.
The OS900 implements BGP-4, the latest BGP version. BGP-4 lets adminstrators configure cost
metrics based on policy statements.
The routers inside the autonomous network maintain two routing tables; one for IBGP and one for
EBGP.
BGP-4 makes it easy to use Classless Inter-Domain Routing (CIDR), which is a way to have more
addresses within the network than with the current IP address assignment scheme.

Configuration
To configure an OS900 to operate with BGP:
1. Enter configure terminal mode.
2. Configure VLAN interfaces with IP addresses to enable router-to-router
and router-to-networks communication.
(The procedure for configuring VLAN interfaces is given in Chapter 7:
Interfaces, page 175.)
3. Assign a BGP ID to the OS900 by invoking the command:
router bgp <1-65535>
where,

63
An Autonomous System is a set of routers under a single technical administration, using an interior gateway protocol
and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs.
Since this definition, it has become common for a single AS to use several interior gateway protocols and sometimes
several sets of metrics within an AS. The use of the term Autonomous System here stresses the fact that, even when
multiple IBGPs and metrics are used, the administration of an AS appears to other ASs to have a single coherent interior
routing plan and presents a consistent picture of what destinations are reachable through it.

January 2009 URL: http://www.mrv.com 513


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

<1-65535>: Range of BGP Router IDs for the OS900 from which one is to be
selected.
4. Assign a BGP ID to each neighbor router by invoking the command:
neighbor A.B.C.D remote-as <1-65535>
where,
A.B.C.D: Neighbor address
<1-65535>: Range of BGP Router IDs of the neighbor from which one is to
be selected.
5. Assign a BGP ID to each neighbor router by invoking the command:
neighbor A.B.C.D remote-as <1-65535>
where,
A.B.C.D: Neighbor address
<1-65535>: Range of BGP Router IDs of the neighbor from which one is to
be selected.
6. To configure an OS900 as the next hop for a BGP-speaking neighbor or
peer group, disable the next hop calculation by invoking the command:
neighbor A.B.C.D next-hop-self
where,
A.B.C.D: Neighbor address
The above command is useful in non-mesh networks where BGP neighbors might not
have direct access to other neighbors on the same IP subnet.
7. Specify the IP addresses of the OS900 interfaces connected to networks
by repeatedly invoking the command:
network A.B.C.D/M
where,
A.B.C.D/M: Interface IP address

Example
Following is an example in which the primary function of BGP is designated, namely, reachability
between and within Autonomous systems.

Figure 54: Network on which BGP is Configured


Router 1
OS900> enable

514 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

OS900# configure terminal

OS900(config)# interface vlan vif1


OS900(config-vif1)# ports 7
OS900(config-vif1)# tag 3007
Interface is activated.
OS900(config-vif1)# name R1_to_R2
OS900(config-vif1)# ip 192.168.1.1/24
OS900(config-if)# exit

OS900(config)# interface vlan vif2


OS900(config-vif2)# ports 6
OS900(config-vif2)# tag 3006
Interface is activated.
OS900(config-vif2)# name R1_to_R3
OS900(config-vif2)# ip 192.168.2.1/24
OS900(config-if)# exit

OS900(config)# interface vlan vif3


OS900(config-vif3)# ports 5
OS900(config-vif3)# tag 3005
Interface is activated.
OS900(config-vif3)# ip 192.168.10.1/24
OS900(config-if)# exit

OS900(config)# router bgp 100


OS900(config-router)# neighbor 192.168.1.2 remote-as 100
OS900(config-router)# neighbor 192.168.1.2 next-hop-self
OS900(config-router)# network 192.168.10.0/24
OS900(config-router)# neighbor 192.168.2.3 remote-as 300
OS900(config-router)#
Router 2
OS900> enable
OS900# configure terminal

OS900(config)# interface vlan vif1


OS900(config-vif1)# ports 8
OS900(config-vif1)# tag 3008
Interface is activated.
OS900(config-vif1)# name R2_to_R1
OS900(config-vif1)# ip 192.168.1.2/24
OS900(config-if)# exit

OS900(config)# interface vlan vif2


OS900(config-vif2)# ports 6
OS900(config-vif2)# tag 3006
Interface is activated.
OS900(config-vif2)# name R2_to_Net2
OS900(config-vif2)# ip 192.168.20.2/24
OS900(config-if)# exit

OS900(config)# router bgp 100


OS900(config-router)# neighbor 192.168.1.1 remote-as 100
OS900(config-router)# network 192.168.20.0/24
OS900(config-router)#

Note
The “router bgp” ID between two routers in the same Autonomous
System (AS) must be the same. This example shows the router bgp ID
as 100 between the two routers in the same AS.

January 2009 URL: http://www.mrv.com 515


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Router 3
OS900> enable
OS900# configure terminal

OS900(config)# interface vlan vif1


OS900(config-vif1)# ports 8
OS900(config-vif1)# tag 3008
Interface is activated.
OS900(config-vif1)# name R3_to_R1
OS900(config-vif1)# ip 192.168.2.3/24
OS900(config-if)# exit

OS900(config)# router bgp 300


OS900(config-router)# neighbor 192.168.2.1 remote-as 100
OS900(config-router)#

Note
The OS900 sends syslog messages on BGP state machine transitions
to "Established" or "Idle" states.
Example
2003/05/19 07:27:15 BGP : 172.28.2.2 [FSM] Hold_Timer_expired
(Established->Idle)
2003/05/19 07:29:20 BGP : 172.28.2.2 [FSM]
Receive_KEEPALIVE_message
(OpenConfirm->Established)

Virtual Router Redundancy Protocol (VRRP)


Definition
VRRP (RFC 2338) is a protocol that is used to eliminate the problem of single-point-of-failure
resulting from the failure of a statically configured gateway/router by configuring two or more
routers on a network to operate in mutual redundancy mode.

Principle of Operation
VRRP dynamically assigns responsibility to one router (Master Router) in a network to route
packets sent from the hosts in the network. The other routers in the network serve as Backup
Routers and have differing takeover priorities. VRRP routers periodically send VRRP
advertisement messages using IP multicast datagrams. A Backup Router preempts (takes over the
routing responsibility from) the Master Router only if it currently has a higher priority or if the
Master Router does not advertise within a pre-defined time interval.
A router may be set as Master Router for one network subnet and Backup Router for another as
shown in the section Example, page 517.

Configuration
To configure VRRP on an OS900:
1. For convenience, change the host name of the OS900 to a unique name by invoking the
command:
hostname WORD
where,
WORD: OS900’s host name
2. Create a VLAN interface via which the OS900 is to run VRRP, and assign an IP address to it.
(The procedure for creating VLAN interfaces is described in Chapter 7: Interfaces, page
171.)
3. In the VLAN interface mode, enter VRRP mode by invoking the command:
vrrp

516 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

4. Enable VRRP on the VLAN interface by invoking the command:


enable
5. Set up one (or more) virtual router(s)64 with virtual router IP(s) on the VLAN interface by
(repeatedly) invoking the commands in steps 5.1 to 5.3 below:
5.1. Create a Virtual Router on the VLAN interface by invoking the command:
virtual-router <1-255>
where,
<1-255>: Range of IDs for virtual routers.
5.2. Assign an IP address to the Virtual Router by invoking the command:
virtual-ip a.b.c.d
where,
a.b.c.d: IP address of virtual router
5.3. Enable the Virtual Router on the VLAN interface by invoking the command:
enable
Note
Identical Virtual Routers must be set up on each physical router (using
the commands in steps 5.1 to 5.3 above).

Other configuration parameters (using CLI commands) are optional.

Example
Network

Figure 55: Network on which VRRP is Configured


Figure 55, above, is an example of a network to which VRRP can be applied.

64
Setting up as many virtual routers as the number of physical routers enables the VRRP to share the traffic load between
the physical routers.

January 2009 URL: http://www.mrv.com 517


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Both Router-A (an OS900) and Router-B (an OS900) are attached to the same LAN (subnet), so
that they can be configured to backup each other and also run in load-sharing mode when both
routers are UP.
If Router-A fails, the VRRP makes Router-B take over and announce Router-A's IP address as its
own. Traffic meant to go via Router-A will now go via Router-B and traffic meant to go via Router-B
will continue to go through Router-B.
Two virtual routers are configured to enable the VRRP to share the traffic load between the two
physical routers (Router-A and Router-B).
Virtual Router 1 is the default gateway for W1 and W2 because its IP address is the same as the
default gateway address of W1 and W2.
Virtual Router 2 is the default gateway for W3 and W4 because its IP address is the same as the
default gateway address of W3 and W4.
Router-A is the Master Router for Virtual Router 1 because their IP address is the same.
Router-B is the Master Router for Virtual Router 2 because their IP address is the same.
As required, identical virtual routers (i.e., having the same virtual router IDs – see command in
step 5.1, page 517 – and same virtual IP addresses – see command in step 5.2, page 517) are
configured on the two physical routers.
The ID for the VLAN interfaces on both physical routers is set to vif2. Instead, different IDs could
as well have been set.
On Router-A or Router-B, the IP address for a Virtual Router is set to the same IP address as that
of the VLAN interface. This was done in order to save on an IP address. Different IP addresses
can be set provided they belong to the same subnet.
The same tag is assigned to the VLAN interface on Router-A and on Router-B. Under this
condition member ports of the VLAN interface on the routers can be all tagged, all untagged, or
some tagged and others untagged. If different tags are assigned to the two interfaces, all ports
must be untagged!

518 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 33: Static and Dynamic Routing

Configuration
Following are the CLI commands for implementing the required VRRP configuration on Router-A
and Router-B in the network shown in Figure 55, above.
Router-A

----------Changing the Name of the first OS900 to Router-A----------

OS910(config)# hostname Router-A

----------------------Creating a VLAN interface----------------------

Router-A(config)# interface vlan vif2


Router-A(config-vif2)# ports 8
Router-A(config-vif2)# tag 10
Interface is activated.

------------Assigning an IP address to the VLAN interface------------

Router-A(config-vif2)# ip 192.168.0.253/24

-----------Creating a VRRP Interface on the VLAN interface-----------

Router-A(config-vif2)# vrrp
Created VRRP interface on device vif2

-----------------Enabling VRRP on the VLAN interface-----------------

Router-A(config-if-vrrp)# enable
VRRP on vif2 is enabled.

-------Creating the first Virtual Router on the VLAN interface-------

Router-A(config-if-vrrp)# virtual-router 1
Created virtual router 1 on device vif2

---------Assigning an IP address to the first Virtual Router---------

Router-A(config-if-vrrp-vr)# virtual-ip 192.168.0.253

-------Enabling the first Virtual Router on the VLAN interface-------

Router-A(config-if-vrrp-vr)# enable
Virtual router 1 on vif2 is enabled.
Router-A(config-if-vrrp-vr)# exit

------Creating the second Virtual Router on the VLAN interface------

Router-A(config-if-vrrp)# virtual-router 2
Created virtual router 2 on device vif2

--------Assigning an IP address to the second Virtual Router--------

Router-A(config-if-vrrp-vr)# virtual-ip 192.168.0.254

------Enabling the second Virtual Router on the VLAN interface------

Router-A(config-if-vrrp-vr)# enable
Virtual router 2 on vif2 is enabled.
Router-A(config-if-vrrp-vr)# exit
Router-A(config-if-vrrp)# exit
Router-A(config-vif2)# exit
Router-A(config)#

January 2009 URL: http://www.mrv.com 519


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Router-B

----------Changing the Name of the second OS900 to Router-B----------

OS910(config)# hostname Router-B

----------------------Creating a VLAN interface----------------------

Router-B(config)# interface vlan vif2


Router-B(config-vif2)# ports 2
Router-B(config-vif2)# tag 10
Interface is activated.

------------Assigning an IP address to the VLAN interface------------

Router-B(config-vif2)# ip 192.168.0.254/24

-----------Creating a VRRP Interface on the VLAN interface-----------

Router-B(config-vif2)# vrrp
Created VRRP interface on device vif2

-----------------Enabling VRRP on the VLAN interface-----------------

Router-B(config-if-vrrp)# enable
VRRP on vif2 is enabled.

-------Creating the first Virtual Router on the VLAN interface-------

Router-B(config-if-vrrp)# virtual-router 1
Created virtual router 1 on device vif2

---------Assigning an IP address to the first Virtual Router---------

Router-B(config-if-vrrp-vr)# virtual-ip 192.168.0.253


Router-B(config-if-vrrp-vr)#

-------Enabling the first Virtual Router on the VLAN interface-------

Router-B(config-if-vrrp-vr)# enable
Virtual router 1 on vif2 is enabled.
Router-B(config-if-vrrp-vr)# exit

------Creating the second Virtual Router on the VLAN interface------

Router-B(config-if-vrrp)# virtual-router 2
Created virtual router 2 on device vif2

--------Assigning an IP address to the second Virtual Router--------

Router-B(config-if-vrrp-vr)# virtual-ip 192.168.0.254

------Enabling the second Virtual Router on the VLAN interface------

Router-B(config-if-vrrp-vr)# enable
Virtual router 2 on vif2 is enabled.
Router-B(config-if-vrrp-vr)# exit
Router-B(config-if-vrrp)# exit
Router-B(config-vif2)# exit
Router-B(config)#

520 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

Chapter 34:MultiProtocol Label


Switching (MPLS)
General
MPLS is a technology that uses labels to direct traffic (e.g., Ethernet packets) to their destination.
With MPLS it is possible to overcome the following major drawbacks of conventional routing:
• No support for traffic engineering because IP networks are
connectionless.
• Difficulty in implementing complex QoS architectures.
While overcoming the abovementioned drawbacks, MPLS has the following additional advantages:
• Scalable solution - Labels are local and several IP addresses can be
associated with one or more labels.
• Simple solution - The interior Label Switch Routers (LSRs) perform
simple label switching. Only the Label Edge Routers (LERs) perform the
more complicated task of classifying the packets into FEC65 and binding
a label.
• Lower latency - Usually label-switching is a simple task compared with
the longest prefix match and IP forwarding. The amount of per-packet
processing is reduced.
• More importantly, provides capabilities of connection-oriented
technologies, notably ATM, that include:
− Traffic engineering (optimization of network utilization, dynamic
definition of routes, resource allocation according to demand
and availability)
− QoS
− VPNs
An MPLS domain is built of LERs (Label Edge Routers) that reside at the edge of MPLS domain
and interior LSRs (Label Switch Routers) that are located within the MPLS domain – see Figure
56. The LERs need to deal with both MPLS frames and native protocol traffic while Interior LSRs
need to forward only MPLS frames.
Following are the main functions performed on a flow in an MPLS network:
1. The Ingress Label Edge Router (LER) examines each inbound packet, classifies
the packet according to a Forwarding Equivalence Class (FEC), generates an
MPLS header, and assigns (binds) initial label.
2. All the other routers inside the MPLS domain (interior LSRs) examine only the
MPLS labels in order to make forwarding decisions while performing label
switching.
3. The Egress LER removes the label and forwards the packet based on the native
protocol address.
Note
The OS900 can function as an LER and not as an LSR. The OS9000
can function as an LER or LSR. Accordingly, a complete MPLS network
can be built with OS900s as LERs and OS9000s as LSRs.

65
FEC (Forwarding Equivalence Class) is a group of IP packets which are forwarded in the same manner and over
the same path. A FEC may be associated with any class of traffic that the LER considers significant. An example of a
FEC is all traffic having a specific value of IP precedence.

January 2009 URL: http://www.mrv.com 521


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Figure 56: Traffic Flow in an MPLS Network

Label Distribution Protocol (LDP)


General
The Label Distribution Protocol (LDP) is a protocol for distributing labels among LSRs. It contains a
set of procedures and messages by which Label Switching Routers (LSRs) establish Label
Switched Paths (LSPs) through a network by mapping network-layer routing information directly to
data-link layer switched paths.
LDP associates a Forwarding Equivalence Class (FEC) [RFC3031] with each LSP it creates. The
FEC associated with an LSP specifies which packets are "mapped" to that LSP. LDP's hello
protocol is UDP-based and is sent periodically. Upon receipt of the hello, LDP establishes a TCP
session to the sender. Once established, FEC and label-binding information is exchanged.
LDP uses both UDP and TCP port 646.

Usage
A minimal LDP configuration requires the following:
• Enabling OSPF protocol that updates the routing table.
• Enabling Router LDP.
• Enabling Label switching and LDP for each interface on which LDP is to
be run.
Following is an example of how to set up an OS900 to run LDP.
To configure LDP on interface vif2:
interface vlan vif2
tag 3
ip 10.1.7.1/24
ports 26
label-switching
ldp
!
interface dummy dummy1
ip 3.3.3.3/32

522 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

!
router ospf
ospf router-id 3.3.3.3
passive-interface dummy1
network 3.3.3.3/32 area 0
network 10.1.7.0/24 area 0
!
router ldp
router-id 3.3.3.3
transport-address 3.3.3.3 0
!

Traffic Engineering (TE)


General
Traffic Engineering (TE) can be used to resolve congestion and improve network utilization.
Routing protocols usually create a single “shortest path” and all the traffic is sent through that path.
The consequence is that the “shortest path” becomes congested while at the same time “longer”
paths become underutilized. Now instead of adding more and more bandwidth to avoid
congestion, the TE approach is to “put the traffic where the bandwidth is available” see Figure 57.

Figure 57: MPLS Signaling


MPLS Traffic Engineering allows explicit routing and set-up of LSPs with bandwidth reservation. It
also provides control over how LSPs are recovered in the event of failure. Such functionality
enables value-added services like Traffic engineered VPNs, Service Level Agreements (SLA) and
Multi-media over IP solution (e.g., VoIP).
In order to implement MPLS Traffic Engineering, enhancements were added to the routing
protocols and to the MPLS signaling protocols.
The traditional routing protocol has been extended to provide explicit route selection while
maintaining predefined constraints. Examples of such constraints are bandwidth requirements,
include/exclude nodes, and include/exclude specific links. The goal of constraint-based routing is
to compute an optimal path from a given node to another under the constraints.
The enhancements to the MPLS signaling protocols to allow explicit constraint-based routing
produced the following extended protocols:
• Resource Reservation Protocol – Traffic Engineering (RSVP-TE)
• Constrained Routing enabled Label Distribution Protocol (CR-LDP).

