MRV OptiSwitch 9xx User Manual
MRV OptiSwitch 9xx User Manual
User Manual
Standards Compliance
This equipment is designed to comply with the following standards: UL 1950; CSA 22.2 No 950;
FCC Part 15 Class B; 2004/108/EC; 2006/95/EC.
FCC Notice
WARNING: This equipment has been designed to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with the manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful
interference in which case the user will be required to correct for the interference at the user’s own
expense.
The user is cautioned that changes and modifications made to the equipment without approval of
the manufacturer could void the user’s authority to operate this equipment.
It is suggested that the user use only shielded and grounded cables when appropriate to ensure
compliance with FCC Rules.
Disclaimer
MRV® reserves the right to make changes to any technical specifications in order to improve
reliability, function, or design.
MRV reserves the right to modify the equipment at any time and in any way it sees fit in order to
improve it.
MRV provides this document without any warranty of any kind, whether expressed or implied,
including, but not limited to, the implied warranties of merchantability or fitness for a particular
purpose.
The user is advised to exercise due discretion in the use of the contents of this document since the
user bears sole responsibility.
Trademarks
All trademarks are the property of their respective holders.
Copyright © 2009 by MRV
All rights reserved. No part of this document may be reproduced without prior permission of MRV.
This document and the information contained herein are proprietary to MRV and are furnished to
the recipient solely for use in operating, maintaining, and repairing MRV equipment. The
information within may not be utilized for any purpose except as stated herein, and may not be
disclosed to third parties without permission from MRV.
Document Number: ML49175A Document Revision: Rev. 02 Release Date: January 2009
Contact Information
For customer support, you can:
• Contact your local MRV representative
• E-mail us at [email protected]
• Visit our MRV Web site at http://www.mrv.com
Contents
About this Manual...............................................31
Audience.................................................................................................................................. 31
Organization ............................................................................................................................ 32
Acronyms ................................................................................................................................ 34
Before Installing...................................................................................................................... 39
Servicing.................................................................................................................................. 41
Highlights ................................................................................................................................ 43
Applications ............................................................................................................................ 43
Architecture............................................................................................................................. 43
Telco Compatibility................................................................................................................. 44
Traffic Management................................................................................................................ 44
Multiple-instance STP............................................................................................................. 47
Models...................................................................................................................................... 47
Layout ...................................................................................................................................... 49
View ..................................................................................................................................... 49
Power Supply Switch (Only in OS910-M and OS930)......................................................... 54
Power Pushbutton................................................................................................................ 54
Reset Pushbutton (Not in OS910-M) ................................................................................... 54
External Clock Input (Only in OS910-M).............................................................................. 55
Ports..................................................................................................................................... 55
LEDs .................................................................................................................................... 55
Fans ..................................................................................................................................... 55
Earthing................................................................................................................................ 56
Power Supply....................................................................................................................... 56
Options..................................................................................................................................... 56
SFPs/XFPs .......................................................................................................................... 56
Service Modules (Only in OS910-M) ................................................................................... 56
Power Supply....................................................................................................................... 56
Chapter 2: Applications..................................... 57
General..................................................................................................................................... 57
Safety ....................................................................................................................................... 61
Package Contents................................................................................................................... 61
Essentials............................................................................................................................. 61
Options................................................................................................................................. 61
Requirements .......................................................................................................................... 61
Tools .................................................................................................................................... 61
Data Equipment ................................................................................................................... 61
Management Equipment ..................................................................................................... 62
Mounting .............................................................................................................................. 63
Environmental...................................................................................................................... 64
Power................................................................................................................................... 64
Grounding ............................................................................................................................ 65
Procedure ................................................................................................................................ 65
Component Insertion ........................................................................................................... 65
Mounting .............................................................................................................................. 65
Earthing ............................................................................................................................... 68
Network Connection ............................................................................................................ 68
Power Line Connection ....................................................................................................... 72
Setup ........................................................................................................................................ 73
Operation ............................................................................................................................. 73
Management........................................................................................................................ 73
Operation ................................................................................................................................. 74
Monitoring ............................................................................................................................ 74
Reset ................................................................................................................................... 75
Shutdown............................................................................................................................. 75
CLI Access............................................................................................................................... 77
General ................................................................................................................................ 77
Access Levels...................................................................................................................... 77
Preparation .......................................................................................................................... 78
First Time Access – Root and Admin Passwords Configuration......................................... 78
Standard Access.................................................................................................................. 79
CLI Modes................................................................................................................................ 79
Help .......................................................................................................................................... 82
Example ............................................................................................................................... 84
Viewing Methods..................................................................................................................... 86
Paging.................................................................................................................................. 86
No Paging ............................................................................................................................ 86
Alias.......................................................................................................................................... 88
Assignment .......................................................................................................................... 88
Invocation............................................................................................................................. 88
Deleting................................................................................................................................ 88
Viewing ................................................................................................................................ 89
Copy-Paste Mode.................................................................................................................... 89
Usage ....................................................................................................................................... 89
Example ................................................................................................................................... 89
Passwords ............................................................................................................................... 91
Changing the Root Password (and Admin Password) ........................................................ 91
Changing only the Admin Password.................................................................................... 92
Configuring/Changing the Enable Password....................................................................... 92
Removing Encryption from the Enable Password ............................................................... 93
Deleting the Enable Password............................................................................................. 93
Hostname................................................................................................................................. 95
New ...................................................................................................................................... 95
Default.................................................................................................................................. 95
Banner...................................................................................................................................... 95
Definition .............................................................................................................................. 95
Default.................................................................................................................................. 95
Viewing ................................................................................................................................ 96
Configuration........................................................................................................................ 96
Date .......................................................................................................................................... 97
Time.......................................................................................................................................... 97
Location ................................................................................................................................... 97
Rebooting ................................................................................................................................ 97
Modes .................................................................................................................................. 97
Methods ............................................................................................................................... 97
Learn Table.............................................................................................................................. 98
Definition.............................................................................................................................. 98
Viewing ................................................................................................................................ 98
Aging.................................................................................................................................... 99
Limiting ................................................................................................................................ 99
Dropping ............................................................................................................................ 100
Adding Entries Manually.................................................................................................... 100
Policing .............................................................................................................................. 101
Flushing ............................................................................................................................. 101
Enabling/Disabling................................................................................................................ 131
Default................................................................................................................................ 131
Custom............................................................................................................................... 131
Purpose.................................................................................................................................. 171
Purposes................................................................................................................................ 189
Regions.................................................................................................................................. 191
Ports....................................................................................................................................... 195
Placing Restrictions ........................................................................................................... 195
Removing Restrictions....................................................................................................... 196
Purpose.................................................................................................................................. 211
Applicability........................................................................................................................... 211
Configuration......................................................................................................................... 211
Viewing................................................................................................................................... 213
Purpose.................................................................................................................................. 215
Configuration......................................................................................................................... 216
Viewing................................................................................................................................... 217
Purpose.................................................................................................................................. 225
Advantages............................................................................................................................ 225
Purpose.................................................................................................................................. 231
Activation............................................................................................................................... 232
Trunk.................................................................................................................................. 232
Port .................................................................................................................................... 233
Deactivation........................................................................................................................... 234
Trunk.................................................................................................................................. 234
Port .................................................................................................................................... 234
Viewing................................................................................................................................... 234
Applicability........................................................................................................................... 247
Number................................................................................................................................... 247
Configuring............................................................................................................................ 249
Binding................................................................................................................................... 266
Limitations.......................................................................................................................... 266
Ingress Ports and Ingress VLAN Interfaces ...................................................................... 266
Egress Ports ...................................................................................................................... 268
Deleting.................................................................................................................................. 269
Purpose.................................................................................................................................. 277
Applicability........................................................................................................................... 277
Purpose.................................................................................................................................. 285
Number................................................................................................................................... 285
Activation............................................................................................................................... 294
Purpose.................................................................................................................................. 297
Scheduling............................................................................................................................. 298
General .............................................................................................................................. 298
Scheduling Modes ............................................................................................................. 298
Configuration ..................................................................................................................... 299
Viewing .............................................................................................................................. 300
Shaping.................................................................................................................................. 301
General .............................................................................................................................. 301
Maximum Transmission Unit (MTU) for Port Shaper ........................................................ 301
Configuration ..................................................................................................................... 302
Example............................................................................................................................. 303
Purpose.................................................................................................................................. 309
Applicability........................................................................................................................... 309
History.................................................................................................................................... 336
Setting Number of Loopback History Entries..................................................................... 336
Viewing History Entries...................................................................................................... 337
Automatic Scheduling of Delay Measurement, Loopback, and Link Trace ................... 340
References............................................................................................................................. 341
General................................................................................................................................... 343
Purpose.................................................................................................................................. 343
Application............................................................................................................................. 343
Advantages............................................................................................................................ 344
Activation............................................................................................................................... 345
Purposes................................................................................................................................ 357
Actions................................................................................................................................... 358
Creating an SA PING Probe or Entering its Mode ............................................................ 358
Displaying the Commands in the SA PING Mode ............................................................. 358
Configuring/Reconfiguring an SA PING Probe.................................................................. 359
Running an SA PING Probe .............................................................................................. 360
Stopping an SA PING Probe ............................................................................................. 360
Viewing an SA PING Probe............................................................................................... 360
Viewing SA PING Events as CLI Traps............................................................................. 363
Purpose.................................................................................................................................. 365
Purpose.................................................................................................................................. 407
Compliance............................................................................................................................ 407
Types...................................................................................................................................... 407
Modes..................................................................................................................................... 407
Application............................................................................................................................. 413
Types...................................................................................................................................... 413
Terminology........................................................................................................................... 419
Application............................................................................................................................. 420
General .............................................................................................................................. 420
Specific .............................................................................................................................. 420
Mounting................................................................................................................................ 421
Cabling................................................................................................................................... 422
LEDs....................................................................................................................................... 422
Viewing................................................................................................................................... 435
General Configuration and Status Information .................................................................. 435
Clock .................................................................................................................................. 437
Port .................................................................................................................................... 437
Session .............................................................................................................................. 440
Definition................................................................................................................................ 461
Compliance............................................................................................................................ 461
Purpose.................................................................................................................................. 461
Applications........................................................................................................................... 462
Traceroute.............................................................................................................................. 548
Definition ............................................................................................................................ 548
Purpose.............................................................................................................................. 548
Figures
Figure 1: Operations, Administration, and Maintenance ........................................................45
Figure 2: Layout of OS900......................................................................................................54
Figure 3: Micro-PoP Services .................................................................................................57
Figure 4: WAN Ethernet Manageable Services......................................................................58
Figure 5: Business Ethernet Services.....................................................................................58
Figure 6: 10 Gbps Ethernet High-end Demarcation Services ................................................59
Figure 7: WAN 10 Gbps Manageable Ethernet Services .......................................................59
Figure 8: 10 Gbps Ethernet Services over WDM ...................................................................60
Figure 9: Fastening Brackets for Mounting one OS900 in a 19-inch Rack ............................66
Figure 10: Fastening Brackets for Mounting two OS900s in a 19-inch Rack .........................66
Figure 11: Fastening Brackets for Mounting one OS900 + one LDP100 in a 19-inch Rack ..67
Figure 12: Fastening Brackets for Mounting one OS900 in a 23-inch Rack ..........................67
Figure 13: Fastening Bracket for Mounting the OS900 with one PS on a Wall......................68
Figure 14: ASCII Craft Terminal/Emulator Connection to OS900 ..........................................70
Figure 15: TELNET, SSH, or SNMP Station Connection to OS900.......................................72
Figure 16: Link Protection Data Path....................................................................................143
Figure 17: Link Fault Reflection between Uplink and Downlink............................................145
Figure 18: Link Fault Reflection between Two UNIs ............................................................147
Figure 19: MSTIs on a Physical Network..............................................................................190
Figure 20: CIST (Default MSTI) on a Physical Network .......................................................191
Figure 21: Regions on a Physical Network...........................................................................192
Figure 22: Network Running MSTP ......................................................................................194
Figure 23: CIST-configured Network ....................................................................................197
Figure 24: Multiple-MSTI Network without Load Balancing..................................................198
Figure 25: Multiple-MSTI Network with Load Balancing.......................................................201
Figure 26: Layer 2 Protocol Tunneling..................................................................................220
Figure 27: Tag Translation Operation Mode.........................................................................226
Figure 28: SL Assignment & VPT Marking of a Packet ........................................................244
Figure 29: SL Assignment & DSCP Marking of a Packet .....................................................245
Figure 30: Metering Operation..............................................................................................287
Figure 31: Network used for Ethernet Service OAM Configuration Procedure ....................313
Figure 32: EFM Link for Running the IEEE 802.3ah OAM Protocol .....................................344
Figure 33: Examples of Media Cross Connections in the OS900 ........................................375
Figure 34: NAT Operation.....................................................................................................408
Figure 35: WDM Module (Model 09ADCD) ..........................................................................414
Figure 36: Data Flow in a WDM Point-to-Point Topology.....................................................415
Figure 37: Data Flow in a WDM Multipoint Topology ...........................................................416
Figure 38: Data Flow in a WDM Ring Topology having Fiber Redundancy .........................417
Figure 39: E1/T1 CES over Ethernet ....................................................................................420
Figure 40: Cellular Backhaul for GSM, UMTS and GPRS Networks....................................420
Figure 41: PSTN-to-PBX and PBX-to-PBX over Ethernet....................................................421
Figure 42: E1/T1 CES module..............................................................................................421
Figure 43: Interconnection for Layer-3 Traffic and using Internal Clock...............................444
Figure 44: Interconnection for Layer-3 Traffic and using Different Subnets.........................448
Figure 45: Interconnection for Layer-2 Traffic and using IP and DHCP ...............................450
Figure 46: Interconnection using Clock Exportation .............................................................452
Figure 47: Interconnection using High DiffServ Level ..........................................................454
Figure 48: IP Multicast Application Example ........................................................................462
Figure 49: IP Multicast Principle-of-Operation Network Example.........................................463
Figure 50: IP Multicast Configuration Network Example ......................................................476
Figure 51: Basic OSPF .........................................................................................................496
Tables
Table 1: Models of the OS900 ................................................................................................48
Table 2: Fans in OS900 Models .............................................................................................55
Table 3: SFPs Pluggable in Ports of each OS900 Model .......................................................56
Table 4: ASCII Craft Terminal/Emulator Setup for CLI Management.....................................73
Table 5: Front Panel LEDs......................................................................................................74
Table 6: Conventions for CLI Commands...............................................................................80
Table 7: Symbols in CLI Commands ......................................................................................80
Table 8: Functional Keys for CLI Commands .........................................................................81
Table 9: Default Original-VPT-to-SL Map .............................................................................238
Table 10: Default Original-DSCP-to-SL Map ........................................................................239
Table 11: Default SL-to-New-VPT Map ................................................................................241
Table 12: Default SL-to-New-DSCP Map .............................................................................242
Table 13: Default CL Remarking Map...................................................................................289
Table 14: RADIUS versus TACACS+ ...................................................................................347
Table 15: Models of the E1/T1 TDM Module ........................................................................420
Table 16: Front Panel LEDs..................................................................................................422
Table 17: OS910-M-controlled VLAN Interfaces for E1/T1 CES modules ...........................424
Table 18: VLAN Names and Associated VLAN Tags ...........................................................424
Table 19: OSPF Terminology ...............................................................................................487
Table 20: OSPF Router Types..............................................................................................500
Table 21: OSPF Commands for Monitoring, Managing, and Maintaining IP Routing Tables506
Table 22: Explanation of the show ip ospf Command Output Taken from R3......................507
Table 23: Explanation of the show ip ospf database Command .................................508
Table 24: Summary of OS™ Commands used in this Section .............................................512
Table 25: Memory Space Usage ..........................................................................................555
Table 26: Startup and Operation Troubleshooting................................................................567
Audience
This manual is intended for the use of the network administrator who wishes to apply, install,
setup, operate, manage, and troubleshoot the OptiSwitch 900. The network administrator is
expected to have working knowledge of:
− Networking
− Switches
− Routers
Latest Revision
The latest revision of the user manual can be found at:
http://kb.mrv.co.il/Knowledge/
Image Versions
This user manual applies to the following image1 versions of the OptiSwitch 900:
2.1.2 (carrier Ethernet capability)
3.1.2 (MPLS capability)
(The OptiSwitch 900 firmware information can be viewed by invoking the CLI command show
version, as described in the section Viewing Installed Components, page 93.)
Hardware Requirements
The minimum hardware requirements for running image version 3.1.2 of the OptiSwitch 900
models are as follows:
For OS904, OS906, and OS912:
CPU: FER05181, 400 MHz with 32 MB Flash and 128 MB DRAM memory.
For all other OS900 devices:
CPU: MPC8245, 266 MHz with 64 MB Flash and 256 MB DRAM memory.
Device hardware version: 1 or later for OS904, OS906, OS912-AC-2, OS912-DC-2.
Device hardware version: 3 or later for OS910.
Device hardware version: 1 or later for OS910-M and OS930.
(The OptiSwitch 900 hardware information can be viewed by invoking the CLI command show
version, as described in the section Viewing Installed Components, page 93.)
Related Documents
• Release Notes for OptiSwitch 900 (produced if warranted): Contains
information not found in the User Manual and/or overriding information.
• MegaVision User Manual: Describes how to manage the
OptiSwitch 900 and other MRV SNMP-manageable products using
MRV’s MegaVision Pro ® Network Management application.
1
Operative program firmware
Organization
This manual is organized into the following topics:
Safety Requirements – specifies the safety requirements that must be met all times.
Chapter 1: Overview – introduces the OS9002; noting its applications, architecture, key
features, models, layout, and options.
Chapter 2: Applications – presents typical networks built with the OS900.
Chapter 3: Installation – shows how to mount and network connect the OS900.
Chapter 4: Startup, Setup, and Operation – describes how to start, set up, and run the OS900.
Chapter 5: CLI Management – describes how its CLI can be used to manage the OS900.
Chapter 6: Ports – shows how to configure the physical ports of the OS900.
Chapter 7: Interfaces – introduces the types of OS900 communication interface, and shows
how to create, apply, manage, and obtain statistical information for them.
Chapter 8: Multiple-instance Spanning-Tree Protocol (MSTP) – describes how to configure the
OS900 so that it can participate in the spanning-tree protocols legacy STP (IEEE 802.1d), Rapid
STP (IEEE 802.1w), and Multiple-instance STP (IEEE 802.1s).
Chapter 9: Rate Limiting of Flood Packets – describes how to configure the OS900 to limit the
transmission and reception data rates for certain packet types at ports of a VLAN interface.
Chapter 10: Provider Bridges – shows how to configure the OS900 so that IEEE 802.1Q
standard VLANs can be used to interconnect remote sites of an enterprise scattered across a
service provider network.
Chapter 11: Tag Translation/Swapping – shows how to configure the OS900 so that a packet’s
source VLAN tag at one UNI is swapped with that of the destination VLAN tag at another UNI (so
that the packet can be received at the destination).
Chapter 12: IEEE 802.3ad Link Aggregation – describes how two or more ports of an OS900
can be linked in parallel to form a single logical communication channel whose bandwidth is the
aggregate of the bandwidths of the individual ports.
Chapter 13: Quality of Service (QoS) – shows how the user can set the OS900 to give
preferential treatment to each ingress packet based on Layer 2 VPT or Layer 3 DSCP and,
optionally, to change the VPT and DSCP values.
Chapter 14: Extended Access Lists (ACLs) – describes how to configure the OS900 so that it
can handle ingress and egress traffic at each OS900 interface.
Chapter 15: Port/VLAN Mirroring – describes how to configure the OS900 so that it can
replicate traffic received on one physical port or VLAN at another physical port or VLAN for the
purpose of analyses.
Chapter 16: Traffic Conditioner – describes how to configure the OS900 so that it can regulate
the flow of ingress and egress traffic according to one or more packet attributes and/or conditions.
Chapter 17: Egress-Queue Manager (EQM) – describes how to configure the OS900 so that it
can manage inbound as well as outbound traffic queues.
Chapter 18: IEEE 802.1ag and ITU-T Y.1731 Ethernet Service OAM – shows how to perform
OAM (including fault management and performance management) of multi-domain Ethernet
Services per the IEEE 802.1ag and ITU SG 13 standards.
Chapter 19 IEEE 802.3ah OAM for Ethernet in the First Mile – shows how the OS900 can be
used to perform IP-less management over an EFM link..
2
OS904, OS906, OS910, OS910-M, OS912, or OS930
Chapter 20: Authentication, Authorization, and Accounting (AAA) – describes the RADIUS
(UDP-based) and TACACS+ (TCP-based) client-server security services for restricting access to
the OS900 CLI agent (via TELNET or Serial/RS-232).
Chapter 21: Service Assurance PING – describes the service assurance function of the OS900
for monitoring network performance, resources, and applications.
Chapter 22: Scheduler – shows how to schedule execution of administrator-specified
commands at times pre-set by the administrator.
Chapter 23: Transparent Mode Media Cross Connect – shows how to use the intelligent
patchpanel-like functionality of the OS900.
Chapter 24: Firmware Viewing and Upgrading/Downloading – provides a detailed procedure for
upgrading/downloading firmware to the OS900.
Chapter 25: Configuration – describes how to save an OS900 configuration in a file and how to
upload and download an OS900 configuration using FTP.
Chapter 26: Dynamic Host Configuration Protocol (DHCP) – describes how the OS900 can be
configured to provide addresses to hosts on its network automatically and for a pre-specified time
duration.
Chapter 27: BOOTstrap Protocol (BOOTP) – describes how the OS900 can be set to operate
in client mode with BOOTP in order to get its IP address and/or configuration file from a DHCP
server.
Chapter 28: Network Time Protocol (NTP) and Timezone – shows how to use the Internet
standard protocol for synchronizing clocks of network devices.
Chapter 29: Network Address Translation (NAT) – shows how to set the OS900 so that it
automatically replaces an IP address of a packet with another IP address when the packet crosses
a specific network interface (port) of the OS900.
Chapter 30: WDM Module – shows how to apply and install the OS910-M WDM module.
Chapter 31: E1/T1 CES Module – shows how to apply, install, and configure the OS910-M
E1/T1 module.
Chapter 32: IGMP IP Multicast – shows how to direct selective IP multicast traffic (data, voice,
video, etc.) to ports belonging to a particular IP Multicast group.
Chapter 33: Static and Dynamic Routing – shows how static and dynamic routes can be
configured on the OS900.
Chapter 34: MultiProtocol Label Switching (MPLS) – shows how to utilize the technology that
uses labels to direct traffic (e.g., Ethernet packets) to their destination.
Appendix A: Utilities – describes and shows how to use the various network utilities of the
OS900.
Appendix B: Cable Wiring – shows the wiring for the null-modem RS-232, Ethernet straight,
and Ethernet cross cables.
Appendix C: Cleaning Optical Connectors – describes a recommended procedure for cleaning
optical connectors on the OS900.
Appendix D: Troubleshooting – is a guide for troubleshooting the OS900 on the operative level.
Appendix E: Packet Processing Stages – illustrates the processing stages through which
packets pass in the OS900 from entry to exit.
Appendix F: Product Specification – provides the general specifications of the OS900.
Appendix G: Release Notes for Firmware Version 3.1.2 – contains new and/or overriding
information relative to the previous version.
Typographical Conventions
The typographical conventions used in this document are as follows:
Convention Explanation
Courier Bold This typeface represents information provided to the OS900.
Courier Plain This typeface represents information provided by the OS900.
Italics This typeface is used for emphasis.
Enter This format represents the key name on the keyboard/keypad.
This icon represents important information.
Acronyms
AAA Authentication, Authorization, and Accounting
ACL ACcess List (service)
ARP Address Resolution Protocol (For getting MAC address)
AWG American Wire Gage
BER Bit-Error Rate
BOOTP BOOTstrap Protocol
BPDU Bridge Protocol Data Unit
BRAS Broadband Remote Access Server
BSD Berkley Software Distribution
CBS Committed Burst Size
CC Continuity Check
CCM Continuity Check Messages
CDP Cisco Discovery Protocol
CE Customer Edge
CES Circuit Emulation Service
CFM Connectivity Fault Management
CIDR Classless Inter-Domain Routing
CIR Committed Information Rate
CIST Common and Internal Spanning Tree
CL Conformance Level
CLI Command Line Interpreter (Interface)
CoS Class of Service
CO Central Office
CPE Customer Premises Equipment
CR-LDP Constrained Routing LDP
CSPF Constrained Shortest Path First
CTS Clear To Send
CWDM Coarse Wavelength-Division Multiplexing
dB deciBel
DCD Data Carrier Detect
DES Data Encryption Standard (code/algorithm)
DHCP Dynamic Host Configuration Protocol
DiffServ Differentiated Services
DNS Domain Name Server/System
DoS Denial of Service
DSCP Differentiated Services Code Point
DSR Data Set Ready
DTE Data Terminal Equipment
DTR Data Terminal Ready
DWDM Dense Wavelength-Division Multiplexing
EBS Excess Burst Size
EFM Ethernet in the First Mile
EIA Electronic Industries Alliance
EPL Ethernet Private Line
ETSI European Telecommunications Standards Institute
FD Frame Delay
FEC Forwarding Equivalence Class or Fast Ethernet Channel
FLR Frame Loss Ratio
FPGA Field-Programmable Gate Array
FTN FEC To NHLFE
FTP File Transfer Protocol
FTTX Fiber To The X (Home/Business/etc.)
GMT Greenwich Mean Time
Gnd Ground
GPS Global Positioning System/Satellite
ICMP Internet Control Message Protocol
IEEE Institute of Electrical and Electronic Engineers
IGMP Internet Group Management Protocol
ILM Incoming Label Map
IP Internet Protocol
ISDN Integrated Services Digital Network
ISP Internet Service Provider
ITU International Telecommunications Union
LACP Link Aggregation Control Protocol
LAN Local Area Network
LBM Loopback Message
LBR LoopBack Reply
LDP Label Distribution Protocol
LER Label Edge Router
LIN Link Integrity NotificationF
LLC Logical Link Control
LM Loss Measurement
LMR Loss Measurement Reply
LOC Loss Of Continuity
LRM Loopback Reply Message
LSP Label Switch Path
LSR Label Switch Router
LT Link Trace
LTM Linktrace Message
LTR Link Trace Reply
MA Maintenance Association
MAC Medium Access Control
MAID Maintenance Association IDentifier
MAN Metropolitan Area Network
MD5 Message Digest 5 (code/algorithm)
MDI Media Dependent Interface
Pinout: 1 Tx+, 2 Tx-, 3 Rx+, 6 Rx-.
Connected to DTE with a cross-wired cable.
MDIX Media Dependent Interface X (with cross-wiring)
Pinout: 1 Rx+, 2 Rx-, 3 Tx+, 6 Tx-.
Connected to DCE with a cross-wired cable.