January 2009 URL: http://www.mrv.com 523


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

The enhanced Signaling protocol can provide:


1. Coordinate label distribution
2. Explicit routes (strict & loose)
3. Bandwidth reservation
4. Class of Service
5. Preemption of existing LSPs
6. Loop prevention
7. Protection LSP
Using the above technology and protocols, the OS900 is able to provide many of the new services
that Service Providers seek to offer using TE functions. Examples are bandwidth assurance,
diverse routing, load balancing, path redundancy, preparation of alternative path for fast recovery,
and other services necessary for providing QoS.
As explained in the previous paragraph, the OS900 has the ability to create traffic engineered
LSPs called trunks66. These trunks can be created using either CR-LDP (LDP trunks) or RSVP-TE
(RSVP trunks). An important constraint that the administrator can define for a trunk is the amount
of bandwidth needed for the trunk. While the trunk is established, the bandwidth is reserved on all
the OS900s along the path. If according to the internal admission control there is not enough
bandwidth available on one of the OS900s, that trunk would either fail or replace an existing trunk
with lower priority.
After trunk creation, the rate-limit can be configured to police the traffic sent through the trunk and
to ensure it does not cross the reserved bandwidth boundary as specified in the trunk definition.

CR-LDP
Constrained-Routing LDP (CR-LDP) is LDP extended to meet Traffic Engineering requirements in
setting up routing paths. For example, an LSP can be set up based on explicit route constraints,
QoS constraints, etc.
Following is an example of a trunk configuration using CR-LDP:
The trunk allocates 10 Mbps and is destined to LER with transport address 3.3.3.3 and passes
through interior LSRs with transport addresses 1.1.1.1 and 2.2.2.2.
ldp-trunk MyTrunk
primary MyPath
bandwidth 10m
to 3.3.3.3
enable
!
ldp-path MyPath
1.1.1.1 loose
2.2.2.2 loose
!

RSVP-TE
The RSVP-TE protocol is an extension of RSVP for establishing LSPs in MPLS networks while
meeting traffic engineering requirements. RSVP allows the use of source routing where the ingress
router determines the complete path through the network. The ingress router can use CSPF
computation to determine a path to the destination, ensuring that any QoS and TE requirements
are met. The resulting path is then used to establish the LSP.
The OS900 RSVP-TE implementation provides smooth rerouting of LSPs, preemption, and loop
detection. It can be used for QoS and load balancing across the network core.
RSVP is enabled as shown below:
interface vlan vif2
tag 3
ip 10.1.5.3/24
ports 2
label-switching

66
Also called tunnels.

524 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

ldp
rsvp
!
router rsvp
!
router ospf
ospf router-id 3.3.3.3
passive-interface dummy1
network 3.3.3.3/32 area 0
network 10.1.5.0/24 area 0
network 10.1.7.0/24 area 0
te
cspf
Following is an example of a trunk configuration using RSVP-TE:
The trunk allocates 10 Mbps and is destined to LER with transport address 2.2.2.2 and passes
through interior LSRs with transport addresses 3.3.3.3.
rsvp-trunk t1
primary path p1
primary bandwidth 10m
to 2.2.2.2
!
rsvp-path p1
3.3.3.3 loose
!

Virtual Circuits
Definition
A Virtual Circuit (VC) is a point-to-point bi-directional pseudo-wire interconnection for transporting
OSI Layer-2 frames of a customer transparently. Several VCs can coexist along a single LSP trunk
like wires in a cable as shown in Figure 58.

Figure 58: VCs running through an LSP Trunk

Configuration
At each of the two VC ends (target LERs), perform the following steps:
1. Enter configure terminal mode.
2. Set the:
a. VC name.
b. VC ID.
c. IP address on the primary target LER at which the VC terminates.

January 2009 URL: http://www.mrv.com 525


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

d. (Optional) Primary RSVP trunk name. (If not specified, the OS900 selects between
LDP and RSVP-TE.)
e. (Optional) IPv4 address of the secondary target LER for dual-homing.
f. (Optional) Secondary RSVP trunk name. (If not specified, the OS900 selects
between LDP and RSVP-TE.)
g. (Optional) Group ID.
h. (Optional) Protection mode.
by invoking the following command:
mpls l2-circuit NAME <1-1000000> A.B.C.D [trunk_name TRUNKNAME]
[secondary A.B.C.D] [trunk_name TRUNKNAME] [group_id GROUP_ID]
[protected]
where,
mpls: Set MPLS VC attributes
l2-circuit: Specify an MPLS Layer-2 VC
NAME: Identifying string for MPLS Layer-2 VC. (It has local significance only.)
<1-1000000>: MPLS Layer-2 VC ID. This value is used by LDP to assign a
VC label to a packet.
A.B.C.D: IPv4 address on the target LER at which the VC terminates (LDP
transport address of target router)
trunk_name: (First appearance) Specify Primary RSVP Trunk Name
TRUNKNAME: (First appearance) Identifying string for Primary Trunk Name
secondary: Secondary peer configured for dual homed VC
A.B.C.D: IPv4 Address used for the dual-homed
trunk_name: (Second appearance) Specify Secondary Trunk Name
TRUNKNAME: (Second appearance) Identifying string for Secondary Trunk
Name
group_id: Specify group ID
GROUPID: Group identifier (arbitrary 32-bit value)
protected: Protect this VC against link failure

Note
If a VC is to go through a CR-LDP or RSVP-TE trunk, it should be
destined to the same IP destination as the trunk.

3. Select raw mode (ethernet) or tagged mode (vlan) for traffic on the VC by invoking the
following commands:
action-list NAME
where,
NAME: Action list identification up to 20 characters
mpls-action
l2-circuit NAME ethernet|vlan
where,
NAME: Identifying string for MPLS Layer-2 VC
ethernet: Raw mode (without VLAN tag)
vlan: Tagged mode (with VLAN tag)
4. Create an ACL enabling packet forwarding and specifying the VC source port by invoking
the following commands:
access-list extended WORD
where,
WORD: Access-list name

526 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

default policy permit


src-phy-port eq PORT
where,
PORT: Number of VC access port (in VC access interface – see Figure 59,
page 528).
5. Specify the IP-based VLAN Interfaces at the MPLS network edge by invoking the following
commands:
interface vlan IFNAME
where,
IFNAME: Interface ID having the format vifX, where X is a decimal number in
the range 1-4095.
tag TAG
where,
TAG: User-selectable tag (VID) for the VLAN interface. The tag can have any
value in the range 1-4095.
ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be members of the VLAN interface.
ip A.B.C.D/M
where,
A.B.C.D/M: IP address/Mask of the VLAN interface.
Valid values are up to 223.255.255.254.
223.255.255.255 is the broadcast value.
224.0.0.0 to 239.255.255.255 is the multicast range.
label-switching (enables label switching on the interface)
ldp (enables LDP on this interface)
rsvp (optional, enables RSVP instead of LDP on this interface. The command is
used when the VC is to be directed through an RSVP trunk.)
6. Specify the VLAN Interface at the non-MPLS network that includes the local VC access
port by invoking the following commands:
interface vlan IFNAME
where,
IFNAME: Interface ID having the format vifX, where X is a decimal number in
the range 1-4095.
tag TAG
where,
TAG: User-selectable tag (VID) for the VLAN interface. The tag can have any
value in the range 1-4095.
ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be members of the VLAN interface.
7. Bind the ACL to the VLAN Interface at the non-MPLS network by invoking the following
command:
access-group WORD
where,
WORD: Name of the ACL.
8. Specify the interface at which traffic will be received from the remote end of the VC by
invoking the following commands:
interface dummy IFNAME
where,
IFNAME: ID of interface/device. (The ID must have the format dummyX, where
X can be any integer in the range 1-4095, e.g., dummy3000.)

January 2009 URL: http://www.mrv.com 527


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

ip A.B.C.D/M
where,
A.B.C.D/M: IPv4 address and mask (a.b.c.d/mask)
9. Activate OSPF, and specify the router ID and network IP addresses for receiving and
transmiting VC traffic by invoking the following commands:
router ospf [<0-65535>]
where,
<0-65535>: OSPF process ID
ospf router-id A.B.C.D
where,
A.B.C.D: OSPF router ID in IP address format
router-id A.B.C.D
where,
A.B.C.D: OSPF router ID in IP address format
network A.B.C.D/M area A.B.C.D
where,
A.B.C.D/M: IP address of local interface
area: Set the OSPF area ID
A.B.C.D: OSPF area ID in IP address format
The above command must be repeated for each local interface whose attached
network is to participate in the VC – see Example, page 528.
10. Activate LDP, and specify the router ID and transport IP address at the remote end of the
VC by invoking the following commands:
router ldp
router-id A.B.C.D
where,
A.B.C.D: LDP router ID in IP address format
transport-address A.B.C.D
where,
A.B.C.D: IP Address to be used

Example
The following example demonstrates configuration of a VC between two OS900s.
At each OS900, one access and two network interfaces ( one VLAN and one dummy) are
configured. A dummy (loopback) interface is specified for each of the two ends of the VC to enable
VC traffic flow through the OS900 even if just one VLAN interface having a link to the network
exists!

Network

Figure 59: A Virtual Circuit between Two OS900s

528 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

Configuration

OS900_A
MRV OptiSwitch 910 version os900-3-0-0-d0736-03-01-08
OS910 login: admin
Password:

OS910> enable
OS910# configure terminal

-------------------------------Setting VC name and ID, and specifying the IP of its remote end-------------------------------

mpls l2-circuit vc1 20305 2.2.2.2


!

-----------------------Selecting raw mode (ethernet) or tagged mode (vlan) for traffic on the VC-----------------------

action-list ACL
mpls-action
l2-circuit vc1 ethernet
!

---------------------------------------------------------------Creating an ACL---------------------------------------------------------------

access-list extended acl1

--------------------------------------------------------Enabling packet forwarding--------------------------------------------------------

default policy permit


rule 1
action list ACL

------------------------------------------------------Specifying the VC source port------------------------------------------------------

src-phy-port eq 1
!

------------------------------------Specifying the VLAN Interface at the MPLS network edge------------------------------------

interface vlan vif10


tag 10
ip 10.1.1.1/24
ports 8
label-switching
ldp
!

---------------Specifying the VLAN Interface at the non-MPLS network that includes the VC source port---------------

interface vlan vif100


tag 100
ports 1

January 2009 URL: http://www.mrv.com 529


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

------------------------------Binding the ACL to the VLAN Interface at the non-MPLS network------------------------------

access-group acl1
!

-----------------Specifying the interface at which traffic will be received from the remote end of the VC-----------------

interface dummy dummy1


ip 1.1.1.1/32
!

-------Activating OSPF, and specifying the router ID and network IPs for receiving and transmiting VC traffic-------

router ospf
ospf router-id 1.1.1.1
network 1.1.1.1/32 area 0
network 10.1.1.0/24 area 0
!

--------------Activating LDP, and specifying the router ID and transport IP at the remote end of the VC--------------

router ldp
router-id 1.1.1.1
transport-address 1.1.1.1

OS900_B
MRV OptiSwitch 910 version os900-3-0-0-d0736-03-01-08
OS910 login: admin
Password:

OS910> enable
OS910# configure terminal

-------------------------------Setting VC name and ID, and specifying the IP of its remote end-------------------------------

mpls l2-circuit vc1 20305 1.1.1.1


!

-----------------------Selecting raw mode (ethernet) or tagged mode (vlan) for traffic on the VC-----------------------

action-list ACL
mpls-action
l2-circuit vc1 ethernet
!

---------------------------------------------------------------Creating an ACL---------------------------------------------------------------

access-list extended acl1

530 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

--------------------------------------------------------Enabling packet forwarding--------------------------------------------------------

default policy permit


rule 1
action list ACL

------------------------------------------------------Specifying the VC source port------------------------------------------------------

src-phy-port eq 1
!

------------------------------------Specifying the VLAN Interface at the MPLS network edge------------------------------------

interface vlan vif10


tag 10
ip 10.1.1.2/24
ports 8
label-switching
ldp
!

---------------Specifying the VLAN Interface at the non-MPLS network that includes the VC source port---------------

interface vlan vif100


tag 100
ports 1

------------------------------Binding the ACL to the VLAN Interface at the non-MPLS network------------------------------

access-group acl1
!

-----------------Specifying the interface at which traffic will be received from the remote end of the VC-----------------

interface dummy dummy1


ip 2.2.2.2/32
!

-------Activating OSPF, and specifying the router ID and network IPs for receiving and transmiting VC traffic-------

router ospf
ospf router-id 2.2.2.2
network 2.2.2.2/32 area 0
network 10.1.1.0/24 area 0
!

--------------Activating LDP, and specifying the router ID and transport IP at the remote end of the VC--------------

router ldp
router-id 2.2.2.2
transport-address 2.2.2.2

January 2009 URL: http://www.mrv.com 531


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

MPLS DiffServ
MPLS DiffServ provides the following:
1. Bandwidth reservation for CR-LDP and RSVP-TE trunks.
2. Policing MPLS VPN bandwidth reservation.
3. Support for E-LSPs67.
4. Option to map DSCP bits to MPLS EXP bits.
5. Option to map VPT bits to MPLS EXP bits.
6. EXP bits are marked on both Trunk and VC labels (important for PHP).
7. VC ingress/egress accounting.
An important feature of the OS900 is its ability to provide differentiated service levels to specific
flows that use the same Virtual Circuit (VC).
By default, the VPT bits of an ingress frame at an OS900 LER are mapped to MPLS EXP bits of
the MPLS header.
To enable marking of the EXP bits of a frame according to the DSCP value for the group of ports
by invoking the command port qos-trust PORTS-GROUP|all l2|l2l3|l3|port
(described in the section Selecting an SL Criterion, page 237).

Figure 60: MPLS and QoS Functionality


By default, priority is based on the value of the EXP bits of the MPLS packet.
An SL (diffserv service level – see DiffServ Service Levels, page 237) is assigned to an MPLS
packet according to the following correlation:
EXP bits 0 1 2 3 4 5 6 7
SL 1 2 3 4 5 6 7 8

Viewing Commands
MPLS information can be viewed by invoking the following commands:

67
An E-LSP is an LSP on which routers (LER or LSR) provide QoS handling of MPLS packets according to the EXP field
3
in the MPLS header. Since the EXP field is 3 bits long, up to 2 (eight) classes of traffic can be defined. This allows for up
to 8 classes of traffic using the same label to be concurrently carried over a single LSP.

532 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

Cross-connect Table
To view the MPLS Cross-connect table:
1. Enter enable mode.
2. Invoke the command:
show mpls cross-connect-table
where,
mpls Configure MPLS specific attributes
cross-connect-table MPLS Cross-connect table
R2# show mpls cross-connect-table
Cross connect ix: 1, in intf: -, in label: 0, out-segment ix: 1
Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1, owner: RSVP, out intf: vif4011, out label: 640
Nexthop addr: 192.170.1.3, cross connect ix: 1, op code: Push

Cross connect ix: 2, in intf: vif4010, in label: 1282, out-segment ix: 2


Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 2, owner: LDP VC, out intf: vif2, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 2, op code: Pop for VC

Cross connect ix: 3, in intf: vif4010, in label: 1283, out-segment ix: 3


Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 3, owner: LDP VC, out intf: vif3, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 3, op code: Pop for VC

Forwarding Table
To view the MPLS Forwarding table:
1. Enter enable mode.
2. Invoke the command:
show mpls forwarding-table
where,
mpls Configure MPLS specific attributes
forwarding-table MPLS Forwarding table
R2# show mpls forwarding-table
Codes: > - selected FTN, B - BGP FTN, C - CR-LDP FTN, K - CLI FTN,
L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, U - unknown FTN

Code FEC Nexthop Out-Label Out-Intf


R> 1.1.1.1/32 192.170.1.3 640 vif4011
L 1.1.1.1/32 192.168.1.1 3 vif4010
L> 3.3.3.3/32 192.170.1.3 3 vif4011
L> 192.169.1.0/24 192.168.1.1 3 vif4010

FTN Table
To view the MPLS FTN table:
1. Enter enable mode.
2. Invoke the command:
show mpls ftn-table
where,
mpls Configure MPLS specific attributes
ftn-table MPLS FEC-To-NHLFE table. The table (stored in LERs)
contains maps of Destination IP addresses to MPLS labels for ingress packets.
R2# show mpls ftn-table
Primary FTN entry with FEC: 1.1.1.1/32, ix 3, row status: Active
Owner: RSVP, Action-type: Redirect to Tunnel, Exp-bits: 0x0
Resource_id: 30

January 2009 URL: http://www.mrv.com 533


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Description: T1
Cross connect ix: 1, in intf: -, in label: 0, out-segment ix: 1
Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1, owner: RSVP, out intf: vif4011, out label: 640
Nexthop addr: 192.170.1.3, cross connect ix: 1, op code: Push

Non-primary FTN entry with FEC: 1.1.1.1/32, ix 1, row status: Active


Owner: LDP, Action-type: Redirect to Tunnel, Exp-bits: 0x0
Resource_id: 0
Description: N/A
Cross connect ix: 1003, in intf: -, in label: 0, out-segment ix: 1003
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1003, owner: LDP, out intf: vif4010, out label: 3
Nexthop addr: 192.168.1.1, cross connect ix: 1003, op code: Swap

Primary FTN entry with FEC: 3.3.3.3/32, ix 4, row status: Active


Owner: LDP, Action-type: Redirect to Tunnel, Exp-bits: 0x0
Resource_id: 0
Description: N/A
Cross connect ix: 1004, in intf: -, in label: 0, out-segment ix: 1004
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1004, owner: LDP, out intf: vif4011, out label: 3
Nexthop addr: 192.170.1.3, cross connect ix: 1004, op code: Swap

Primary FTN entry with FEC: 192.169.1.0/24, ix 2, row status: Active


Owner: LDP, Action-type: Redirect to Tunnel, Exp-bits: 0x0
Resource_id: 0
Description: N/A
Cross connect ix: 1003, in intf: -, in label: 0, out-segment ix: 1003
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1003, owner: LDP, out intf: vif4010, out label: 3
Nexthop addr: 192.168.1.1, cross connect ix: 1003, op code: Swap

ILM Table
To view the MPLS ILM table:
1. Enter enable mode.
2. Invoke the command:
show mpls ilm-table
where,
mpls Configure MPLS specific attributes
ilm-table MPLS Incoming Label Map table. The table (stored in LSRs)
contains maps of ingress packet MPLS labels to egress packet MPLS labels for
LSPs.
R2# show mpls ilm-table
In-Label Out-Label In-Intf Out-Intf Nexthop FEC
640 0 vif4010 vif640 0.0.0.0 0.0.2.128/32
641 0 vif4010 vif641 0.0.0.0 0.0.2.129/32
642 0 vif4010 vif642 0.0.0.0 0.0.2.130/32
643 0 vif4010 vif643 0.0.0.0 0.0.2.131/32
644 0 vif4010 vif644 0.0.0.0 0.0.2.132/32
645 0 vif4010 vif645 0.0.0.0 0.0.2.133/32
646 0 vif4010 vif646 0.0.0.0 0.0.2.134/32
647 0 vif4010 vif647 0.0.0.0 0.0.2.135/32
648 0 vif4010 vif648 0.0.0.0 0.0.2.136/32

In-segment Table
To view the MPLS In-segment table:
1. Enter enable mode.

534 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

2. Invoke the command:


show mpls in-segment-table
where,
mpls Configure MPLS specific attributes
in-segment-table MPLS In-segment table.
R2# show mpls in-segment-table
In-segment entry with in label: 640, in intf: vif4010, row status: Active
Owner: LDP VC, # of pops: 1, fec: 0.0.2.128/32
Cross connect ix: 641, in intf: vif4010, in label: 640, out-segment ix: 641
Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 641, owner: LDP VC, out intf: vif640, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 641, op code: Pop for VC

In-segment entry with in label: 641, in intf: vif4010, row status: Active
Owner: LDP VC, # of pops: 1, fec: 0.0.2.129/32
Cross connect ix: 642, in intf: vif4010, in label: 641, out-segment ix: 642
Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 642, owner: LDP VC, out intf: vif641, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 642, op code: Pop for VC

In-segment entry with in label: 642, in intf: vif4010, row status: Active
Owner: LDP VC, # of pops: 1, fec: 0.0.2.130/32
Cross connect ix: 643, in intf: vif4010, in label: 642, out-segment ix: 643
Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 643, owner: LDP VC, out intf: vif642, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 643, op code: Pop for VC

Out-segment Table
To view the MPLS Out-segment table:
1. Enter enable mode.
2. Invoke the command:
show mpls out-segment-table
where,
mpls Configure MPLS specific attributes
out-segment-table MPLS Out-segment table.
R2# show mpls out-segment-table
Out-segment with ix: 2, owner: LDP VC, out intf: vif2, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 2, op code: Pop for VC

Out-segment with ix: 3, owner: LDP VC, out intf: vif3, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 3, op code: Pop for VC

Out-segment with ix: 4, owner: LDP VC, out intf: vif4, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 4, op code: Pop for VC

L2 Circuits
To view the MPLS Layer 2 Circuit:
1. Enter enable mode.
2. Invoke the command:
show mpls l2-circuit
where,
mpls Configure MPLS specific attributes
l2-circuit MPLS Layer-2 Virtual Circuit data.
R2# show mpls l2-circuit
MPLS Layer-2 Virtual Circuit: VC2, id: 2
Endpoint: 1.1.1.1

January 2009 URL: http://www.mrv.com 535


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Control Word: 0
MPLS Layer-2 Virtual Circuit Group: none
Bound to interface: vif2, Port 1
Virtual Circuit Type: Ethernet VLAN
MPLS Layer-2 Virtual Circuit: VC3, id: 3
Endpoint: 1.1.1.1
Control Word: 0
MPLS Layer-2 Virtual Circuit Group: none
Bound to interface: vif3, Port 1
Virtual Circuit Type: Ethernet VLAN
MPLS Layer-2 Virtual Circuit: VC4, id: 4
Endpoint: 1.1.1.1
Control Word: 0
MPLS Layer-2 Virtual Circuit Group: none
Bound to interface: vif4, Port 1
Virtual Circuit Type: Ethernet VLAN

L2 Circuit Groups
To view the MPLS Layer 2 Circuit Group:
1. Enter enable mode.
2. Invoke the command:
show mpls l2-circuit-group
where,
mpls Configure MPLS specific attributes
l2-circuit-group MPLS Layer-2 Virtual Circuit group data.
R2# show mpls l2-circuit-group
MPLS Layer-2 Virtual Circuit Group: 1, id: 1
Virtual Circuits configured:
1. VC1000

LDP Parameters
To view the MPLS LDP information:
1. Enter enable mode.
2. Invoke the command:
show mpls ldp
where,
mpls Configure MPLS specific attributes
ldp Label Distribution Protocol (LDP).
R2# show mpls ldp parameter
Router ID : 2.2.2.2
LDP Version : 1
Global Merge Capability : N/A
Label Advertisement Mode : Downstream Unsolicited
Label Retention Mode : Liberal
Label Control Mode : Independent
Loop Detection : Off
Loop Detection Count : 0
Request Retry : Off
Propagate Release : Disabled
Hello Interval : 5
Targeted Hello Interval : 15
Hold time : 15
Targeted Hold time : 45
Keepalive Interval : 10
Keepalive Timeout : 30
Request retry Timeout : 5
Targeted Hello Receipt : Disabled

536 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

Transport Address data :


Labelspace 0 : 2.2.2.2 (in use)
Import BGP routes : No
PHP mode : Yes
Global MTU : 0
MD5 mode : Off

VC Table
To view the MPLS VC table:
1. Enter enable mode.
2. Invoke the command:
show mpls vc-table
where,
mpls Configure MPLS specific attributes
vc-table MPLS Virtual Circuit table.
R2# show mpls vc-table
VC-ID In Intf Out Intf Out Label Nexthop Status
2 vif2 vif4010 1280 1.1.1.1 Active
3 vif3 vif4010 1281 1.1.1.1 Active
4 vif4 vif4010 1282 1.1.1.1 Active
5 vif5 vif4010 1283 1.1.1.1 Active
6 vif6 vif4010 1284 1.1.1.1 Active
7 vif7 vif4010 1285 1.1.1.1 Active
8 vif8 vif4010 1286 1.1.1.1 Active
9 vif9 vif4010 1287 1.1.1.1 Active
10 vif10 vif4010 1288 1.1.1.1 Active

Administrative Groups
To view the MPLS Administrative Groups:
1. Enter enable mode.
2. Invoke the command:
show mpls admin-groups
where,
mpls Configure MPLS specific attributes
admin-groups Administrative Groups. Each administrative group is
designated (at the local router) by an ID in the range 0-31. The ID represents
one or more interfaces. The ID is distributed to all the other routers in the MPLS
network if TE is activated (by selecting CR-LDP or RSVP-TE).
R2# show mpls admin-groups
Admin group detail:
Value of 1 associated with admin group 'G1'

Mapped Routes
To view the MPLS Mapped Routes:
1. Enter enable mode.
2. Invoke the command:
show mpls mapped-routes
where,
mpls Configure MPLS specific attributes
mapped-routes Mapped MPLS routes. Shows subnets assigned to each
MPLS label. The command can be used to save on MPLS labels.
R2# show mpls mapped-routes
Mapped-route IPv4 FEC
192.170.1.3/32 3.3.3.3/32

January 2009 URL: http://www.mrv.com 537


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Configuration Commands
MPLS Route Map
To set an IP4 Route Map:
1. Enter configure terminal mode.
2. Invoke the command:
mpls map-route A.B.C.D A.B.C.D A.B.C.D
where,
mpls Configure MPLS specific attributes
map-route Map an IPv4 route
A.B.C.D IPv4 prefix to be mapped
A.B.C.D Mask for IPv4 address to be mapped
A.B.C.D IPv4 Forwarding Equivalence Class to which route is to be mapped
R2(config)# mpls map-route 192.170.1.3 192.170.1.0 192.169.1.254 192.169.1.0
R2(config)#

Upper-limit MPLS Labels


To set the maximum value for an MPLS Label:
1. Enter configure terminal mode.
2. Invoke the command:
mpls max-label-value <16-1048575>
where,
mpls Configure MPLS specific attributes
max-label-value Specify a maximum label value
<16-1048575> Maximum size to be used for all label pools
R2(config)# mpls max-label-value 10000
R2(config)#

Lower-limit MPLS Labels


To set the minimum value for an MPLS Label:
1. Enter configure terminal mode.
2. Invoke the command:
mpls min-label-value <16-1048575>
where,
mpls Configure MPLS specific attributes
min-label-value Specify a minimum label value
<16-1048575> Minimum size to be used for all label pools
R2(config)# mpls min-label-value 100
R2(config)#

Creating LDP Path


To set an LDP path:
1. Enter configure terminal mode.
2. Invoke the command:
ldp-path PATHNAME
where,
PATHNAME Name to be used for path
R2(config)# ldp-path P1
R2(config-path)#

538 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

Creating LDP Trunk (Group)


To set an LDP trunk:
1. Enter configure terminal mode.
2. Invoke the command:
ldp-trunk TRUNKNAME
TRUNKNAME Name to be used for trunk
R2(config)# ldp-trunk T1
R2(config-trunk)#

Creating RSVP Path


To set an RSVP path:
1. Enter configure terminal mode.
2. Invoke the command:
rsvp-path PATHNAME
where,
PATHNAME Name to be used for path
R2(config)# rsvp-path P1
R2(config-path)#

Creating RSVP Trunk (Group)


To set an RSVP trunk:
1. Enter configure terminal mode.
2. Invoke the command:
rsvp-trunk TRUNKNAME
TRUNKNAME Name to be used for trunk
R2(config)# rsvp-trunk T1
R2(config-trunk)#

Activating MPLS
To activate MPLS, select a routing protocol as follows:
1. Enter configure terminal mode.
2. Invoke the command:
router ldp|rsvp
R2(config)# router ldp
R2(config-router)#

R2(config)# router rsvp


R2(config-router)#

Defining Administrative Group


To set an Administrative Group:
1. Enter configure terminal mode.
2. Invoke the command:
mpls admin-group NAME <0-31>
where,
mpls Configure MPLS specific attributes
admin-group Add a new Administrative Group
NAME Name of administrative group to be added
<0-31> Value of administrative group to be added
R2(config)# mpls admin-group G2 2
R2(config)#

January 2009 URL: http://www.mrv.com 539


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Hierarchical VPLS (H-VPLS)


General
A Hierarchical VPLS (H-VPLS) is a VPLS constructed in two tiers of differing hierarchy. The tiers
are interconnected with one or more VCs68 – see Figure 61, page 541. The first tier, which is the
VPLS core/hub, consists of a full mesh69 of devices having routing and bridging capabilities. Such
devices are referred to as PE-rs. The second tier, which is the VPLS edge/spoke, can consist of
OS900s.
H-VPLS complies to draft ietf-l2vpn-vpls-ldp. (Draft 9 has been released.)

Purpose
H-VPLS is proposed to overcome the drawbacks of regular VPLS that arise in expanding and large
scale deployments. Among these drawbacks are:
1. The need to configure all the PEs for each new device to be added in the network.
2. Bandwidth consumption by signaling packets between each pair of PEs in the
VPLS domain
3. Packet replication requirement
4. Recovery/convergence time in case of failure of a VC.

Advantages
The H-VPLS model has the following advantages over regular VPLS:
1. Only one VC is required to connect an OS900 to a PE-rs in the VPLS domain as
opposed to a mesh of VCs as would be required if the network was totally VPLS.
2. As the need arises, new CEs can be connected to the VPLS network by simply
connecting each OS900 (to which the CEs are attached) to a PE-rs in the VPLS
domain with a VC.

Principle of Operation
All traffic going from/to CEs to/from one of the PE-rs devices in the VPLS domain will go through a
VC. An OS900 needs only to be aware of the specific PE-rs (in the VPLS domain) to which it is
connected although it is participating in the VPLS service that spans multiple devices.

Dual Homing (Redundant Spoke Connection)


Having just one VC between an OS900 and a PE-rs is risky because if this connection fails the
CEs connected to the OS900 are completely disconnected from the VPLS domain.
To address this potential problem, the dual-homing option can be used. In this option, an OS900 is
connected via two VCs to two PE-rs devices in the same VPLS domain – see Figure 61, page 541.
One VC (Primary VC) remains active while the other VC (Secondary VC) remains in standby;
ready to take over the tasks of the Primary VC in case the latter fails.

Application
The H-VPLS model enables the service provider to extend the VPLS domains by placing cost-
effective OS900s in multi-tenant buildings and aggregating them to a PE-rs in a large central office
(CO) facility – see Figure 61, page 541. Using dual VCs instead of one provides connectivity-
redundancy protection.

68
Pseudo wires
69
A full mesh is direct connection of each and every device to each and every of the other devices.

540 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

Figure 61: H-VPLS Network

Configuration
The procedure for configuring an OS900 to operate in single-homing mode or dual-homing mode
is as follows:
1. Enter configure terminal mode.
2. Invoke the command:
mpls l2-circuit NAME ID A.B.C.D secondary A.B.C.D
where,
NAME Name for VC. (It applies only locally.)
ID ID of primary VC. The ID may be set as any number in the range 1-
1000000. (It must be identical to the VPLS ID to which this VC is to connect.)
A.B.C.D (first appearance) IP address of PE-rs to which the primary VC is to
connect.
A.B.C.D (second appearance) It applies only for dual-homing mode. IP
address of a different PE-rs to which the secondary VC is to connect. (The
secondary VC becomes active only when the primary VC fails.)

January 2009 URL: http://www.mrv.com 541


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900> enable
OS900# configure terminal
OS900(config)# mpls l2-circuit Sales_VC 500 2.2.2.2 secondary 3.3.3.3
OS900(config)#

Viewing
To view the configuration:
1. Enter enable mode.
2. Invoke the command:
show mpls l2-circuit
where,
NAME Name for VC. (It applies only locally.)
Example
OS900(config)# exit
OS900# show mpls l2-circuit Sales_VC

MPLS Layer-2 Virtual Circuit: Sales_VC, id: 500, priority: primary


Endpoint: 2.2.2.2
Control Word: 0
MPLS Layer-2 Virtual Circuit Group: none
Bound to interface: vif500, Port: 1
Virtual Circuit Type: Ethernet VLAN
Bound to trunk: no trunk, regular LDP usage.
MPLS Layer-2 Virtual Circuit: Sales_VC, id: 500, priority: secondary
Endpoint: 3.3.3.3
Control Word: 0
MPLS Layer-2 Virtual Circuit Group: none
Bound to interface: vif500, Port: 1
Virtual Circuit Type: Ethernet VLAN
Bound to trunk: no trunk, regular LDP usage.

LSP PING
General
MPLS LSP PING is a tool that enables the user to detect synchronization problems between the
MPLS control plane and its associated data plane. Specifically, it can be used to determine if an
LSP is set at the control plane level and, more importantly, if the LSP can actually deliver user
traffic.
This tool emulates the behavior of the regular ICMP-based PING function by sending MPLS Echo
Request packets to a specific FEC. The packets are sent along the same data path as other
packets in the FEC. An MPLS Echo Request also carries MRV implementation of LSP PING and is
compatible with RFC 4379 entitled Detecting MPLS Data Plane Failures.

LSP Ping over a Regular LDP LSP


To run LSP PING over a regular LDP LSP:
1. Enter enable mode.
2. Invoke the command:
ping mpls ipv4 A.B.C.D/M [repeat <1-65535>] [timeout <1-10>]
where,
ipv4: MPLS LDP-IPv4 echo message.
A.B.C.D/M: IPv4 host/network of the LDP FEC for which the MPLS echo packet is
to be generated.

542 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

repeat: Repeat PING.


<1-65535>: Number of times. Default: 5.
timeout: Set the maximum wait time between consecutive echo requests.
<1-10>: Time in seconds. Default: 5.

LSP Ping over an RSVP-TE LSP


To run LSP PING over an RSVP-TE LSP:
1. Enter enable mode.
2. Invoke the command:
ping mpls traffic-eng trunkname TRUNKNAME [repeat <1-65535>]
[timeout <1-10>]
where,
traffic-eng: MPLS RSVP-TE echo message
trunkname: Identify RSVP-TE destination by Trunk Name
TRUNKNAME: RSVP-TE Trunk Name
repeat: Repeat PING.
<1-65535>: Number of times. Default: 5.
timeout: Set the maximum wait time between consecutive echo requests.
<1-10>: Time in seconds. Default: 5.

Stopping
To stop an LSP PING process:
1. Enter enable mode.
2. Invoke the command:
ping mpls stop

January 2009 URL: http://www.mrv.com 543


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Replies
Possible LSP PING/Traceroute replies and their significances are as follows:

LSP Ping/Traceroute Reply Significance


'!' - success: The MPLS echo packet succeeded in reaching its
destination address/trunkname (specified by the FEC in
the ping/traceroute command).
The reply could typically include the message:
! 100.2.1.3, return code: 3 (Replying router
is FEC egress at stack depth <1>), rtt=29.0 ms
'R' - downstream router but The transit LSR has found no problem and its data and
not destination:
control planes are synchronized. ('R' should appear only
when MPLS traceroute is invoked and when a transit
LSR replies.)
The reply could typically include the message:
R 100.2.1.3, return code 8 ( Label switched at
stack-depth 1).
'P' – problem: A synchronization problem between the control and data
planes was discovered at the designated LSR or at
some transit LSR along the way.
Example
Suppose you have sent an MPLS echo packet to an
LSR with an interface IP 100.2.1.3, and this LSR
received the packet with an MPLS label that does not
match the label appearing in its MPLS ILM table. In such
case, the LSR should return an MPLS Echo reply with
return code 10, and the following line would appear on
your screen:
P 100.2.1.3, return code: 10 (Mapping for this
FEC is not the given label at stack-depth 1)
'Q' - request not The OS900 has no matching MPLS information in its
transmitted:
control plane table to decide how to forward the packet.
Example
Suppose you try to send an MPLS PING message to
FEC 4.4.4.4/32 using information learned via LDP and
this FEC was either not learned via LDP or the OS900 is
using RSVP for this FEC. In such case, you most likely
will get the following reply:
Q Echo packet not sent to LDP ipv4 4.4.4.4/32
(check log file for explanation).
'U' – unreachable: No reply was received from the designated LSR (the
egress LSR for the compatible FEC), or (when
Traceroute is invoked) a transit LSR with a matching
TTL did not reply.