MD Maintenance Domain level
MDN Maintenance Domain Name
ME Maintenance Entity - service
MEF Metro Ethernet Forum
MEP Maintenance association End Point
MIB Management Information Base
ms millisecond
MSTI Multiple Spanning-Tree Instance
MTU Multi-Tenant Unit or Maximum Transmission Unit
NAS Network Access Server
NAT Network Address Translation
NEBS Network Equipment Building System
NHLFE Next-Hop Label Forwarding Entry
NMS Network Management Station
NNI Network-Network Interfaces
NOC Network Operation Center
NTP Network Time Protocol
OADM Optical Add-Drop Multiplexer
OAM Operations, Administration, and Maintenance
(Tools/utilities for installing, monitoring, and troubleshooting a network.)
OID Object IDentifier
PBS Peak Burst Size
PDU Protocol Data Unit
PE Provider Edge
Safety Requirements
CAUTION!
To reduce risk of physical harm, equipment damage, and fire and to
maintain proper operation, ensure that the safety requirements stated
hereunder are met!
At all Times
Do not let optical fibers come into physical contact with any bare part of the body since they are
fragile, and difficult to detect and remove from the body!
Do not look into the end of an optical fiber since it may be carrying harmful laser radiation that can
cause permanent damage to the eye and loss of sight!
Do not bend any part of an optical fiber/cable to a diameter that is smaller than the minimum
permitted according to the manufacturer’s specification (usually about 65 mm or 2.5 in)!
Before Installing
Power Ensure that all power to the OS900 is cut off. Specifically, disconnect the OS900
power cord(s) from the power source (line/mains).
Inspection By inspection, ensure that no part of the OS900 is damaged.
Covers Leave the protective covers (e.g., dust caps on optical connectors, etc.) on the
OS900 components at all times until the components are about to be connected.
Grounding For personal protection against electrostatic discharge (ESD),
ensure that the OS900 is electrically connected to ground at the
butterfly nut on screw located on the rear (and shown on the
right).
Wrist Strap For personal and equipment protection against ESD, wear an
ESD-protective wrist strap that is connected to ground. The wrist
strap must have a resistance of at least one megohm in the path
to ground.
Site Reserve one of the following sites for the OS900 allowing for, in addition, a
clearance of at least 25 mm (1 inch) between the air vents and nearby objects:
− Rack Space:
o For models OS904/AC-1, OS904/DC-1, OS906/AC-1, OS906/DC-1:
3
219.6 x 43.65 x 265 mm
3
[8.45 x 1.72 x 9.45 in ]
o For models OS906/AC-2, OS906/DC-2:
3
443 x 43.65 x 204 mm
3
[17.4 x 1.72 x 8.03 in ]
o For models OS910/AC-1, OS910/DC-1, OS910/DC-2:
214.6 x 43.65 x 240 mm 3
[8.45 x 1.72 x 9.45 in 3]
o For models OS910/AC-2:
3
316.6 x 43.65 x 240 mm
3
[12.45 x 1.72 x 9.45 in ]
o For model OS910-M:
443 x 43.65 x 315 mm 3
[17.44 x 1.72 x 12.4 in 3]
o For models OS912-AC-2, OS912-DC-2:
443 x 43.65 x 204 mm 3
[17.4 x 1.72 x 8.03 in 3]
o For models OS930:
3
443.6 x 43.65 x 290 mm
3
[17.48 x 1.72 x 11.42 in ]
− Wall Area:
o For models OS904/AC-1, OS904/DC-1, OS906/AC-1, and
OS906/DC-1:
3
219.6 x 265 mm
3
[8.45 x 9.45 in ]
− Desktop (Flat, stable, non-conductive, static-free
surface):
o For models OS904/AC-1, OS904/DC-1, OS906/AC-1, OS906/DC-1:
219.6 x 265 mm 3
[8.45 x 9.45 in 3]
o For models OS906/AC-2, OS906/DC-2:
3
443 x 204 mm
3
[17.4 x 8.03 in ]
o For models OS910/AC-1, OS910/DC-1, OS910/DC-2:
214.6 x 240 mm 3
[8.45 x 9.45 in 3]
o For models OS910/AC-2:
3
316.6 x 240 mm
3
[12.45 x 9.45 in ]
o For model OS910-M:
3
443 x 315 mm
[17.44 x 12.4 in 3]
o For models OS912-AC-2, OS912-DC-2:
3
443 x 204 mm
3
[17.4 x 8.03 in ]
o For models OS930:
3
443.6 x 290 mm
3
[17.48 x 11.42 in ]
During Installation/Maintenance
Avoid direct exposure to laser beams. In particular, do not look into laser ports.
Ensure that each SFP port at which laser beams are (or will be) present is occupied by an SFP
that is locked in position.
Before Powering On
Temperature Operate the OS900 only at a location where the environmental temperature is in
the range 0 to 45 oC (32 to 113 oF).
Humidity Operate the OS900 only at a location where the environmental humidity is
non-condensing and between 10 and 85%.
Dust Ensure that the site for the OS900 is dust-free. (Less than 1,000,000 particles per
cubic meter or 30,000 particles per cubic foot is OK.)
Cooling Air Ensure that the airflow around the OS900 and through the air vents is not
obstructed. In particular, ensure that there is a clearance of at least 25 mm (1
inch) between the air vents and nearby objects.
Line Voltage Ensure that the input voltage to the OS900 from the power source is as follows:
For AC power supply: 90 to 240 Vac (@ 60 to 50 Hz)
For DC power supply: -36 to -72 Vdc.
Power Cord The OS900’s AC power cord must have one of the following specifications:
115V AC Power Cord: The power cord to be used with a 115 Volt AC configuration
must be a minimum type SJT (SVT) 18/3, rated 250 Volts AC, 10 Amps with a
maximum length of 4.5 meters (15 feet). One end is terminated in an IEC 320
attachment plug, the other in a NEMA 5-15P plug.
230V AC Power Cord: The power cord to be used with a 230 Volt AC configuration
must be a minimum type SJT (SVT) 18/3, rated 250 Volts AC, 10 Amps with a
maximum length of 4.5 meters (15 feet). One end is terminated in an IEC 320
attachment plug. The other end is terminated as required by the recognized safety
organization of the country in which it is to be installed.
During Operation
Ensure that each SFP port at which laser beams are present is occupied by an SFP that is locked
in position.
Do not connect or disconnect cables and/or power cords during lightning strikes or thunderstorms.
Servicing
All servicing must be carried out only by qualified service personnel.
Before servicing, ensure that all power to the OS900 is cut off!
Chapter 1: Overview
General
The OS900 is a multi-layer Telco-compliant compact carrier-class Ethernet demarcation services
platform that provides Layer 2 and 3 functionality.
It enables premium manageable Ethernet services with extensive traffic management and end-to-
end control for service-level conformance.
The OS900 functions as a demarcation device at the customer’s premises and is owned by the
service provider. It provides a carrier-to-customer User-Network Interface (UNI) that separates the
carrier’s WAN from the customer’s LAN to free the provider of the need to configure the customer’s
LAN/devices. The OS900 enables bandwidth limiting, security, and monitoring of customer and
network interfaces with clear visibility of LAN and WAN segments.
For inter-provider demarcation points, the OS900 serves as a demarcation device at the carrier-to-
carrier on-net locations, and provides Network-Network Interfaces (NNI) that separate two different
service provider networks. In such an application, the OS900 enables Ethernet service delivery
over multiple carrier transport networks with end-to-end visibility and control.
Highlights
• Service demarcation for Metro Ethernet E-Line, E-LAN, and EPL connectivity services:
- MEF 93 service conformance
- Provider bridging or MPLS L2 VPN services
- Service protection (with 50 ms recovery time)
• H-QoS according to MEF 144 Traffic Management conformance
• Ethernet Service OAM to guarantee SLAs
• Multi-purpose customer & network interfaces at lower TCO
• IPv6 future proof (hardware enabled)
• Unified Master-OS™ control plane across all models
• Circuit Emulation and MPLS Services5
• Wirespeed Routing
Applications
• Micro-PoP Services
• Business Ethernet Services
• Intra-provider and Inter-provider WAN Ethernet Manageable Services (Ports
can serve as UNIs or NNIs)
Architecture
With state-of-the-art wire-speed technology, the OS900 offers a future-proof solution for ILECs,
IXCs, MSOs, or green-field service providers to meet various business subscriber SLA
requirements. A single OS900 serving as a demarcation device can facilitate the provisioning of
revenue generating new value-added services thanks to its wide spectrum of service features.
3
Test suite for Ethernet services at the UNI
4
A standard defining the requirements and corresponding test procedures for Service Performance and Bandwidth Profile
Service Attributes that may be specified as part of a Service Level Specification (SLS) for an Ethernet Service
5
In future software upgrade
Telco Compatibility
All models of the OS900 can be mounted in standard 19-inch and 23-inch Telco racks. Models
OS904, OS906, and OS910 with a single power supply can be mounted side-by-side in pairs in a
single 19-inch or 23-inch Telco rack frame to enable OS900 protection, high port density, as well
as easy accessibility.
Traffic Management
The OS900 provides for a value-added network infrastructure with end-to-end per-flow QoS.
It supports full CoS and QoS (MEF 14 model) including flow classification, rate limiting, shaping,
WFQ scheduling, and strict priority scheduling for lower delay/jitter, and guaranteed throughput in
real-time applications. In addition, it enables dynamic/adaptive buffer pools to prevent bursty traffic
starvation for buffers while ensuring effectiveness of queuing resources.
For network convergence applications that have a clear boundary between a customer’s network
and the carrier’s network, CoS layers (802.1p) can be mapped/marked to preserve priorities or
mapped into protection profiles preconfigured by the carrier.
6
Future software upgrade
an aggregate profile configured for a UNI or an Ethernet Virtual Circuit. In the new service offering,
consolidated real-time, high-priority, and best effort require the options of differing data rates
configuration and CoS remarking. Dynamic QoS provides for sharing/borrowing bandwidths
allocated for real-time or high-priority applications at intervals when these services are in standby.
This capability optimizes bandwidth utilization at the access/demarcation point of the network
without the need for involving the aggregation layer for this purpose.
System Management
The OS900 control plane incorporates a range of highly manageable features that offer assured
interaction with carriers’ OSS and NMS platforms, based on industry-standard Southbound out-of-
band or in-band interfaces. In addition, it can be managed with MRV’s MegaVision Pro NMS to
provide complete GUI and Northbound gateway (XML, TL1 & SNMP) to an entire cluster of
devices for configuration, performance analyses, and inventory control.
For the service provider, the OAM that is provided by a demarcation device determines to a
significant extent the metrics that can be used to formulate the SLA in cooperation with a service
subscriber.
The OS900 incorporates enhanced standards-compliant MEF OAM and gives the service provider
the capability to monitor the network, provision services, and promptly isolate fault locations from a
remote network operation center.
such connectivity, discovery, and fault management along with performance statistics on delay,
jitter, and frame loss for demarcation and intermediate points of service.
Ethernet Loopbacks
The OS900 offers remote loopback functionality on a physical interface or a specific VLAN that
traverses UNI or NNI interfaces. The loopback function allows for remote troubleshooting of
services, from NOC or any other manageable location without having to actually visit the customer
premises. Loopback functionality is hardware controlled to provide performance monitoring and
SLA verification at wire speed.
Link Aggregation
The IEEE802.3ad Link Aggregation Control Protocol provides a way to set up an aggregation trunk
automatically between two peers. The protocol controls bundling of several physical ports together
to form a single logical channel.
Unlike LAG which requires the configuration to be defined statically, LACP allows a switch to
negotiate an automatic bundle by sending LACP packets to the peer.
Such a channel between two switches increases traffic throughput capacity among stations
connected to the ports that are members of the trunk. For example, the interconnection of eight
full-duplex Gigabit ports of one OS900 unit to eight full-duplex Gigabit ports of another OS900 unit,
serves as an 8-Gbps full-duplex Ethernet trunk.
Analyzer VLAN
The OS900 incorporates the powerful Analyzer VLAN feature. This feature enables the operator to
configure a dedicated Analyzer VLAN for remote analysis by a surveillance center. It can be
activated per customer VLAN, per L2, L3, or L4 fields, or per learn table MAC address. The remote
service monitoring conforms with the interception processes according to the requirements of Law
Enforcement Monitoring.
Multiple-instance STP
Multiple-instance STP (MSTP) allows for the creation of multiple STP instances concurrently on a
network with network inter-node links that can be shared by any number of instances. The
implementation complies with the IEEE 802.1s standard and is backward compatible with the
spanning-tree protocols STP (IEEE 802.1d standard) and RSTP (IEEE 802.1w standard) so that
the OS900 can be used in a network consisting of devices operating in STP, RSTP, and MSTP.
MSTP serves to:
1. Prevent collapse of communication over a network whose topology is changed
dynamically.
2. Address the needs of increasingly faster Ethernet networks with mission-critical
applications requiring quick convergence/recovery. (The convergence/recovery time is 50
to 200 ms, the actual time depending on the network).
3. Maximize traffic flow across a network by optimizing resource utilization (for e.g., by
utilizing unused inter-node links).
4. Balance traffic flow across the network in order to increase throughput.
5. Improve fault tolerance by enabling traffic to flow unaffected in MSTIs even when failure
occurs in one or more other MSTIs.
Models
The OS900 is available in various models with flexibly selectable SFPs so that a model and SFPs
that are most suitable to an application can be selected. The models are described in Table 1,
below. The SW-UPG-9xMPLS enhanced software upgrade package (MasterOS™: MPLS VC -
LDP, RSVP-TE, CR-LDP, OSPF-TE, CSPF) option can be ordered with an OS900 model. Models
with this option are referred to with the character "S" appended to the model name, e.g., OS910-
MS.
Model Description
OS904/AC-1 7
Intelligent Ethernet services demarcation platform with 2 x Tri-mode ports + 2 x
100/1000Base-X SFP ports + 1 x out-of-band management RS-232 port + 1 x out-of-
band management Ethernet port. 1 AC power supply. Two OS904/AC-1s are side-by-
side mountable on a wall or in a Telco 19-inch or 23-inch rack.
OS904/DC-1 Like the OS904/AC-1 except that it has a DC power supply instead of an AC power
supply.
OS906/AC-1 Intelligent Ethernet services demarcation platform with 6 x Tri-mode ports + 1 x out-of-
band management RS-232 port + 1 x out-of-band management Ethernet port. 1 AC
power supply. Two OS906/AC-1s are side-by-side mountable on a wall or in a Telco
19-inch or 23-inch rack.
OS906/AC-2 Intelligent Ethernet services demarcation platform with 6 x Tri-mode ports + 1 x out-of-
band management RS-232 port + 1 x out-of-band management Ethernet port.
Dual AC power supply. Mountable in Telco 19-inch and 23-inch rack.
OS906/DC-1 Like the OS906/AC-1 except that it has a DC power supply instead of an AC power
supply.
OS906/DC-2 Like the OS906/AC-2 except that it has DC power supplies instead of AC power
supplies.
OS910/AC-1 Intelligent Ethernet services demarcation platform with 8 x 10/100/1000Base-T ports
(fixed) + 2 x 100/1000Base-X hot-swappable SFP ports + 1 x out-of-band
management RS-232 port + 1 x out-of-band management Ethernet port. 1 AC power
supply.
Two OS910/AC-1s are mountable on a wall or in Telco 19-inch and 23-inch racks.
OS910/AC-2 Intelligent Ethernet services demarcation platform with 8 x 10/100/1000Base-T ports
(fixed) + 2 x 100/1000Base-X hot-swappable SFP ports + 1 x out-of-band
management RS-232 port + 1 x out-of-band management Ethernet port. Dual AC
power supply.
OS910/DC-1 Like the OS910/AC-1 except that it has a DC power supply instead of an AC power
supply.
OS910/DC-2 Like the OS910/AC-2 except that it has a dual DC power supply instead of a dual AC
power supply.
OS910-M Mini multi-service modular platform with 6 x 10/100/1000Base-T ports (fixed) + 2 Tri-
mode ports + 2 x 100/1000Base-X hot-swappable SFP ports + 1 x out-of-band
management RS-232 port + 1 x out-of-band management Ethernet port + 2 optional
service modules (e.g., WDM, E1/T1).
One pluggable, hot-swappable power supply or dual pluggable, mutually redundant,
hot-swappable power supply.
Part number of AC power supply: EM9-M-PS/AC. Part number of DC power supply:
EM9-M-PS/DC.
Mountable in Telco 19-inch and 23-inch racks.
OS912-AC-2 Intelligent Ethernet services demarcation platform. 12 Tri-mode ports.
Dual AC power supply.
Brackets for mounting in a 19-inch rack included.
OS912-DC-2 Like the OS912-AC-2 except that it has a dual DC power supply instead of a dual AC
power supply.
OS930 Intelligent Ethernet services demarcation platform with 3 x 10 Gbps Ethernet hot-
swappable XFP ports + 1 x out-of-band management RS-232 port + 1 x out-of-band
management Ethernet port.
One pluggable, hot-swappable power supply or dual pluggable, mutually redundant,
hot-swappable power supply. Part number of AC power supply: EM9005-PS/AC. Part
Number of DC power supply: EM9005-PS/DC.
Mountable in Telco 19-inch and 23-inch racks.
7
Tri-mode ports can operate in either of the following Ethernet protocols: 10/100/1000Base-T, 100Base-FX, or 1000Base-
X.
Layout
View
The layout of the OS900 is shown in Figure 2, below.
OS904/AC-1
Front
Rear
OS906/AC-1
Front
Rear
OS906/AC-2
Front
Rear
OS910/AC-1
Front
Rear
OS910/AC-2
Front
Rear
OS910/DC-2
Front
Rear
OS910-M
Front
Rear
OS912-AC-2
Front
Rear
OS912-DC-2
Front
Rear
OS930/AC
Front
Rear
Figure 2: Layout of OS900
Power Pushbutton
OS910-M Model
Pin pushbutton SW for powering ON/OFF the OS910-M system.
Other Models
Pushbutton PWR for powering ON/OFF the OS900 system.
Ports
Each port can be independently configured to operate in any of a wide range of modes.
For detailed information on configuration of ports, refer to Chapter 6: Ports, page 131.
OS904/AC-1, OS904/DC-1
Two Tri-mode ports (Ports 1 and 2) and two 100/1000Base-X SFP ports (Ports 3 and 4).
OS910-M
Six fixed 10/100/1000Base-T ports (Ports 1 to 6), two Tri-mode ports (Ports 7 and 8), and two
100/1000Base-X Ethernet SFP ports (Ports 9 and 10).
OS912-AC-2, OS912-DC-2
Eight fixed 10/100/1000Base-T ports (Ports 1 to 8), two 100/1000Base-X Ethernet SFP ports
(Ports 9 and 10), and two 1000Base-X Ethernet SFP ports (Ports 11 and 12).
OS930
Three 3 x 10 Gbps Ethernet XFP ports (Ports 1 to 3).
Management
CONSOLE EIA-232
Serial/RS-232 port (with baud rate 9600 baud) for out-of-band local connection of a craft terminal.
MGT ETH
Ethernet 10/100Base-TX port for TELNET, SSH, and/or SNMP out-of-band connection. It is
directly connected to the CPU and does not affect nor is affected by inband traffic. It is an IP
interface that is used only for connecting a management LAN. Management stations on the LAN
can be used to manage the OS900 out-of-band (using a TELNET, SSH, or SNMP connection over
Ethernet). Alternately, a TFTP client can be connected to the out-of-band interface to access
configuration files stored in the OS900.
LEDs
Global and per-port status-indicator LEDs. The LEDs are described in Table 5, page 74.
Fans
The number of cooling fans in each OS900 model type is shown in Table 2, below.
Table 2: Fans in OS900 Models
Earthing
OS906/AC-2, OS906/DC-2, OS912-AC-2, and OS912-DC-2
Metal tang at rear for earthing the OS906/AC-2, OS912-AC-2, and OS912-DC-2 chassis.
Power Supply
For details on the power supply, refer to Appendix F: Product Specification, page 571.
Options
SFPs/XFPs
OS930
Fiberoptic 10 GE XFP transceivers can be fitted to Ports 1 to 3 of the OS930.
Others
The ports of OS900 models to which fiberoptic Fast Ethernet/1GE SFP transceivers can be fitted
are shown in Table 3, below.
Table 3: SFPs Pluggable in Ports of each OS900 Model
Power Supply
OS900s with an additional universal AC or DC power supply are available. The two power supplies
operate in mutual redundancy mode. This mode of operation has two advantages:
− First, if one power supply fails, the other will supply the requisite power
for continued smooth operation of the OS900. The failure status is
recorded in the OS900. The failure status can be viewed using the
command show version.
− Second, the service provider can coordinate the downtime for OS900
maintenance with the customer.
Chapter 2: Applications
General
This chapter gives examples of how the OS900 can be applied.
Micro-PoP Services
Figure 3, below, shows how several customers on the same premise can be connected with an
OS900, which can be connected to a metro network via the OS9000 aggregation platform.
VLANs can be configured to isolate users from one another if required and to provide Q-in-Q
Service VLANs and security.
MRV’s MegaVision Pro SNMP network management application can be used on various platforms
for management of the OS900 (and other SNMP-manageable devices) via a LAN or the
World-Wide Web (WWW).
OS930 interfaces can be configured as UNI or NNI as per MEF specifications and enable the
following networking functions:
− 1:1 or 1+1 protected modes with 50 ms restoration time - Ring/Mesh, LIN, and end-to-end
protection based on OAM CCM
− Hierarchical QoS traffic management with 10GE subrates (CIR/EIR)
− Ethernet service OAM - SLA management based on CFM IEEE802.1ag and ITU-T Y.1731
PM
− 10GE WAN PHY (WIS) mode - configurable to operate at 10GE, OC192, or STM-64
Chapter 3: Installation
General
This chapter provides a detailed step-by-step procedure for installing the OS900.
Safety
Before installing the OS900, ensure that the requirements noted in the section Safety
Requirements, page 39, are met.
Package Contents
Essentials
• OS900s (as many as ordered by the customer)
• EIA-232 Cable (1 per OS900)
• Power Cord (1 per power supply)
• CD containing the OS900 User Manual (1)
Options
• Brackets for mounting the OS900 in a 19-inch or 23-inch rack (2 per
OS900)
• WDM and/or E1/T1 CES modules (up to 2 per OS910-M)
• SFPs (up to 2 per OS904 or OS910-M)
• A second power supply (1 per OS910-M or OS930
• MegaVision Pro ® server SNMP network management application (on
CD)
• Outdoor Cabinet (1 for up to four OS900s)
Requirements
Tools
• Philips screwdriver no. 1
• Philips screwdriver no. 2
Data Equipment
DTEs/DCEs
Compliant to IEEE 802.3, IEEE 802.3u, and/or IEEE 802.3z.
Cabling
10/100/1000Base-T Ports
Cable Type: Category 5.
Cable Connector Type: RJ45 8-pin male
Cable Length: Up to 100 m (330 ft)
Cable Impedance: 100 Ω
Cable Wiring: Straight (Figure 63, page 563) or Cross (Figure 64, page 563)
Note
Each 10/100/1000Base-T port may be connected with a straight-wired or
cross-wired cable irrespective of whether the co-port8 is that of a DCE
(e.g., switch) or DTE (e.g., PC) since the OS900 port automatically
configures its interface to be Ethernet MDI or MDIX in order to
communicate via the co-port.
100/1000Base-X Ports
Cabling requirements are SFP dependent.
The cable length can be up to:
[Output power of SFP transmitter − Sensitivity of SFP receiver] - Path losses (in dB)
km
Cable Attenuation (in dB/km)
The path losses must include losses due to interposing devices, splices, etc. plus a
safety margin of 3 dB.
10 GE Ports (Only in OS930)
Cabling requirements are XFP dependent.
The cable length can be up to:
[Output power of XFP transmitter − Sensitivity of XFP receiver] - Path losses (in dB)
Cable Attenuation (in dB/km)
km
The path losses must include losses due to interposing devices, splices, etc. plus a
safety margin of 3 dB.
WDM Module Ports (Only in OS910-M)
For possible cabling configurations for WDM Module ports, refer to Chapter 30: WDM Module,
page 413.
E1/T1 Module Ports (Only in OS910-M)
Refer to Chapter 31: E1/T1 CES Module, section Product Specification, page 459.
Cable Fiber Marking
For each cable fiber, attach a label with the marking Tx at one end and another label with the
marking Rx at the other end.
Management Equipment
Out-of-band Management using Serial/RS-232 Connection
• Craft terminal: Asynchronous ASCII terminal, e.g., VT100 terminal
or
Craft terminal emulator: For e.g., PC with asynchronous ASCII terminal
emulation software application such as Microsoft Windows’
HyperTerminal
or
UNIX workstation
or
Linux workstation
• Operating System: For e.g., Microsoft Windows 95, 98, 2000, NT, or
XP
• Cable (supplied by MRV): Null-modem RS-232, with RJ45 8-pin male
connector and DB9 9-pin female connector, and not longer than 15 m
(50 ft) for connecting the OS900 CONSOLE EIA-232 port to the
management station. The cable wiring is shown in Figure 62 on page
563.
8
A co-port is another port that receives from or forwards to the OS900 port.
Mounting
If OS900s are installed in a closed or multi-unit rack assembly, they may require further evaluation
by certification agencies.
Installation should be such that a hazardous instability condition is not developed due to uneven
loading.
Ensure that the OS900 will be within reach of the necessary connections, namely, line/mains
power outlet, Ethernet networks, and a craft terminal/emulator or a UNIX workstation if the OS900
is to be managed via its CONSOLE EIA-232 port.
For mounting an OS900, any one of the following may be used: Rack, Wall, Outdoor Cabinet, or
Desktop. Details are given below.
Rack:
− 19-inch rack:
One OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1:
EM900-BR-1 bracket pair + four philips screws (supplied by MRV)
One OS910/AC-2 or OS910/DC-2:
EM304-BR-3 bracket pair + four philips screws (supplied by MRV)
One OS906/AC-2, OS906/DC-2, OS910-M, OS912-AC-2, OS912-DC-2, or OS930:
EM930-BR-1 bracket pair + four philips screws (supplied by MRV)
Two OS904s, OS906/AC-1s, OS906/DC-1s, OS910/AC-1s, or OS910/DC-1s
(side-by-side)
EM900-BR-D Tray + spacer D + 10 philips screws (supplied by MRV)
One OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1, and one LDP100
(side by side):
EM900-BR-E Tray + spacer E + 11 philips screws (supplied by MRV)
− 23-inch rack:
One OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1:
EM900-BR-2 bracket pair + four philips screws (supplied by MRV)
One OS910/AC-2 or OS910/DC-2:
EM304-BR-4 bracket pair + four philips screws (supplied by MRV)
One OS910-M, OS906/AC-2, OS912-AC-2, OS912-DC-2, or OS930:
EM930-BR-2 bracket pair + four philips screws (supplied by MRV)
− Space in rack:
~ 220 x 45 x 240 mm 3
[~ 8. 5 x 1U x 9.5 in 3]
Wall:
− One OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1:
EM900-WBR bracket (supplied by MRV)
The wall area must be at least:
~ 220 x 240 mm 3
[~ 8. 5 x 9.5 in 3]
Outdoor Cabinet:
− Up to four OS900s indoors or outdoors (supplied by MRV)
Desktop:
− One per minimum surface area:
~ 220 x 240 mm 3
[~ 8. 5 x 9.5 in 3]
The surface must be flat, stable, non-conductive, and static-free.