LSP Traceroute
General
LSP Traceroute functions like MPLS LSP PING. Like MPLS LSP PING, it enables the user to
determine if an LSP can actually deliver user traffic.
The MPLS traceroute is designed to perform fault isolation, i.e., to detect the specific node in
which the problem of synchronization between the control and data planes occurred. For this
purpose, the MPLS echo packet is sent to the control plane of each transit LSR which then
performs various checks to verify that it is indeed a transit LSR in the examined LSP.
Unlike the case of MPLS PING mentioned above, here, parameters in the MPLS echo packet IP

544 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Chapter 34: MultiProtocol Label Switching (MPLS)

header cannot be a trigger to send the packet to the control plane. This is of-course true since
transit LSRs do not examine the packets' IP headers but only their MPLS headers. In order to
trigger a transit OS900 to send the MPLS echo request packet to the control plane, the MPLS
Traceroute command generates the MPLS echo packet with an increasing value of MPLS TTL
(exactly like in regular IP-based traceroute). Each time an MPLS packet reaches an LSR with
MPLS TTL 1, it causes the OS900 to send the packet to the control plane for further examination.
When MPLS PING has failed to verify end-to-end connectivity, it is advised to invoke the MPLS
Traceroute command to pin-point the problematic LSR.
Again, the user cannot send traceroute packets over an RSVP LSP or LDP LSP that end at the
same FEC at the same time. Moreover, the OS900 will not send echo packets over LDP LSP if for
the same FEC an RSVP LSP exists.

Over a Regular LDP LSP


To run LSP Traceroute over a regular LDP LSP:
1. Enter enable mode.
2. Invoke the command:
traceroute mpls ipv4 A.B.C.D/M [max-ttl <1-65535>] [timeout <1-
10>]
where,
ipv4: Over MPLS LDP-IPv4 tunnel.
A.B.C.D/M: IPv4 host/network of the LDP FEC for which the MPLS echo packet is
to be generated.
max-ttl: Maximim time-to-live.
<1-65535>: Value for maximim time-to-live. Default: 30.
timeout: Set the maximum wait time between consecutive echo requests.
<1-10>: Time in seconds. Default: 1.

Over an RSVP-TE LSP


To run LSP Traceroute over an RSVP-TE LSP:
1. Enter enable mode.
2. Invoke the command:
traceroute mpls traffic-eng trunkname TRUNKNAME [max-ttl]
[timeout]
where,
traffic-eng: over MPLS RSVP tunnel
trunkname: Identify RSVP-TE destination by Trunk Name
TRUNKNAME: RSVP-TE Trunk Name
max-ttl: Maximim time-to-live.
<1-65535>: Value for maximim time-to-live. Default: 30.
timeout: Set the maximum wait time between consecutive echo requests.
<1-10>: Time in seconds. Default: 1.

Stopping
To stop an LSP Traceroute process:
1. Enter enable mode.
2. Invoke the command:
traceroute mpls stop

January 2009 URL: http://www.mrv.com 545


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Replies
Refer to the section Replies, page 544.

546 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix A: Utilities

Appendix A: Utilities

General
This chapter describes and shows how to use the various network utilities of the OS900, which
are:
− Domain Name System/Server (DNS)
− Traceroute
− TCP dump (built-in LAN analyzer)
− TELNET
− Secure Shell (SSH)
− Address Resolution Protocol (ARP)
− Configuration File Management
− Memory Management
− Multicast Destination MAC Addresses
− Frame Generator
− Debug Information
− Linux Tasks
− UniDirectional Link Detection Protocol

Domain Name System/Server (DNS)


General
A DNS is used in the Internet for translating hostnames (names of network nodes) into IP
addresses, and vice versa. Its purpose is to allow system administrators to define nodes using
mnemonics (rather than IP addresses), which are much more convenient for identifying nodes.
The OS900 has a DNS client based on RFC 1591.

Configuration
To configure the OS900 to operate with a DNS:
1. To define a domain name, invoke the command:
domain-name NAME
where,
NAME: Your company’s domain name. It identifies one or more hostnames. An
example of a domain name is mrv.com. An example of a hostname belonging
to this domain is torro.mrv.com. In URLs, domain names are used to identify
particular Web pages. For example, in the URL
http://www.faqs.org/rfcs/rfc1213.html, the domain name is faqs.org. Every
domain name has a suffix that indicates the Top-Level Domain (TLD) to which
it belongs. In the examples above, the domain name suffixes are com and org.
2. To define the IP address of the DNS (i.e., the server which is to translate the
domain name into the IP addresses), invoke the command:
nameserver A.B.C.D
where,
A.B.C.D: is the IP address of the DNS.

January 2009 URL: http://www.mrv.com 547


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

3. To enable DNS lookup services, invoke the command:


enable
To view the configuration, invoke the command write terminal or write memory.
Example
OS900(config)# write terminal
Building configuration...

Current configuration:
! version 1_0_11
!
dns
domain-name mrv.com
nameserver 195.208.93.67
enable

Querying
To query the DNS regarding a hostname or IP address belonging to the name domain, invoke the
command
nslookup HOST-TO-FIND
where,
HOST-TO-FIND: is hostname or IP address belonging to the name domain.

Deleting
To delete the domain name, invoke the command
no domain-name
To disable DNS lookup services, invoke the command
no enable
To delete the domain nameserver, invoke the command
no nameserver A.B.C.D
where,
A.B.C.D: is the IP address of the DNS, i.e., the server which is to translate the
domain name into the IP addresses.

Traceroute
Definition
Traceroute is a utility that traces the path of a packet sent from the OS900 to a host on the
network, showing how many hops the packet requires in order to reach the host and how long
each hop takes.

Purpose
Traceroute can be used to determine, for example, where the longest delays occur. It can be used
with SA PING and VCD in isolating the source of a connectivity problem.

Range
The OS900 can be used to trace a destination that is up to 30 hops away.

Principle of Operation
The principle of Traceroute is as follows: Initially, it sends a packet with a very small Time-To-Live
(TTL) field value. A TTL value specifies how many hops the packet is allowed before it is returned.
When a packet cannot reach its destination due to the very small TTL value, the last host to
receive the packet returns the packet and identifies itself.

548 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix A: Utilities

By sending a series of packets, each having a successively higher TTL value, all the intermediary
hosts can be identified.
Each traceroute packet is 40 bytes long. Three packets are sent to each of the hops on the way to
the destination and there return time is measured.

Usage
To perform traceroute:
1. Enter disable mode.
2. Invoke the command:
traceroute: WORD
where,
WORD: IP address or DNS name of the destination host.

Example
The following example shows the nine hops to the destination, the IP address of each hop, and the
three return times for each hop.
OS900> traceroute 212.143.162.198
traceroute to 212.143.162.198 (212.143.162.198), 30 hops max, 40 byte packets
1 Zorro.gallant.co.il (194.90.131.254) 3.896 ms 3.167 ms 6.423 ms
2 router.gallant.co.il (194.90.134.254) 2.34 ms 2.393 ms 2.349 ms
3 194.90.138.233 (194.90.134.233) 2.348 ms 2.315 ms 2.31 ms
4 194.90.138.225 (194.90.134.225) 2.573 ms 2.375 ms 2.424 ms
5 tunnel-optic.ser.netvision.net.il (207.232.58.134) 4.571 ms 4.658 ms 3.953 ms
6 gi10-0.core1.hfa.nv.net.il (212.143.8.69) 128.406 ms 190.186 ms 199.244 ms
7 ge1-2.core1.pt.nv.net.il (212.143.12.66) 7.425 ms 6.301 ms 6.397 ms
8 g1-2.agr02.pt.nv.net.il (212.143.10.78) 6.638 ms 6.909 ms 6.429 ms
9 akm-tlv-198.netvision.net.il (212.143.162.198) 9.901 ms 7.179 ms 6.203 ms
OS900>

TCP Dump
Definition
TCP dump is display of the current traffic to the CPU via a specific interface.

Purpose
TCP dump is used to troubleshoot network applications that communicate with the OS900.

Usage
To perform TCP dump:
1. Enter mode enable.
2. Invoke the command:
tcpdump INTERFACE
where,
INTERFACE: Interface via which traffic flows to the CPU. The interface must
have the format vifX, where X is any number in the range 0-4095.

Example
The example below shows:
Invocation of TCP dump using the command tcpdump vif90.
TCP dump (packet time, IP address, protocol port/number, captured packets, etc.)

January 2009 URL: http://www.mrv.com 549


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Example
OS900# tcpdump vif90

23:51:34.108532 IP 192.83.205.242.telnet > 192.83.137.239.1041: P 2323:2775(452)


ack 0 win 5840
23:51:34.293674 arp who-has 192.168.30.32 (Broadcast) tell 192.168.30.32
23:51:34.294664 IP 192.83.205.242.1027 > zot.tiger.co.il.domain: 19255+ PTR? 32
.30.168.192.in-addr.arpa. (44)
23:51:34.296282 IP zot.tiger.co.il.domain > 192.83.205.242.1027: 19255 NXDomain
0/1/0 (121)
23:51:34.308319 IP 192.83.137.239.1041 > 192.83.205.242.telnet: . ack 2775 win 7
556
23:51:34.308444 IP 192.83.205.242.telnet > 192.83.137.239.1041: P 2775:3237(462)
ack 0 win 5840
23:51:34.508392 IP 192.83.137.239.1041 > 192.83.205.242.telnet: . ack 3237 win 8
736
23:51:34.508518 IP 192.83.205.242.telnet > 192.83.137.239.1041: P 3237:3419(182)
ack 0 win 5840
23:51:34.531317 IP 192.83.137.239.1041 > 192.83.205.242.telnet: P 0:1(1) ack 341
9 win 8554
23:51:34.531448 IP 192.83.205.242.telnet > 192.83.137.239.1041: P 3419:3601(182)
ack 1 win 5840

39 packets captured
39 packets received by filter
0 packets dropped by kernel
OS900#

TELNET
Definition
TELNET is a TCP/IP protocol terminal emulation software program that is run on a host.

Purpose
TELNET is used to connect a host/client (e.g., PC) to a server (e.g., OS900) on a network (e.g.,
Ethernet).

Sessions
Limit
For security reasons, the number of concurrent TELNET sessions is limited to 10.

Timeout
Setting
The default timeout for sessions is 30 minutes.
To set a new timeout:
1. Enter configure terminal mode.
2. Enter line mode by invoking the command:
line vty
3. Invoke the command:
exec-timeout global|current-session <0-35791>
where,
global: For all sessions
current-session: For the current session
<0-35791>: Timeout value in minutes. If no value is entered for this
parameter, timeout is disabled.

550 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix A: Utilities

4. To exit line mode (and to enter configure terminal mode), invoke the
command exit.
Example
OS910(config-line)# exec-timeout global 15
OS910(config-line)# ATTENTION: LOGOUT timeout is set to 15 min.

OS910(config-line)#

Disabling
To disable timeout for a session:
1. Enter configure terminal mode.
2. Enter line mode by invoking the command:
line vty
3. Invoke the command:
no exec-timeout global|current-session
where,
global: For all sessions
current-session: For the current session
4. To exit line mode (and to enter configure terminal mode), invoke the
command exit.
Example
OS910(config-line)# no exec-timeout global
OS910(config-line)# ATTENTION: LOGOUT timeout is disabled.

OS910(config-line)#

Default
To set the timeout value for a session to the default (30 minutes):
1. Enter configure terminal mode.
2. Enter line mode by invoking the command:
line vty
3. Invoke the command:
exec-timeout global|current-session default
global: For all sessions
current-session: For the current session
4. To exit line mode (and to enter configure terminal mode), invoke the
command exit.
Example
OS910(config-line)# exec-timeout global default
OS910(config-line)# ATTENTION: LOGOUT timeout is set to 30 min.

OS910(config-line)#

Connection
For TELNET to work, the appropriate installation must be performed as described in the section
TELNET/SSH Station or SNMP NMS, page 70.
To make a TELNET connection:
1. Enter mode enable.
2. Invoke the command:
telnet WORD PORT
where,
WORD: IP address or DNS hostname of a remote OS900.
PORT: TCP Port number.

January 2009 URL: http://www.mrv.com 551


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

In response, TELNET prompts you to enter a valid username and password before permitting
access.

Example
The example below shows how to invoke a TELNET connection.
OS900# telnet 192.23.76.158 44
OS900#

Secure Shell (SSH)


Secure Shell (SSH) is like TELNET but offers security beyond just username and password. SSH
protects a network from IP spoofing, IP source routing, and DNS spoofing. An attacker that has
managed to take over a network can at most force SSH to disconnect. The attacker cannot
capture the traffic or hijack the connection when encryption is enabled.
The limit on the number of concurrent sessions and the timeout is the same as for TELNET. For
details, refer to the section Sessions, page 550.
To perform an SSH connection:
1. Enter mode enable.
2. Invoke the command:
ssh USER_HOSTNAME
where,
USER_HOSTNAME: Username@Host (e.g., [email protected]).
In response, SSH prompts you to enter a valid username and password before permitting access.
The example below shows how to invoke an SSH connection.
OS900# ssh [email protected]
OS900#

Address Resolution Protocol (ARP)


General
Address Resolution Protocol (ARP) is a protocol for mapping an IP address (32-bit) to the MAC
address (48-bit) of a host machine.
An ARP table maintains current maps of MAC addresses to IP addresses.

Principle of Operation
When an incoming packet destined for a host machine arrives at the OS900, the OS900 uses the
ARP program to search for the MAC address that matches the IP address. If it finds the MAC
address, it provides it adjusts the packet to the right length and format and sends it to the machine.
If it does not find the IP address, ARP broadcasts a request packet in a special format to all the
host machines on the LAN to try to find a host machine with the specific IP address. If a host
machine recognizes the IP address as its own, it responds positively. The OS900 then updates its
ARP table accordingly and sends the packet to the host with this MAC address.
Reverse ARP (RARP) is used by host machines to obtain their IP address from a gateway's ARP
cache.

Adding/Modifying an ARP Table Entry


An entry may be made into the ARP Table by the user as follows:
1. Enter configure terminal mode.
2. Invoke the command:
arp HOSTNAME A:B:C:D:E:F perm|temp [INTERFACE]
where,
HOSTNAME: Hostname or IP address for the new ARP entry
A:B:C:D:E:F: MAC address in new ARP entry.

552 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix A: Utilities

perm: Permanent entry, i.e., stays in the ARP table so long as the OS900
keeps running.
temp: Temporary entry, i.e., subject to aging – see section Aging, page 99.
INTERFACE: (optional) VLAN Interface ID having the format vifX, where X is a
decimal number in the range 1-4095
The example below shows how to make an ARP entry.
OS900(config)# arp 192.200.137.108 00:11:22:33:44:55 perm vif65
OS900#

Deleting an ARP Table Entry


To delete an entry in the ARP Table:
1. Enter configure terminal mode.
2. Invoke the command:
no arp HOSTNAME [INTERFACE]
where,
HOSTNAME: Hostname or IP address in the existing ARP Table entry
INTERFACE: (optional) VLAN Interface ID having the format vifX, where X is a
decimal number in the range 1-4095
The example below shows how to delete an ARP entry.
OS900(config)# no arp 192.200.137.108 vif65
OS900#

Viewing the ARP Table


To view the ARP Table:
1. Enter enable mode or configure terminal mode.
2. Invoke the command:
show arp [RESOLVE] HOSTNAME INTERFACE
where,
RESOLVE: (optional) res or nres.
res – Resolve hostname in the existing ARP Table entries.
nres – Do not resolve hostname in the existing ARP Table entries
HOSTNAME: Hostname or IP address in the existing ARP Table entries
INTERFACE: VLAN Interface ID having the format vifX, where X is a decimal
number in the range 1-4095
The examples below shows how to display the ARP Table .
Example 1
OS900# show arp
? (192.168.130.132) at 00:0E:0C:4B:AE:41 [ether] on vif5
? (193.88.136.20) at 00:04:90:00:17:19 [ether] on vif5
? (193.88.136.6) at 00:01:02:12:7C:61 [ether] on vif5
? (193.88.136.18) at 00:11:11:F1:EA:C4 [ether] on vif5
? (194.91.136.9) at 00:20:1A:00:D5:91 [ether] on vif5

Example 2
OS900(config)# show arp res 192.88.136.102
Apollo.Hi-tech.com (194.90.136.15) at 00:01:02:AE:C5:A1 [ether] on vif38
OS900(config)#

Configuration File Management


Configuration File Location
The startup system configuration file is stored at:

January 2009 URL: http://www.mrv.com 553


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

/usr/local/etc/System.conf

Editing & Saving Configuration File


To edit the System Configuration File directly:
1. Enter enable mode.
2. Type linux to enter the Linux Operating System.
3. In response to the Linux prompt $, type vi/usr/local/etc/System.conf to
open the file (for editing).
To save System Configuration File after editing in the startup system configuration file (in
permanent/flash memory):
1. Type su.
2. Enter the root password.
3. Type /usr/local/nbase/bin/flush-conf.sh
4. Type reboot. To run the system with the changed configuration.
The user inputs (in bold) and the system responses in carrying out the procedure using the CLI are
as follows:
OS900> enable
OS900# linux
$ vi/usr/local/etc/System.conf
$
$ su
Password:
# /usr/local/nbase/bin/flush-conf.sh
# reboot

Memory Management
Viewing Memory
The Linux OS memory usage is oriented to enhance performance and enable maximum use of
free memory in the OS900. By design, the Linux OS will use ALMOST ALL available memory for
internal use of buffers and cache, as can be seen for ‘buffer’ and ‘cache’ in the display obtained by
invoking the command show memory. This behavior enables the Linux OS to cache and buffer
disk I/O and keep most data resident in memory as long as possible. The purpose is to minimize
fetching of files and data from the disk.
As a result, regardless of the amount of OS900 resident RAM Memory, the usage pattern will be
the same. Free memory is regarded by the Linux OS as “a complete waste”, so for performance
reasons the "buffers" and "cached" figures should be as high as possible. It enables Linux OS to
make the best usage of memory and enhances system performance.
In case an OS900 process needs to use memory for whatever reason, the memory space that is
used for disk cache and buffers is freed immediately.
The following is a show memory dump collected on an OS900.
OS900(config)# show memory
total: used: free: shared: buffers: cached:
Mem: 30183424 28778496 1404928 0 4423680 14901248
Swap: 0 0 0
MemTotal: 29476 kB
MemFree: 1372 kB
MemShared: 0 kB
Buffers: 4320 kB
Cached: 14552 kB
SwapCached: 0 kB
Active: 5708 kB
Inactive: 18892 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 29476 kB

554 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix A: Utilities

LowFree: 1372 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Committed_AS: 21848 kB
OS900(config)#

By taking those figures and recalculating as shown in Table 25, below, it is easy to see that the
“real free” memory value stabilized around 63% of the Total memory.
Table 25: Memory Space Usage
Total Cached Buffers Free Used Buffer + Real Real Free % Real
Cache Used Free
260636672 86450176 70217728 12722176 247914496 156667904 91246592 169390080 64.991%
260636672 75616256 90058752 5738496 254898176 165675008 89223168 171413504 65.767%
260636672 86441984 68837376 4513792 256122880 155279360 100843520 159793152 61.309%
260636672 85377024 70889472 4694016 255942656 156266496 99676160 160960512 61.757%
260636672 88330240 69058560 16805888 243830784 157388800 86441984 174194688 66.834%

where:
Real Free = Free + buf + cache
Real Used = Total – real free
% Real Free = Real free / Total x 100

To view the different memory banks (and current occupancy in kB):


1. Enter configure terminal mode.
2. Invoke the command show memory.
Below is an example display of the OS900 outputs on a CLI screen in response to the command
show memory.
OS900# show memory
total: used: free: shared: buffers: cached:
Mem: 130863104 85483520 45379584 0 0 27783168
Swap: 0 0 0
MemTotal: 127796 kB
MemFree: 44316 kB
MemShared: 0 kB
Buffers: 0 kB
Cached: 27132 kB
SwapCached: 0 kB
Active: 10672 kB
Inactive: 16584 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 127796 kB
LowFree: 44316 kB
SwapTotal: 0 kB
SwapFree: 0 kB
OS900#

Viewing Processes
Processes
To view memory processes, invoke the command show processes. The values in the RSS
column indicate the total amount of physical memory used by each process.