Environmental
Temperature: 0 to 45 oC (32 to 113 oF).
Humidity: Non-condensing, 10 to 85%.
Cooling air: Flowing around the OS900 and through the air vents unobstructed. In addition,
there must be a clearance of at least 25 mm (1 inch) between the air vents and
nearby objects.
Power
The line (mains) should be able to supply power to the OS900 as specified on the nameplate of
the OS900. Make sure there will be no overloading of supply circuits that could have an adverse
effect on overcurrent protection and supply wiring.
AC Source
The AC power source (line/mains) should be able to supply power to the OS900 according to the
section Power Consumption (Max), on page 574.
The power cord for 115 Vac input from a power source must be a minimum-type SJT (SVT) 18/3,
rated 250 Vac, 10 A with a maximum length of 4.5 m or 15 ft. One end must terminate in an IEC
320 attachment plug, the other end must terminate in a NEMA 5-15P plug.
(The power cord supplied by MRV meets these requirements.)
The power cord for 230 Vac input from a power source must be a minimum-type SJT (SVT) 18/3,
rated 250 Vac, 10 A with a maximum length of 4.5 m or 15 ft. One end must terminate in an IEC
320 attachment plug, the other end must terminate as required by the recognized safety
organization of the country in which it is installed.
DC Source
The DC power source should be able to supply power to the OS900 according to the section
Power Consumption (Max), on page 574:
DC rated equipment must be installed in the following conditions:
1. The DC supply source to which the OS900 is to be connected must be isolated
from the alternating current source and reliably connected to earth or to a DC
(SELV) source.
2. The OS900 must be installed only in restricted access areas (Dedicated
Equipment Rooms, Equipment Closets, or the like) in accordance with Articles
110-16, 110-17, and 110-18 of the National Electrical Code, ANSI/NFPA 70.
3. Input wiring to a terminal block must be routed and secured in such a manner that
it is protected from damage and stress. Do not route wiring past sharp edges or
moving parts.
4. A readily accessible disconnect device, with a 3 mm minimum contact gap shall be
incorporated in the fixed wiring.
5. A listed circuit breaker suitable for protection of the branch circuit wiring and rated
60 Vdc minimum must be provided.
Note
To ensure continued operation even when the line (mains) power is
cut off, it is recommended to connect the OS900 through a UPS.
Power Supplies
One power supply may be sufficient for the OS900.
A second power supply ensures continued supply of requisite power even if a power supply fails.
Grounding
Reliable earthing of the OS900 must be maintained. Particular attention should be paid to supply
connections when connecting to power strips rather than to direct connections to the branch
circuit.
Procedure
Component Insertion
SFP/XFP
1. Choose the SFP/XFP receptacle into which the SFP/XFP is to be inserted.
2. Holding the SFP/XFP with the right side up, slide it about half-way into the
SFP/XFP receptacle.
3. If the SFP/XFP has a latching mechanism, while holding the SFP/XFP with one
hand gently release the latch with the other hand. Usually, the latch handle is a
wire frame around the SFP/XFP. To release the latch, swing down the wire frame.
4. With both thumbs pressed against the face edges of the SFP/XFP, gently slide it
as far into the SFP/XFP receptacle as possible. Holding the SFP/XFP in this
position, swing up the latch handle around the SFP/XFP in order to latch it.
Mounting
Rack
19-inch
One OS900
1. With four screws, fasten the two mounting brackets9 to the sides of the OS900 as
shown in Figure 9, below.
2. Mount the OS900 in a 19-inch rack.
9
Either bracket may be mounted on either side.
OS910/AC-2 or OS910/DC-2
Figure 10: Fastening Brackets for Mounting two OS900s in a 19-inch Rack
One OS900 and One LDP100 (Only OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or
OS910/DC-1)
1. With four screws, fasten the OS900 on the left side of the tray as shown in Figure
11, below.
2. With two screws, fasten the spacer to the right side of the OS900. With one screw,
fasten the spacer to the tray.
3. With four screws, fasten the LDP100 on the right side of the tray as shown in
Figure 11, below.
4. Mount the tray in a 19-inch rack.
Figure 11: Fastening Brackets for Mounting one OS900 + one LDP100 in a 19-inch Rack
23-inch
1. With four screws, fasten the two mounting brackets10 to the sides of the OS900 as
shown in Figure 12, below.
2. Mount the OS900 in a 23-inch rack.
OS904, OS906/AC-1, OS906/DC-1, OS910/AC-1, or OS910/DC-1
OS910/AC-2 or OS910/DC-2
Figure 12: Fastening Brackets for Mounting one OS900 in a 23-inch Rack
10
Either bracket may be mounted on either side.
Figure 13: Fastening Bracket for Mounting the OS900 with one PS on a Wall
Outdoor Cabinet
Refer to the Outdoor Cabinets User Manual, Publication No. ML46852.
Desktop
Place the OS900 on a flat, stable, non-conductive static-free surface.
Earthing
With an insulated copper wire of gage up to #18 AWG, connect the OS900 to an earthing point at
its butterfly-nut-on-screw located at the rear.
Network Connection
Service Modules
WDM Ports
Refer to the section Network Connection, page 414.
E1/T1 Ports
Connect the EM9-CES ports to the PSTNs/PBXs with the wood-pulp or plastic insulation twisted
wire-pair cables having RJ48 or RJ45 8-pin male connectors.
Make sure that an Ethernet port in each OptiSwitch is connected to the IP/Ethernet network across
which the E1/T1 traffic is to be sent.
11
Marking of the fibers is described in the section Cable Fiber Marking, page 62.
Management Station
Connect at least one of the following to the OS900: Craft terminal, TELNET station, SSH station,
UNIX station, Linux station, or SNMP NMS, as described below.
Craft Terminal/Emulator (For Out-of-band Management)
With a null-modem RS-232 cable having an RJ45 8-pin male connector, connect the OS900’s
RJ45 8-pin female connector marked EIA-232 to a craft terminal/emulator serial port as shown in
Figure 14, below.
OS904
OS906/AC-1 or OS906/DC-1
OS910
OS910-M
OS930
Figure 14: ASCII Craft Terminal/Emulator Connection to OS900
TELNET/SSH Station or SNMP NMS
As shown in Figure 15, below, connect the OS900 to a TELNET, SSH, or SNMP station in either of
the following ways:
− With a Category 5 cable (straight-wired or cross-wired) having an RJ45
8-pin male connector, at the dedicated out-of-band management port
CONSOLE EIA-232 or at a 10/100/1000Base-T port.
− With a fiberoptic cable, at a 100/1000Base-X SFP port.
OS904
OS906/AC-1 or OS906/DC-1
OS910
OS910-M
OS930
Figure 15: TELNET, SSH, or SNMP Station Connection to OS900
Setup
Operation
Default
The default setup is a collection of settings assumed by the OS900 when settings are not assigned
by the administrator. Each default setting can be changed by invoking its associated CLI
command, described in the relevant parts of the manual. The section Invoking a CLI Command,
page 83, shows how to invoke CLI commands.
If the factory default settings are changed, they can be restored as described in the section
Restoration of Factory Default Configuration, page 385.
Custom
A setup can be changed using any of the management stations described in the section
Management Equipment, page 62. The connection of management stations is described in the
section Management Station, page 69. The required setup of the craft terminal is described in the
section Local Management (Craft Terminal), page 73.
Unlike the RS-232 interface, the Ethernet interface (MGT ETH port) or a VLAN interface has to be
enabled for management in order to perform setup. The procedure for enabling management via
these interfaces is given in the section Remote Management, page 183.
Additional setup using the OS900’s CLI is required to activate specific functions of the OS900.
(Examples of such functions are: VLANs, Provider bridges, Traffic policing, and Link aggregation.)
Use of the CLI is described in Chapter 5: CLI Management, page 77. The available functions
and their activation are described in their respective sections/chapters.
Management
Local Management (Craft Terminal)
Make sure that a connection exists between the management station and the OS900 EIA-232 port.
The interconnection is shown in the section Craft Terminal/Emulator (For Out-of-band
Management), page 69.
If you are using a PC, run the emulation software application (e.g., Microsoft Window’s
HyperTerminal or TeraTermPro), and set up the craft terminal/emulator as shown in Table 4,
below.
Table 4: ASCII Craft Terminal/Emulator Setup for CLI Management
Operation
Monitoring
The OS900 becomes fully operational within a few seconds after being powered ON. Its operation
can be monitored by interpreting the status of its LEDs with the aid of Table 5, below, or with a
management station (e.g., craft terminal, TELNET, UNIX, or Linux station, SSH host, or SNMP
NMS).
Table 5: Front Panel LEDs
Reset
The reset function is used to restart the OS900 system without powering it OFF and ON.
To reset the OS900, press pin pushbutton RST.
Shutdown
In OS904, OS906, OS910, and OS912
To shut down system operation, simply disconnect the power cord(s) from the power source
(line/mains).
In OS910-M and OS930
To shut down system operation, set the switch of each power supply to the OFF (O)
position.
General
This chapter describes the following:
− Command Line Interpreter (CLI) management tools
− Generic custom setup/management of the OS900 using CLI commands.
A CLI command may be a factory CLI command or a script. (A script is a set of factory CLI
commands that the OS900 can execute in succession without user intervention. Details
are given in the section Scripts, page 120.)
For custom setup/management to operate with specific protocols (e.g., MSTP) and utilities
(e.g., DNS) refer to the relevant chapters.
The OS900 is shipped out of the factory already set up. The setup is only partial and allows basic
Layer 2 switching between the Ethernet ports. However, additional settings may be required such
as, for example, an IP address for the OS900.
For SNMP management using a PC running MRV’s Network Management application, refer to the
MegaVision® Network Management User Manual.
CLI Access
General
The CLI can be accessed via a Serial/RS-232, TELNET, SSH, or SNMP connection even while the
OS900 is under normal operation.
Access Levels
The OS900 has three CLI access levels, each appropriate to the expertise and authority of the
user. The user enters a level with the password associated with the level. The access levels are
listed below.
• Admin Level: At this level, only a limited subset of available
commands can be accessed. These commands can be used to monitor
system operation status but cannot be used to change system
operation configuration. This level is the default level for login.
• Enable Level: At this level, most of the system commands can be
accessed. These commands can be used to monitor the network,
change system operation configuration, upgrade software, save
configurations, etc. To enter this level, after login at the Admin Level,
invoke the CLI command enable, followed by an additional password if
set by the administrator. To access configuration commands, enter the
command configure terminal.
• Root Level: At this level, the OS900 operating system, Linux, is
accessible. To enter root level, login at admin level, and then enter the
command linux. To become a root user (superuser), enter the
command su followed by the root password. Details are given in the
section Linux Mode, page 90.
The procedure for configuring the root level and admin level passwords are given in the section
First Time Access – Root and Admin Passwords Configuration, page 78.
The procedure for configuring the enable level password is given in the section
Configuring/Changing the Enable Password, page 92.
Preparation
The following information is a prerequisite for configuring the OS900:
• A map of your network topology
• A list of VLANs to be configured on ports
• The IP addressing plan for each network interface
• The protocols required by the network
• The protocols to be used
• Location and IP address of each remote management station
Note
If the root or admin password is not configured, the OS900 can be
accessed simply by pressing Enter in response to the system prompt
to enter the password!
The root password is for accessing the OS900 Operating System (Linux) in order to change its
operating functions. The admin password is for accessing the OS900 CLI in order to configure
operation of the OS900.
The procedure for configuring root and admin passwords is as follows:
1. Power up the OS900.
2. When the prompt:
MRV OptiSwitch 904 version 1_3_1
OS900 login:
appears, type a root password that is six or more characters long and press Enter .
4. When the prompt:
Retype new UNIX password:
appears, type an admin password that is six or more characters long and press Enter .
8. When the prompt:
Retype new UNIX password:
Standard Access
To access the OS900 for regular management (e.g., monitoring the network, changing system
operation configuration, upgrading software, saving configurations, etc.), i.e., excluding access to
the Linux operating system:
1. Power up the OS900. After initialization is completed (in about one minute), the
following prompt will appear:
MRV OptiSwitch 910 version 1_3_1
OS900 login:
2. Enter the login name admin. The following prompt will appear:
Password:
3. Type in the admin password (configured as described in the section First Time
Access – Root and Admin Passwords Configuration, page 78). If no admin
password was configured, the default is no password. In such case, simply press
Enter.
The system prompt OS900> will appear to indicate that connection to the CLI is established and the
OS900 is ready for local management. For remote management, the OS900 must first be enabled
as described in the section Remote Management, page 183.
CLI Modes
A CLI mode (or node) is a stage at which a specific group of CLI commands is available to the
administrator for interacting with the OS900. To enter a mode, type its name and press Enter . The
system prompt includes the mode name to signify entry into the mode.
A mode itself may contain other modes (in addition to commands). On accessing the CLI (as
described in the section CLI Access, page 77), the modes (and commands) in each mode can be
displayed by pressing Shift ? .
Convention Description
Courier Bold This typeface represents information provided to the system.
The information may include an argument, i.e, part of a CLI
command.
Courier This typeface represents information provided by the system.
Symbol Significance
argument in lower Argument to be entered as is.
case (keyword)
ARGUMENT IN UPPER Argument to be replaced with a value.
CASE (VALUEWORD) To specify number values:
Type the individual numbers separated by commas
and/or
Type the lowest and highest number separated by a hyphen
(-) to specify a range of consecutive numbers.
Example: To specify numbers 1, 3, 4 to 7, and 9, type 1,3,4-
7,9
[ ] Optional command argument enclosure.
Do not type this symbol with the command argument!
(CR) Typed command (whatever it is) can be invoked by pressing
Enter .
| Process the output of a CLI command by any Linux command
(e.g., wc, grep, tail, etc.).
OS900> prompt of disable mode.
OS900# prompt of enable mode.
OS900(config)# prompt of configure terminal mode.
Key Function
Tab Used to complete a keyword after its first few letters are
typed. Tab adds letters to a partially typed keyword that
are common to all keywords beginning with the partially
typed keyword. If the partially typed keyword is unique to a
keyword, Tab completes the keyword. If the partially typed
keyword is not unique to a keyword, additional letters will
have to be typed in order for Tab to complete the keyword.
Enter After the first few letters of a command are typed:
Executes the command if these letters are a complete
command.
Displays the message
% Command incomplete
if the letters are not a complete command.
Displays the message
% Unknown command
if the first letters are not those of any command.
When the prompt --More-- appears
Displays the next line in the list
if a show command was invoked.
Displays the next batch of lines in the list
if ? was pressed immediately after a mode indication
(e.g., OS9024-4C(config)#.)
? After the system prompt:
Displays all the modes/commands selectable at the
current CLI level.
After the first few letters are typed:
Displays selectable modes/commands/arguments
beginning with these letters.
After a word (mode, command, or argument) is typed:
Displays a set of arguments from which one is
selectable.
Spacebar Scrolls displayed list.
Q Changes access to the higher mode.
Ctrl A Moves the cursor to the first character on the line.
Ctrl B or Moves the cursor back one character.
Ctrl F or Moves the cursor forward one character.
Esc B Moves the cursor back one word.
Esc F Moves the cursor forward one word.
Ctrl E Moves the cursor to the end of the current command line.
Del or Backspace Deletes the character to the left of the cursor.
Esc D Deletes all characters from the cursor position to the end of
the word.
Ctrl W Deletes the last word typed.
Ctrl U or Ctrl X Deletes all characters from the cursor position to the
beginning of the command line.
Key Function
Ctrl K Deletes all characters from the cursor position to the end of
the command line.
Ctrl L or Ctrl R Repeats the current command on a new line.
Ctrl Z or Ctrl C Returns to enable mode from any other mode.
Displays earlier invoked commands.
Displays later invoked commands.
Help
By pressing Shift ? when the cursor is in differing positions in a command, different information
on the command/argument can be obtained.
Note
? does not appear in the CLI display when Shift ? is pressed.
However, it is shown in the following example (and elsewhere) for
clarity.
• CLI Help: Press Shift ? at the system prompt of any mode to see the
commands available in that mode. The following example shows the
commands available in disable mode when you press Shift ? in
disable mode.
OS900> ?
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
logout Logout from this current session
monitor Monitor
nslookup Name server query
ping Send echo messages
quit Exit current mode and down to previous mode
show Show running system information
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
OS900>
• Partial Keyword Help: To view the list of commands that begin with a
partial keyword you have typed, without inserting a space after the last
character of the partial keyword, press Shift ? . For example, when you
type de and press Shift ? , the following results are displayed:
OS900(config)# de?
debug Debugging functions (see also 'undebug')
default Negate a command or set its defaults
default-fwd Set default forwarding
OS900(config)# de
• Keyword Definition Help: To view the definition of a command or
keyword that you have typed, without inserting a space after the last
character of the keyword, press Shift ? . For example, when you type
the command port and press Shift ? , the following results are
displayed:
OS900(config)# port?
port Port configuration
OS900(config)# port
• Command Syntax Help: To view a list of valid keywords and
arguments for a command you have typed, insert a space after the last
character of the command and press Shift ? . This list contains all the
relevant commands, keywords, and arguments relating to the command
you have typed. For example, when you type port and press Shift ? ,
the following results are displayed:
OS900(config)# port ?
core-ethertype-1 Set ethertype-1 mode
core-ethertype-2 Set ethertype-2 mode
access-group Enable access lists on port
acl-binding-mode Set port acl binding mode
advertise Advertise default auto-negotiation capabilities
buffers Buffers setting
default Set port speed and duplex to default value
description Set port description
duplex Port duplex mode
egress-shaping Egress rate shaping
errdisable Disable port when a preconfigured cause is detected
flood-limiting Limit type
flow-control Port flow control mode
ingress-shaping Ingress rate shaping
l2protocol-tunnel Layer 2 protocol tunneling specification
lacp Port lacp mode
lt-learning Enable port lt learning
media-select Select media for the port
mirror Mirroring packets received to the analyzer
mtu-size Configure Maximum Transmit Unit size
priority-queuing Bind port to scheduling profile
protected Egress protected
qos-marking Set QoS marking mode
qos-trust Set QoS trust mode
rapid-lacp Port rapid lacp mode
redundancy Set redundancy mode for APS port
shaper shaper mtu size configuration
sl Port service-level
sl-account Service level port accounting
speed Port speed configuration
state Port state
tag-outbound-mode Set port outbound tag mode
trunk Create a port trunk entry
udld Uni-Directional Link Detection protocol
untagged-multi-vlans Set port to untagged with multi vlans
OS900(config)# port
Procedure
To invoke a CLI command:
1. Enter the mode containing the command.
2. Type the command name.
(If you are not sure of the full name of the command, type its first few letters and
press Shift ? . Command names beginning with these letters are displayed.
Identify the command name you need, and type in one or more additional letters of
the command name until the letters are now unique to the command. To complete
the command name, press Tab .)
3. Press Shift ? to display arguments (if any) that need to be entered. Identify the
argument you need. If the argument is a keyword (identified by lowercase text),
type the first few letters that are unique to the argument and press Tab . If the
argument is a valueword, type a value for it using the description given for the
value as a guide.
4. Repeat Step 3, until the symbols (CR) and | appear.
5. Press Enter to invoke the command.
Example
The following example illustrates how a CLI command can be invoked. The procedure is described
in considerable detail to serve as a guide for invoking other CLI commands and to show how
various functional keys can be used when invoking a CLI command. These functional keys help in
producing the command in its correct syntax while minimizing typing.
Suppose the aim is to invoke the command interface vlan IFNAME. Access the CLI (as
described in the section Standard Access, page 79). When the prompt ‘OS900>’ is displayed,
press Shift ? to display the commands available at this level. The CLI response is shown below.
OS900> ?
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
logout Logout from this current session
monitor Monitor
nslookup Name server query
ping Send echo messages
quit Exit current mode and down to previous mode
show Show running system information
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
OS900>
Notice that the symbol ‘?‘ does not actually appear on the screen. Still, it is shown to indicate that
Shift ? was pressed after the CLI prompt ‘OS900>’.
Also, notice that a description appears against each command.
Type ‘e‘ and press Shift ? . The CLI response is shown below.
OS900> e?
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
OS900> e
Notice that the two commands enable and exit are displayed because both these commands
begin with e. To select the command enable type ‘n‘ (after the ‘e’ to get ‘en,’ which is different
from ‘ex’ in the command exit), and press Tab . Then press Enter . The CLI response is shown
below.
OS900> enable
OS900#
Notice that the system prompt has changed from ‘OS900>‘ to ‘OS900#‘.
‘#‘indicates entry into enable mode.
Next, type ‘con‘ and press Tab . The CLI response is shown below.
OS900# configure
Press Shift ? to determine possible argument choices. The CLI response is shown below.
OS900# configure ?
<cr>
terminal Configuration terminal
| Output modifiers
OS900# configure
Type ‘t‘ for ‘terminal‘, press Tab , and then press Shift ? . The CLI response is shown below.
OS900# configure terminal
<cr>
| Output modifiers
OS900# configure terminal
Notice that only the symbols ‘<cr>‘ and ‘|‘ appear. This indicates that the command configure
terminal can be invoked.
Invoke the command configure terminal by pressing Enter . The CLI response is shown
below.
OS900(config)#
Notice that the system prompt has changed from ‘OS900#‘ to ‘OS900(config)#‘.
You now have access to configure terminal mode.
You can now press Shift ? to determine possible command choices in the mode.
Type ‘i’ and press Shift ? . The CLI response is shown below.
OS900(config)# i?
igmp IGMP specific commands
ingress-counters Ingress counters group configuration
interface Interface infomation
ip IP information
OS900(config)# i
Notice that the four commands igmp, ingress-counters, interface, and ip are displayed
because both these commands begin with ‘i‘. To select the command interface type the letters
‘nt’,so as to have ‘int‘ which distinguishes it from the other commands, and press Tab . The CLI
response is shown below.
OS900(config)# interface
Press Shift ? to display the selectable arguments. The CLI response is shown below.
OS900(config)# interface ?
IFNAME Existing interface device-name (i.e vif3,...)
out-of-band New or existing out-of-band interface configuration
vlan New or existing vlan interface configuration
OS900(config)# interface
Select ‘vlan‘ by typing v and pressing Tab . The CLI response is shown below.
OS900(config)# interface vlan
Press Shift ? to display the selectable arguments. The CLI response is shown below.
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )
Viewing Methods
Viewing of system information on the screen can be set to either of the following formats:
− Paging (display one full screen of information at a time)
− No paging (display all information without interruption until its end)
Paging
This is the default method.
1. Enter mode enable.
2. Invoke the command cli-paging.
No Paging
1. Enter mode enable.
2. Invoke the command no cli-paging.
Example
OS900(config)# show lt | ?
Alias
An alias is a user-assigned alternate name for an existing CLI command.
Any CLI command (including Scripts, page 120), in any mode can be assigned an alias.
An alias serves two purposes:
− As a mnemonic (for conveniently identifying the command)
− Quickly invoking the command by entering only its name
Assignment
To assign an alias to a command, invoke the following command:
alias all|this|NODENAME NAME Command text
where,
all: In all modes
this: In current mode
NODENAME: Name of a mode in which the alias is to apply
NAME: Alias (alternate name for the command)
Command text: CLI command with argument values, if any
In the example below, although the alias is assigned in configure terminal mode it can be
used to invoke the CLI command in any mode.
Example
OS900(config)# alias
all In all nodes
this In current node
NODENAME Node name
OS900(config)# alias all
NAME Name of alias
OS900(config)# alias all INF
.. Command text
OS900(config)# alias all INF show interface vif29
OS900(config)#
Invocation
To invoke a command simply use its alias as the command.
In the example below, the alias is invoked in enable mode although it was assigned in
configure terminal mode.
Example
OS900# INF
alias(INF) => show interface vif29
OS900#
Deleting
To delete an alias, invoke the command:
no alias all|this|NODENAME NAME [Command text]
where,
all: In all modes
this: In current mode
NODENAME: Name of a mode in which the alias is to apply
Viewing
To view an alias of a command, invoke the command:
show alias [all|this|NODENAME [NAME]]
where,
all: In all modes
this: In current mode
NODENAME: Name of a mode in which the alias is to apply
NAME: Alias (alternate name for the command)
Copy-Paste Mode
In Copy-Paste mode a set of CLI commands are automatically executed simply by pasting them
onto a CLI window in the appropriate commands mode (e.g., configure terminal mode).
Usage
The procedure for using the copy-paste feature is as follows:
1. Enter the mode in which the CLI commands are to be pasted and automatically
executed.
2. Paste the CLI commands onto the CLI window.
Example
The example below demonstrates how the command copy-paste can be used to configure
VLAN interfaces.
INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
vif0 vif0 - DO 00:0F:BD:00:05:B8 0001 1-10
-------------------------Entering the mode in which the commands are to be pasted and executed-------------------------
-----------------------------------------------------------------Executed commands-----------------------------------------------------------------
OS900(config-vif2)# exit
OS900(config)# show interface
INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
vif1 vif1 193.218.67.55/24 DO 00:0F:BD:00:36:67 0010 1-2
vif2 vif2 193.88.67.55/24 DO 00:0F:BD:00:36:67 0020 3-4
vif0 vif0 - DO 00:0F:BD:00:36:67 0001 5-10
OS900(config)#
Linux Mode
General
The OS900 MasterOS software runs over the Linux operating system. The user can access the
Linux operating system shell in order to perform advanced functions and to monitor internal
MasterOS operations and parameter values.
CAUTION!
Before accessing the Linux operating system shell, it is advisable to
consult Customer Support at MRV.
Improper use of the shell/Linux commands at the SuperUser level
may cause damage to the OS900 MasterOS software and OS900
File System!
Entry
The procedure for accessing the Linux operating system shell is as follows:
1. Enter enable mode.
2. To enter Linux mode, type linux.
3. When the prompt $ appears, invoke the command su for superuser privileges.
4. When the prompt Password: appears, type the root password. If no root password
was configured, the default is no password. In such case, simply press Enter.
Example
OS900> enable
OS900# linux
$ su
Password:
#
Exit
To exit the Linux operating system shell, type exit twice.
Example
# exit
exit
$ exit
exit
OS900#
Passwords
Three passwords can be configured for the OS900, each corresponding to a different access level.
The access levels are described in the section Access Levels, page 77. The passwords are:
• Root Password
Enables access to the (Linux) operating system of the OS900
• Admin Password
Enables access to some CLI commands of the OS900
• Enable Password
Enables access to all CLI commands of the OS900
Root and Admin passwords, by default, are encrypted. Encryption of an Enable password is
optional.
12
Entry to the linux mode is indicated by the prompt $. To exit linux mode, invoke the command exit.