January 2009 URL: http://www.mrv.com 555


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

The following is a show processes [FLAGS] capture collected on an OS900.


To view the current processes in the OS900:
1. Enter configure terminal mode.
2. Invoke the command show processes [FLAGS].
Example
OS910# show processes
PID Uid VmSize Stat Command
1 root 624 S init
2 root SWN [ksoftirqd/0]
3 root SW< [events/0]
4 root SW< [khelper]
5 root SW< [kthread]
6 root SW< [kblockd/0]
7 root SW [pdflush]
8 root SW [pdflush]
10 root SW< [aio/0]
9 root SW [kswapd0]
11 root SW [0000:00:18.0]
12 root SW [mtdblockd]
124 root SWN [jffs2_gcd_mtd0]
133 root 472 S /sbin/klogd
136 daemon 352 S /sbin/portmap
139 root 468 S /usr/sbin/cron
355 root 2004 S initd -t 10 -i /usr/local/etc/System.conf -dh
356 root 1260 S uid_task
357 root 1260 S uid_task
358 root 1260 S uid_task
359 root 1260 S uid_task
360 root 1260 S uid_task
361 root 1260 S uid_task
362 root 19268 S pssExe
363 root 19268 S pssExe
364 root 19268 S < pssExe
365 root 19268 S pssExe
366 root 19268 S < pssExe
367 root 19268 S pssExe
368 root 19268 S pssExe
369 root 19268 S pssExe
370 root 19268 S < pssExe
371 root 19268 S < pssExe
372 root 19268 S pssExe
373 root 19268 S pssExe
374 root 2632 S ssys
393 root 496 S /sbin/syslogd -m 0
397 root 1808 S sport_srv
398 root 1268 S sfib

556 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix A: Utilities

399 root 1496 S smfib


400 root 1180 S vctd
401 root 1268 S sfib
402 root 1268 S sfib
403 root 2472 S spf
404 root 1300 S svrrp
405 root 1380 S snetlink
406 root 1380 S snetlink
407 root 1380 S snetlink
408 root 1352 S slei
409 root 1360 S rtrd
410 root 2724 S sif
411 root 2032 S mstpd -d
412 root 1220 S lacpd
413 root 1668 S udldd
414 root 1400 S ethoamd
415 root 1120 S sdhcp
416 root 1120 S sdhcp
417 root 1120 S sdhcp
418 root 1364 S snetutil
419 root 1388 S smrd
420 root 1388 S smrd
421 root 1388 S smrd
422 root 2268 S sflow_mgr
423 root 1056 S mplsoam
424 root 4196 S snmpd -f -L -s udp:161
425 root 896 S saaa
426 root 1072 S sntp
427 root 3468 S osmd
428 root 3468 S osmd
429 root 3468 S osmd
430 root 2108 S zebos
431 root 2284 S ripd
432 root 2852 S bgpd
433 root 2320 S isisd
434 root 2584 S ospfd
443 root 1116 S /usr/sbin/sshd
448 root 848 S /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -reuse
450 admin 1096 S /bin/sh /usr/local/nbase/bin/adminsh
452 admin 5476 S /usr/local/nbase/bin/vtysh
457 admin 5476 S /usr/local/nbase/bin/vtysh
458 admin 5476 S /usr/local/nbase/bin/vtysh
473 admin 532 S more
474 admin 824 R ps aux
OS910#

January 2009 URL: http://www.mrv.com 557


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Top Processes and Memory


To view continually updated (automatically refreshed) memory and CPU usage by processes
running in the OS900:
1. Enter enable mode.
2. Invoke the command:
show top-processes
Example
OS900# show top-processes
top - 11:48:44 up 6 min, 1 user, load average: 0.03, 0.10, 0.06
Tasks: 82 total, 2 running, 80 sleeping, 0 stopped, 0 zombie
Cpu(s): 3.5% us, 3.9% sy, 0.0% ni, 92.6% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 257416k total, 94452k used, 162964k free, 10324k buffers
Swap: 0k total, 0k used, 0k free, 27764k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND


471 admin 15 0 2560 1068 832 R 5.5 0.4 0:00.09 top
1 root 16 0 2656 624 532 S 0.0 0.2 0:03.03 init
2 root 39 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
3 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 events/0
4 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 khelper
5 root 18 -5 0 0 0 S 0.0 0.0 0:00.00 kthread
6 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
7 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
8 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
10 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0
9 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
11 root 25 0 0 0 0 S 0.0 0.0 0:00.00 0000:00:18.0
12 root 15 0 0 0 0 S 0.0 0.0 0:01.35 mtdblockd
124 root 30 10 0 0 0 S 0.0 0.0 0:00.00 jffs2_gcd_mtd0
133 root 16 0 2656 472 376 S 0.0 0.2 0:00.17 klogd
136 daemon 21 0 1652 352 276 S 0.0 0.1 0:00.01 portmap
139 root 16 0 1696 468 344 S 0.0 0.2 0:00.00 cron
To exit the display, invoke the command exit or quit.

Multicast Destination MAC Addresses


To display the registered multicast MAC addresses of packets that will be forwarded to all hosts on
the network:
1. Enter enable mode.
2. Invoke the command show multicasts.
Example
OS900# show multicasts
indx interface_name dmi_u dmi_g dmi_address
2 eth0 1 0 01005e000001
5 vif90 1 0 01005e000001
OS900#

The example above shows such a destination MAC address (under the heading dmi_address)
common to the out-of-band interface eth0 and the inband interface vif90.

Frame Generator
Definition
Frame Generator is an application for creating and transmitting a Layer 2 type probe (frame).

558 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix A: Utilities

Purpose
To perform connectivity and reliability tests.

Actions
Configuring the Probe
Ony one probe can exist at any time. To configure a probe:
1. Enter configure terminal mode.
2. Enter Frame Generator mode by invoking the command:
rtr fg
3. Set the source address of the probe by invoking the command:
source MAC_ADDRESS
where,
MAC_ADDRESS: MAC address. Format: xx:xx:xx:xx:xx:xx
where x is a hexadecimal number.
4. Set the destination address of the probe by invoking the command:
destination MAC_ADDRESS
where,
MAC_ADDRESS: MAC address. Format: xx:xx:xx:xx:xx:xx
where x is a hexadecimal number.
5. Set the number of times the probe is to be sent by invoking the command:
count <0-10000000>
where,
<0-10000000>: Range of numbers of probes to be sent. To send an unlimited
number, select 0.
6. Set the time interval between any two successive probes (echo requests) by
invoking the command:
frequency <50-10000000>
where,
<50-10000000>: Range of time intervals between any two successive probes (in
milliseconds).
7. Set the pattern of the data portion of a probe frame by invoking the command:
pattern HEXLINE
where,
HEXLINE: A pattern of integral octets in hexadecimal code. For example, the
pattern 0fbf0aea8c is a hexadecimal code of 10 digits or 5 octets. Although the
pattern abcde is a hexadecimal code it is not valid since it is not an integral
number of octets.
8. Set the size of the data portion that is to include the pattern to be transmitted by
invoking the command:
request-data-size <52-9192>
where,
<52-9192>: Range of numbers of data octets after a header.
Note
If the pattern is longer than the size of the data portion, the pattern will
be truncated. If the pattern is shorter than the size of the data field, the
pattern will be repeated until the data portion is completely filled.

9. Select the egress ports of the source of the probe by invoking the command:
ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports.

January 2009 URL: http://www.mrv.com 559


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

10. (Optional) Select the DiffServ Level (SL) for the probe frame by invoking the
command:
sl <1-8>
where,
sl <1-8>: Range of SLs for the probe.
11. (Optional) Set a VLAN tag for the probe frame by invoking the command:
tag TAG
where,
TAG: Number in the range 1 to 4095.
12. (Optional) Set a VLAN Priority Tag (VPT) for the probe frame by invoking the
command:
vpt <0-7>
where,
<0-7>: Range of VPTs for the probe.

Running the Probe


To run the probe:
1. Enter Frame Generator mode by invoking the command:
rtr fg
2. Invoke the command:
start

Stopping the Probe


To stop a currently running SA PING process between the OS900 and another device, invoke the
command:
1. Enter the Frame Generator mode by invoking the command:
rtr fg
2. Invoke the command
stop

Debug Information
Purpose
The debug information utility is used to obtain debug information on System Events.

System Events
Examples of system events are: Link up, Link down, Interface up, Interface down.

Activating Display
To activate the display of system events on the CLI screen each time a system event occurs:
1. Enter enable mode.
2. Invoke the command debug event.

Deactivating Display
To deactivate the display of system events on the CLI screen:
1. Enter enable mode.
2. Invoke the command no debug event.

Linux Tasks
To view the Linux tasks being performed in real time:
1. Enter enable mode.

560 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix A: Utilities

2. Invoke the command:


show top-processes
To exit monitoring (and freeze the display), press Ctrl C .

Fan Control
General
Fan control applies to all OS900 models except OS906, OS912 and OS930, in which the fan/s
is/are set to run constantly.
The user can cause the cooling fan/s in an OS900 to be turned on and off at specific ambient
temperatures. In an environment having a suitable temperature, this capability can be used to run
the OS900 silently as well as to save on power.

Setting Fan-on and Fan-off Temperatures


To set the fan-on and fan-off temperatures:
1. Enter configure terminal mode.
2. To set the fan-on and fan-off temperatures in degrees
Celsius (Centigrade)
Invoke the command:
fan temperature <1-65> <1-65>
where,
<1-65>: (First appearance) Temperature (in oC) at which the fan/s is/are
to be turned on. Default: 60 oC.
<1-65>: (Second appearance) Temperature (in oC) at which the fan/s
is/are to be turned off. Default: 50 oC.
Example
OS900(config)# fan temperature 53 49
OS900(config)#
Fahrenheit
Invoke the command:
fan temperature fahrenheit <34-149> <34-149>
where,
<34-149>: (First appearance) Temperature (in oF) at which the fan/s
is/are to be turned on. Default: 140 oF.
<34-149>: (Second appearance) Temperature (in oF) at which the fan/s
is/are to be turned off. Default: 122 oF.
Example
OS900(config)# fan temperature fahrenheit 100 85
OS900(config)#

Viewing Fan-on and Fan-off Temperatures


To view the ambient temperatures at which the cooling fan/s is/are to be turned on and off:
1. Enter enable mode.
2. Invoke the following command:
show fan
Example
OS900(config)# exit
OS900# show fan

Fan Configuration:
------------------

January 2009 URL: http://www.mrv.com 561


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Fan On Temperature: 60C / 140F


Fan Off Temperature: 50C / 122F
OS900#

Default Fan-on and Fan-off Temperatures


To set the fan-on and fan-off temperatures to the default values:
1. Enter configure terminal mode.
2. Invoke the following command:
no fan temperature
Example
OS900(config)# no fan temperature
OS900(config)#

562 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix B: Cable Wiring

Appendix B: Cable Wiring

RJ45 Connector DB-9 Connector


Signal Pin Pin Signal
TxD 3 2 RxD

Gnd 4, 5 5 Gnd

RxD 6 3 TxD

OS900
Figure 62: Null-Modem RS-232 Cable Wiring

Figure 63: Ethernet Straight Cable Wiring

Figure 64: Ethernet Cross Cable Wiring

January 2009 URL: http://www.mrv.com 563


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

564 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix C: Cleaning Optical Connectors

Appendix C: Cleaning Optical


Connectors
General
Intrusions (e.g., dust, grease, etc.) at the interface of two optical fibers, such as at a pair of coupled
connectors, attenuate the signal through the fiber. Consequently, optical connectors must be clean
before they are coupled with other connectors.

Tools and Equipment


Following are tools and equipment required for cleaning connectors.
• Dust caps
Caps for protecting the connector from intrusions. A cap is usually
made from flexible plastic. When placing a cap over a connector, avoid
pressing it against the fiber ferula surface in the connector so as to
prevent contamination.
• Isopropyl alcohol
Solvent for contaminants.
• Tissues
Soft multi-layered fabric made from non-recycled cellulose.

Procedure
The procedure for cleaning connectors is as follows:
1. If no stains are present, using a new clean dry tissue, gently rub, in small circular
motions, the exposed fiber surface and surrounding area in the connector to
remove dust.
2. If stains are present, moisten a new clean dry tissue with isopropyl alcohol and
gently rub, in small circular motions, the exposed fiber surface and surrounding
area in the connector to remove the stains.
3. Using a new clean dry tissue, gently rub, in small circular motions, the exposed
fiber surface and surrounding area in the connector to remove the dissolved stains
and excess isopropyl alcohol.
4. If a connector is not to be coupled with another immediately, cover it with a dust
cap.

January 2009 URL: http://www.mrv.com 565


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

566 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix D: Troubleshooting

Appendix D: Troubleshooting

The troubleshooting procedure here is on the operative level and is given in Table 26, below. Read
the entries in the column Problem until you reach the problem that applies to the OS900. Then
perform the corrective action(s) appearing in the same row. If the problem persists, note the status
of all the LEDs and consult your MRV representative.
Table 26: Startup and Operation Troubleshooting

Row Problem Probable Cause Corrective Action


1 LED PWR Power into the OS900 1. Press Pushbutton PWR continuously
ON-Amber system was shutdown for at least 2 seconds.
due to continuous
pressing of Pushbutton
PWR for at least 2
seconds.
2 LED PWR No power at the 1. Ensure that the power cord is securely
OFF entrance to the OS900 connected to the power source output
system from a Power and to the Power Supply in the OS900.
Supply. 2. Ensure that power is present at the
power source output.
3. Ensure that the power cord of Power
Supply is not damaged.
3 LED TMP Insufficient cooling air. 1. Verify that no obstacles to
ON-Amber cooling air flow are present
around the OS900.
2. Verify that the fan is running.
4 LED TMP No power into the 1. Ensure that the actions in Rows 1 to
OFF OS900 system. 3, above, have been performed.
5 LED TR Management station Perform PING. If there is no response from the
OFF not connected. management station, do the following:
1. Verify that connection of the OS900 to
the Ethernet LAN, to which the
management station is connected, is OK.
2. Management station is connected to the
Ethernet LAN.
3. The management station is correctly
setup and operational.
4. If the management station is a craft
terminal, set the baud rate for the
craft terminal to 9600 baud.
5. Verify that the network exists in the
routing table.
6. Check the default gateway.
7. Flush the ARP table with the CLI
command (since the ARP table may
contain outdated information).

January 2009 URL: http://www.mrv.com 567


OS900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Table 26: Startup and Operation Troubleshooting

Row Problem Probable Cause Corrective Action


6 L LED OFF No Ethernet link Electrical Port (10/100/1000Base-T Port):
integrity signal being 1. Verify that the cable connecting the
received. OS900 port to the network is securely
connected at both ends and is
undamaged.
2. Enter configure terminal mode and
enable the port using the following CLI
command:
port state enable
3. If the port is connected to a DTE (e.g.,
PC, workstation, etc.), make sure the
DTE is powered on and the NIC is OK.
(The NIC can be checked by running a
diagnostic test with the software supplied
by the vendor.)
4. Temporarily attach the cable to another
OS900 port to determine whether the
port is faulty.
Fiberoptic Port (100/1000Base-X Port:
1. For each cable fiber, ensure Tx
Rx interconnection.
2. Verify that the cable connecting
the OS900 port to the network is
securely connected at both ends
and is undamaged.
3. Enter configure terminal
mode and enable the port using
the following CLI command:
port state enable
4. Clean the fiberoptic connectors
of the cable and OS900 port as
described in Appendix C:
Cleaning Optical Connectors,
page 565.
5. Ensure that the cable type
(singlemode or multimode) is
right and the attenuation and
length are such that the power
budget is not exceeded.
6. Temporarily attach the cable to
another OS900 port to determine
whether the port is faulty.
7 A LED OFF DTE(s) not 1. Ensure that L LED is on,
transmitting to/via port. possibly by performing the
actions described in row 7.
2. Make sure the DTE(s) are
powered on.
8 No Access restricted to 1. Verify correctness of user name and
manageme administrator password, including case of letters.
nt access password 2. Enter admin for username.

568 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix E: Packet Processing Stages

Appendix E: Packet Processing


Stages
Ingress

Figure 65: Ingress Packet Processing Stages

Egress

Figure 66: Egress Packet Processing Stages

Ingress ACL 1 is for ACLs bound using access-group within a VLAN interface or to a port using
port access-group [PORT].
Policing 1 is for TC actions in ACLs from ‘Ingress ACL 1’.
Ingress ACL 2 is for ACLs bound to a port as a second ACL using port access-group extra
[PORT].
Policing 2 is for TC actions in ACLs from ‘Ingress ACL 2’.

January 2009 URL: http://www.mrv.com 569


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

570 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix F: Product Specification

Appendix F: Product
Specification

Services and Interfaces OS904 OS906 OS910 OS912

MEF Services and Certifications EPL, E-Line, EPL, E-Line, EPL, E-Line, EPL, E-Line,
E-LAN, E- E-LAN, E- E-LAN, E- E-LAN, E-
Tree, MEF 9, Tree, MEF 9, Tree, MEF 9, Tree, MEF 9,
14 14 14 14

Non-blocking architecture
Wire-speed forwarding

All ports can serve as UNI/ENNI

10/100/1000Base-T 8

10/100/1000Base-T or 100/1000Base- 2 6 12
X SFP

100/1000Base-X SFP 2 2

Hot-swappable SFP Optics Short/Long- Short/Long- Short/Long- Short/Long-


haul, Multi- haul, Multi- haul, Multi- haul, Multi-
rate, BX & rate, BX & rate, BX & rate, BX &
WDM WDM WDM WDM

Power Supply (AC = A, DC = D, Dual- A, D A, D, 2A, 2D A, D, 2A, 2D 2A, 2D


redundancy = 2)

Hardware

10/100/1000Base-T ports Auto-MDI/MDIX

Learn Table MAC, Up to 16K entries capacity, Limitable per VLAN/port

Jumbo Frame Lengths Supported Up to 16K bytes, on all ports


(max)

Packet Buffer Automatically managed

Environmental-Temperature Sensor Built-in

Operation

Performance Non-blocking, wire-speed on all ports

MTBF:

OS904/AC-1 283,000 hr @ 25 °C (77 °F)

OS904/DC-1 459,892 hr @ 25 °C (77 °F)

OS906/AC-1 161, 021 hr @ 25 °C (77 °F)

OS906/AC-2 237,510 hr @ 25 °C (77 °F)

January 2009 URL: http://www.mrv.com 571


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS906/DC-1 386,477 hr @ 25 °C (77 °F)

OS906/DC-2 468,893 hr @ 25 °C (77 °F)

OS910/AC-1 220,733 hr @ 25 °C (77 °F)

OS910/AC-2 380,000 hr @ 25 °C (77 °F)

OS910/DC-1 463,503 hr @ 25 °C (77 °F)

OS910/DC-2 505,749 hr @ 25 °C (77 °F)

OS910-M 240,353 hr @ 25 °C (77 °F)

OS912-AC-2 252,266 hr @ 25 °C (77 °F)

OS912-DC-2 317,196 hr @ 25 °C (77 °F)

OS930/AC-2 540,353 hr @ 25 °C (77 °F)

Switching Services

IEEE 802.1Q and IEEE802.1ad 4K active VLANs (max)


provider bridges: Q-in-Q stacking (per port/VLAN)
VLAN translation and mapped modes (per port/VLAN)

Layer 2 Control Protocol Tunneling BPDU, CDP, VTP, PVST+, etc.


70
Media Cross Connect™ Software-controlled, transparent, no MAC address learning

Multicast Services IGMP v1 and v2, IGMP snooping (IPv4 and IPv6 MLD
snooping), Multicast join lists per port/VLAN (1k multicast
groups per system), Static multicast range set

Protection Automatic Optical switching on network interfaces (1:1)


IEEE802.3ad Link Aggregation (1 + 1)
IEEE 802.1s Multiple Instance STP with compatibility to IEEE
802.1w and IEEE 802.1d STPs
Loop prevention at ports without the use of STP
Link flap guard, Port protection, BPDU storm guard

Traffic Management Services (MEF Compliant)

Inbound & Outbound traffic Per flow management

Classification By physical port, MAC, Ethertype, VLAN, IP/TCP/UDP, IEEE


802.1p VPT, DiffServ (IPv4 & IPv6 TC), MPLS label EXP bits

QoS Marking/remarking Per Service Level according to L2 IEEE 802.1p VPT, MPLS L2+
EXP, L3 DSCP, or MPLS EXP

CoS 8 hardware queues per port & configurable CoS adaptive buffer

In-profile and out-of-profile service per UNI, CoS, EVC


counter sets

Class-aware rate limit Dynamic bandwidth reuse between mapped classes,


Hierarchical-QoS model with CIR/CBS metering

70
An MRV advanced patch-panel function technology

572 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix F: Product Specification

Tunneling Layer 2 Services

Q-in-Q Mapped mode or translation

Layer 2 VPN Martini MPLS pseudo-wire

MPLS VC For direct connection into MPLS domains or


H-VPLS MTU-s.

IP Services

IGP and EGP routing using Master-OS™

DHCP Server/Client (using BOOTP)/Relay/DHCP Option 82

Security

CPU DoS protection (Frame rate control, Dedicated queues)

Wire-speed Access Control Lists (L2-3-4: from frame to application layer)

MAC, ARP, and BPDU filtering

Rate limit protection for Unicast/Multicast/Broadcast packets

IEEE 802.1x*

Software-based NAT/NAPT & Stateful Firewall*

Security thresholds for L2 statistics counters

Filtering rules for control protocols (e.g., BPDU, CDP, VTP, PVST+, etc.) without the need for
ACLs or STP operation for BPDUs blocking

Management & Diagnostics Tools

Industry Standard CLI

Out-of-band Ethernet management – EIA-232 console

Out-of-band Ethernet management – Dedicated Ethernet RJ45 port

TELNET, SSH v2, SNMPv3, RMON (4 groups), Secure Copy

View-based Access Control Model (VACM)

Port mirroring - ingress and egress traffic to analyzer port

Remote mirroring per ACL (port/service/flow) to analyzer VLAN

PING, Traceroute, DNS lookup, TCP dump (built-in LAN analyzer)

Management ACL for trusted connections (TELNET, SSH, SNMP)

Option to block SNMP/CLI access

Hierarchical Administration policy

RADIUS and TACACS+ Authentication, Authorization, and Accounting (AAA)for management


sessions

Configuration load/save via FTP and Secure Copy (SCP)

January 2009 URL: http://www.mrv.com 573


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Network Time Protocol (NTP)

Logging Syslog (Local and Remote)

Scripting tool for macro configurations and maintenance

Scheduler for execution of administrator-specified commands at administrator-preset times

Save mode for multiple configuration files

Extended statistics per port on a trunk

Show mode extensions (partition version/number/size)

BOOTP extensions (broadcast, timeout, out-of-band Ethernet interface option)

Bridging function for out-of-band Ethernet interface

OAM - Service Assurance Tools

Enhanced performance monitoring and SLA management


- Local and Remote hardware-based loopback functionality
- Per-VLAN loopback & MAC swapping
- Enhanced Latency/Jitter measurement (QoS Verification)
- Alarming control

End-to-end service OAM


- Connectivity Fault Management – IEEE 802.1ag (MEP/MIP)
- Performance Measurement ITU Y.1731 (latency, jitter, and loss with
microsecond accuracy)
- RFC 2544 Internal Traffic Generator for measuring and reporting
performance characteristics for throughput rates of up to 1 GigabitE
- Generation of synthetic traffic with rates of up to 1 GE based on Y.1731
- Private MIB extending Y.1731 (last result table and CCM fault/clear
trap)
- Response Time Reporter for IP services
- IEEE 802.3ah OAM for Ethernet in the First Mile (EFM):
Auto discovery, Dying gasp, SNMP trap, and Loopback
- Discovery Link Fault/Critical Dying Gasp
- Physical Layer OAM (Virtual Cable Diagnostics)
Optical signal level monitoring (for SFP SFF-8472)
Copper TDR on 10/100/1000Base-T ports
- Remote failure notification
Link-Integrity Notification (LIN)
Dying Gasp
- OAM CCM binding for service protection

Power Consumption (Max)

OS904/AC-1 110 Vac, 0.14 A or 220 Vac, 0.07 A (15 W)

OS904/DC-1 0.69 A (25 W)

OS906/AC-1 110 Vac, 0.25 A or 220 Vac, 0.13 A (27 W)

OS906/AC-2 110 Vac, 0.35 A or 220 Vac, 0.18 A (39 W)

OS906/DC-1 0.69 A (25 W)

574 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix F: Product Specification

OS906/DC-2 0.92 A (33 W)

OS910/AC-1 110 Vac, 0.25 A or 220 Vac, 0.13 A (25 W)

OS910/AC-2 110 Vac, 0.35 A or 220 Vac, 0.18 A (39 W)

OS910/DC-1 0.69 A (25 W)

OS910/DC-2 1.1 A (39 W)

OS910-M

Fully Loaded (Max) 60 W

Basic 27 W

4 x SFPs 2W

2 x EM9-CES-4E1C Modules 16 W

OS912-AC-2 110 Vac, 0.35 A or 220 Vac, 0.18 A (39 W)

OS912-DC-2 1.1 A (39 W)

OS930/AC 90 to 240 Vac (70 to 110 W)

OS930/DC -36 to –72 Vdc (70 to 110 W)

Ports

10/100/1000Base-T:

Interface Fixed

Purpose Connection to Ethernet/Fast Ethernet/Gigabit Ethernet DTE or


DCE

Number

OS904 2

OS906 6

OS910 8

OS910-M 8

OS912 12

OS930 –

Connector:

Type RJ45, female, 8-pin, shielded

Pinout Auto-MDI/MDIX, i.e., each port can be connected to an


Ethernet MDI or MDIX port with a straight or cross-over
cable since the port automatically configures itself to suit
the cable type and co-port interface.

Cabling:

Length (max) 100 m (~ 330 ft)

Type Category 5

January 2009 URL: http://www.mrv.com 575


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Connector RJ45 male 8-pin shielded

10/100/1000Base-X:

Interface Hot-swappable SFP

Purpose Connection to uplink Fast Ethernet/Gigabit Ethernet DTE or DCE

Number (max)

OS904 4

OS906 6

OS910 2 (Ports 9 and 10)

OS910-M 2 (Ports 9 and 10)

OS912 12

OS930 –

Connector Type: Dual, female, LC (usually)

Cabling:

Length (max) Per the SFP

Type Per the SFP

Connector Dual, male, LC (usually)

10 Gbps Ethernet:

Interface Hot-swappable XFP

Purpose Connection to uplink 10 Gbps Ethernet DTE or DCE

Number (max)

OS930 3

Connector Type: Dual, female, LC (usually)

Cabling:

Length (max) Per the XFP

Type Per the XFP

Connector Dual, male, LC (usually)

Management Console (Serial over RS-


232) – CONSOLE EIA-232:

Purpose Craft terminal (ASCII, e.g., VT100) connection

Number 1

Connector:

Type RJ45, female, 8-pin

Pinout 3 TxD; 4 Gnd; 5 Gnd; 6 RxD (Pins 1, 2, 7, and 8 not used)

Cabling:

576 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix F: Product Specification

Length 15 m (~ 50 ft)

Connector RJ45, male, 8-pin

Management via 10/100Base-TX


Ethernet – MGT ETH:

Purpose NMS connection

Number 1

Connector:

Type RJ45, female, 8-pin

Pinout MDI (1 Tx+; 2 Tx-; 3 Rx+; 6 Rx-)

Cabling:

Length Up to 100 m (328 ft)

Type Category 5, Cross-wired (as shown in


Figure 64, page 563)

Connector RJ45, male, 8-pin

LEDs

Global Status PWR – System power; RST or PRP – Reset; TMP or TEMP
– Temperature, PS1 – Power Supply 1 power, PS2 –
Power Supply 2 power, FAN – Internal fans status

Port Status L&A – Link integrity/Activity, L – Link integrity, A – Link


Activity

Pushbuttons

Power PWR – used to power ON/OFF the OS900

Reset RST – used to reset the OS900

Environmental
71
Temperature :

Testing Standard ETSI EN300-019, Class 3.1

Operating 0 to 45 °C (32 to 113 °F)

Storage -25 to +70 °C (-13 to 158 °F)

Humidity (non-condensing) 10 to 85%

Dust Less than 106 particles/m3 (~ 30,000 particles/ft3)

Physical

Dimensions (W x H x D):

OS904/AC-1, OS904/DC-1 219.6 x 43.65 x 265 mm 3


3
[8.45 x 1.72 x 9.45 in ]

71
In even more extreme weather conditions (e.g., UV radiation, rain, dust, humidity, corrosion, etc.), OS900s can be
housed in MRV’s weather-proof Outdoor Cabinets.

January 2009 URL: http://www.mrv.com 577


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

OS906/AC-1, OS906/DC-1 219.6 x 43.65 x 265 mm 3


3
[8.45 x 172 x 9.45 in ]

OS906/AC-2, OS906/DC-2 443 x 43.65 x 204 mm 3


3
[17.4 x 1.72 x 8.03 in ]
3
OS910/AC-1, OS910/DC-1, 214.6 x 43.65 x 240 mm
3
OS910/DC-2 [8.45 x 1.72 x 9.45 in ]

OS910/AC-2 316.6 x 43.65 x 240 mm 3


3
[12.45 x 1.72 x 9.45 in ]

OS910-M 443 x 43.65 x 315 mm 3


3
[17.44 x 1.72 x 12.4 in ]

OS912-AC-2, OS912-DC-2 443 x 43.65 x 204 mm 3


3
[17.4 x 1.72 x 8.03 in ]

OS930 443.6 x 43.65 x 290 mm 3


3
[17.48 x 1.72 x 11.42 in ]

Weight (max):

OS904, OS906, OS910, OS912:

With 1 PS 1.3 kg (2.87 lb)

With 2 PS 1.6 kg (3.52 lb)

OS910-M:

Without PS 2.45 kg (5.39 lb)

With 1 PS 2.76 kg (6.07 lb)

With 2 PS 3.06 kg (6. 73 lb)

OS930:

Without PS 2.61 kg

With 1 PS 3.4 (7.5 lb)

With 2 PS 4.19 (9.22 lb)

Mounting Desktop, wall, or 19-inch (482.6 mm) or 23-inch (584.2 mm) rack
per the ETSI 300-019 standard, class 3.1. No clearances
required between units.

Management

Web-Based Using MegaVision ® management application or MIB Browser

SNMP Using MegaVision ® management application or any other SNMP


manager

TELNET Using a TELNET station

Serial/RS-232 Using craft terminal (e.g., VT100 Terminal or PC with ASCII


terminal/emulator software)

IP Address Management DHCP

578 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix F: Product Specification

Accessories

Rack-Mount Two brackets for mounting in a 19-inch or 23-inch rack

Compliance

Safety Designed to comply with UL 1950; CSA 22.2 No. 950; FCC Part
15, Class B; 2004/108/EC, 2006/95/EC, RoHS

Operation

IETF UDP – RFC 768


TFTP – RFC 783
IP – RFC 791
ICMP – RFC 792
TCP – RFC 793
ARP – RFC 826
Multi-session TELNET – RFC 854
Transmission of IP Datagrams over Ethernet Networks – RFC
894
FTP – RFC 959
IGMPv1 – RFC 1112
Host Requirements – RFC 1122
Structure and Identification of Management Information for
TCP/IP-based Internets – RFC 1155
SNMP v1 – RFC 1157
Concise MIB Definitions – RFC 1212
MIB II (all objects) – RFC 1213
Trap Convention – RFC 1215
Ethernet-like statistics MIB – RFC 1284
The MD5 Message-digest Algorithm – RFC 1321
CIDR – RFC 1519
DNS client – RFC 1591
Ethernet MIB – RFC 1643
per-port RMON IEEE 802.1: Ethernet statistics (Group 1),
History (Group 2), Alarm (Group 3), and Event (Group 9) – RFC
1757
Structure of Management Information for SNMPv2 – RFC 1902
SNMPv2 – RFC 1907
IP MIB – RFC 2011
TCP MIB – RFC 2012
UDP MIB – RFC 2013
SNTP – RFC 2030
Entity MIB – RFC 2037
BootP and DHCP Relay (UDP Relay) – RFC 2131
IGMP v2 – RFC 2236
Network Ingress Filtering – RFC 2267
Opaque LSA support – RFC 2370
MD5 peer password authentication – RFC 2385
A Provider architecture for DiffServ and TE – RFC 2430
DiffServ of DS field in IPv4 & IPv6 headers – RFC 2475
SNMPv3 – RFC 2571, 2572, 2573, 2574, 2575
Assured Forwarding DiffServ PHB Group – RFC 2597
Expedited Forwarding DiffServ PHB Group – RFC 2598
Definitions of Managed Objects for the Ethernet-like Interface
Types – RFC 2665
VRRP MIB (All objects except VRRP Router Statistics
(vrrpRouterChecksumErrors, vrrpRouterVersionErrors,

January 2009 URL: http://www.mrv.com 579


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

vrrpRouterVrIdErrors, and vrrpRouterStatsTable) and Trap


Definitions) – RFC 2787
RMON MIB – RFC 2819
The Interfaces Group MIB – RFC 2863
RADIUS Authentication – RFC 2865
RADIUS Accounting – RFC 2866
Management SLA MIB – RFC 2925 (Only for SA PING)
DiffServ PHB identification codes – RFC 3140
BSD Syslog – RFC 3164
AF-PHB Group – RFC 3246
IGMP Ver. 3 – RFC 3376
SNMP version 3 Framework – RFC 3410
An Architecture for Describing SNMP Management Frameworks
– RFC 3411
Message Processing and Dispatching for SNMP – RFC 3412
SNMP Applications – RFC 3413
User-based Security Model (USM) for SNMPv3 – RFC 3414
View-based Access Control Model (VACM0 for SNMP – RFC
3415
Version 2 of the Protocol Operations for SNMP – RFC 3416
Management Information Base (MIB) for SNMP – RFC 3418
OSPF (All read-only objects except ospfRouteGroup, Address
range Table, OSPF Host Table, Conformance information) – RFC
1850
RIPv2 (All read-only objects in the RIP Interface Status table
(rip2IfStatTable, RIP Interface Configuration Table
(rip2IfConfTable), and Peer Table (rip2PeerTable) – RFC 1724
BGP4 – RFC 1657

Private MIBs Dev-cfg NbDevRouterSaveConfig.