……………………
……………………
………………..
MRV OptiSwitch 910 version 1_0_10
OS900 login:
Example
MRV OptiSwitch 910 version 1-0-0
OS900 login: admin
Password:
Last login: Thu Sep 1 06:58:43 2006 on ttyS0
OS900> enable
OS900# configure terminal
OS900(config)# enable password myEnablePass
OS900(config)# service password-encryption
OS900(config)#
OS900(config)# write terminal
Building configuration...
Current configuration:
! version 1_0_10
enable password 8 iBZPg9fiHT9RQ
service advanced-vty
service password-encryption
OS900(config)#
The example above shows the password myEnablePass encrypted as iBZPg9fiHT9RQ.
CPU: MPC8245, 266MHz with 64MB flash and 256MB Dram memory
CPU Hardware: id 3, version 1
Device Hardware version: 5
Power Supplies:
unit 1 AC: INSTALLED & ACTIVE (hw-type 1)
Fans:
Fan 1: NOT ACTIVE
Software
--------
MasterOS version: 2_1_1
Build time: Sun Jul 6 15:36:59 IDT 2008
Based on:
Linux OS910 2.6.15 #413 Thu Jun 26 15:18:10 IDT 2008 ppc
ZebOS 5.2 (powerpc-603-linux-gnu).
Driver v1.4 mvPp s6352 PLD 4 sHwVer 1
Supported features:
-------------------
MSTP - Yes
ROUTING - Yes
RIP - Yes
OSPF - Yes
ISIS - Yes
BGP - Yes
MPLS - No
LDP - No
RSVP - No
WEB - No
IPv6 - No
up 0:10, 1 user
OS910#
Backup Image
To view the version of the backup image of the OS900:
1. Enter enable or configure terminal mode
2. Invoke the command:
show version backup
Example
OS900(config)# show version backup
Wait please, while retrieving backup version...
MasterOS version: 2_1_1
OS900(config)#
CPU
To view information about the OS900 CPU:
1. Enter mode configure terminal.
2. Invoke the command show cpu.
Example
OS900(config)# show cpu
processor : 0
cpu : 82xx
revision : 16.20 (pvr 8081 1014)
bogomips : 175.71
vendor : Motorola SPS
machine : MRV SBC
Hostname
The hostname of an OS900 is its network name.
New
To change the hostname of an OS900:
1. Enter configure terminal mode
2. Invoke the command:
hostname WORD
where,
WORD: Hostname. Only a string without any blanks in it is allowed. The
string can be built with words interconnected with underscores and/or
hyphens in order to make it more intelligible. The words may include
uppercase and lowercase letters.
Example
OS900(config)#hostname Zeus_2
zeus_2(config)
Default
The default hostname is the factory-set name. The name is usually the model of the OS900. To
change the hostname to the default:
1. Enter configure terminal mode
2. Invoke the command:
default hostname
or
no hostname
Example
Zeus_2(config)# default hostname
OS910(config)#
Banner
Definition
A banner is text indicating the OS900’s association. The banner can consist of one or more text
lines and appears on the console at login.
Default
The default banner is the factory-set banner that usually identifies the vendor name, product, and
operative software version.
Example
MRV OptiSwitch 910 version os900-2-1-0-d30-07-08-0800
Viewing
To view the current banner, from configure terminal mode invoke the command show
banner.
Configuration
Method 1
To configure the first line of the banner:
1. Enter configure terminal mode.
2. Invoke the command banner TEXT
where,
TEXT: Text to be entered in the banner line.
To configure additional lines in the banner:
1. Invoke the command banner-line NUMBER TEXT
where,
NUMBER: Number of banner line.
TEXT: Text to be entered in the banner line.
2. Repeat the above command for each banner line you want.
Example
OS900(config)# banner MRV OptiSwitch 910 version 1-0-0
OS900(config)# banner-line 2 Hamelyn Town
OS900(config)# banner-line 3 Building Complex 25G
OS900(config)# show banner
Line 1 : MRV OptiSwitch 910 version d1734-22-09-05
Line 2 : Hamelyn Town
Line 3 : Building Complex 25G
OS900(config)#
Method 2
To configure a banner consisting of multiple lines:
1. Enter configure terminal mode.
2. Enter banner mode.
3. Type text to be entered in the first, second, etc. banner line making sure to press
Enter at the end of each line.
Example
OS900(config)# show banner
banner is default
OS900(config)# banner
OS900(config-banner)# MRV OptiSwitch 910 version 1-0-0
OS900(config-banner)# Hamelyn Town
OS900(config-banner)# Building Complex 25G
OS900(config-banner)# exit
OS900(config)# show banner
Line 1 : MRV OptiSwitch 910 version d1734-22-09-05
Line 2 : Hamelyn Town
Line 3 : Building Complex 25G
OS900(config)#
Date
To configure/change the date, from enable mode type date and enter the month, day, and year.
Example
OS910# date sep 01 2008
OS910#
Time
To configure/change the local time, from enable mode type time and enter the time in the format
hh:mm.
Example
OS910# time 14:28
OS910#
Location
To configure/change the location/site record of the OS900:
1. Enter the following modes in succession:
enable configure terminal snmp
Example
OS900(config)#snmp
OS900(config-snmp)
2. Type location and the location description. The description can be any
alphanumeric string. The string can be a single word or several words separated
by blank spaces or interconnected with hyphens and/or underscores.
Example
OS900(config-snmp)location main_building_second_floor
OS900(config-snmp)
Rebooting
Rebooting restarts the OS900 with the new image (operative firmware) if one was downloaded.
Modes
The OS900 can be set so that at reboot it is either configured or not configured according to its
configuration file system.conf.
By default, the OS900 is configured according to its configuration file at reboot.
Methods
The OS900 can be rebooted at any time using any of the following methods:
Normal
1. Enter enable mode.
2. Invoke the command:
reboot if you want to reconsider whether to reboot.
In response to the prompt:
Would you like to reboot the system now ? (y|n)
Type y if you want to reboot now.
Type n if you do not want to reboot.
Or
reboot-force if you want rebooting to be done straightaway, i.e., without prompts.
Warm
To restart the OS900 system without powering it OFF and ON, press pushbutton PWR.
Cold
To restart the OS900 system with powering it OFF, press pin pushbutton RST.
Scheduler
Use the Scheduler utility Scheduler, page 365. This utility can be used to automatically trigger
rebooting at a preset date and time.
Learn Table
Definition
The Learn Table is a map of currently connected stations13 to ports. The Learn Table is
dynamically updated and can maintain as many as 16K unicast entries (MAC addresses) for an
OS900.
Viewing
All or selective entries of the Learn Table can be displayed according to one or more of the
following attributes: port number, tag number, interface ID.
To view Learn Table entries:
1. Enter configure terminal mode.
2. To view entries using interface ID:
Invoke the command:
show lt port PORT|all interface IFNAME|all
where,
PORT: Port number.
all: (first) All ports.
IFNAME: ID of an existing device/interface (e.g., vif3)
all: (second) All interfaces.
To view entries using interface Tag:
Invoke the command:
show lt port PORT|all tag TAG|all
where,
PORT: Port number.
all: (first) All ports.
TAG: Tag of existing device/interface (e.g., vif3)
all: (second) All tags.
13
The stations are identified by their MAC address.
Aging
Aging is a mechanism that clears entries of stations that are not active, shutdown, or moved to
another location. The default aging time is 300 seconds.
To change the aging time:
1. Enter configure terminal mode.
2. Invoke the command:
lt aging <10-630>|default
where,
<10-630>: Aging time in seconds. The aging time must be a number that is a
multiple of 10 and in the range 10-630.
default: Default aging time (300 seconds).
Example
OS900(config)# lt aging 370
OS900(config)#
To disable aging:
1. Enter configure terminal mode.
2. Invoke the command:
no lt aging
Example
OS900(config)# no lt aging
OS900(config)#
Limiting
Logging of entries in the Learn Table can be limited in number with respect to pre-specified ports
of entry and VLAN tags. If the limit is reached, new MAC address will not be learned. However,
frames with new MAC addresses (i.e., MAC addresses that do not exist in the Learn Table when it
has become full) will, by default, be flooded. To cause frames with new MAC addresses to be
dropped invoke the command described in the section Dropping, page 100.
To limit entries with respect to ports:
1. Enter configure terminal mode.
2. Invoke the command:
lt limit port PORTS-GROUP entries ENTRIES-LIMIT
where,
PORTS-GROUP: Group of ports.
ENTRIES-LIMIT: Maximum number of entries in the range 0-16k that may be
logged in the Learn Table. (16k is decimal 16000). This number applies for each
individual port in the group.
To revoke limiting with respect to ports, invoke the command:
no lt limit port PORTS-GROUP
Example
OS900(config)# lt limit port 4-7 entries 6k
OS900(config)#
To limit entries with respect to VLAN tags:
1. Enter configure terminal mode.
2. Invoke the command:
lt limit tag TAGS-GROUP entries ENTRIES-LIMIT
where,
Dropping
To cause frames whose MAC addresses do not exist in the Learn Table when it has become full to
be dropped, invoke the command:
lt limit action drop PORTS-GROUP|all
where,
PORTS-GROUP: Group of ports.
all: All ports.
Example
OS900(config)# lt limit action drop 3-7,9
OS900(config)#
Policing
The policing action (forward or drop) can be performed on ingress packets based on the Source or
Destination MAC address and on whether the Learn Table entry is static or dynamic.
To apply the policing policy:
1. Enter configure terminal mode.
2. Invoke the command:
lt entry MAC_ADDRESS PORT TAG dynamic|static sa-action fwd|drop
[da-action fwd|drop]
where,
MAC_ADDRESS: Learned MAC address in hex format, e.g., aa:bb:cc:dd:ee:ff
PORT: Egress physical port for the packet
TAG: VLAN ID of the ingress packet
dynamic: Dynamic entry, i.e., the entry can be aged out.
static: Static entry, i.e., the entry cannot be aged out.
sa-action: For Source MAC address
da-action: For Destination MAC address
fwd: Forward packets with this source MAC
drop: Drop packets with this source MAC
Flushing
To delete all existing entries in the Learn Table:
1. Enter configure terminal mode.
2. Invoke the command:
clear lt
Example
OS900(config)# clear lt
OS900(config)#
Definition
MTU is the largest physical packet size (possibly jumbo packet size) that specific ports or VLAN
interfaces of the OS900 will forward.
Applicability
An MTU size can be set for each port (trunk port as well) independently. An MTU is set for a VLAN
interface by assigning an MTU profile to the VLAN interface. Up to eight MTU profiles (MTU sizes)
can be defined for assignment to VLAN interfaces. An MTU profile can be assigned to several
VLAN interfaces. Only one MTU profile can be assigned to a VLAN interface. The MTU set for a
VLAN interface will apply for all ports that are members of the VLAN interface.
Note
If different MTUs are defined for a VLAN interface and member ports, the
smallest of the MTUs will be selected by the OS900.
To set an MTU for a VLAN interface assign an MTU profile to the VLAN interface as follows:
1. Enter the mode of the VLAN interface.
2. Invoke the command:
mtu-profile <1-8>
where,
<1-8>: Range of MTU profiles.
Syslog
Definition
Syslog is a standard logging mechanism that stores system messages and events.
Events for all processes except for the Operative Software are, by default, logged in Syslog. The
procedure for enabling the OS900 to log Operative Software events as well in the Syslog is given
in the section Logging of Events, page 102.
File Location
The internal Syslog file is stored at: /var/log/messages.
The remote Syslog file is stored on the Remote Syslog server.
Logging of Events
By default, events are logged in Syslog for all processes except for the Operative Software. To
enable logging of Operative Software events as well:
1. Enter configure terminal mode.
2. Invoke the command:
Default Mode
To set Syslog to the default mode:
1. Enter configure terminal mode.
2. Invoke the command:
no log syslog
Viewing
To view Syslog messages:
1. Enter enable mode.
2. Invoke the command:
show syslog [all|debug|info|warning|error|fatal] [START_DATE]
[END_DATE]
where,
all: Show all messages
debug: Show messages in the range debug level to fatal level
info: Show messages in the range info level to fatal level
warning: Show messages on the levels warning, error, and fatal
error: Show messages on the levels error and fatal
fatal: Show only messages with level fatal
START_DATE: The start date. Format: mm-dd-hh:mm:ss, e.g., 04-01-
09:00:00 or start for messages from the beginning.
END_DATE: The end date. Format: mm-dd-hh:mm:ss, e.g., 04-01-09:00:00
or exclude for messages ending at current time.
Clearing
To clear the internal Syslog file:
1. Enter enable mode.
2. Invoke the command:
clear syslog
Remote Syslog
General
Syslog is maintained in the OS900 RAM and is erased on power off or reboot. To keep a
permanent record of the Syslog, a Remote Syslog server can be used, such as, a PC running a
Syslog application program.
Requirements
The following are required for Remote Syslog:
• Syslog Server
(For e.g., PC with the following:
− Operating System: For e.g., Microsoft Windows 95/98/2000/NT/XP
− Syslog application program: For e.g., 3Com 3CSyslog
• Connectivity of the OS900 to the Syslog server.
Setup
Enabling
To enable Remote Syslog:
1. Verify connectivity to the Syslog server, for e.g., by invoking the command ping in
enable mode
2. Enter configure terminal mode.
3. Invoke the command:
SNMP Management
Requirements
For SNMP management of the OS900, you need to:
• Verify connectivity between the OS900 and the SNMP manager
• Enable SNMP management
• Configure SNMP parameters (e.g., SNMP NMS IP address, community
names, etc.)
Enabling
The procedure for enabling SNMP management is described in the section Remote Management,
page 183.
Commands
All SNMP commands are accessible at the snmp mode.
To access snmp mode:
1. Enter configure terminal mode.
2. Invoke the command:
snmp
Management Functions
In snmp mode, CLI commands can be invoked to perform the following SNMP management
functions:
− System Identification
− Access Control
− Trap Generation
− Display
System Identification
The following system MIB objects can be set for the OS900:
sysContact – Used to set contact information, e.g., about system administrator
sysLocation – Used to set location information, e.g., about the OS900’s location
To set the sysContact object, invoke the command:
contact ..
where,
..: Contact information text.
To set the sysLocation object, invoke the command:
location ..
where,
OS900> enable
OS900# configure terminal
OS900(config)# snmp
OS900(config-snmp)# contact [email protected]
OS900(config-snmp)# location Paradise Island (P.O.B. 123)
OS900(config-snmp)# show snmp system
location location Paradise Island (P.O.B. 123)
contact [email protected]
OS900(config-snmp)#
Access Control
The OS900 can be used to perform access control with the following SNMP versions:
− SNMP version 1/2c
− SNMP version 3
Note
If the same community string is assigned to two (or more) Source IP
addresses belonging to the same subnet (even if different privileges are
assigned to the Source IP addresses), an SNMP request will be
processed only for the Source IP address entered first14 using one of
the community commands described above. Requests by the other
Source IP address(es) will be ignored!
The example below clarifies the note. It shows that the same community string, namely, public is
assigned to two Source IP addresses belonging to the same subnet. The Source IP address
entered first is 153.70.131.222, as indicated by a lower index value, namely, 10 in the first column.
As a result, SNMP requests from the source with this IP address will be processed. SNMP
requests from the source with the IP address 153.70.131.0/24 will be ignored!
OS900(config-snmp)# community write-read 153.70.131.222 public
OS900(config-snmp)# community read-only 153.70.131.0/24 public
OS900(config-snmp)# community notConfig default public
OS900(config-snmp)# show snmp community
SNMP Version 3
General
Access control in SNMPv3 is based on two security passwords that can be defined for each of the
access privileges (write-read, read-only, and notConfig) by the user.
− Authorization Password
− Privacy Password
The Authorization password entered by the user is encrypted in either MD5 or SHA code
(algorithm), per the user choice. In addition, the password can be hidden. The password must be
at least 10 characters long.
14
That is, with a lower index value in the display obtained when the command show snmp users is invoked (at the mode
snmp).
The Privacy password is optional. If entered it is encrypted in des code. The password must be at
least 10 characters long.
Configuration
To set up the passwords in the OS900 database, invoke the command:
user wruser|rouser|ncuser [8] md5|sha AUTHPASSWORD des
PRIVPASSWORDwhere,
wruser: Write-read privileged user (can access all MIBs)
rouser: Read-only privileged user (can access all MIBs)
ncuser: Basic read-only privileged user (can access only system MIB)
8: (optional) Hides the authorization password
md5: MD5 code
sha: SHA code
AUTHPASSWORD: Authorization password
des DES privacy code
PRIVPASSWORD Privacy password
Viewing SNMP Configuration
To view the SNMPv3 passwords configured by the user:
1. Enter configure terminal mode.
2. Invoke the command:
snmp
3. Invoke the command:
show snmp configuration
Viewing SNMP Users
To view the users that have been assigned SNMPv3 passwords:
1. Enter configure terminal mode.
2. Invoke the command:
snmp
3. Invoke the command:
show snmp users
Below is an example showing the user inputs, which include: SNMPv3 passwords configuration for
the access privilege write-read, SNMP configuration display command, and SNMP users display
command.
OS900(config-snmp)# user wruser md5 ZorroTheFox des CondorBird
OS900(config-snmp)# show snmp configuration
!
! SNMP configuration
snmp
contact [email protected]
location Paradise Island (P.O.B. 123)
community 10 write-read 153.70.131.222 public
community 20 read-only 153.70.131.0/24 public
community 30 notConfig default public
user rouser 8 sha 0xfc2684ca3353ec5c29fb2788aa0005c38438e1b1
user wruser 8 md5 0xd2a56a2972f6dd9719f5aa1bdf80cab5 des 0xac7aa70a22e2df6c2e74b8331
a41d5ec
!
OS900(config-snmp)# show snmp users
!
### userName Auth Priv PublicString
--- ------------ ---- ---- ------------
1 rouser sha none
2 wruser md5 des
--- ------------ ---- ---- ------------
OS900(config-snmp)#
Trap Generation
General
Traps are SNMP packets sent by the OS900 agent to one or more SNMP hosts (managers) when
certain events external to the OS900 are detected or when the condition of the OS900 has
changed significantly.
A trap may be a cold reset, a warm reset, detection of an interface link status change, an SNMP
authentication failure due to an incorrect community string, or Dying Gasp (indication of time to
failure due to power outage), etc.
The OS900 can be configured to send traps to several pre-specified IP destination addresses (trap
hosts).
15
Trapsess designates SNMPv3 traps.
link-trap-parameters (all|cisco|ietf|legacy)
where,
all: Bind parameters: ifIndex, ifAdminStatus, ifOperStatus, ifDescr, ifType
cisco: Bind parameters: ifIndex, ifDescr, ifType
ietf: Bind parameters: ifIndex, ifAdminStatus, ifOperStatus
legacy: Bind parameter ifIndex only (default)
OS900(config-snmp)# link-trap-parameters ietf
OS900(config-snmp)#
Viewing
To view SNMP information, invoke the command:
show snmp [all]|authtrapmode|community|engineID|objectID|srcIP|
system|traps|users|configuration
where,
[all]: (optional) All SNMP information (default)
authtrapmode: Authentication traps mode (enabled or disabled)
community: Community objects
engineID: Engine ID. (Needed by SNMP-enabled devices in the datapath of SNMP
traffic from a device.)
objectID: SNMP OID of OS900.
srcIP: IP address of VLAN interface in OS900 via which a trap was sent out.
system: MIB-II system data
traps: Trap hosts
users: SNMPv3 user privilege and encryption modes
configuration: = Run-time configuration
Example
OS900(config-snmp)# show snmp all
SNMP Object ID: 1.3.6.1.4.1.629.22.1.1
engineID 0x800007e503000fbd0005b8
## User Source Community Description
-- ------------- ------------------ ---------- --------------
10 write-read 153.70.131.222 public
20 read-only 153.70.131.0/24 public
30 notConfig default public
-- ------------- ------------------ ---------- --------------
### userName Auth Priv PublicString
--- ------------ ---- ---- ------------
1 wruser md5 none
--- ------------ ---- ---- ------------
!trap HostName Vers Community/User IsInform
!---- --------------- ---- ---------------- ------
trap 173.57.32.104 1 ZorroTheFox inform
trap 176.58.34.249 3 wruser inform
authtrap enabled
OS900(config-snmp)#
Deleting a User
To delete an SNMP user, invoke the command:
no user NAME|ncuser|rouser|wruser
where,
user: SNMPv3 secure user to be deleted
NAME: Secure name of any user
Definition
VACM is an SNMPv3 access-control security model based on views (readView, writeView,
notifyView). These views are described in the section Terminology, page 113.
Purposes
VACM has two purposes:
1) To enable the administrator to restrict access by users to selectable subsets of MIB trees.
2) To provide security beyond the traditional community strings/names by imposing
additional access restrictions, such as, IP source address, security name, etc. together
with the community string type of restriction. Specifically it provides for verification:
− That each received SNMP message has not been modified during its transmission
through the network.
− Of the identity of the user on whose behalf a received SNMP message claims to
have been generated.
Terminology
securityLevel: A security level identifies the level of security that will be assumed when
checking access privileges (for members of a group). Different access privileges
can be defined for different security levels.
The SNMP architecture recognizes three security levels:
noAuth: Provides lowest security (without authentication and without
privacy).
AuthNoPriv Provides medium security (with authentication but without
privacy).
AuthPriv Provides highest security (with authentication and with
privacy).
securityModel: SNMPv1 (ID = 1), SNMPv2c (ID = 2), or user-based (ID = 3).
securityName: Human readable string representing a principal.
groupName: Name/ID of a group. A group is a set of zero or more <securityModel,
securityName> tuples on whose behalf SNMP management objects can be
accessed. A group defines the access rights afforded to all securityNames
belonging to that group. The combination of a securityModel and a
securityName maps to at most one group.
Example
OS900(config)# snmp
OS900(config-snmp)# show snmp vacm permanent
---Map of groupName + securityModel securityLevel + View Names (in columns readView, writeView, and notifyView)---
---------------------------Map of View Names (all, systemview) Views (Subtrees/subsets of MIB trees) ---------------------------
The second table [marked Map of groupName + securityModel securityLevel + View Names (in columns
readView, writeView, and notifyView)] shows the views (in columns readView, writeView, and
notifView) for each of the 3 types of access to the MIB tree (readView, writeView, and
notifView) and the groups to which they belong (in column groupName). For e.g., the second
line indicates that administrators belonging to group RWGroup, for any securityModel, have all 3
types of access to a MIB tree on the securityLevel noauth.
The third table marked [Map of View Names (all, systemview) Views (Subtrees/subsets of MIB trees)]
shows the possible views, namely, all and systemview. all (OID:=.1) includes all 3 types of
access to a MIB tree. systemview includes the subtree system (OID:=.1.3.6.1.2.1.1) as well as
the subtree snmp (OID:=.1.3.6.1.2.1.11).
Note that for the securityName notConfig, only the view systemview is accessible.
User-Defined
To view the user-defined access information (privileges, etc.), invoke the command:
All
To view the system-defined as well as the user-defined access information (privileges, etc.),
invoke the command:
show snmp vacm all [group|access|view|all]
where,
all: (First appearance) Non-volatile as well as permanent entries
group: Map of a combination of securityModel and securityName into a groupName
access: Map of a groupName to access
view: Views table
all: (Second appearance) All VACM tables (default)
Example
OS900(config-snmp)# show snmp vacm all
write-read: Security name providing write & read privileges to the whole MIB tree
(OID:=.1)
read-only: Security name providing read-only privileges to the whole MIB tree
(OID:=.1)
notConfig: Security name providing systemview privileges only, i.e., read-only
privileges to the subtrees system (OID:=.1.3.6.1.2.1.1) and snmp (OID:=.1.3.6.1.2.1.11).
NAME: Security name (user) to be defined by the administrator
default: Source name representing all source IP addresses
localhost: Source name of local host, i.e., the OS900 at which a new Security name
is being configured.
A.B.C.D: Source IP address
A.B.C.D/M: Source IP prefix (address and mask)
COMMUNITY: Community string
Example
OS900(config-snmp)# community Tarzan 192.2.2.2/24 private
OS900(config-snmp)#
Mapping Group Name + Security Model Security Level + View Object Names
Invoke the command:
vacm access GROUPNAME (any|1|2|3) (noauth|authnopriv|authpriv)
READVIEW WRITEVIEW NOTIFYVIEW
where,
access: Set entry in VACM access table
GROUPNAME: Name of the group
any: All security Models (any)
1: SNMPv1 Security Model
2: SNMPv2c Security Model
3: User-Based Security Model (usm)
noauth: Low Security Level (without authentication and without privacy)
authnopriv: Medium Security Level (with authentication but without privacy)
authpriv: High Security Level (with authentication and with privacy)
READVIEW: Name of view for read access object.
WRITEVIEW: Name of view for write access object.
NOTIFYVIEW: Name of view for notifications object.
Example
OS900(config-snmp)# vacm access JungleApes 1 noauth ApesRead ApesWrite ApesNotify
OS900(config-snmp)#
Access Table
To delete an entry from a VACM access table (see for instance the second table in the example in
the section System-Defined, page 114), invoke the command:
no vacm access any|1|2|3 GROUPNAME noauth|authnopriv|authpriv
where,
access: VACM access table from which an entry is to be deleted
any: All security Models (any)
1: SNMPv1 Security Model
2: SNMPv2c Security Model
3: User-Based Security Model (USM)
GROUPNAME: Name of the group
noauth: Without authentication and without privacy
authnopriv: With authentication but without privacy
authpriv: With authentication and with privacy
View Table
To delete an entry from a VACM view table (see for instance the third table in the example in the
section System-Defined, page 114), invoke the command:
no vacm view NAME include|exclude MIBNODE
where,
view: Delete entry from VACM view table
NAME: Name of the view
include: Include the subtree in the view
exclude: Exclude the subtree in the view
MIBNODE: objectID of the the subtree, for example, system or .7.1.3.6.1.2.1.1
Configuration Example
The following example demonstrates the procedure for configuring VACM. It includes:
− The Source Name (IP prefix) 192.2.2.2/24 + Community String private mapping to the
Security Name Tarzan
− The Security Name Tarzan + Security Model 1 (SNMPv1) mapping to the Group Name
JungleApes
− The Group Name JungleApes + Security Model 1 mapping to the Security Level noauth +
View Object Names ApesRead, ApesWrite, and ApesNotify
− The View Object Names ApesRead, ApesWrite, and ApesNotify mapping to the Views
include .1, exclude nbSwitchG1, exclude RMON, include system, include ifMIBObjects,
include dot1dBridge
Current configuration:
! version 2_0_10
snmp
Scripts
Definition
A Script is a set of factory CLI commands that the OS900 can execute in succession without user
intervention. Once a script is defined, it can be used just like any other CLI command.
Purpose
The Script utility is used to make the configuration procedure for the OS900 simpler and quicker
for technicians in the field.