Objects in the Device’s Power Supplies
Group (NbsDevPS)
Gswitch1 All objects (read-only)
Nstack Objects in the Stack Information Group
(nbsStackSlotCapacity,
nbsStackSlotsTableSize,
nbsStackPortsCapacity,
nbsStackSlotPortsCapacity)
Objects in the Slot Information Group
(nbsStackSlotTable)
rt-cfg All objects except Objects in the Device
Virtual Interface Table (old)
Switch1 All objects except nbSysSnmpCfg,
nbSysTrapEntry.
OaSwitch All objects
Tcgroup All objects
OaDhcp All objects
OaSlStat All objects
NBETHOAM.MIB All objects.
(Private extension of the DOT1AG.MIB).

ITU ITU-T Y.1307.1 – Ethernet Private Line Service


ITU-T WDM grid – Optical Service
ITU-T grid (G.694.2) – Wavelengths with 20 nm spacing for
CWDM
ITU-T grid (G.694.1) – Wavelengths with 100 GHz or 200 GHz
spacing for DWDM

580 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix F: Product Specification

IEEE IEEE 802.3 Ethernet


IEEE 802.3u Fast Ethernet
IEEE 802.3z Gigabit Ethernet (1000Base-SX/LX)
IEEE 802.3ae 10 Gigabit Ethernet
IEEE 802.3ab Gigabit Ethernet Copper
IEEE 802.3ad Link Aggregation
IEEE 802.3ah Ethernet in the First Mile
IEEE 802.1D Bridging and Spanning Tree
IEEE 802.1p Layer 2 priority QoS Support
IEEE 802.1Q VLAN Tagging
IEEE 802.1w Rapid STP
IEEE 802.1s Multiple-instance STP
IEEE 802.1x Port-based Network Access Control
IEEE 802.1ad Provider bridges – Q-in-Q stacking per VLAN/port

* Future implementation

January 2009 URL: http://www.mrv.com 581


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

582 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix G: Release Notes for Firmware Version

Appendix G:Release Notes for


Firmware Version 3.1.2
Introduction
Firmware Version 3.1.2 is the new official MPLS MasterOS software release for the OS900
models. It supports Layer 2, Layer 2+, and Layer 3 functionality.

Models Supported
OS900s with firmware version 3.1.2 have two image files.
The image file OS900-3_1_2.ver supports the following OS900 models:
OS904
OS906 (with single and dual AC or DC power supplies)
OS912 (with single and dual AC or DC power supplies)
The image file OS900P-3_1_2.ver supports the following OS900 models:
OS910 and the old OS912 devices (with single and dual AC or DC power supplies).
OS910-M – modular demarcation
OS930 – 10GE demarcation
Note: New OS906 and OS912 models are designated with a “dash”, i.e., OS912-.
Old OS906 and OS912 models are designated with a “slash”, i.e., OS912/.

Software Components Versions


OS900-3.1.2.ver file
Global version: 3.1.2
Kernel version: 2.6.12.6-arm1 #373
Driver version: v1.4 mvPp s7118
Routing protocols package (ZebOS) version: 5.2

OS900P-3.1.2.ver file
Global version: 3.1.2
Kernel version: 2.6.15
Driver version: v1.4 mvPp s7117
Protocols package (ZebOS) version: 5.2

Hardware Requirements
Minimum Requirements for OS904, OS906, and OS912:
CPU: FER05181, 400 MHz with 32 MB Flash and 128 MB DRAM memory.
Minimum Requirements for all other OS900 devices:
CPU: MPC8245, 266 MHz with 64 MB Flash and 256 MB DRAM memory.
Device hardware version: 1 or later for OS904, OS906, and OS912.
Device hardware version: 3 or later for OS910 and the old OS912.
Device hardware version: 1 or later for OS910-M and OS930.

January 2009 URL: http://www.mrv.com 583


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Determining the Software version


To determine the version of the software currently running on the OS900, log into the OS900 and
invoke the CLI command show version.

Upgrade Procedure
Requirement
In order to upgrade an OS900 unit, its associated activation key is required.
To receive the activation key, email your request to [email protected].

Procedure
To upgrade/download the OS900 image from a version that is lower than 1.0.11 to version 3.1.2,
the OS900 image must first be upgraded to version 1.0.11. The image must then be run (by
rebooting) and only then the version 1.0.11 may be upgraded to version 3.1.2.
To upgrade the OS900 with a new firmware version use the following procedure:
1. Log into the OS900.
2. Enter enable mode.
3. Invoke the command:
upgrade ftp FTP-SERVER REMOTE-DIR REMOTE-FILENAME [USERNAME]
[PASSWORD]
4. In response to the prompt:
Enter activation key recieved from MRV:
Type in the activation key (12-characters long)
5. Wait until the completion of the upgrade process, which may last a few minutes.
6. In response to the prompt:
Would you like to reboot the system now ? (y|n)
If you want to run the new image now, type y.
If you want to run the new image at the next reboot and let the previous image keep running in
the meantime, type n.

Features Supported
Layer 1 Features
Virtual Cable Test
SFP Digital Diagnostics
Jumbo frames
Port mirroring
Port protection
Port reflection (LIN)
Port advertise capabilities for speed and duplexity

Layer 2 Bridging Features


Layer 2 transparent bridging
Layer 2 MAC learning and switching by hardware
Layer 2 Aging
Up to 16000 MAC addresses
Multiple Spanning Tree Protocol (MSTP)
BPDU Tunneling
L2 protocol tunneling of CDP, STP, VTP, PVST+
Learning table limit per VLAN/port

584 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix G: Release Notes for Firmware Version

Link Aggregation (Etherchannel)


Link Aggregation Control Protocol (LACP)
UniDirectional Link Detection (UDLD)
Hash configuration function for Link Aggregation.
Statistics of L2 protocols such as STP, LACP, and IEEE 802.3ag
Drop Broadcast/Multicast IPv4/IPv6/Non-IP packets

Virtual LAN (VLAN) Features


4K 802.1Q-based VLANs
IEEE 802.1ad – Q-in-Q (VMAN)
Protected-ports (Private VLAN)
Hybrid Ports

Routing Features
Wirespeed L3 forwarding
Routing Information Protocol (RIP I & RIP II)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP-4)
ISIS
Secondary addressing
Static routes
Black hole routes
Dummy Interfaces
Virtual Router Redundancy Protocol (VRRP)

Multicast
IGMP Snooping (v1, v2).
Static multicast forwarding.

Management Features
Out of band management
Command Line Interface (CLI) – through Serial, TELNET, or SSH (Protocol Versions 1 & 2).
Console disable
Simple Network Management Protocol (SNMP) versions 1, 2, and 3.
View-Based Access Control Model (VACM)
Remote Monitoring (RMON) - 4 groups
RADIUS authentication for management
TACACS+ authentication for management
Advanced management access control
Upload/Download/Append of configuration file with FTP & SCP
Copy Paste of configuration
Time of day + Calendar + Time zone
Internal Syslog + Remote Syslog

QoS Features
DiffServ – 8 Service levels
Trust Mode L2 / L3 / L2+L3 / Port
VPT & DSCP Marking
Traffic conditioners
Single Leaky-bucket policers
2 Conformance levels (green, red)

January 2009 URL: http://www.mrv.com 585


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Ingress shaping per queue per port


Egress shaping per queue per port
Accounting
Ingress and Egress Access Lists
Multiple actions in a single Access List rule
Service level accounting
Port priority
Strict Priority (SP) and shape-deficit Weighted Round Robin (WRR) Scheduling mechanisms
HQoS up to 8 levels
Broadcast/Multicast/Unknown/TCP-syn flood limiting
Statistics per port/service-level

Service Assurance
Round Trip Reporter (RTR)
Frame generator

802.1ag and ITU-Y.1731


CCM packets with variable duration
Loopback
Delay Measurement
Link-Trace
RDI
History of 802.1ag and ITU-Y.1731 loopback and delay-measurement
Link Protection and Link Reflection based on 802.1ag
Scheduler support for all 802.1ag and ITU-Y.1731 CLI commands

Additional Protocols & Features


Internet Control Message Protocol (ICMP)
Internet Group Management Protocol (IGMP)
Proxy Address Resolution Protocol (Proxy ARP)
Linux Shell
Domain Name Server (DNS) Client
Network Time Protocol (NTP)
CLI/Linux shell Commands Scheduler
Cross Connect mode
Bootstrap Protocol (BOOTP).

MPLS features – LER function


Layer 2 MPLS-based VPN: Draft-Martini (Pseudowire)
Label Distribution Protocol (LDP)
Constrained Routing Label Distribution Protocol (CR-LDP)
Resource Reservation Protocol with Traffic Engineering (RSVP-TE)
OSPF-TE, CSPF
E-LSP
Hierarchical Virtual Private LAN Service (H-VPLS)
H-VPLS Spoke MTU-s with dual-homing and MAC withdraw TLV messages
MAC withdraw

586 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix G: Release Notes for Firmware Version

Supported MIBs
MIB RFC or Supports Description
Private
Dev-cfg Private NbDevRouterSaveConfig Device General Configuration
Objects in the Device’s Power Device’s Power Supplies
Supplies Group (NbsDevPS)
Ethernet RFC 1284 Ethernet-like statistics group Ethernet statistics including
multicast, collision, undersize,
and oversize.
Gswitch1 Private All objects (read-only) Contains information necessary
to configure/describe a port
configuration.
Nstack Private Objects in the Stack Information Contains information necessary
Group (nbsStackSlotCapacity, for device structure including port
nbsStackSlotsTableSize, (copper/SFP) VCT and port VCT
nbsStackPortsCapacity, test.
nbsStackSlotPortsCapacity)
Objects in the Slot Information
Group (nbsStackSlotTable)
Mib II RFC 1213 All objects Contains information necessary
for managing TCP/IP-based
internets.
RMON RFC 1757 Ethernet Statistics, History, Alarm, Contains information necessary
Event for the RMON groups Ethernet
Statistics, History, Alarm, Event
rt-cfg Private All objects except Objects in the Contains information about
Device Virtual Interface Table (old) Device Interface Table including
name and secondary interface,
and limits number of interfaces of
all types.
Switch1 Private All objects except nbSysSnmpCfg, Contains information about port
nbSysTrapEntry. tag outbound mode.
OaSwitch Private All objects Contains information on Device
Layer-2 Configuration and MAC
Address Table of the Device
Tcgroup Private All objects Contains information on traffic
conditioner counters. It is similar
to the information provided in the
tc-counters-group mode.
OaSlStat Private All objects Contains information about SL
and status
DOT1AG.MIB RFC 2863 All objects (read only). Contains information on the
Connectivity Fault Management
module for management per
IEEE 802.1ag, Draft 8.
NBETHOAM.MIB Private All objects. (Private extension of Supports groups of IEEE 802.1ag
the DOT1AG.MIB). and ITU-T Y.1731.

New Features Introduced in this Version


• MPLS features
− Label Distribution Protocol (LDP)
− Constrained Routing Label Distribution Protocol (CR-LDP)
− Resource Reservation Protocol with Traffic Engineering (RSVP-TE)
− Virtual Private Networks (VPNs) – Martini draft
− Hierarchical Virtual Private LAN Service (H-VPLS)
− E-LSP

January 2009 URL: http://www.mrv.com 587


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

− H-VPLS Dual Homing


− MAC withdraw as per H-VPLS specifications
• Supported RFC’s:
− RFC 3031 MPLS Architecture
− RFC 3032 MPLS Label Stack Encoding
− RFC 3036 LDP specifications
− RFC 3037 LDP Applicability
− RFC 3063 MPLS loop prevention mechanism
− RFC 3209 Extentions to RSVP for LSP
− RFC 3210 Applicability statement for extentions to RSVP for LSP tunnels
− RFC 3212 CR-LDP
− RFC 4762 VPLS Using Label Distribution Protocol (LDP) Signaling
• Supported IETF Drafts:
− draft-IETF-L2circuit-trans-MPLS-08
− draft-IETF-L2circuit-encap-MPLS-04
− draft-IETF-PWE3
− draft-IETF-ppvpn-vpls-ldp (H-VPLS spoke PE-r)
− draft-IETF-MPLS-lsp-ping-09
• Added new CLI command for SNMP link trap parameters
link-trap-parameters (all|cisco|ietf|legacy)
For full details and configuration examples refer to the OS900 Series User Manual.

Features Introduced in Older Versions


Version 2.1.2
• Support for the new OS906 (with single and dual power supplies).
• Support for the new LD OPN1600-8C2 switch module.
• Link OAM 802.3ah passive mode for OS900.
Support for autodiscovery, Dying Gasp & SNMP trap, and remote loopback. The loopback
swaps the source MAC address with the destination MAC address. For full details and
configuration examples refer to the OS900 User Manual.
• Analyzer VLAN for the new OS912 can now be configured using:
OS912C(config-boot)# analyzer-vlan
This CLI command is in the boot mode so that reboot must be done for it to take effect.
Note: If analyzer VLAN is configured on Port 10 of the OS912 the internal port 10 will cease to
exist after reboot, so that “extra ACL” and “ingress shaping” cannot be applied to this port.
• Performance Measurement (Y.1731) extension with microsecond accuracy.
Note: To support this feature, upgrade to fpga version 0x19 is required.
For full details and configuration examples refer to the OS900 User Manual.
• Generation of synthetic (internally-produced) traffic of rates of up to 1 GigE based on Y.1731
Performance Management
Note: To support this feature, upgrade to fpga version 0x19 is required.
• Extended private MIB Y.1731 was enhanced and now also contains the last measurement
result and a new SNMP trap for CCM fault/clear and a new SNMP trap for threshold of Jitters
and Delay Measurements.
• A new CLI command was added to show the 802.1ag CCM packets interval:
show ccm interval
• A new CLI command was added to show default values of the 802.1ag and Y.1731:
show ethernet oam defaults
• Classification of EXP bits of an MPLS label:
mpls-exp-tagged eq <0-7>

588 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix G: Release Notes for Firmware Version

mpls-exp-untagged eq <0-7>
New profile:
To classify EXP bits, a new ACL mpls-exp profile must be configured:
access-list extended-profile (normal|double-tag|mpls-exp)
Legality:
o Change available profile when all the ACLs are unbound.
o The binding process fails when the rule does not match its profile ('mpls-exp-
tagged' with normal or double-tag profile).
o ACL with 'mpls-exp-tagged' or 'mpls-exp-untagged' cannot be bound to an egress
port.
o Classification of 'mpls-exp-tagged' or 'mpls-exp-untagged' fields cannot be
combined with L3 and L4 classification fields in the same rule.
• New action was added to ACL: ‘redirect to cpu port’. Use this action if a rate limit is needed for
traffic going to the cpu. Otherwise use 'trap-to-cpu' action.
action redirect port cpu
• Filtering rules for control protocols (CDP, VTP, PVST, BPDU)
do not impact ACLs or STP operation for BPDU blocking
port l2protocol-tunnel (all|cdp|pvst+|stp|vtp) PORTS-GROUP
[drop]
• Save mode for multiple configuration files (up to 5 files).
For saving a new configuration file use:
write file NAME
For a list of all configuration files use:
show file
For showing which file is in use use:
show boot-config-file
For deleting a configuration file use:
delete conf NAME
For switching between configuration files use:
boot-config-file FILE
A reboot is needed for the new file to be loaded.
• Link flap guard is now per port and not global.
The default state for this feature is disabled.
link-flap guard <5-10000> port (PORTS-GROUP|all)
• Extended statistics per port on a trunk
When the CLI command show port statistics is applied to a trunk port, statistics for
each member of the trunk can be viewed.
• Show version number of the backup partition (image)
show version backup
• BootP extensions (broadcast, timeout , ETH0, and Bridge interfaces option)
bootp eth0
bootp eth0 bridge BRNAME
bootp-option broadcast-always
bootp-option timeout TIMEOUT
bootp-option timeout unlimited
• CLI command to configure port's MTU size can also be applied to trunk ports.
port mtu-size (PORTS-GROUP|all) <64-16000>
• NTP time zone simplification
For full details and configuration examples refer to the OS900 User Manual.