Structure
A script consists of the following:
− Parameters (script arguments)
− Lines (a sequence of CLI commands that may include script Parameters as arguments)
Creating
To create a script, you basically need to do the following:
− Create Parameters
− Create Lines (that contain factory CLI commands) with the appropriate Parameters
A Script is created as follows:
1. Enter configure terminal mode.
2. Assign a name to the script by invoking the command:
script NAME
where,
NAME: Name of script.
String of up to thirteen alphanumeric characters.
Letter characters must be lowercase only and must not be blanks,
e.g., ipiface01.
3. Optionally, enter a textual description of the script by invoking the command:
description TEXT
where,
TEXT: Description of script. Text that can include blanks.
4. Create the parameters as described in the section Create Parameter, page 121.
5. Create the lines with CLI commands as described in the section Create Line, page
123.
Parameters
Parameters are script arguments. The user can define a list of Parameters that can be later used
in Lines of a script.
The actions that can be performed on a parameter are as follows:
− Create Parameter
− View Parameter
− Modify Parameter
− Delete Parameter
Create Parameter
To create a parameter:
1. Enter configure terminal mode.
2. Enter the mode of a script (existing or new) by invoking the command:
script NAME
where,
NAME: Name of script. String of up to thirteen alphanumeric characters. Letter
characters must be lowercase only and must not be blanks, e.g., ipiface01.
3. Invoke the command:
parameter [NUMBER] NAME type TYPE description TEXT
where,
NUMBER: (optional) Index of parameter. Set the order of the parameter.
If not specified, a number that is a multiple of 10 (e.g., 10, 20, 30,
etc.) is assigned.
NAME: Name for the parameter.
TYPE: Type for parameter.
View Parameter
The procedures for viewing a Parameter are the same as those given for viewing a Script – see
section Viewing, page 125.
Modify Parameter
To modify the name, type, or description of a parameter:
1. Enter the mode of the script containing the parameter to be modified by invoking
the command:
script NAME
where,
NAME: Name of script.
2. Invoke the command:
parameter NUMBER NAME type TYPE description TEXT
where,
NUMBER: Number of the parameter whose name, type, or description is to be
changed.
NAME: New name for the parameter.
TYPE: New Type for parameter.
TEXT: New description for script.
Delete Parameter
To delete a parameter from an existing script:
1. Enter configure terminal mode.
2. Enter the mode of the script containing the parameter to be deleted by invoking
the command:
script NAME
where,
NAME: Name of script.
3. Invoke the command:
no parameter NUMBER
where,
NUMBER: Number of the parameter to be deleted.
Example
OS900(script-IpInterface01)# no parameter 30
OS900(script-IpInterface01)#
Renumber Parameters
To renumber all Parameters (and Lines) of a script with the sequence 10, 20, 30, etc.:
1. Enter the mode of the script by invoking the command:
script NAME
where,
NAME: Name of script. Text string of up to thirteen characters without blanks.
2. Renumber the Parameters (and Lines) by invoking the command:
renumerate
Example
The example below shows that the numbers of the Parameters (and Lines) before the command
renumerate is invoked are 5, 17, and 23. The numbers after are 10, 20, and 30.
OS900(script-IpInterface01)# show
Lines
Lines are a sequence of CLI commands that include script Parameters.
The actions that can be performed on a line are as follows:
− Create Line
− View Line
− Modify Line
− Delete Line
Create Line
To create a line:
1. Enter configure terminal mode.
2. Enter the mode of a script (existing or new) by invoking the command:
script NAME
where,
NAME: Name of script. String of up to thirteen alphanumeric characters. Letter
characters must be lowercase only and must not be blanks, e.g., ipiface01.
3. Invoke the command:
line [NUMBER] COMMAND
where,
NUMBER: (optional) Number for the line.
COMMAND: CLI command in the regular format with the exception that instead of a
value argument, a parameter preceded by $ is entered.
Example
OS900# configure terminal
OS900(config)# script ipiface01
OS900(script-ipiface01)# line 10 interface vlan vif$IFID
OS900(script-ipiface01)#
Note
When creating a script, there is no need to use exit command in order
to return to previous CLI modes.
View Line
The procedures for viewing a Line are the same as those given for viewing a Script – see section
Viewing, page 125.
Modify Line
To modify a line re-enter it with the same line number as follows:
1. Enter the mode of the script containing the line to be modified by invoking the
command:
script NAME
where,
NAME: Name of script.
2. Invoke the command:
line NUMBER COMMAND
where,
NUMBER: Number for the line.
COMMAND: New CLI command.
Delete Line
To delete a line from an existing script:
1. Enter configure terminal mode.
2. Enter the mode of the script containing the line to be deleted by invoking the
command:
script NAME
where,
NAME: Name of script.
3. Invoke the command:
no line NUMBER
where,
NUMBER: Number of the line to be deleted.
Example
OS900(script-ipiface01)# no line 50
OS900(script-ipiface01)#
Renumber Lines
To renumber all Lines (and Parameters) of a script with the sequence 10, 20, 30, etc.:
1. Enter the mode of the script by invoking the command:
script NAME
where,
NAME: Name of script. Text string of up to thirteen characters without blanks.
2. Renumber the Lines (and Parameters) by invoking the command:
renumerate
Example
The example below shows that the numbers of the Lines (and Parameters) before the command
renumerate is invoked are 5, 17, and 23. The numbers after are 10, 20, and 30.
OS900(script-IpInterface01)# show
Viewing
In Script Mode
To view a script in its mode:
1. Enter configure terminal mode.
2. Enter the mode of the script whose parameters are to be viewed by invoking the
command:
script NAME
where,
NAME: Name of script.
3. Invoke the command:
show
Example
OS900# configure terminal
OS900(config)# script ipiface01
OS900(script-ipiface01)# show
script 'ipiface01'
Parameters
---- -------------- -------------- -----------
Num. Name Type Description
---- -------------- -------------- -----------
10 IFID ifname Vlan Interface ID
20 POID ports Group of Ports
30 TGID tag ID of Tag
40 IPID ipv4_pref IP Prefix of Interface
Lines
---- -----------------------------------------
Num. Line
---- -----------------------------------------
10 interface vlan vif$IFID
20 ports $POID
30 tag $TGID
40 ip $IPID
OS900(script-ipiface01)#
In Enable Mode
To view one or all scripts in enable mode:
One Script
1. Enter enable mode.
2. Invoke the command:
show script NAME
where,
NAME: Name of script.
All Scripts
1. Enter enable mode.
2. Invoke the command:
show scripts [configuration]
where,
configuration: (optional) In the format used to configure the parameters. If this
keyword is not entered, the parameters are displayed in tabular format.
Executing
A Script can be executed like any other CLI command.
To execute a script
1. Enter enable mode.
2. Invoke the command:
NAME
where,
NAME: Name of script.
3. Press Shift ? to display the parameter value to be entered, and enter the value
prompted by the system.
4. Repeat step 3, above, until the prompt <cr> appears.
Deleting
To delete a script:
1. Enter configure terminal mode.
2. To display the list of existing scripts, type the partial command:
no script ?
3. Complete the partial command by typing the name of the script to be deleted.
Example
OS900# configure terminal
OS900(config)# no script ?
NAME
Config07 *Script*
IpInterface01 *Script* Play Dome at Tensa.
OS900(config)# no script Config07
OS900(config)#
Example
The example below shows how a script is created that can be used to configure an interface.
Custom entries are shown in the color red. Parameter names are in upper case, e.g., IFID, POID,
TGID. Notice that in each line, a regular CLI command (e.g., tag 27) is entered with the
exception that a parameter (e.g., TGID) preceded by $ is entered instead of a value (e.g., 27).
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# script ?
NAME Script name
OS900(script-ipiface01)# show
script 'ipiface01'
Parameters
---- -------------- -------------- -----------
Num. Name Type Description
---- -------------- -------------- -----------
10 IFID vifN Vlan Interface ID
20 POID ports Group of Ports
30 TGID tag ID of Tag
40 IPID ipv4_pref IP Prefix of Interface
Lines
---- -----------------------------------------
Num. Line
---- -----------------------------------------
10 interface vlan vif$IFID
20 ports $POID
30 tag $TGID
40 ip $IPID
OS900(script-ipiface01)# exit
OS900(config)# exit
OS900# ipiface01 ?
IFNAME Vlan Interface ID
OS900# ipiface01 201 ?
PORT_GROUP_STR Group of Ports
OS900# ipiface01 201 2-4 ?
<1-4095> ID of Tag
OS900# ipiface01 201 2-4 2001 ?
A.B.C.D/M IP Prefix of Interface
OS900# ipiface01 201 2-4 2001 192.4.4.4/24 ?
<cr>
| Output modifiers
OS900# ipiface01 201 2-4 2001 192.4.4.4/24
CAUTION!
Before disabling local access to the OS900, ensure that a TELNET or
SSH connection exists, otherwise the OS900 will be locked to access!
To disable local access to the OS900, from the remote management station:
1. Enter configure terminal mode.
2. Invoke the command:
console-disable [delayed]
where,
delayed: Delay access disabling for one minute
Viewing
To view the Layer 2 protocol counters, invoke the command:
show l2cntrl-protocol-counters
Example
OS900# show l2cntrl-protocol-counters
PROTOCOL TX_COUNTER RX_COUNTER
------------ ---------- ----------
L2CNTRL_STP 3728 3728
L2CNTRL_OAM 1145 1145
L2CNTRL_EFM 293 293
DOT1X 502 502
LACP 8061 8061
DOT1AH 207 207
OS900#
Clearing
To clear all the Layer 2 protocol counters, invoke the command:
clear l2cntrl-protocol-counters
Example
OS900# clear l2cntrl-protocol-counters
OS900#
Chapter 6: Ports
General
− This chapter shows how to configure and monitor the physical ports of the OS900.
Enabling/Disabling
Default
By default, each LAN/WAN port is enabled.
Custom
Each port can be enabled or disabled independently of other ports. To enable/disable one or more
ports, invoke the following command:
port state enable|disable PORTS-GROUP|all
where,
port: Port-related action
state: Port state
enable: Enable the port(s)
disable: Disable the port(s)
PORTS-GROUP: Group of Ports
all: All ports
Example
OS900(config)# port state disable 4
port 4 state set to: DISABLE
OS900(config)#
Status
Brief
To view the configuration status of one or more ports in brief, invoke the command:
show port [PORTS-GROUP|all]
where,
show: Display
port: Port-related action
[PORTS-GROUP]: Group of Ports.
(If no port number is entered, the statuses of all ports are
displayed.)
all: All ports
Example
OS910(config)# show port
PORTS CONFIGURATION
===================
PORT MEDIA MEDIA_SEL LINK SPD_SEL LAN_SPD DUPL STATE SL
----------------------------------------------------------------------
1 TP COPPER OFF AUTO N/A N/A ENABLE 1
2 TP COPPER OFF AUTO N/A N/A ENABLE 1
Detailed
To view the configuration status of one or more ports in detail, invoke the command:
show port details [PORTS-GROUP]
where,
show: Display
port: Port-related action
details: Detailed information
[PORTS-GROUP]: Group of Ports
(If no port number is entered, the statuses of all ports are
displayed.)
Example
OS910# show port details 3
Port 3 details:
-------------------
Description : N/A
Type : ETH10/100/1000
Link : OFF
Duplex state : N/A
PHY : TP
Speed selected : AUTO
Auto-Neg Advertise : Default
State : ENABLE
Priority : 1
Flow control mode : off
Ethertype : CORE1:0x8100
OutBound Tagged : untagged
Tags List :
Udld : -
Comment Adding
To enter a textual description of one or more ports, invoke the command:
port description PORTS-GROUP|all ..
where,
port: Port-related action
description: Textual description
PORTS-GROUP: Group of Ports
all: All ports
..: Textual description to be entered
Example
OS900(config)# port description 4 This port is for new customers.
OS900(config)# show port details 4
Port 4 details:
-------------------
Description : This port is for new customers.
Type : ETH100/1000
OS900(config)#
Physical Interface
Default
By default, the type of physical interface selected for an SFP port is sfp (1000Base-X).
Custom
The type of physical interface for an SFP port can be selected independently of other ports. To
select the interface medium for one or more ports, invoke the following command:
port media-select sfp|sfp100|copper|auto PORT-GROUP|all
where,
port: Port-related action
media-select: Port physical interface
sfp: Set the port to operate as a 1000Base-X interface
sfp100: Set the port to operate as a 100Base-X interface
copper: Set the port to operate with the fixed 10/100/1000Base-T interface
auto: Set the port to operate with the SFP or fixed 10/100/1000Base-T interface
automatically
PORT-GROUP: Group of Ports
all: All ports
Example
OS900(config)# port media-select copper 1,2
port 1 media mode set to: COPPER
port 2 media mode set to: COPPER
OS900(config)
Speed
Default
The default speed of an electrical LAN/WAN port is according to auto-negotiation. (LAN/WAN ports
are shown in Figure 2, page 54.)
Custom
The speed of each port can be set (forced) independently of other ports. To set a speed for one or
more ports, invoke the following command:
port speed 10|100|1000|auto PORTS-GROUP|all
where,
port: Port-related action
speed: Speed to be set
Viewing
To view the speed configurations for ports, invoke a show command as described in the section
Status, page 131.
Duplexity
Default
The default duplexity mode of transmission of a 10/100/1000Base-T LAN/WAN port is according to
auto-negotiation.
Custom
The duplexity of each port can be set (forced) independently of other ports. To set half- or full-
duplexity for one or more ports, invoke the following command:
port duplex half|full PORTS-GROUP|all
where,
port: Port-related action
duplex: Duplexity to be set
half: Half-duplex
full: Full-duplex
PORTS-GROUP: Group of Ports
all: is all ports
Example
OS900(config)# port duplex half 1,2
port 1 duplex set to: HALF
port 2 duplex set to: HALF
OS900(config)#
Viewing
To view the speed configurations for ports, invoke a show command as described in the section
Status, page 131.
In the example above, KBps is kilobytes per second, pps is packets per second, and Mbps is
megabits per second.
Example
OS910# show port sfp-params t1
Diagnostics
To view the digital diagnostics of the SFP's internal EEPROM, invoke the command:
show port sfp-diag [PORTS-GROUP]
sfp-diag: Digital diagnostics of the SFP's internal EEPROM.
PORTS-GROUP: Group of ports for which the traffic throughput is to be measured. Trunk ports
may be included.
Example
OS910# show port sfp-diag t1
Capabilities Advertising
General
Port capabilities advertising is the advertising of the speed(s) and duplexity with which ports can
operate.
Applicability
Port capabilities advertising applies only to 10/100/1000Base-T ports.
Requirement
For ports to be able to advertise they must be set in auto-negotiation mode. One or more ports can
be set in auto-negotiation mode by invoking the command port speed auto
PORTS-GROUP|all described in the section Speed, page 133.
Default
The default advertise mode for ports is advertise all speeds (10, 100, and 1000 Mbps) and
duplexity (half and full).
Custom
Advertising a Specific Speed and/or Duplexity
To set one or more ports to advertise a specific speed and/or duplexity, invoke the following
command:
port advertise speed (10|100|1000|all) duplex (half|full|all) (PORTS-
GROUP|all)
where,
port: Port-related action
advertise: Advertise default auto-negotiation capabilities
speed: Speed to be set
10: 10 Mbit/sec (Applicable to 10/100/1000Base-T ports only)
100: 100 Mbit/sec
1000: 1000 Mbit/sec
all: (First appearance) All speeds (10, 100, and 1000 Mbit/sec)
duplex: Duplexity to be set
half: Half-duplex
full: Full-duplex
all: (Second appearance) Both duplexities (half and full)
PORTS-GROUP: Group of Ports
all: (Third appearance) All ports
Note that this command will cause the port to advertise:
− The set speed, in addition to one or more other set speeds (if they exist for the port), and
− The set duplexity, in addition to the other set duplexity (if it exists for the port)
Example
OS910(config)# port advertise speed 100 duplex half 3,5
port 3 advertise set to speed: 100MBps, duplex: HALF
port 5 advertise set to speed: 100MBps, duplex: HALF
OS910(config)#
Default
To set one or more ports in the default mode (described in the section Default, page 138), invoke
the command:
port advertise default (PORTS-GROUP|all)
where,
PORTS-GROUP: Group of Ports
all: All ports
Viewing
To view the speed configurations for ports, invoke a show command as described in the section
Status, page 131.
One or more ports can be set to handle ingress frames with IEEE 802.1Q encapsulation in one of
the following modes:
− Tagged
− Untagged
− Hybrid
− Q-in-Q
Tagged
To set a port to handle only tagged ingress frames16 (and to forward them with the tag):
1. Enter configure terminal mode.
2. Invoke the command:
port tag-outbound-mode tagged PORTS-GROUP
where,
port: Port-related action
tag-outbound-mode: IEEE 802.1Q encapsulation of ingress/egress frames
tagged: Tagged ingress/egress frames
PORTS-GROUP: Group of Ports
(If no port number is entered, all ports are displayed.)
Untagged
This is the default mode for ports. To set a port to handle only untagged ingress frames (and to
forward them untaggged):
1. Enter configure terminal mode.
2. Invoke the command:
port tag-outbound-mode untagged PORTS-GROUP
where,
port: Port-related action
tag-outbound-mode: IEEE 802.1Q encapsulation of ingress/egress frames
untagged: Untagged ingress/egress frames
PORTS-GROUP: Group of Ports
(If no port number is entered, all ports are displayed.)
Hybrid
This mode is similar to tagged mode except for the way it handles untagged frames. In tagged
mode, ingress untagged frames are dropped. In hybrid mode, ingress untagged frames are
assigned the port’s default tag. Egress packets having the default tag are sent untagged.
To configure hybrid mode for a group of ports:
1. Enter configure terminal mode.
2. Invoke the command:
port tag-outbound-mode hybrid [PORTS-GROUP] TAG
where,
port: Port action
tag-outbound-mode: IEEE 802.1Q encapsulation of ingress/egress frames
hybrid: Tagged and untagged ingress/egress frames
[PORTS-GROUP]: Group of Ports
(If no port number is entered, all ports are displayed.)
TAG: User-selectable default tag for the interface
16
Untagged ingress frames are dropped in tagged mode.
Viewing
To view the tags of one or more ports:
1. Enter enable mode.
2. Invoke the command:
show port tag [PORT-GROUP|all]
where,
[PORT-GROUP]: is the Group of Ports
(If no port number is entered, all ports are displayed.)
all: All ports
Example
OS910# show port tag 1-3
VMAN mode is disable
Value of ethertype 1 is 0x8100 (default value)
Value of ethertype 2 is 0x8100 (default value)
Link Protection
Referring to Figure 16, the Link Protection (dual-homing) mechanism is used to set two ports to
backup each other. When the primary port fails, the backup (secondary) port takes over the tasks
of the primary port.
Enabling
To enable Link Protection:
1. Enter configure terminal mode.
2. Ensure that the two ports to be set in Link Protection mode (i.e., primary port and
backup port) are trunked. (The procedure for trunking ports is given in the section
Configuration, page 232.)
3. Invoke any of the following commands:
link-protection primary PORT backup PORT
or
link-protection primary PORT backup PORT no-preemption
or
link-protection primary PORT backup PORT srv NUMBER dmn <0-7>
or
link-protection primary PORT backup PORT srv NUMBER dmn <0-7>
rmep <0-4095>
where,
PORT: (First appearance) Primary Port number.
PORT: (Second appearance) Backup Port number.
no-preemption: Prevent the primary port from retaking over from the
backup port when it recovers.
srv: Get IEEE 802.1ag notifications about RMEP timeout for path with
defined service ID.
NUMBER: IEEE 802.1ag Service ID value.
dmn: Get IEEE 802.1ag notifications about RMEP timeout for path with
defined domain level.
<0-7>: IEEE 802.1ag domain level value (range 0..7).
rmep: Get 802.1ag notifications only for specified RMEP. Default: all RMEPs).
<0-4095>: IEEE 802.1ag Remote MEP ID range of values. 0: all RMEPs
Disabling
To disable Link Protection:
1. Enter configure terminal mode.
2. Invoke the command:
no link-protection primary PORT
where,
PORT: Primary Port number.
Example
OS910(config)# no link-protection primary 3
OS910(config)#
Viewing
To view the link-protection status invoke the command:
1. Enter configure terminal mode.
2. Invoke the command:
show port details [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports whose link-protection status is to be viewed.
Example
OS904(config)# show port details t1
Trunk t1 details:
-------------------
Description : N/A
Link : OFF
Duplex state : N/A
Speed selected : AUTO
Auto-Neg Advertise : Default
State : ENABLE
Priority : 1
Flow control mode : off
Ethertype : CORE1:0x8100
OutBound Tagged : untagged
Tags List :
Udld : -
Link-protection : primary 3 and backup 4 with preemption. Now active is 4.
OS904(config)#
Enabling
To enable Link Fault Reflection:
1. Enter configure terminal mode.
2. Invoke any of the following commands:
link-reflection uplink PORT downlink PORT symmetrical
or
link-reflection uplink PORT downlink PORTS-GROUP
or
link-reflection uplink PORT downlink PORTS-GROUP srv NUMBER dmn
<0-7>
or
link-reflection uplink PORT downlink PORTS-GROUP srv NUMBER dmn
<0-7> rmep <0-4095>
link-reflection uplink PORT downlink PORTS-GROUP inverse-state
where,
PORT: (First appearance) Uplink (usually core or provider network) port
number.
Note
If the port is a trunk, Link Fault Reflection is activated only if all ports of
the trunk fail.
Example 1
OS910(config)# link-reflection uplink 1 downlink 4 symmetrical
OS910(config)#
Example 2
The following example shows Link Fault Reflection configuration with Ethernet Service OAM for
two OS900s interconnected across a network. In this configuration, if the link to a UNI at one
OS900 is broken, the link to the corresponding UNI at the other OS900 is also broken.
Network
OS900 2
---------
Disabling
To disable Link Fault Reflection:
1. Enter configure terminal mode.
2. Invoke the command:
no link-reflection uplink PORT
where,
PORT: Uplink-port number.
Example
OS910(config)# no link-reflection uplink 1
OS910(config)#
Purpose
Port protection is used to direct traffic entering a VLAN to user-selected egress ports in the VLAN.
Advantage
In an Ethernet network, port protection provides additional security to hosts on the same subnet by
isolating the ports (from one another) to which they are connected even if the ports are members
of the same VLAN.
Configuration
This mechanism directs traffic at one group of user-selectable source (ingress) ports to another
group of user-selectable destination (egress) ports, all ports being members of the same VLAN.
To enable Port Protection:
1. Enter configure terminal mode.
2. Invoke the command:
port protected PORTS_GROUP|all allowed-dst PORTS_GROUP
where,
protected: Egress traffic restriction.
Viewing
To view the destination ports to which traffic from the associated source ports is restricted:
1. Enter configure terminal mode.
2. Invoke the command:
show port protected [PORTS_GROUP]
where,
[PORTS_GROUP]: Group of source ports.
Example 1
OS900(config)# show port protected
Port protected:
-----------------
source port destination ports
1 all
2 all
3 4,7-9
4 all
5 4,7-9
6 all
7 all
8 all
9 all
10 all
OS900(config)#
Example 2
OS900(config)# show port protected
Port protected:
-----------------
source port destination ports
1 3-4
2 3-4
3 all
4 all
OS900(config)#
Custom Setting
In the default setting, the Link Flap Guard isolates a port when the frequency of change in its link
state reaches the value of:
− 10 link flaps per second, if the port is 10/100/1000Base-T
− 150 link flaps per second, if the port is 10GE.
Viewing
To view the setting of the Link Flap Guard:
1. Enter enable mode
2. Invoke the command:
show link-flap guard port (PORTS-GROUP|all)
PORTS-GROUP: Group of ports for whom the setting of the Link Flap Guard is
to be viewed
all: All ports to have the setting of the Link Flap Guard for them viewed
Example
OS900# show link-flap guard port 2-4
Link Flap Guard
----------------------
Port Guard Threshold
----------------------
2 1257
3 1257
4 1257
OS900#
Default Setting
To set the link flap guard to the default setting, i.e., to disable it:
1. Enter configure terminal mode.
2. Invoke either of the following commands:
link-flap guard default port (PORTS-GROUP|all)
no link-flap guard port (PORTS-GROUP|all)
Example
OS910(config)# link-flap guard default
The default value 10 has been accepted
OS910(config)#
Example
OS910(config)# port state enable 2,3
port 2 state set to: ENABLE
port 3 state set to: ENABLE
OS910(config)#
Principle of Operation
The flapping port is assigned a flap-penalty for each flap. Once the total of the
accumulated flap penalties reaches the errdisable-threshold the port is isolated. If
now the port link stops flapping, for each passing link flap interval17 the total of the
accumulated penalties is decreased by the stability-grant value. When the total
drops to zero the port will be allowed to reconnect to the network provided it is set to
recover. By default, the port is preset to recover when the Link Flap Dampening
mechanism is enabled, as described below. (In any case, the port can be set/preset to
recover using the command port errdisable recover cause link-flap
PORTS-GROUP.) If the port is isolated a second time, the errdisable-threshold is
automatically doubled. If the port is isolated a third time, the errdisable-threshold is
automatically tripled. And so on. If the port is enabled using the command port state
(enable|disable) (PORTS-GROUP|all), the user-set errdisable-threshold
value is reestablished.
Enabling
To enable the Link Flap Dampening mechanism:
1. Enter configure terminal mode.
2. Invoke the command:
port errdisable detect cause link-flap PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be handled by the Link Flap Dampening
mechanism
Example
OS910(config)# port errdisable detect cause link-flap 1,4
OS910(config)#
Disabling
To disable the Link Flap Dampening mechanism:
1. Enter configure terminal mode.
2. Invoke the command:
no port errdisable detect cause link-flap PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be freed of the Link Flap Dampening
mechanism
17
The link flap interval is displayed when the command show link-flap-dampening is invoked, as described in the
section Configuration, page 153.
Example
OS910(config)# no port errdisable detect cause link-flap 4
OS910(config)#
Parameters Setting
Penalty per Flap
The Penalty per Flap is a number assigned to a flap. The larger the number, the larger is the
penalty.
To set the penalty value per flap:
1. Enter configure terminal mode.
2. Invoke the command:
link-flap-dampening flap-penalty VALUE
where,
VALUE: Flap penalty value
Example
OS910(config)# link-flap-dampening flap-penalty 5
OS910(config)#
Stability Grant
The Stability Grant is a number by which the total of the accumulated penalties is decremented for
each minute that no flap occurs since isolation. If no flap occurs until the accumulated penalties for
a port are decremented to zero, the port can reconnect to the network provided it is allowed to be
recoverable. The section Recovering Isolated Ports, page 152 shows how to make ports
recoverable.