January 2009 URL: http://www.mrv.com 589


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Version 2.1.1
• Support for the new OS912 with 64MB flash and 256MB DRAM memory.The new OS912 also
has an FPGA to support new features in hardware.
Note: Ports 11 and 12 of the new OS912 do not have internal ports (Just like the old OS912)
so “extra ACL” and “ingress shaping” can’t be applied to those ports.
• Support for upgrade of the FPGA code to support new features in hardware (Only on OS912
and OS904).
Steps for upgrading:
1. copy the fpga file from an ftp server:
copy ftp fpga FTP-SERVER REMOTE-DIR REMOTE-FILENAME [USERNAME]
[PASSWORD]
2. copy the file to the fpga:
upgrade fpga
3. show the fpga version:
show fpga version
4. remove local copy of file:
remove fpga-file
• Multicast Features
• IGMP Snooping(v1, v2).
• Static multicast forwarding.
For full details and configuration examples read the OS900 User Manual.
• UniDirectional Link Detection (UDLD) protocol
port udld aggressive [PORTS-GROUP]
port udld enable [PORTS-GROUP]
port udld message-interval <7-90> [PORTS-GROUP]
port udld primary-vlan <1-4095> [PORTS-GROUP]
port udld reset [PORTS-GROUP]
port udld slow-message-interval <7-90> [PORTS-GROUP]
• Port Advertise. Advertise default auto-negotiation capabilities
port advertise speed (10|100|1000|all) duplex (half|full|all)
(PORTS-GROUP|all)
• Link flap guard
Isolate port changing link state with very high frequency (default 10 changes per
second). The CLI command configures link flap guard limit:
link-flap guard <5-500>
CLI commands restore default link flap guard limit:
link-flap guard default
no link-flap guard
• Port link flap dampening
Ability to isolate port changes its link status with the high frequency.
The CLI command enables link flap dampening for selected ports:
port errdisable detect cause link-flap PORTS-GROUP
The CLI command recovers ports are isolated by link flap dampening mehanism:
port errdisable recover cause link-flap PORTS-GROUP
The following CLI commands configure link flap dampening:
link-flap-dampening errdisable-threshold VALUE
link-flap-dampening recovery-threshold VALUE
link-flap-dampening flap-penalty VALUE

590 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix G: Release Notes for Firmware Version

link-flap-dampening stability-grant VALUE


The CLI command display port link flap dampening state:
show port link-flap-dampening PORTS-GROUP
• New CLI commands to display list of tags defined on the port.
show port tag PORTS-GROUP
show port details PORTS-GROUP
• Link protection status : show port details gives us information about who is active.
OS904(config)# show port details t1
Trunk t1 details:
-------------------
Description : N/A
Link : OFF
Duplex state : N/A
Speed selected : AUTO
Auto-Neg Advertise : Default
State : ENABLE
Priority : 1
Flow control mode : off
Ethertype : CORE1:0x8100
OutBound Tagged : untagged
Tags List :
Udld : -
Link-protection : primary 3 and backup 4 with preemption. Now active is 4.
• Link protection snmp traps. The device sends snmp traps when we switch ports in link
protection. The trap also include information of which port is active.
• Port qos trust mode now support trunk ports
port qos-trust (PORTS-GROUP|all) (port|l2|l3|l2l3)
• Port qos marking mode now support trunk ports
port qos-marking (PORTS-GROUP|all) (vpt|dscp|vptdscp)
• Port ingress and egress shaping now support trunk ports.
The rate applies to each member of the trunk and is not the total rate of the entire trunk.
port egress-shaping per-queue <1-8> rate RATELIMIT burst-size
BURSTSIZE (PORTS_GROUP|all)
port egress-shaping rate RATELIMIT burst-size BURSTSIZE
(PORTS_GROUP|all)
port ingress-shaping per-queue <1-8> rate RATELIMIT burst-size
BURSTSIZE (PORTS_GROUP|all)
port ingress-shaping rate RATELIMIT burst-size BURSTSIZE
(PORTS_GROUP|all)
• Add CLI command to calculate ports rate with a defined time between 10 to 60 Sec.
To start the calculation use:
show port rate (PORTS-GROUP|all) time (<10-60>)
To show the last result use:
show port rate (PORTS-GROUP|all)
To show the history of the last 5 results:
show port rate (PORTS-GROUP|all) history
• L2 protocol tunneling of PVST+ was added.
port l2protocol-tunnel (all|cdp|pvst+|stp|vtp) PORTS-GROUP
• Add CLI command to configure port shaper (ingress and egress) MTU size.
port shaper mtu (1536|2048|10240)

January 2009 URL: http://www.mrv.com 591


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

default = 2048.
• Statistics per port/sl including SNMP support (OaSlStat MIB).
For details, refer to the application notes.
• LACP can now be configures also on ports and not only trunk ports.
port lacp (PORTS-GROUP|all)
port lacp passive (PORTS-GROUP|all)
• LACP can now be configures to rapid mode to reduce the time to establish LACP session.
port rapid-lacp (PORTS-GROUP|all)
• Access-lists actions of mark vpt, mark dscp and mark sl now support 56 different profiles.
In previous versions each rule with mark actions allocated an entry from the QoS table even if
we used the same values.
• Spanning Tree blocks also loop on a single port.
The Spanning Tree protocol identify and block the port when a loop is created by connecting
the RX & TX on a single port.
• Configure fatal exception parameters. use it to create dump file for debugging in case the
device craches. Default is disabled.
exception behaviour (reboot|halt)
exception disable
exception enable
exception memory <1-200>
exception memory unlimited
• TACACS+ including accounting
For details, refer to the application notes.
• Radius accounting is supported.
accounting commands radius
accounting exec radius.
• Multiple IPs per interface
Secondary IP addresses can now be added to interfaces
The CLI command (in interface node) to add more IP addresses:
ip A.B.C.D/M
• Protocols mac addresses are enabled in the hardware only when the protocol is enabled in the
software.This saves entries in the learning table and the protocols can now be transparent in
the device when they are disabled.
• New Scheduler to run linux/CLI commands.Every command has a uniqe Schedule node to
simplify and expand configuration.
schedule extended <1-65535>
• Telnet and SSH sessions are limited to 5 (for security reasons).
• Default timeout of the device is 5 minutes.
We can change the timeout using:
exec-timeout current-session <1-35791>
exec-timeout global <1-35791>
Or disable the timeout using:
no exec-timeout current-session
no exec-timeout global
• Management rules are now limited to 20 per interface (were 10 in previous versions).
• Support copy current startup configuration to the backup partition.

592 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix G: Release Notes for Firmware Version

copy startup-config backup-partition


• New CLI command displays memory usage and processes running in the system.
show top-processes
• Added clock timezone for central europe.
clock timezone central-europe.
• Debugging improvements.
For details, refer to the application notes.
Version 2.0.11
• Support EM9-CES-E1/ EM9-CES-T1 TDM modules. (1 port CES module).
• Access–List On The Fly.
Ability to Add, Delete, Modify ACL rules without the need to unbind the ACL first.
For details, refer to the application notes.
• Binding “extra” ACL to trunk ports.
port access-group extra WORD t1
• Access–List tag nest action can now be binded to port and interface (Not just “extra” ACL).
• Access-List inner-tag and inner-vpt classification for double tag frames.
ctag eq <0-4095> [MASK_HEX_VALUE] c-vpt eq <0-7>
New profile:
In order to classify double tag packets we must configure a new ACL double-tag profile using
the command:
access-list extended-profile (normal|double-tag)
Legality:
- Change profile available when all the ACLs are unbound.
- The binding process fails when the rule does not match its profile
('ctag'/'c-vpt' with normal profile).
- ACL with 'ctag'/'c-vpt' can't be bound to an egress port.
The only difference between the profiles is in regard to Q-in-Q ports:
normal profile: - 'tag eq' command in the access list matches the customer tag (tag arriving in
the packet)
double-tag profile: - the 'tag eq' command in the access list matches the q-in-q tag.
• Access-List tag range classification.
ctag eq <0-4095> up-to <1-4095>
tag eq <0-4095> up-to <1-4095>
This saves ACL rules because it only takes 1 rule in the ACL.
The parameters must be tag eq x^2 up-to y^2-1 for example:
tag eq 0 up-to 15
You can also enter the range you want and the software will give you the closest range.
for example
OS910(config-rule)# tag eq 0 up-to 60
Valid closest range is 0 - 63

• Policing Mtu CLI command.


policing mtu (1536|2048|10240)
use this command when working with policer and jumbo frames above 2048 bytes (default

January 2009 URL: http://www.mrv.com 593


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

value).
When setting a rate limiter you must configure the commited burst size (cbs) to a
larger value then the policer mtu.
• Spanning Tree forwarding decisions based on 802.1ag.
This will improve convergence time in some scenarios.
To enable the port forwarding decisions based on 802.1ag use:
port PORTS-GROUP oam-based-force-edge
We can also filter events from the 802.1ag
oam-filter
• New CLI Command in the spanning tree node to configure the Transmit Hold Count.
tx-hold-count <1-10>
tx-hold-count infinite
• Spanning Tree BPDUs HW Tunneling & Dropping.
For details, refer to the application notes.
• Support up-to 2 remote syslog servers.
rsyslog IPV4_ADDRESS [IPV4_ADDRESS]
• Flow Control Support. (Using Flow Control will Eliminate the QoS capabilities of the device)
port flow-control PORTS-GROUP
• Show Sfp Params and Show Sfp Diagnostics can now be used also for trunk ports.
• Reverse Link-Reflection.
The downlink port has reverse link state from the uplink.
When uplink has link on all the downlink ports are off and when uplinks link goes down all the
downlinks links go up.
link-reflection uplink PORT downlink PORTS-GROUP reverse-state
• Buffers Shared can now be disabled.
no buffers shared
• Bandwidth CLI command was added under interface node for L3 protocols.
• Telnet sessions are limited to 10 (for security) and the default timeout changed to 30 minutes.
• Default Ethertype for 802.1ag ccm packets is now 0x8902.
• Scheduler can now run without root password defined.
• Configure fan temperature in Fahrenheit.
fan temperature fahrenheit <34-149> <34-149>
• Show Port was improved for trunk ports. We can see the status of each port in trunk.
OS910(config)# show port
PORTS CONFIGURATION
===================
PORT MEDIA MEDIA_SEL LINK SPD_SEL LAN_SPD DUPL STATE SL
----------------------------------------------------------------------
1 TP COPPER OFF AUTO N/A N/A ENABLE 1
2 TP COPPER OFF AUTO N/A N/A ENABLE 1
3 TP COPPER OFF AUTO N/A N/A ENABLE 1
4 TP COPPER OFF AUTO N/A N/A ENABLE 1
5 TP COPPER OFF AUTO N/A N/A ENABLE 1
6 TP COPPER OFF AUTO N/A N/A ENABLE 1
7 TP COPPER OFF AUTO N/A N/A ENABLE 1

594 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix G: Release Notes for Firmware Version

8 TP COPPER ON AUTO 1 GBps FULL ENABLE 1


t1 --- --- ON AUTO 2 GBps FULL ENABLE 1
(9) SFP+100FX SFP ON-F AUTO 1 GBps FULL ENABLE 1
(10) SFP+100FX SFP ON-F AUTO 1 GBps FULL ENABLE 1

Version 2.0.10
• Support OS910M.
• Support new CES modules for OS910M.
For details, refer to the application notes.
• Support OS930.
• BPDU tunneling according to tag.
When receiving tagged BPDUs it is now possible to either drop them or flood them on their
vlan.
The CLI command (in spanning-tree node) to set the forwarding decision for tagged BPDU:
port PORTS-GROUP tagged-bpdu rx TAG-LIST (drop|flood)
• Transmit & Receive tagged BPDUs.
For interoperability reasons it is sometime necessary to accept and transmit tagged
BPDUs.
The CLI command (in spanning-tree node) to transmit BPDUs with specific tag:
port PORTS-GROUP tagged-bpdu tx TAG
Note that tagged BPDUs are received and treated now as untagged BPDUs by
default.
• VACM.
For details, refer to the application notes.
• Console disable.
Access through the serial interface can be disabled to prevent local access to the CLI.
Remote access using Telnet/SSH/SNMP still works assuming that the right
configuration is set.
The CLI command to disable the console immediately (should be executed from
remote session):
console-disable
The CLI command to disable the console in 1 minute:
console-disable delayed
• 802.1ag and ITU-Y1731 improvements.
more services and MEPs support.
• 802.1ag and ITU-Y1731 link trace.
mep 1 linktrace rmep 2
• Scheduler support for all 802.1ag and ITU-Y1731 CLI commands.
for example:
schedule start-time Oct 20 9:20 5 frequency 1 cli ethernet oam domain
1 service 1 mep 1 delay-measure rmep 2 5
• History of 802.1ag and ITU-Y1731 loopback, delay-measurement and link-trace tests results.
CLI to configure history size:
mep 1 loopback history-size 120
mep 1 delay-measure history-size 120
show history of results:
show loopback history
show delay-measure history
• Link Protection and Link Reflection based on 802.1ag.(Beta Version).
For details, refer to the application notes.

January 2009 URL: http://www.mrv.com 595


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

• DHCP option 82 support.


• Hash configuration function for Link Aggregation (Trunks).
Hash function can be configured to be based on physical port or L2 fields (source and dest
mac’s) or L3 fields (source and dest ip addresses) or L4 fields (tcp and udp source and dest
ports).
port trunk mode (l2|l3|l4|port)
• L2 protocol tunneling of CDP, STP, VTP.
port l2protocol-tunnel (all|cdp|stp|vtp) PORTS-GROUP
• MSTP optimization.
For details, refer to the application notes.
• Spanning Tree region-expedite.
For details, refer to the application notes.
• Change buffers profile for ingress direction.
we can change the buffers size in the ingress direction of a port.
port buffers profile <1-7> ingress [PORTS-GROUP]
• Actions on lt-limit
Add possibility to drop frames when the number of learned addresses reached the
defined limit. Additionally an SNMP trap is sent to indicate that the limit is reached.
The CLI command to define a drop action for the specified port(s):
lt limit action drop (PORTS-GROUP|all)
• Statistics of L2 protocols such as STP, LACP, 802.3ag.
show l2cntrl-protocol-counters
clear l2cntrl-protocol-counters
Version 2.0.9
• New ACL action to modify the c-tag (customer vlan).
tag swap-ctag <VLAN-ID> stag <VLAN-ID>
• New ACL action for nested vlan.
tag nest <VLAN-ID>
• Egress ACL support with the following actions:
permit, deny, mark VPT, mark DSCP, tag swap.
access-list extended ACL_NAME.
Binding the ACL to egress port:
port access-group egress ACL_NAME PORT_NUMBER.
There are a few limitations when configuring Egress ACL:
o Can only be bounded to port.
o Can't change port tag-outbound-mode when the port is bounded to egress ACL.
o ACL can't be bound to ingress and egress at the same time.
o ACL with mark-vpt/tag-swap should have a default action permit and be bounded
to tagged/hybrid port.
o Mark DSCP action should be configured with ethertype eq 800/86dd rule.
o Rule with ethertype 0x806 (arp) can't match src/dest IP.
o Can't classify with L4 (source/destination port).
o Can't classify with physical source port.
• Add SNMP traps and CLI events for:

596 URL: http://www.mrv.com January 2009


ML49175A, Rev. 02 Appendix G: Release Notes for Firmware Version

o - high/normal Temperature.
o - Fans on/off.
o - Power supply on/off (for OS900 dual AC or dual DC only).
• Support 802.1ag and ITU-Y1731 functions.
For full details and configuration examples refer to the ‘Ethernet Service OAM’ application
notes.
Version 2.0.8
• Support for classification of source and dest mac-address in ACL (for non-ip/arp packets only).
src-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
dst-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
• Ability to define redirect action to a trunk port.
action redirect port PORT
• Multiple actions in a single ACL rule.
• Support for BOOTP/TFTP: the switch can take an IP address automatically during boot (DHCP
client), and then take the configuration from a remote TFTP server.
bootp VLAN-TAG PORTS TAGGED-PORTS get-cfg-via-tftp CFG-FILENAME TFTP-
SERVER. (CLI to configure bootp which gets a dynamic ip from dhcp server and configuration
file from the tftp server).
bootp VLAN-TAG PORTS TAGGED-PORTS (CLI to configure bootp which gets a dynamic ip
from dhcp server).
show bootp (CLI to show BOOTP/DHCP/TFTP configuration).
• LACP (802.3ad) support – link aggregation control protocol.
port trunk NAME lacp. (CLI to configure active lacp trunk).
port trunk NAME lacp passive. (CLI to configure passive lacp trunk).
show port lacp. (CLI to show ports lacp status).
Version 2.0.4
• Routing Features
o Wirespeed L3 forwarding
o Routing information Protocol (RIP I & RIP II)
o Open Shortest Path First (OSPF)
o Border Gateway Protocol (BGP-4)
o ISIS
o Static routes
o Black hole routes
o Dummy Interfaces
o Virtual Router Redundency Protocol (VRRP)
o IP NAT (note that this is a software NAT with limitied performance)
• New Linux kernel 2.6.15
• Ingress scheduling configuration was added: port priority-queuing profile can be assigned to a
port in it’s ingress phase (previous versions had this feature on egress only). This features
enables applications like per access port ingress scheduling (e.g.using wrr to enable differnet
trafic shares per service-level, doing that on a per customer/access-port basis).
• A new port mode was added: ‘untagged-multi-vlans’. This new mode, in combination with the
‘tag swap’ action in the ACL, enables applications like protocol based VLANs, and the usage
of the out-of-band port for performing software-based routing and NAT.

January 2009 URL: http://www.mrv.com 597


OptiSwitch 900 Series User Manual L2+ ver. 2.1.2, L3 ver. 3.1.2

Version 1.0.9
• Added support for the OS912 device.
• Improved support for fan and power-supply status reporting.
• Added two new combined ACL actions: action-list+mark+swap-vlan, mark+swap-vlan.
• Added classification of the source physical port in ACL rules (can be usefull in access-lists
binded to a vlan, having different treatment for different ingress ports within the same vlan).
• Protected-ports: for each source port define the allowed destination ports, overiding other
forwarding decisions in order to support port level security.
• Added option to configure priority queuing for a trunk port: the queuing itself is still on each
port but the queuing configuration is copied internaly for all ports of the trunk.
• Improved performance for link-protection when returning to the primary link uppon it’s
recovery.
• Flood limit: more accurate limit and an 'extra' flood limit option that enables definition of two
flood rates (with differnet traffic types) for the same ingress port.
• RADIUS support for direct login into enabled mode: such a login is enabled when a user is
configured on the RADIUS server with the attribute ‘Service-Type’ set to ‘Administrative-User’.
Version 1.0.6
• Support for two sets of egress counters (version 1.0.3 have only one), and two sets of ingress
counters.
• Classification of Ethertype field in ACL rules (matches the first non-vlan ethertype).
• Mirroring per ingress vlan.
• Improvements in the default configuration of memory buffers and descriptors budgets.
• Auto operation of the fan (can set the on and off temperatures).
• Dropping of Broadcast and Multicast packets for IPv6,IPv4 and non-IP packets per ingress
vlan.
• SA-MAC and DA-MAC actions (drop, fwd) per LT entry: ability to drop packets based on their
source or destination MAC address.
• Support for tc-group-mib (per flow accounting).
Version 1.0.3
• First software release.

598 URL: http://www.mrv.com January 2009

You might also like