1. Enter configure terminal mode.
Viewing
Configuration
To view the Link Flap Dampening configuration
1. Enter enable mode.
2. Invoke the command:
show link-flap-dampening
Example
OS910# show link-flap-dampening
Link-flap dampening configuration:
Errdisable threshold = 10
Flap penalty = 1
Stability grant = 2
Interval = 60 seconds
OS910#
Operation Data
To view the Link Flap Dampening operation data in brief:
1. Enter enable mode.
2. Invoke the command:
show port link-flap-dampening PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be freed of the Link Flap Dampening
mechanism
Example
OS910# show port link-flap-dampening 1,4
PORT DETECT RECOVERY PENALTY FLAPS-CNT ERRDIS-CNT RECOVER-CNT STATE
========================================================================
1 ENABLE ENABLE 0 0 0 0 ENABLE
4 ENABLE ENABLE 0 0 0 0 ENABLE
OS910#
Example
OS910# show port link-flap-dampening long 1,4
Port 1
===========
Port state is ENABLE
Link flap dampening is enabled
Recovery from errdisable state is enabled
The current penalty is 0
The total number of link flaps is 0
The port never entered errdisable state
The port never recovered from errdisable state
Port 4
===========
Port state is ENABLE
Link flap dampening is enabled
Recovery from errdisable state is enabled
The current penalty is 0
The total number of link flaps is 0
The port never entered errdisable state
The port never recovered from errdisable state
OS910#
Application
The dual-port feature provides for:
− Setting of separate flood rates for up to two different traffic types for the same ingress port
as described in the section Configuration, page 211.
OS900(config-boot)#
Flow Control
Definition
Flow Control is a mechanism that causes a transmitting station to temporarily backoff when the
port memory of the OS900 becomes saturated.
Purpose
Flow Control is used to prevent packet-loss. It is to be invoked when it is preferable to lower the
transmission rate rather than have packets dropped due to congestion.
Applicability
Flow control can be applied per-port to full-duplex ports.
It cannot be applied to trunk ports.
Effect
Flow control may impact SLA, such as bandwidth and QoS.
Principle of Operation
Flow Control is set up between the OS900 and a transmitting station on a point-to-point link.
Whenever the OS900 becomes congested, it sends back a "pause" frame to the transmitting
station at the other end of the link, instructing it to stop sending packets for a pre-specified time
period. The transmitting station waits during the requested time period before transmitting again.
Configuration
Enabling
To enable Flow Control:
1. Enter configure terminal mode.
2. Invoke the command:
port flow-control PORTS-GROUP
where,
PORTS-GROUP: Numbers of physical ports for which flow control is to be enabled
Disabling
To disable Flow Control:
1. Enter configure terminal mode.
2. Invoke the command:
no port flow-control PORTS-GROUP
where,
Viewing
To view whether Flow Control is enabled or disabled for a port:
1. Enter configure terminal mode.
2. Invoke the command:
show port details [PORTS-GROUP]
where,
PORTS-GROUP: Group of physical ports
Compliance
IEEE 802.3x flow control protocol for full-duplex ports.
Statistics
Viewing
To view the momentary statistical information (detailed) on one or more ports (possibly members
of a trunk):
1. Enter enable mode or configure terminal mode.
2. Invoke the command:
show port statistics PORTS-GROUP
where,
PORTS-GROUP: Group of ports.
Example
OS900# show port statistics t1
PORTS STATISTICS
================
OS900#
To view the momentary statistical information (brief) on one or more ports in tabular format:
1. Enter enable mode or configure terminal mode.
2. Invoke the command:
show port statistics table [PORTS-GROUP]
where,
PORTS-GROUP: Group of ports.
Example
OS900# show port statistics table
18
Automatic continuous update
Example
OS900# monitor port statistics 3
PORTS STATISTICS
================
Clearing
To clear the statistical counters of one or more ports:
1. Enter enable mode.
2. Invoke the command:
clear ports statistics [PORTS-GROUP]
where,
[PORTS-GROUP]: is the Group of Ports
(If no port number is entered, all ports are cleared.)
Example
OS900# clear ports statistics 1-4
OS900#
Digital Diagnostics
SFP Parameters
To view information on the parameters of SFPs in ports, invoke the command:
1. Enter enable mode.
2. Invoke the command:
show port sfp-params [PORTS-GROUP]
where,
show: Display
port: Port related action
sfp-params: SFP parameters
[PORTS-GROUP]: Group of Ports
(If no port number is entered, all ports are displayed.)
Example
OS900# show port sfp-params 2
SFP ports internal EEPROM data
===============================
SFP Diagnostics
To view real-time diagnostic information on SFPs, invoke the command:
1. Enter enable mode.
2. Invoke the command:
show port sfp-diag [PORTS-GROUP]
where,
show: Display
port: Port related action
sfp-diag: SFP diagnostics
[PORTS-GROUP]: Group of Ports
(If no port number is entered, all ports are displayed.)
Example
OS900# show port sfp-diag 3
Benefits
• Quick & remote analysis of the attached copper cable
• Identification of fault location and type
• Less need for visits by technical support personnel to remote sites
• Reduced network downtime
Principle of Operation
VCD uses Time-Domain Reflectometry (TDR), a method that works on the same principle as
radar. In this method, an energy pulse transmitted through the cable is partially distorted and
reflected when it encounters a fault. The VCD mechanism measures the time it takes for the signal
to travel down the cable and analyzes its reflected waveform. It then translates this time into
distance and the reflected distorted waveform into the associated fault type.
Procedure
To perform VCD:
1. Enter enable mode.
2. Invoke the command:
vct [extended] PORTS-GROUP
where,
[extended]: Detailed information.
PORTS-GROUP: Group of Ports.
as shown in the example below.
Example
Following is a test case example of an 'open' on a 100 meter long cable. One end of the cable was
connected to port 2 of the local OS900. The far end of the cable was connected to another switch
(in normal operation mode). VCD was performed. The far end of the cable was disconnected and
VCD was performed again.
The commands invoked and the test results are shown below.
Setting
To set an OS930 port (10 Gbps XFP) to transmit frames in Ethernet protocol or SONET/SDH
protocol format:
1. Enter configure terminal mode.
2. Invoke the command:
port xfp mode lan|wan PORTS-GROUP|all
where,
lan: Ethernet format at 10.3 Gbps
wan: SONET/SDH format at 9.95328 Gbps (OC-192 or STM-64)
PORTS-GROUP: Group of XFP ports.
all: All XFP ports.
Example
OS930(config)# port xfp mode wan 13
port 13 xfp mode set to: WAN
OS930(config)#
Viewing
Protocol
To view the protocol in which the XFP ports are set to operate:
1. Enter enable mode.
2. Invoke the command:
show port details [PORTS-GROUP]
where,
PORTS-GROUP: Group of XFP ports.
Example
OS930(config)# show port details 13
Port 13 details:
----------------
Description : N/A
Type : ETH10000
Link : ON
Duplex state : FULL
PHY : XFP
XFP mode : WAN
Speed selected : FORC10,000
Actual speed : 10 GBps
State : ENABLE
Priority : 1
Flow control mode: off
Ethertype : CORE1:0x8100
OS930(config)#
WAN Status
To view the momentary status of one XFP port that has been set in WAN mode, i.e., set to
transmit frames in SONET/SDH format:
1. Enter enable mode.
2. Invoke the command:
show port xfp wan-status PORT
where,
PORT: Number of XFP port.
To view the continually updated (automatically refreshed) statistical information on one or more
ports:
1. Enter enable mode.
2. Invoke the command:
monitor port xfp wan-status PORT
where,
monitor: Display with refresh19
PORT: Number of XFP port.
19
Automatic continuous update
Example
OS930(config)# do show port xfp wan-status 1
Port 1 xfp, wan status:
Section OOF : OK
Section LOS : OK
Section LOF : OK
Section BIP (B1) : 0
Line AIS : OK
Line RDI : OK
Line REI : 9435
Line BIP (B2) : 0
Path AIS : OK
Path REI : 63
Path BIP (B3) : 1
Path LOP : OK
Path PLM : OK
Path RDI : OK
Path Remote PLM : OK
OS930(config)#
Clearing
To clear the status counters associated with an XFP port set in WAN mode, i.e., set to transmit
frames in SONET/SDH format:
1. Enter enable mode.
2. Invoke the command:
clear port xfp wan-status-counters PORT
where,
PORT: Number of XFP port.
Setting
One Octet at a Time
To set the value of an octet in the J1 (path trace) or J0 (section trace) field in the header of
SONET/SDH frames transmitted at an OS930 port (10 Gbps XFP) that is in WAN mode:
1. Enter configure terminal mode.
2. Invoke the command:
port xfp wan-tx-trace (J1|J0) octet <0-15> VALUE (PORTS-
GROUP|all)
where,
J1: Path Trace.
J0: Section Trace.
<0-15>: Octet number.
VALUE: Octet value (2-digit hexadecimal number).
PORTS-GROUP: Group of XFP ports.
all: All XFP ports.
Example
OS930(config)# port xfp wan-tx-trace J1 octet 4 7 1
OS930(config)#
All Octets
To set the value of all octets in the J1 (path trace) or J0 (section trace) field in the header of
SONET/SDH frames transmitted at an OS930 port (10 Gbps XFP) that is in WAN mode:
1. Enter configure terminal mode.
2. Invoke the command:
port xfp wan-tx-trace (J1|J0) VALUE VALUE VALUE VALUE VALUE VALUE
VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE
(PORTS-GROUP|all)
where,
J1: Path Trace.
J0: Section Trace.
VALUE: Octet value (2-digit hexadecimal number).
PORTS-GROUP: Group of XFP ports.
all: All XFP ports.
Example
In the following example, the first octet in J1 path trace (of the frames to be transmited) is
assigned the value 3, the second 7, the third 4, and so on, for port 13.
OS930(config)# port xfp wan-tx-trace J1 3 7 4 8 6 9 1 5 16 14 15 13 2 10 12 11 13
OS930(config)#
Viewing
To view the values that have been set to the octets in the J1 (path trace) or J0 (section trace) field
for the header of SONET/SDH frames to be transmitted or received at an OS930 port (10 Gbps
XFP):
1. Enter enable mode.
2. Invoke the command:
show port xfp wan-trace PORTS-GROUP|all
where,
PORTS-GROUP: Group of XFP ports.
all: All XFP ports.
Example
The following example shows that the first octet in J1 (of the frames to be transmited) is assigned
the value 3, the second 7, the third 4, and so on, for port 13.
OS930(config)# do show port xfp wan-trace 13
P1 J1
Tx: 03 07 04 08 06 09 01 05 16 14 15 13 02 10 12 11
Rx: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
P1 J0
Tx: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89
Rx: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
OS930(config)#
− Generate an alert.
Whereas auto-negotiation (Layer 1 mechanism), for example, handles physical signaling and fault
detection, UDLD can detect the identities of neighbor devices and disable misconnected LAN
ports.
Thus running auto-negotiation and UDLD concurrently on the OS900 prevents both physical and
logical unidirectional connections and consequently malfunctioning of other protocols.
Applicability
UDLD on the OS900 applies only for 100 and 1000 Mbps fiberoptic Ethernet ports.
Principle of Operation
A uni-directional link occurs whenever traffic transmitted by the local device over a link is received
by the neighbor but traffic transmitted from the neighbor is not received by the local device. This
can occur when for instance one of the two fibers in a fiberoptic cable is disconnected.
When UDLD is enabled, the OS900 periodically transmits UDLD packets to neighbor devices on
its LAN ports. If the neighbor OS900 or any other device that supports UDLD does not receive
UDLD packets for a specific time period, the link is flagged as uni-directional and the LAN port can
be disabled.
If conditions on both fibers are OK at Layer 1, UDLD at Layer 2 determines whether the fibers are
connected correctly and whether traffic flow is bidirectional between the right neighbors. This
determination cannot be made by the auto-negotiation mechanism.
Requirements
1. For UDLD to be able to identify and break uni-directional links, the devices on both ends of the
link are required to support UDLD.
2. For the two SFP ports at the end of the link:
2.1 Set the type of physical interface to 100Base-X or 1000Base-X using the command:
port media-select sfp|sfp100 PORT-GROUP|all
where,
sfp: Set the port to operate as a 1000Base-X interface
sfp100: Set the port to operate as a 100Base-X interface
PORT-GROUP: Group of Ports
all: All ports
2.2 Set the speed to 100 Mbit/sec or 1000 Mbit/sec using the command:
port speed 100|1000 PORTS-GROUP|all
where,
100: 100 Mbit/sec
1000: 1000 Mbit/sec
PORTS-GROUP: Group of Ports
all: All ports
Configuration
By default UDLD is disabled.
The OS900 can be set in either of the following modes:
− Aggressive Mode
− Non-aggressive Mode (default)
Aggressive Mode
Enabling
UDLD Aggressive mode is to be used only on point-to-point links between network devices that
support this mode. In this mode, when a port on a bidirectional link that has a UDLD neighbor
relationship established stops receiving UDLD packets, UDLD attempts to reestablish the
connection with the neighbor. Following eight failed attempts, the port is disabled.
The advantage in Aggressive mode becomes evident in the following instances:
− A port on one side of a link neither transmits nor receives, or
− One side of a link is UP while the other is DOWN
In either instance it disables one of the ports on the link thereby preventing packets from being
discarded.
To enable UDLD Aggressive mode:
1. Enter configure terminal mode.
2. Invoke the command:
port udld aggressive [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports to be handled in Aggressive UDLD mode.
Example
OS910(config)# port udld aggressive 2,4
OS910(config)#port udld enable 4
OS910(config)#
Disabling
To disable UDLD Aggressive mode:
1. Enter configure terminal mode.
2. Invoke the command:
no port udld aggressive [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports to be freed from Aggressive UDLD mode.
Example
OS910(config)# no port udld aggressive 4
OS910(config)#
Non-aggressive Mode
Enabling
UDLD Non-aggressive mode does not disable the port link. With the default interval of 15 seconds
it serves satisfactorily in preventing Spanning Tree loops. In this mode, port links are not disabled.
To configure UDLD Non-aggressive mode:
1. Enter configure terminal mode.
2. Invoke the command:
port udld enable [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports to be handled in Non-aggressive UDLD
mode.
Example
OS910(config)# port udld enable 1,4
OS910(config)#
Disabling
To disable UDLD Non-aggressive mode:
1. Enter configure terminal mode.
2. Invoke the command:
no port udld enable [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports to be freed from Non-aggressive UDLD
mode.
Example
OS910(config)# no port udld enable 1,4
OS910(config)#
Default
To cause messages to be sent in default mode, i.e., with the lowest tag:
1. Enter configure terminal mode.
2. Invoke the command:
no port udld primary-vlan <1-4095> [PORTS-GROUP]
where,
<1-4095>: VLAN tag to be replaced with the lowest tag.
[PORTS-GROUP]: Group of ports to send UDLD messages with the lowest
VLAN tag.
where,
[PORTS-GROUP]: Group of uni-directional ports operating in advertisement
mode.
Example
OS910(config)# no port udld slow-message-interval 1,4
OS910(config)#
Reset
To reset specific ports that have been disabled by UDLD:
1. Enter configure terminal mode.
2. Invoke the command:
port udld reset [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports disabled by UDLD that are to be reset.
Viewing
UDLD Status
To view UDLD status on specific ports, invoke the command:
1. Enter enable mode.
2. Invoke the command:
show port udld [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports whose configuration is to be viewed.
Example
OS904# show port udld 4
Port 4
---
Port configuration setting: Enabled
Current link state: UDLD bidirectional link
Current operational state: Advertisement
Message interval: 15
Time out interval: 7
Entry 1
---
Device ID: 0725000211
Current neighbor state: Bidirectional
Device name: OptiSwitch 910
Port ID: 10
Neighbor echo:
Neighbor echo 1 device: 0823001245
Neighbor echo 1 port: 4
Message interval: 15
Timeout interval: 7
Sequence number: 45
----------------------------------------
OS904#
‘Entry 1’ is a list of the data received from the neighbor device.
Port Status
To view the UDLD status of one or more ports, invoke the command:
1. Enter enable mode.
2. Invoke the command:
show port details [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports whose configuration is to be viewed.
Example
OS904# show port details 4
Port 4 details:
-------------------
Description : N/A
Type : ETH100/1000
Media-select mode : SFP
Link : ON Sfp
Duplex state : FULL
PHY : SFP+100FX
Speed selected : AUTO
Actual speed : 1 GBps
Auto-Neg Advertise : Default
State : ENABLE
Priority : 1
Flow control mode : off
Ethertype : CORE1:0x8100
OutBound Tagged : untagged
Tags List :
Udld : Bidirectional link
OS904#
Chapter 7: Interfaces
General
This chapter introduces the three types of interface of the OS900. They are:
− Out-of-band RS-232 Interface
− Out-of-band Ethernet Interface
− Dummy Interface
− Inband VLAN interface
Since a considerably wider range of operations can be performed on and with an inband VLAN
interface, this chapter is devoted almost exclusively to this type of interface.
Purpose
Interfaces are needed for VLANs, Access Lists, management, and protocols of various OSI layers,
such as, Layer 2.
Remote Management
Enabling
To enable remote management (SNMP, TELNET, SSH, or TFTP) via the out-of-band Ethernet
interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Enter the out-of-band Ethernet interface (MGT ETH Port on Front Panel of OS900)
mode by invoking the command:
interface out-of-band eth0
Example
OS900(config)# interface out-of-band eth0
OS900(config-eth0)#
3. Assign an IP address to the out-of-band interface by invoking the command:
ip A.B.C.D/M
where,
A.B.C.D/M: is the IP address/Mask of the interface.
Example
OS900(config-eth0)# ip 193.07.222.11/24
OS900(config-eth0)#
4. Enable a management protocol (SNMP, TELNET, SSH, or TFTP) for a specific
host/subnet by invoking the command:
management snmp|telnet|ssh|tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address of the management host or
management subnet (IP address/mask).
Example
OS900(config-eth0)# management snmp 192.2.2.2/24
OS900(config-eth0)#
Notes
1. More than one of the management protocols (SNMP, SSH, TELNET,
and TFTP) may be selected with which the OS900 will be accessible
by repeating the command:
management snmp|telnet|ssh|tftp
[SOURCE_IPV4_ADDRESS]
2. The command:
management snmp|telnet|ssh|tftp
(i.e., without the IP address)
enables management from any IP host.
3. The command:
management
(i.e., without the protocol and without the IP address)
enables SNMP, TELNET, SSH, and TFTP management from any IP
host.
Disabling
To disable remote management (SNMP, TELNET, SSH, or TFTP) via the out-of-band Ethernet
interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Enter the out-of-band Ethernet interface mode by invoking the command:
interface out-of-band eth0
Example
OS900(config)# interface out-of-band eth0
OS900(config-eth0)#
3. Disable a management protocol (SNMP, TELNET, SSH, or TFTP) by invoking the
command:
no management snmp|telnet|ssh|tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address of the management host.
Example
OS900(config-eth0)# no management snmp 192.2.2.2/24
OS900(config-eth0)#
Enabling
To enable access via the out-of-band Ethernet interface for a TFTP client:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Select the out-of-band Ethernet interface via which access is to be enabled for a
TFTP client by invoking the command:
interface out-of-band eth0
Example
OS900(config)# interface out-of-band eth0
OS900(config-eth0)#
3. Enable access for a TFTP client by invoking the command:
management tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address (with or without mask) of the TFTP client.
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# management tftp 193.222.48.105/24
OS900(config-vif2)#
Disabling
To disable access via the out-of-band Ethernet interface for a TFTP client:
1. Enter configure terminal mode.
2. Select the out-of-band Ethernet interface via which access is to be disabled for a
TFTP client by invoking one of the following commands:
interface out-of-band eth0
Example
OS900(config)# interface out-of-band eth0
OS900(config-eth0)#
3. Disable access for a TFTP client by invoking the command:
no management tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address (with or without mask) of the TFTP
client.
Example
OS900# configure terminal
Deleting
To delete the existing out-of-band Ethernet interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Delete the existing out-of-band Ethernet interface by invoking the command:
no interface out-of-band eth0
Example
OS900(config)# no interface out-of-band eth0
OS900(config-eth0)#
Dummy Interface
General
A dummy interface is a software-only loopback interface. It emulates an interface that is always up
and has connectivity to all VLAN interfaces of the OS900.
Up to 4095 dummy interfaces can be configured.
Configuration
To configure a dummy interface:
1. Enter configure terminal mode.
2. Invoke the command:
interface dummy IFNAME
where,
IFNAME: ID of interface/device. (The ID must have the format dummyX, where
X can be any integer in the range 1-4095, e.g., dummy3000.)
Example
OS900(config)# interface dummy dummy3000
OS900(config-dummy3000)#
Number
The maximum number of VLAN interfaces that can be configured is 4K.
IDs
When configuring a VLAN interface, an Interface ID must be assigned to it using the format vifX,
where X is a decimal number in the range 1-4095. Examples of Interface IDs are: vif1, vif2,
vif3, … vif4095. vif0 is reserved for the Default Forwarding VLAN interface – described in the
section Default Forwarding VLAN Interface, page 177.
Configuring
To configure a VLAN interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Assign an Interface ID to the VLAN interface by invoking the command:
interface vlan IFNAME
where,
vlan: VLAN
IFNAME: Interface ID having the format vifX, where X is a decimal number in
the range 1-4095
Example
OS900(config)# interface vlan vif2005
OS900(config-vif2005)#
3. Assign ports to the VLAN interface by invoking the command:
ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports to be members of the VLAN interface.
Example
OS900(config-vif2005)# ports 2-4
OS900(config-vif2005)#
4. Define a tag (VID) for the VLAN interface by invoking the command:
tag TAG
where,
TAG: User-selectable tag (VID) for the VLAN interface. The tag can have any
value in the range 1-4095.
Example
OS900(config-vif2005)# tag 3000
Interface is activated.
Note
When valid ports and a tag are assigned to an interface, the VLAN
interface becomes active as shown in the example above.
Name
The default name of a VLAN interface is the same as its Interface ID.
To change the default name of an interface:
1. Enter the configure terminal mode.
2. Access the mode of an existing VLAN interface by invoking the command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Change the name of the VLAN interface by invoking the command:
name NAME
where,
name: Name.
NAME: Name for VLAN interface.
Example
OS900# configure terminal
OS900(config)# interface vif7
OS900(config-vif7)# show
OS900(config-vif7)#
Description
To enter a textual description of an interface:
1. Enter configure terminal mode.
2. Access the mode of an existing VLAN interface by invoking the command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Enter a textual description of the interface by invoking the command:
description ..
where,
description: Textual description.
..: Textual description.
Example
OS900(config-vif2005)# description This interface is for Customer 10
OS900(config-vif2005)# show detail
OS900(config-vif2005)#
deleted. However, any of its (member) ports can be assigned to a user-defined VLAN interface
(thereby removing the port from ‘Default Forwarding VLAN interface’). The default tag (VID) for
vif0 is 1.
Viewing
To view the default forwarding status and the default tag:
1. Enter enable mode.
2. Invoke the command:
show default-fwd
Example
OS900> enable
OS900# show default-fwd
default forwarding tag : 1
OS900#
Tag Modification
The default tag (or any other tag assigned to vif0) can be changed as follows:
1. Enter configure terminal mode.
2. Change the default VID of the VLAN interface by invoking the command:
default-fwd tag TAG
where,
TAG: VID. It can be any number in the range 1-4095.
Below is an example showing:
− Display of the tag of vif0 using the command show interface. The tag ID is shown in
the Tag column. In the example, the tag ID is 0001.
− Change of the default tag to 2007 using the command default-fwd tag 2007.
− Display of the new tag of vif0 using the command show interface. The system
shows that it is 2007.
OS900(config)# show interface
INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
vif0 vif0 - DO 00:0F:BD:00:05:B8 0001 1-10
INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
vif0 vif0 - DO 00:0F:BD:00:05:B8 2007 1-10
OS900(config)#
Disabling
The Default Forwarding VLAN Interface is by default enabled. To disable it:
1. Enter configure terminal mode.
2. Disable the Default Forwarding VLAN Interface by invoking the command:
no default-fwd
Below is an example showing:
− That the Default Forwarding VLAN Interface is initially enabled (by default) as indicated by
the response ‘default forwarding tag : 1’ to the command do show default-fwd. (The
prefix do is used with show default-fwd because the command show default-fwd, which
belongs in the enable mode, is invoked in another mode, namely, configure terminal
mode.)
− Disabling the Default Forwarding VLAN Interface by invoking the command no default-
fwd.
− Verifying that the Default Forwarding VLAN Interface is disabled as indicated by the
response ‘default forwarding is disabled’ to the command do show default-fwd.
OS900(config)# do show default-fwd
default forwarding tag : 1
OS900(config)# no default-fwd
OS900(config)# do show default-fwd
default forwarding is disabled
OS900(config)#
Enabling
The Default Forwarding VLAN Interface is by default enabled. To enable it:
1. Enter configure terminal mode.
2. Enable the Default Forwarding VLAN Interface by invoking the command:
default-fwd tag TAG
where,
TAG: VID. It can be any number in the range 1-4095.
Below is an example showing:
− That the Default Forwarding VLAN Interface is initially disabled as indicated by the
response ‘default forwarding is disabled’ to the command do show default-fwd. (The
prefix do is used with show default-fwd because the command show default-fwd, which
belongs in the enable mode, is invoked in another mode, namely, configure terminal
mode.)
− Enabling the Default Forwarding VLAN Interface by invoking the command default-fwd
tag 1.
− Verifying that the Default Forwarding VLAN Interface is enabled as indicated by the
response ‘default forwarding tag : 1’ to the command do show default-fwd.
OS900(config)# do show default-fwd
default forwarding is disabled
OS900(config)# default-fwd tag 1
OS900(config)# do show default-fwd
default forwarding tag : 1
OS900(config)#
Drop Tag
Drop Tag is a VLAN interface tag for internal use of the OS900. It cannot be assigned to another
VLAN interface. However, it can be changed. Its default value is 4094.
Viewing
To view the (current) Drop Tag:
1. Enter configure terminal mode
2. Display the drop tag by invoking the command:
show interface
Below is an example showing the (current) Drop Tag.
OS900(config)# show interface
INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
Tiger vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3
vif0 vif0 - DO 00:0F:BD:00:05:B8 0001 4-10
OS900(config)#
Changing
To change the (current) Drop Tag:
1. Enter configure terminal mode
2. Change the value of the Drop Tag VLAN interface by invoking the command:
drop-tag TAG
where,
TAG: VID. It can be any number in the range 2-4095. The number ‘1’ is, by default,
the tag of the Default Forwarding VLAN interface vif0.
To change the value of the Drop Tag VLAN interface to the default value, i.e., 4094, invoke
either of the following commands:
no drop-tag
default drop-tag
Below is an example showing how to change the current Drop Tag (displayed in the above
example as 4094) and the changed Drop Tag (38).
OS900(config)# drop-tag 38
OS900(config)# show interface
INTERFACES TABLE
================
Name M Device IP State MAC Tag Ports
-------------------------------------------------------------------------------
Tiger vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3
vif0 vif0 - DO 00:0F:BD:00:05:B8 0001 4-10
OS900(config)#
Drop Packets
To cause the OS900 to drop any one or more ingress packet types at a VLAN:
1. Enter the mode of the interface at which one or more ingress packet types are to
be dropped by invoking the command:
interface vlan IFNAME
where,
IFNAME: Interface ID having the format vifX, where X is a decimal number in the
range 1-4095.
2. Invoke the command:
drop ipv4-broadcast|ipv4-multicast|ipv6-multicast|non-ip-
broadcast|non-ip-multicast|unknown-unicast
where,
drop: Drop packets
ipv4-broadcast: Drop IPv4 broadcast packets
ipv4-multicast: Drop IPv4 multicast packets (Mac DA = 01:00:5E:XX:XX:XX)
Viewing
To view an existing interface:
1. Enter enable mode or configure terminal mode.
2. Display information on the interface by invoking the command:
show interface [INTERFACE|configuration|detail|statistics]
where,
INTERFACE: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
configuration: Run-time configuration of interface
detail: Details on interfaces
statistics: Statistics on interface
Below is an example showing display of a specific interface.
OS900(config)# show interface vif2005
OS900(config)#
Below is an example showing display of statistics of a port that is a member of a specific interface.
The display applies to packets received or sent by the CPU.
OS900(config)# show interface statistics vif7 3
Modifying
To modify any one or more characteristics (e.g., port membership, tag, IP address, etc.) of an
existing VLAN interface:
1. Enter configure terminal mode.
2. Access the mode of the VLAN interface by invoking the command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Set the new characteristic(s).
Below is an example showing the current member ports of a specific interface, e.g., vif7, how
ports can be added and deleted, and the final member ports of the interface.
OS900(config-vif7)# show
OS900(config-vif7)#
Disabling
An existing VLAN interface can be disabled for administrative reasons or in order to be able to
modify several of its characteristics together. A VLAN interface is enabled by default when
member ports and a tag is defined for the interface. To disable an existing interface:
1. Enter configure terminal mode.
2. Enter the mode of the VLAN interface that is to be disabled by invoking the
command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Disable the VLAN interface by invoking the command no enable.
Example
OS900# configure terminal
OS900(config)# interface vif2005
OS900(config-vif2005)# no enable
OS900(config-vif2005)#
Enabling
To enable an existing interface:
1. Enter configure terminal mode.
2. Enter the mode of the VLAN interface that is to be enabled by invoking the
command:
interface IFNAME
where,
IFNAME: Interface ID of an existing interface (e.g., vif1, vif2, etc.)
3. Enable the VLAN interface by invoking the command enable.
Example
OS900# configure terminal
OS900(config)# interface vif2005
OS900(config-vif2005)# enable
OS900(config-vif2005)#
4. Verify that the VLAN interface is active in the interface mode by invoking the
command show detail.
Example
OS900(config-vif7)# show detail
Remote Management
Enabling
To enable remote management (using any of the protocols SNMP, TELNET, SSH, or TFTP) via a
specific VLAN interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Select the existing VLAN interface via which management is to be enabled by
invoking the command:
interface IFNAME
where,
IFNAME: ID of an existing VLAN interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# interface vif2
OS900(config-vif2)#
3. Enable a management protocol (SNMP, TELNET, SSH, or TFTP) for a specific
host/subnet by invoking the command:
management snmp|telnet|ssh|tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address of the management host or
management subnet (IP address/mask).
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# management snmp 193.222.48.105/24
OS900(config-vif2)#
Notes
1. More than one of the management protocols (SNMP, SSH, TELNET,
and TFTP) may be selected with which the OS900 will be accessible
by repeating the command:
management snmp|telnet|ssh|tftp
[SOURCE_IPV4_ADDRESS]
2. The command:
management snmp|telnet|ssh|tftp
(i.e., without the IP address)
enables management from any IP host.
3. The command:
management
(i.e., without the protocol and without the IP address)
enables SNMP, TELNET, SSH, and TFTP management from any IP
host.
4. Up to 20 instances (protocols together with IP addresses) can be
configured per VLAN interface.
Disabling
To disable remote management (using any of the protocols SNMP, TELNET, SSH, or TFTP) via a
specific VLAN interface:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Select the existing VLAN interface via which management is to be disabled by
invoking the command:
interface IFNAME
where,
IFNAME: ID of an existing VLAN interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# interface vif2
OS900(config-vif2)#
3. Disable a management protocol (SNMP, TELNET, SSH, or TFTP) by invoking the
command:
no management snmp|telnet|ssh|tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address of the management host.
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# no management snmp 193.222.48.105/24
OS900(config-vif2)#
A TFTP client can be connected to an OS900 interface in order to back up the configuration files
stored in the OS900.
Another way to back up IP configuration files is to first set the OS900 as an FTP client and then to
invoke the command:
copy ftp startup-config FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
as described in the section Download, page 387.
Enabling
To enable access via a specific VLAN interface for a TFTP client:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Select the existing VLAN interface via which access is to be enabled for a TFTP
client by invoking the command:
interface IFNAME
where,
IFNAME: ID of an existing VLAN interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# interface vif2
OS900(config-vif2)#
3. Enable access for a TFTP client by invoking the command:
management tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address (with or without mask) of the TFTP
client.
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# management tftp 193.222.48.105/24
OS900(config-vif2)#
Disabling
To disable access via a specific VLAN interface for a TFTP client:
1. Enter configure terminal mode.
2. Select the existing VLAN interface via which access is to be disabled for a TFTP client by
invoking the command:
interface IFNAME
where,
IFNAME: ID of an existing VLAN interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# interface vif2
OS900(config-vif2)#
3. Disable access for a TFTP client by invoking the command:
no management tftp [SOURCE_IPV4_ADDRESS]
where,
[SOURCE_IPV4_ADDRESS]: IP address (with or without mask) of the TFTP client.
Example
OS900# configure terminal
OS900(config)# interface vif2
OS900(config-vif2)# no management tftp 193.222.48.105/24
OS900(config-vif2)#
Statistics
To view the statistics on one or more interfaces:
1. Enter enable mode or configure terminal mode.
2. Invoke the command:
monitor interface statistics INTERFACE
where,
monitor: Display with refresh
interface: Interface-related action
statistics: Statistics-related action
INTERFACE: Interface ID having the format vifX, where X is a decimal number
in the range 1-4095
Example
OS900# monitor interface statistics vif7
The following counters count only frames received and transmitted by the CPU !!!
Ingress Counters
An ingress counter is used to count packets in an ingress queue according to one or more of the
following attributes:
− Physical ports
− VLAN tag (Interface ID)
There are two sets of four ingress counters, identified as ‘set1’ and ‘set2’. The ingress counters in
a set are:
− REC PACKETS (counts the number of received packets)
− DROP VLAN-FILTER (counts the number of packets dropped due to VLAN ID [tag]
mismatch, i.e., the VLAN ID of the packets are different from the tag of the ingress VLAN)
− DROP SECURITY (counts the number of packets dropped due to security screening.
Security screening includes Learn Table limits, e.g., by port or VLAN tag – see Limiting,
page 99, – and invalid source address)
− DROP OTHER (counts the number of packets dropped due to drop conditions other than
those described for the counters DROP VLAN-FILTER and DROP SECURITY.
These drop conditions are: Spanning Tree state change and rate limit of flood packets –
see Chapter 9: Rate Limiting of Flood Packets, page 211.)
Activation
To activate a set of ingress queue counters:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Invoke the command:
ingress-counters set1|set2 port PORT|all tag <1-4096>|all
where,
set1: First ingress counters set
set2: Second ingress counters set
port: Ingress port
PORT: Range of port numbers from which one can be selected
all: (first) All ports
tag: VLAN interface tag
<1-4096>: Range of VLAN Interface IDs from which one can be selected. If a
value that is the same as the VLAN tag of an existing VLAN is selected, the
DROP VLAN-FILTER counter will show zero counts since packets with this
VLAN tag (ID) are valid and are therefore not dropped!
all: (second) All VLAN Interface IDs. (To enable the DROP VLAN-FILTER
counter to count all packets who’s VLAN IDs are different from the tag of the
ingress VLAN, select this option instead of a single tag value in the range <1-
4096>.)
To revoke the above command, invoke the command:
no ingress-counters set1|set2
where,
set1: First ingress counters set
set2: Second ingress counters set
Example
OS900(config)# ingress-counters set2 port 3 tag all
OS900(config)#
Viewing
To view the ingress queue counters
1. Enter configure terminal mode.
2. Invoke either of the following commands:
show ingress-counters set1|set2
monitor ingress-counters set1|set2
where,
show: Display without refresh.
monitor: Display with refresh.
set1: First ingress counters set
set2: Second ingress counters set
Example
OS900(config)# show ingress-counters set2
Ingress counters group set2 is active for port 3, tag all
Viewing
To view the ingress queue counters
1. Enter configure terminal mode.
2. Invoke either of the following commands:
show ingress-counters set1|set2
monitor ingress-counters set1|set2
where,
show: Display without refresh.
monitor: Display with refresh.
Clearing
To clear an ingress queue counters
1. Enter configure terminal mode.
2. Invoke either of the following commands:
clear ingress-counters (set1|set2)
where,
set1: First ingress counters set
set2: Second ingress counters set
Example
OS900(config)# clear ingress-counters set2
OS900(config)#
Deleting
To delete an existing VLAN interface:
1. Enter configure terminal
Example
OS900# configure terminal
OS900(config)#
2. Delete the existing VLAN interface by invoking the command:
no interface IFNAME
where,
IFNAME: ID of the existing interface (e.g., vif1, vif2, etc.).
Example
OS900(config)# no interface vif1
interface vif1 was deleted
OS900(config)#
Multiple-instance
Chapter 8:
Spanning-Tree Protocol (MSTP)
General
The newest spanning-tree protocol MSTP (IEEE 802.1s standard) is implemented in the OS900.
MSTP is backward compatible with the spanning-tree protocols STP (IEEE 802.1d standard) and
RSTP (IEEE 802.1w standard) so that the OS900 can be used in a network consisting of devices
operating in STP, RSTP, and MSTP.
Definition
MSTP allows for the creation of multiple MSTIs on a network with network inter-node links that can
be shared by any number of MSTIs. An MSTI is a mechanism that creates traffic bridges between
devices on a network in the spanning-tree topology20 while permitting redundant links that it may
use as new bridges in the event of a change in the network’s topology.
Purposes
To:
1. Prevent collapse of communication over a network whose topology is changed
dynamically.
2. Address the needs of increasingly faster Ethernet networks with mission-critical
applications requiring fast convergence/recovery. (The convergence/recovery time
is 50 to 200ms, the specific time depending on the network).
3. Maximize traffic flow across a network by optimizing resource utilization (for e.g.,
by utilizing unused inter-node links).
4. Balance traffic flow across the network.
5. Improve fault tolerance by enabling traffic to flow unaffected in MSTIs even when
failure occurs in one or more of the other MSTIs.
6. To identify and exclude each port looped on itself, i.e., each port whose Tx output
is connected to its Rx input.
MSTIs
General
An MSTI consists of a grouping of VLANs. Up to 64 MSTIs can be created by the user. Each MSTI
has the functionality, capabilities, and advantages of RSTP. Traffic belonging to the VLANs of an
MSTI flow through the MSTI path, which is constructed by MSTP. Traffic streams of MSTIs flow
independently of one another. Accordingly, if, for example, a specific port is in the blocking state
for MSTI I1 and not for MSTI I2, traffic with tags of I1 will be blocked at the port while traffic with
tags of I2 will be forwarded at the same port.
Figure 19, below, shows three active MSTIs on a network. The MSTI paths may be changed by
MSTP when a port is blocked for certain VLANs or when a link in the path is broken.
20
A tree topology ensures that only one path exists between any two endstations on the network. Closed loops are opened
and a redundant standby path is made available to traffic in the event that the primary (active) path is disrupted.
Default MSTI
The default MSTI is called CIST (Common and Internal Spanning Tree). This MSTI is pre-
configured and cannot be deleted. All VLANs that are not members of other MSTIs, are members
of CIST. Its ID is 0. When VLANs are created, they are automatically included in the CIST. To
remove a VLAN from the CIST another MSTI must be created by the user, and the VLAN tag must
be moved to this MSTI.
In addition to its role as the default MSTI, CIST interconnects regions and single-instance
spanning-tree entities (such as STP and RSTP switches), relating to each region (described in the
section Regions, page 191) and STP/RSTP device as a single virtual bridge.
MSTP uses CIST in creating a spanning tree path interconnecting MST regions and SST21 entities.
In a network of regions and SST entities, each region or SST entity views another region or SST
entity that is directly connected to it as a single spanning-tree bridge. In a region, the SST entity
that directly connects to another region is the CIST regional root bridge. One of the CIST regional
root bridges is set by MSTP as the CIST root bridge.
21
SST is STP or RSTP.
Regions
A region is a set of interconnected switches all of which have the same values for the following
MST parameters:
• Name of the MST region
• Revision number of the current MST configuration (default 0)
• Digest, i.e., VLANs-to-MSTI mappings
Note
A region may include one or more MSTIs as shown in Figure 21, page
192.
Each region is seen as a single bridge by other regions.
In configuring multiple regions, it must be noted that any MSTI in one
region is completely independent of any MSTI in another region – even
if the MSTIs have the same ID! That is, traffic in one region is directed
independently of traffic in another region.
Principle of Operation
Bridge Roles
In MSTP, a switch can have one of the following roles:
Root Bridge The bridge that is at the root of a logical tree-topology
interconnection of bridges created by the MSTP. The bridge that
Port Roles
In MSTP, a port (of a bridge) can have one of the following roles:
Root Port The port via which the best route (having the lowest path-cost) is taken to
the Root Bridge. The Root Port can be in any of the following states:
Forwarding, Learning, or Discarding.
Designated Port A port that internally sends/receives to/from the Root Port of the same
bridge. Several Designated Ports may exist in an active MSTP
configuration. The Designated Port can be in any of the following states:
Forwarding, Learning, or Discarding.
Alternate Port A port that serves as a standby to the Root Port. In discarding state, the
port to which it is linked is always Designated Port. Several Alternate
Ports may exist in an active MSTP configuration. The Alternate Port can
be only in the following state: Discarding.
Backup Port A port that serves as a Backup to the Designated Port. The Backup Port
and Designated Port are connected to a device (e.g., hub) that provides
traffic sharing on a LAN media segment. The Backup Port can be only in
the following state: Discarding.
Disabled Port A port that does not participate in MSTP.
Rules
The following rules apply to MSTP.
1. Up to 64 MSTIs can be created per region.
2. A port can be included in any number of MSTIs.
3. A VLAN can be included in only one MSTI.
4. Regions are automatically created if the values of the three region parameters
(specified in the section Regions, page 191) are not identical on all the OS900s in
the network.
5. A region can include several MSTIs.
6. Traffic in one region is directed independently of traffic in another region.
7. The ID of CIST (default MSTI) is 0 and cannot be changed.
8. A user-created MSTI may be assigned any ID in the range 1 to 255.
9. All VLANs assigned to the same instance will have the same active topology.
10. A network including STP-activated or RSTP-activated switches (in addition to
MSTP-activated switches) must use CIST.
Ports
Placing Restrictions
To place an MSTP-related restriction on specific ports of the OS900:
1. Enter spanning-tree mode (from configure terminal mode).
2. Invoke the command:
port PORTS-GROUP (admin-edge|auto-edge|non-stp|root-
restricted|tcn-restricted)
where,
PORTS-GROUP: Group of Ports to be configured.
admin-edge: adminEdge port(s).
An adminEdge configured port goes directly into the forwarding state upon link
establishment.
For a port participating in STP, AdminEdge = Y causes OperEdge = Y
immediately. However, the port starts Forwarding only if no BPDU is received
for a period of 2 seconds.
If a BPDU is received at any time after AdminEdge = Y, OperEdge = N and
the port stays in the non-edge mode unless link down/up is performed,
whereupon the port reverts to the state for which the whole description above
applies again.
A shortcoming of this method of operation is in the case the following
conditions apply: 1) OperEdge = N, 2) the port becomes a Designated port; 3)
no agreement is received in response to the proposal within 5 seconds. In this
case, the port will forward after a long delay; about 3 x Forward Delay time,
i.e., 45 seconds.
auto-edge: autoEdgePort, per IEEE Std. 802.1D-2004, 14.8.2.3.2.e
An auto-edge configured port goes directly into the forwarding state upon link
establishment.
For a port participating in STP, AdminEdge = Y causes OperEdge = Y
immediately and, unlike in the previous version, the port starts Forwarding
immediately. Accordingly, this setting should be used only if it is certain that
the port is connected only to an end station.
If it is not connected only to an end station, the port could start forwarding
while still in a physical loop with other STP ports, thereby possibly causing
broadcast storms.
In the present version, a new parameter, AutoEdge22, has been made
available. Its purpose is to speed up recovery/convergence of STP bridging
that includes a Designated port for which OperEdge = N. As a designated
non-edge port, wanting to start forwarding, it sends a proposal flag. If it does
not receive an agreement within 5 seconds (2 seconds + migration time), and
AutoEdge = Y, it decides, that it is OperEdge = Y and starts forwarding
immediately. If AutoEdge = N, the delay in
forwarding could be as much as 3 x Forwarding Delay Time.
non-stp: Port(s) not to participate in MSTP
root-restricted:A Boolean value set by management. If TRUE causes
the Port not to be selected as Root Port for the CIST or any MSTI, even it has
the best spanning tree priority vector. Such a Port will be selected as an
Alternate Port after the Root Port has been selected. This parameter should
be FALSE by default. If set, it can prevent full spanning tree connectivity. It is
set by the network administrator to prevent bridges external to a core region of
the network influencing the spanning tree active topology, for possibly the
reason that the bridges are not under the full control of the administrator.
22
According to the bridge-detection machine Draft 802.1D-2400.
Removing Restrictions
To remove the administrator-imposed MSTP-related restriction on specific ports of the OS900:
1. Enter spanning-tree mode.
2. Invoke the command:
no port PORTS-GROUP (admin-edge|auto-edge|non-stp|root-
restricted|tcn-restricted)
Disabling
To revoke the the storm guard:
1. Enter spanning-tree mode.
2. Invoke the command:
no bpdu-storm-guard
Applications
This section presents three typical MSTI applications in networks to show the scope of MSTP.
They are:
− Single MSTI
− Multiple MSTIs without Load Balancing
− Multiple MSTIs with Load Balancing
Single MSTI
General
In this application, the default MSTI (CIST) is used to interconnect the whole network. Only the
single command enable needs to be invoked to actively sustain the spanning tree topology for
the entire network.
Example
Figure 23, below, shows a network using CIST to interconnect OS900s. A network with a simple
topology has been intentionally selected to make it easier to understand the application. In one of
several possible active CIST configurations, port blocking prevents traffic flow on the link between
OS900 C and OS900 D . However, traffic can flow on all the other links. OS900 A is shown as
the current CIST Root Bridge.
If any inter-node link (other than that between OS900 C and OS900 D ) fails, the port at OS900
C changes its state from ‘blocking’ to ‘forwarding’ in order to rebridge all four nodes.
Configuration Procedure
To use CIST to interconnect the switches of a network, simply invoke the following command:
enable
Example
OS900> enable
OS900# configure terminal
OS900(config)# spanning-tree
OS900(config-mstp) enable
The command enables MSTP, which prevents traffic flow between OS900 C and OS900 D . A
spanning tree is configured on the network according to default values (e.g., bridge priority, port
pathcost, etc.). CIST is the only active MSTI and includes all VLANs.
View
To view which ports are blocking and which are forwarding, invoke the command:
show spanning-tree port 1-2
To view which OS900 is the root bridge, invoke the command:
show spanning-tree instance 0
Note
By default, the port on the OS900 that has the longest distance to the
root is blocked.
Example
Figure 24, below, shows a network built with four OS900s:
OS900 A , OS900 B , OS900 C , and OS900 D .
On each OS900, four interfaces (VLANs) are configured: vif1, vif2, vif3, and vif4.
vif1 is assigned tag 110. vif2 is assigned tag 120. vif3 is assigned tag 130. vif4 is assigned
tag 140.
Two MSTIs are configured on each of the OS900s: 1 and 2.
MSTI 1 contains the interfaces vif1 and vif2, and serves as a pathway for traffic on these
interfaces. MSTI 2 contains the interfaces vif3 and vif4, and serves as a pathway for traffic on
these interfaces.
By default, the OS900 with lowest MAC address is set as the root bridge by MSTP. Since the two
MSTIs 1 and 2 are configured on all the OS900s in the network, the OS900 with the lowest MAC
address is set as the common root bridge for the MSTIs. OS900 A is shown as the common root
bridge. In one of several possible active MSTI 1 or MSTI 2 configurations, the link between OS900
A and OS900 D is blocked for all traffic. As a result, both MSTI 1 and MSTI 2 traffic entering
OS900 A is directed over the same link (between OS900 A and OS900 B ).
Configuration Procedure
The procedure for configuring multiple MSTIs on OS900s without traffic load balancing is
described using the network in Figure 24 as an example.
Perform the procedure for each OS900.
1. Create the interfaces (VLANs, i.e., vif1, vif2, vif3, and vif4) to be included
in MSTIs using either of the following commands, once for each interface:
For Tag-based, Non-IP type interfaces23
interface vlan IFNAME
where,
vlan: VLAN
IFNAME: Interface ID having the format vifX, where X is a decimal number in
the range 1-4095
Example
OS900> enable
OS900# configure terminal
23
A tag-based interface has a unique IEEE 802.1Q VLAN ID. A Non-IP type interface has no IP address.
Example
OS900(config-mstp)# instance 1 vlan 110,120
OS900(config-mstp)# instance 2 vlan 130,140
OS900(config-mstp)#
4. Enable MSTP for the OS900 using the command:
enable
Example
OS900(config-mstp) enable
OS900(config-mstp)#
View
To view which ports are blocking and which are forwarding, invoke the command:
show spanning-tree port 1-2
To view which OS900 is the root bridge, invoke the commands:
show spanning-tree instance 1
show spanning-tree instance 2
Note
By default, the port on the OS900 that has the longest distance to the
root is blocked.
Example
Figure 25, below, shows a network built with four OS900s:
OS900 A , OS900 B , OS900 C , and OS900 D .
On each OS900, four interfaces (VLANs) are configured: vif1, vif2, vif3, and vif4.
vif1 is assigned tag 110. vif2 is assigned tag 120. vif3 is assigned tag 130. vif4 is assigned
tag 140.
Two MSTIs are configured on each of the OS900s: 1 and 2.
MSTI 1 contains the interfaces vif1 and vif2, and serves as a pathway for traffic on these
interfaces. MSTI 2 contains the interfaces vif3 and vif4, and serves as a pathway for traffic on
these interfaces.
Bridge priority is configured for each instance on the OS900s (using the command instance
INSTANCE_ID priority NUMBER in the mode spanning-tree). The two OS900s with the
lowest bridge priority in each MSTI are set as the root bridge by MSTP. OS900 B is shown as the
root bridge in MSTI 1. OS900 D is shown as the root bridge in MSTI 2. In one of several possible
active MSTI 1 or MSTI 2 configurations, vif1 and vif2 traffic entering OS900 A is directed on
the link between OS900 A and OS900 B while vif3 and vif4 traffic entering OS900 A is
directed on the link between OS900 A and OS900 D . That is, MSTI 1 and MSTI 2 traffic is
divided between links. Thus, load balancing of traffic entering OS900 A is achieved.
Configuration Procedure
The procedure for configuring multiple MSTIs on OS900s with traffic load balancing is described
using the network in Figure 25 as an example.
Example
OS900> enable
OS900# configure terminal
Example
OS900(config-mstp)# instance 1 priority 4096
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)#
5. Option: Set the port priority using the command:
instance <0-64> port PORTS-GROUP priority NUMBER
where,
instance: MSTI
<0-64> Range of valid MSTI IDs from which one ID is to be selected.
port: Port configuration.
PORTS-GROUP: Group of Ports.
priority: Bridge priority of the OS900.
NUMBER: Value of the priority. Any value in the range <0-240> may be selected
provided it is a multiple 16.
Example
OS900(config-mstp)# instance 1 port 1-3 priority 80
OS900(config-mstp)#
6. Option: Set the port path cost24 using the command:
instance <0-64> port PORTS-GROUP path-cost NUMBER|auto
where,
instance: MSTI
<0-64> Range of valid MSTI IDs from which one ID is to be selected.
port: Port configuration.
PORTS-GROUP: Group of Ports.
path-cost: Port path cost of the OS900.
NUMBER: Value of the priority. Any value in the range 1-200000000 may be
selected.
auto: Automatic setting of port path cost.
Example
OS900(config-mstp)# instance 1 port 1-3 path-cost 800000
OS900(config-mstp)#
Note
To make OS900 B the root bridge of MSTI 1, set its bridge priority to
the lowest among the other OS900s for MSTI 1.
To make OS900 D the root bridge of MSTI 2, set its bridge priority to
the lowest among the other OS900s for MSTI 2.
Configuration Example
The following example shows how to configure the OS900s in the network of Figure 25 for traffic
load balancing.
24
A port having a higher speed has a lower pathcost. Accordingly, as a rule, a port trunk (see Chapter 12: , page 231)
has a lower pathcost than a single port.
OS900 A Configuration
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )
OS900(config)# interface vlan vif1
OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif1)# ip 20.30.30.35/24
OS900(config-vif1)# name Jojo1
OS900(config-vif1)# exit
OS900(config)# spanning-tree
OS900(config-mstp)# instance 1 priority 16384
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)# instance 2 priority 20480
accepted: dec=8192 or hex=0x2000
OS900(config-mstp)# instance 1 port 1 priority 64
OS900(config-mstp)# instance 1 port 2 priority 80
OS900(config-mstp)# instance 1 port 1-4 path-cost auto
OS900(config-mstp)# instance 2 port 1-4 path-cost auto
OS900(config-mstp)# enable
OS900(config-mstp)#
OS900 B Configuration
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )
OS900(config)# spanning-tree
OS900(config-mstp)# instance 1 priority 4096
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)# instance 2 priority 8192
accepted: dec=8192 or hex=0x2000
OS900(config-mstp)# instance 1 port 1 priority 16
OS900(config-mstp)# instance 1 port 2 priority 32
OS900(config-mstp)# instance 1 port 1-4 path-cost auto
OS900(config-mstp)# instance 2 port 1-4 path-cost auto
OS900(config-mstp)# enable
OS900(config-mstp)#
OS900 C Configuration
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )
OS900(config)# interface vlan vif1
OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif1)# ip 20.30.30.33/24
OS900(config-vif1)# name Lupo1
OS900(config-vif1)# exit
OS900(config)# spanning-tree
OS900(config-mstp)# instance 1 priority 20480
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)# instance 2 priority 24576
accepted: dec=8192 or hex=0x2000
OS900(config-mstp)# instance 1 port 1-3 priority 80
OS900(config-mstp)# instance 1 port 4 priority 96
OS900(config-mstp)# instance 1 port 1-4 path-cost auto
OS900(config-mstp)# instance 2 port 1-4 path-cost auto
OS900(config-mstp)# enable
OS900(config-mstp)#
OS900 D Configuration
MRV OptiSwitch 910 version d1734-22-09-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# interface vlan ?
IFNAME Interface device-name as vif# (i.e vif3 )
OS900(config)# interface vlan vif1
OS900(config-vif1)# ports 1
OS900(config-vif1)# tag 110
Interface is activated.
OS900(config-vif1)# ip 20.30.30.33/24
OS900(config-vif1)# name Lupo1
OS900(config-vif1)# exit
OS900(config-vif3)# ip 70.30.30.33/24
OS900(config-vif3)# name Lupo3
OS900(config-vif3)# exit
OS900(config)# spanning-tree
OS900(config-mstp)# instance 1 priority 8192
accepted: dec=4096 or hex=0x1000
OS900(config-mstp)# instance 2 priority 4096
accepted: dec=8192 or hex=0x2000
OS900(config-mstp)# instance 1 port 1-3 priority 16
OS900(config-mstp)# instance 1 port 4 priority 32
OS900(config-mstp)# instance 1 port 1-4 path-cost auto
OS900(config-mstp)# instance 2 port 1-4 path-cost auto
OS900(config-mstp)# enable
OS900(config-mstp)#
OS900(config-mstp)#
BPDUs
Policing
To drop BPDUs or flood their VLANs with them, invoke the command:
port PORTS-GROUP tagged-bpdu rx TAG-LIST (drop|flood)
where,
PORTS-GROUP: Group of Ports.
tagged-bpdu: Spanning Tree tagged-BPDU ports definition.
rx: Configure recieved BPDUs.
TAG-LIST: TAG's to drop off/flood on.
drop: Drop the BPDUs.
flood: Flood the BPDUs.
Tagging
For interoperability it is sometimes necessary to accept and transmit BPDUs after tagging them.
To tag and transmit BPDUs, invoke the command:
port PORTS-GROUP tagged-bpdu tx TAG
where,
PORTS-GROUP: Group of Ports.
tagged-bpdu: Spanning Tree tagged-BPDU ports definition.
tx: Configure BPDUs to be transmitted.
TAG: Tag for transmitted BPDUs.
By default, the tagged BPDUs will be received and treated as untagged BPDUs so that they are
transmitted rather than dropped.
Enabling
To enable port forwarding decisions based on IEEE 802.1ag:
1. From configure terminal mode, enter spanning-tree mode.
2. Invoke the command:
port PORTS-GROUP oam-based-force-edge
where,
PORTS-GROUP: Group of ports to be enabled to forward based on IEEE 802.1ag
decisions.
Disabling
To disable port forwarding decisions based on IEEE 802.1ag:
1. From configure terminal mode, enter spanning-tree mode.
Filtering Events
Events can be filtered per the IEEE 802.1ag standard as follows:
1. From configure terminal mode, enter spanning-tree mode.
2. Invoke the command:
oam-filter all|NUMBER all|NUMBER all|NUMBER all|NUMBER
where,
all: (First Appearance) Accept events from all domains.
NUMBER: (First Appearance) Accept events from a specific domain.
all: (Second Appearance) Accept events from all services.
NUMBER: (Second Appearance) Accept events from a specific service.
all: (Third Appearance) Accept events from all MEPs.
NUMBER: (Third Appearance) Accept events from a specific MEP.
all: (Fourth Appearance) Accept events from all RMEPs.
NUMBER: (Fourth Appearance) Accept events from a specific RMEP.
Transmit-Hold Count
The Transmit-Hold Count parameter controls the number of BPDUs that can be sent before
pausing for 1 second. Setting a higher value than that of the default can significantly impact CPU
utilization. A lower value may slow down convergence (recovery).
Changing
To change the Transmit-Hold Count parameter value:
1. From configure terminal mode, enter spanning-tree mode.
2. Invoke the command:
tx-hold-count <1-10>|infinite
where,
<1-10>: Range of transmit-hold counts. A number from this range designates the
number of BPDUs that will be sent per 1-second pause. Default: 6.
infinite: No pause for any number of BPDUs.
Default
To set the Transmit-Hold Count parameter value to the default value (6 BPDUs per 1-second
pause):
1. From configure terminal mode, enter spanning-tree mode.
2. Invoke the command:
no tx-hold-count
Purpose
Rate Limiting is used to prevent excessively high packet rates at ports that are potentially
hazardous to the operation of bridged networks.
Applicability
Rate Limiting can be applied to flood packets such as unknown-unicast, multicast, broadcast, and
TCP-SYN. It can be set to any value in the range 46.08 Kbps to 1 Gbps with 46.08 Kbps
granularity.
Applying Rate Limiting to flood packets in effect also prevents traffic storms. Flood packets that
exceed the set rate limit are discarded.
Note
Rate Limiting of flood packets is configured in bits-per-second and the
rate calculation takes into account all the packet bytes (including
Ethernet framing overhead consisting of preamble + SFD + IPG). This
means that the rate limitation is done at the Layer 1 level.
Configuration
To limit the rate of flood packets at one or more ports:
1. Enter configure terminal mode.
2. Select the types of flood packets whose rate is to be limited by invoking one or
more of the following command:
port flood-limiting unknown-unicast PORTS-GROUP|all
port flood-limiting multicast PORTS-GROUP|all
port flood-limiting broadcast PORTS-GROUP|all
port flood-limiting tcp-syn PORTS-GROUP|all
port flood-limiting extra unknown-unicast PORTS-GROUP|all
port flood-limiting extra multicast PORTS-GROUP|all
port flood-limiting extra broadcast PORTS-GROUP|all
port flood-limiting extra tcp-syn PORTS-GROUP|all
where,
port: Action on port.
flood-limiting: The flood/rate limiting mechanism.
unknown-unicast: Unknown unicast packets.
multicast: Multicast packets.
broadcast: Broadcast packets.
tcp-syn: TCP SYN (OSI Layer 4) packets
PORTS-GROUP: Group of ports (to which rate-limiting is to be applied).
all: All ports (to which rate-limiting is to be applied).
extra: This argument is used to distinguish a second packet type for the same
port (or group of ports). For instance, suppose that for a specific port (e.g., Port
3) a packet type is defined (e.g., unknown-unicast) and the rate is set (e.g.,
10m). To define a different packet type and to set a rate for it for the same port
use the argument extra. The example at the end of this chapter demonstrates
its use. Note that the same packet type must not be included in two commands
that differ only in the argument extra.
Example
OS900> enable
OS900# configure terminal
OS900(config)# port flood-limiting tcp-syn 1-3
OS900(config)#
3. Set the rate limit for the types of flood packets selected in step 2 by invoking one
or both of the following command:
port flood-limiting rate VALUE PORTS-GROUP|all
port flood-limiting extra rate VALUE PORTS-GROUP|all
where,
port: Action on port.
flood-limiting: Without the keyword extra, the flood/rate limiting
mechanism to be applied to the packet type selected using any of the first four
commands in Step 2, above.
extra: Extra flood-limit. The flood/rate limiting mechanism to be applied to the
packet type selected using any of the last four commands in Step 2, above. This
option is needed when for the same port (or group of ports) one rate is to be
applied to one set of packet types while another rate is to be applied to another
set of packet types. Note that the same packet type may not be included in both
sets. See the example below demonstrating use.
rate: Permitted rate per port.
VALUE: Rate to which the selected set of packet types are to be limited at each
port in the group to be subjected to rate limiting of flood packets. The minimum
rate selectable is as follows:
If the argument ‘extra’ is included in the command: 2.03m bps
If the argument ‘extra’ is not included in the command:
For a 10/100 Mbps port: 202.75k bps
For a 1000 Mbps port: 2.03m bps
The maximum rate selectable is 1 Gbps.
If a value that is not an integral multiple of 46.08k bps is entered, the OS900
automatically sets the rate to an integral multiple of the granularity 46.08k bps
that is closest to the value entered by the user. Examples of values that can be
entered are: 800k, 50m, and 1g. The rate applies to the packet types collectively.
PORTS-GROUP: Group of ports (to which rate-limiting is to be applied).
all: All ports (to which rate-limiting is to be applied).
Example
This example demonstrates configuration of rate limiting of flood packets.
Suppose the following are required:
− Application of rate limiting of flood packets to Port 3 and
Port 4.
− The rate for broadcast packets and multicast packets
(collectively) are to be limited to 600k bits/sec.
− The rate for unknown unicast packets and TCP SYN (OSI
Layer 4) packets (collectively) are to be limited to 3m
bits/sec.
Note that a specific packet type (broadcast, etc.) is not included for both rates.
In the above example, the rate entered by the user is 17m. However, the OS900 sets the rate to
16.96m because it is an integral multiple of the granularity 46.08 Kbps that is closest to the rate 17m.
Viewing
To view the rate limit configured for one or more ports, invoke the command:
show port flood-limiting [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of ports for which rate limit is configured.
Example
OS900# show port flood-limiting 1-3
port flood-limiting rate 16.96m 1-3
port flood-limiting multicast 1-3
OS900#
Deleting
To cancel rate limiting of flood packets, enter configure terminal mode and invoke one or
more of the following commands:
no port flood-limiting PORTS-GROUP|all
no port flood-limiting [rate] PORTS-GROUP|all
no port flood-limiting [unknown-unicast] PORTS-GROUP|all
no port flood-limiting [multicast] PORTS-GROUP|all
no port flood-limiting [broadcast] PORTS-GROUP|all
no port flood-limiting [tcp-syn] PORTS-GROUP|all
where,
no: Cancel.
port: Action on port.
flood-limiting: The flood/rate limiting mechanism.
[unknown-unicast]: Unknown unicast packets.
[multicast]: Multicast packets
[broadcast]: Broadcast packets
[tcp-syn]: TCP SYN (OSI Layer 4) packets
[rate]: Rate set for port(s).
PORTS-GROUP: Group of ports (for which rate-limiting is to be cancelled).
all: All ports (for which rate-limiting is to be cancelled).
If only the type(s) of packet is used in the above commands, rate-limiting will be cancelled for the
selected type(s) on the port. However, the rate configured for the port is retained.
If only the rate for a port is used in the above commands, rate-limiting will be cancelled for the port.
However, the type(s) of packet configured for the port is retained.
If neither the type(s) of packet nor the rate for a port is used in the above commands, rate-limiting
will be cancelled for the port. In addition, the type(s) of packet as well as the rate configured for the
port are deleted.
Example
OS900(config)# no port flood-limiting rate 1,3
OS900(config)#
Example
The following example is provided to show the scope of the ‘Rate Limiting of Flood Packets’
mechanism.
Suppose the following are required:
− Rate Limiting of Flood Packets is to be applied to Port 3.
− Two sets of packet types are to be distinguished. The first set is to contain the types
unknown-unicast and multicast. The second set is to contain only the type tcp-
syn.
− The rate limit to be applied to the first set is 10 Mbps.
− The rate limit to be applied to the second set is 20 Mbps.
--------------------------Setting the Flood Packet Types and Rate Limits for Port 3--------------------------
OS910> enable
OS910# configure terminal
OS910(config)# port flood-limiting unknown-unicast 3
OS910(config)# port flood-limiting multicast 3
OS910(config)# port flood-limiting extra tcp-syn 3
OS910(config)# port flood-limiting rate 10m 3
Set rate to 10m bit/sec
OS910(config)# port flood-limiting extra rate 20m 3
Set rate to 20m bit/sec
General
A Provider Bridge (Service VLAN, VMAN, Stacked VLAN, or Q-in-Q) is an IEEE 802.1ad standard
mechanism that uses an extra service provider tag as part of the Ethernet frame header in order to
provide IEEE 802.1Q standard VLAN interconnectivity between remote sites of a customer
scattered across a service provider network.
Provider Bridges provide separate instances of MAC services to multiple independent users of a
carrier network (shared service provider network). Each instance is an interconnection of several
sites of the same customer that are distributed across a carrier network. The interconnection is
made possible using the same VLAN ID for the sites. The VLAN ID encapsulates the customer
VLAN frames. The carrier network is utilized as a completely transparent transport medium
between the sites so that the sites appear to be directly interconnected.
In order to enable transparency for customer services, described above, a provider bridge should
be able to tunnel Layer 2 control protocol packets across the carrier network. This feature of a
provider bridge is described in detail in the section Tunneling of Layer 2 Protocols, page 219. For
example, a group of sites can be bridged into one VLAN under a single MSTP domain.
Purpose
The purpose of Provider Bridges is twofold:
1) To isolate different types of traffic from one another (on the basis of service and/or
customer) in a manner that is transparent to traffic of the same customer VLAN.
2) To bridge customers or groups of customers scattered across the service provider
network
A Provider Bridge fulfills these purposes without interfering with the client VLAN structure while
“hiding” the internal VLAN structure of the customer network from others.
25
The IEEE 802.1ad standard refers to a Service VLAN Ethertype as TPID (Tag Protocol IDentification).
26
Core port is also known as provider network port.
Principle of Operation
A packet (tagged or untagged) entering an access port is directed to a core port or to another
access port. At the core port, the packet is pushed with another VLAN header that includes the
Service VLAN Ethertype (pre-assigned by the user to the core port) and Service VLAN tag (VLAN
interface tag assigned to the packet) and then forwarded on the provider network to the other
access ports of the same customer.
A packet entering a core port from the provider network is forwarded to the access port whose
VLAN tag matches Service VLAN tag of the packet. The access port pops the Service VLAN
header (Service VLAN Ethertype and Service VLAN tag) and forwards the packet on the access
network.
Configuration
To configure access and core ports to operate in Service VLAN mode:
1. Enter configure terminal mode.
2. Ensure that the ports are members of a VLAN interface. (Configuring, page 175,
shows how to configure a VLAN interface. The configuration example at the end of
this chapter also shows how to configure a VLAN interface.) This VLAN interface
is the Service VLAN.
3. Set each core (provider network) port of the OS900 that is to participate in the
Service VLAN, using the following command:
port tag-outbound-mode tagged PORTS-GROUP
where,
port: Port configuration
tag-outbound-mode: Mode for egress packets
tagged: Tagged egress packets. (This setting is required for Service VLAN
core ports.)
PORTS-GROUP: Group of Ports
Example
OS900(config)# port tag-outbound-mode tagged 3-4
OS900(config)#
4. Set each access (provider edge) port of the OS900 that is to participate in the
Service VLAN, using the following command:
port tag-outbound-mode q-in-q PORTS-GROUP TAG
where,
port: Port configuration.
tag-outbound-mode: Mode for egress packets
q-in-q: Untagging of egress packets. (This setting is required for Service
VLAN access ports.)
PORTS-GROUP: Group of Ports
TAG: The default Service tag to be set for all packets entering the port
Example
OS900(config)# port tag-outbound-mode q-in-q 2 92
OS900(config)#
An access port can be a member of several Service VLANs. Packets entering the access port will be
assigned, by default, the Service VLAN tag set in the above command. In the above example,
packets entering port 2 will be assigned, by default, Service VLAN tag 92. Packets entering the port
can be switched to another Service VLAN instead of the default Service VLAN by the action action
tag swap <0-4095> in an ACL rule. For details, refer to the section Stage 2 – Actions on
Packet, page 255.
5. [If only the default Service VLAN Ethertype (0x8100) is to be used, skip this step.]
Define the Service VLAN Ethertypes using the command:
vman core-ethertype-1 ETHERTYPE core-ethertype-2 ETHERTYPE
where,
Viewing
To view Service VLAN Ethertype configuration:
1. Enter enable mode.
2. Invoke the command show vman
Example
OS900# show vman
Value of ethertype 1 is 0x8100 (default value)
Value of ethertype 2 is 0x8100 (default value)
Core ports with ethertype=1 (default port ethertype): 1-4
OS900#
Example
The purpose of the example here is to show how Service VLANs, in general, can be configured.
For simplicity, only three Service VLANs are configured. However, this number should be sufficient
to indicate the scope of Service VLAN configuration.
Application Description
Ports 1 and 2 are access ports belonging to customers 1 and 2, respectively. Ports 3 and 4 are
core ports.
Two Service VLANs are configured: 91 and 92 (A Service VLAN is actually configured in the same
way as any VLAN interface.) Customer 1 will be assigned to Service VLAN tag 91, Customer 2 will
be assigned to Service VLAN tag 92.
Configuration
Below is an example showing the user inputs (in bold) and OS900 outputs on the CLI screen. The
user inputs include:
− Setting core ports 3 and 4 to tagged mode
− Specification of Service VLAN interface containing Ports 1, 3 and 4 (tag 91, default
Service VLAN for access port 1)
− Specification of Service VLAN interface containing Ports 2, 3 and 4 (tag 92, default
Service VLAN for access port 2)
− Setting access ports 1 and 2 to q-in-q mode, and setting its default Service VLANs (91 and
92).
MRV OptiSwitch 910 version d1320-22-08-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# port tag-outbound-mode tagged 3,4
OS900(config)# interface vlan vif91
OS900(config-vif1)# ports 1,3,4
OS900(config-vif1)# tag 91
Interface is activated.
OS900(config-vif1)# exit
OS900(config)#
OS900(config)# interface vlan vif92
OS900(config-vif2)# ports 2,3,4
OS900(config-vif2)# tag 92
Interface is activated.
OS900(config-vif2)# exit
OS900(config)#
OS900(config)#
OS900(config)# port tag-outbound-mode q-in-q 1 91
OS900(config)# port tag-outbound-mode q-in-q 2 92
OS900(config)# exit
OS900#
27
Pushing the Service VLAN packet means adding another 802.1Q header that includes the default Service VLAN
Ethertype 0x8100 and the Service VLAN tag. The Ethertype added to this header may be set to a value that is different
from the default by assigning a different core ethertype to the core ports using the commands vman core-ethertype
and port core-ethertype.
customer tag 10 will be assigned to a new Service VLAN 102. All other packets will still be
assigned to the port’s default Service VLAN 92.
Such an application is useful when a single access port receives traffic from more than one
customer (e.g., when a DSLAM is connected on the access port), or when the customer connected
to the access port requires several Service VLANs and not just one (e.g., a Service VLAN per
service type, such as, for e.g., voice, video, or data).
Extended Configuration
The extended configuration includes:
− Specification of another Service VLAN interface containing Ports 2, 3, and 4 (service tag
102).
− Defining an ACL that classifies packets according to the customer tag 10 and swaps the
tag with the new Service VLAN tag 102.
− Binding the ACL to the access port as described in the section Binding, page 266.
MRV OptiSwitch 910 version d1320-22-08-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# interface vlan vif102
OS900(config-vif1)# ports 2,3,4
OS900(config-vif1)# tag 102
Interface is activated.
OS900(config-vif1)# exit
OS900(config)#
OS900(config)# access-list extended svlan102
OS900(config-access-list)# rule 10
OS900(config-rule)# tag eq 10
OS900(config-rule)# action tag swap 102
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)#
OS900(config)# port acl-binding-mode by-port 2
OS900(config)# port access-group svlan102 2
OS900(config)#
Note
STP traffic (BPDUs) from ports configured as tunnel ports do not
participate in the OS900 MSTP, but are tunneled through the service
VLAN.
There are currently two models for implementing Tunneling of Layer 2 Protocols:
− Cisco Layer 2 Protocol Tunneling
− IEEE 802.1ad Provider Bridges Tunneling
The OS900 uses Cisco’s model and is, therefore, compatible with Cisco devices.
Principle of Operation
The principle of operation is based on Cisco’s L2PT.
Layer 2 PDUs entering an Edge switch from its access (customer) side have their Destination
MAC address changed to a special MAC address. This new MAC address makes the PDUs
appear as ordinary data packets to the carrier network. The PDUs are then forwarded on the
carrier network using their VLAN ID. Core switches in the carrier network forward these PDUs to
the Edge switches at the other sites of the customer without processing them. The PDUs at these
switches have their Destination MAC address changed back to the previous Destination MAC
address, and identical copies are delivered to all customer ports in the same VLAN.
Configuration
The procedure for configuring edge OS900s (that have ports connected to the sites of a customer)
to provide Layer 2 tunneling over a carrier network is as follows:
At each customer site (OS900 site):
1. Connect the customer 802.1Q VLAN trunk ports to the Edge OS900 ports (called
tunnel ports).
2. Create a VLAN (as described in the Chapter 7: Interfaces, page 171) on the
Edge OS900 that includes the tunnel ports.
3. In configure terminal mode, invoke the command:
port l2protocol-tunnel all|cdp|pvst+|stp|vtp PORTS-GROUP [drop]
where,
cdp: Cisco discovery protocol datagrams
pvst+: Cisco Per VLAN Spanning Tree Plus discovery protocol datagrams.
(PVST+ provides the same functionality as PVST. PVST uses ISL
trunking technology whereas PVST+ uses IEEE 802.1Q trunking
technology.
PVST functionality is as follows:
It maintains a spanning tree instance for each VLAN configured in
the network. It allows a VLAN trunk to be forwarding for some
VLANs while blocking for other VLANs. Since PVST treats each
VLAN as a separate network, it has the ability to load balance
traffic (at OSI Layer 2) by enabling forwarding for some VLANs on
one trunk and enabling forwarding for other VLANs on another
trunk, without causing a Spanning Tree loop.
Viewing
To display the tunneling configuration:
1. Enter enable mode.
2. Invoke the command:
show port l2protocol-tunnel
Example
OS900(config)# do show port l2protocol-tunnel
STP tunnel-ports:
CDP tunnel-ports: 3
VTP tunnel-ports:
OS900(config)#
Deleting
To delete tunneling on one or more ports:
1. Enter configure terminal mode.
2. Invoke the command:
no port l2protocol-tunnel (all|cdp|pvst+|stp|vtp) [PORTS-GROUP]
where,
cdp: Cisco discovery protocol datagrams
pvst+: Cisco Per VLAN Spanning Tree Plus discovery protocol datagrams.
stp: IEEE 802.1w or IEEE 802.1s spanning-tree protocol datagrams
vtp: IEEE 802.3ad VLAN trunk protocol datagrams
all: All protocol datagrams, i.e., cdp, stp, and vtp
Example
OS900(config)# no port l2protocol-tunnel cdp 3
OS900(config)#
Advantages
In this method, the OS900’s CPU is not involved. This has the following advantages:
1. CPU is freed to perform other tasks.
2. Whatever the load on the CPU, BPDUs will not be dropped.
3. Processing is done at wire-speed
Terminology
C-STP – Spanning tree domain/traffic of a Customer
S-STP – Spanning tree domain/traffic of a Service Provider
Access Port – A port in a Provider’s bridge that is dedicated to a single Customer only
Uplink Port – A port in a Provider’s bridge that is connected to another Provider’s bridge
Edge Bridge (for a customer) – A Provider’s bridge directly connected to the Customer device
through an access port
BPDU – Bridge Protocol Data Unit (STP)
Application
Tunneling/dropping by hardware of STP BPDUs is applied when:
− A high rate of C-STP BPDUs is received on the bridge access port, and
− The provider does not want to isolate this access port using the BPDU storm guard feature
(described in the section Storm Guard, page 328).
Example
The following example shows OS900s connected to access-side switches C1 and C2 (possible
also OS900s). The blue links are customer side downlinks. The red links are provide side uplinks.
The settings at provider-side switches S1 (OS900) and S2 (OS900) are as follows:
S1
BPDUs with tag 10 will be transparent at uplink ports 3 and 4. Ports 1 and 2 are prevented from
sending BPDUs to the provider’s spanning-tree domain. BPDUs with tag 10 in the customer’s
spanning-tree domain are set to be dropped.
S2
BPDUs with tag 10 will be transparent at uplink ports 1 to 4.
1 S1 (OS900) 2
3 4
1 S2 (OS900)
2
3 4
Purpose
Tag- translation/swapping, unlike tag-nesting (service provider bridges q-in-q operation per IEEE
802.1ad), is used to interconnect two LANs/CPEs, that are located at different UNIs and do not
have the same VLAN tag29, across an Ethernet metro network.
Advantages
− VLAN tags at different UNIs can be assigned independently of each other
− Non-IP as well as IP packets can be delivered across an Ethernet metro network
Application
Interconnection of the LANs/CPEs is done per ACL. This means that traffic flow between the CPEs
can also be fully controlled (by the packet filtering capability of ACLs).
Both tagged and untagged frames are allowed at ingress. Packets received from the customer site
are encapsulated with an additional tag (Service VLAN tag) before being forwarded over the
Ethernet metro network. Packets received from the Ethernet metro network are decapsulated from
the Service VLAN tag before they are forwarded to the customer site.
Following are application scenarios in which tag-translation/swapping is used:
− Interconnection of two LANs/CPEs of one customer that are located at different
UNIs
− Tying two LANs/CPEs of two organizations that have merged across an Ethernet
metro network
− Connecting different customers to the same Internet Service Provider (ISP)
Principle of Operation
The principle of operation of tag translation mode is explained with the aid of the example in Figure
27, below. At customer site A, VLAN Tag 10 of a packet entering an OS900 port that is a member
of the VLAN is translated into Tag 20, encapsulated with the service tag 700, and sent over the
network to the OS900 connecting customer site B. At the OS900, the packet is decapsulated from
the service tag 700, and sent to customer site B.
At customer site B, VLAN Tag 20 of a packet entering an OS900 port that is a member of the
VLAN is translated into Tag 10, encapsulated with the service tag 700, and sent over the network
to the OS900 connecting customer site A. At the OS900, the packet is decapsulated from the
service tag 700, and sent to customer site A.
28
User-to-Network Interface. The type of network considered here is Ethernet metro network.
29
It is possible that the VLAN tags are different or that one CPE has a VLAN tag while the other does not.
Configuration
To configure tag translation/swapping in order to interconnect one pair of LANs/CPEs, perform the
following steps for each of the two OS900s (one at Customer Site A, the other at B):
1. Enter configure terminal mode.
2. Select a port to be set in untagged mode by invoking the command:
port tag-outbound-mode untagged PORTS-GROUP
where,
PORTS-GROUP: Customer port
3. Set untagged customer port to be a member of Multiple VLANs by invoking the
command:
port untagged-multi-vlans PORTS-GROUP
where,
PORTS-GROUP: Customer port
4. Make the Customer Port and the Service Port members of an inband VLAN
interface as described in the section Configuring, page 175.
Note
Assign the same tag to the two inband VLAN interfaces, one in the
Customer Site A OS900 and the Customer Site B OS900!
5. Set VLAN Tag Swap Mode in an Access List by invoking the command:
action tag swap-ctag <0-4095> stag <0-4095>
where,
<0-4095>: (First appearance) Range of customer VLAN tags from which one tag is
to be selected.
<0-4095>: (Second appearance) Range of service VLAN tags from which one tag
is to be selected.
6. Binding the ACL to the customer port by invoking the commands:
port acl-binding-mode by-port PORTS-GROUP
port access-group WORD PORTS-GROUP
where,
PORTS-GROUP: Customer port
WORD: Name of Access List
7. Set VLAN Tag Nesting Mode in a second Access List by invoking the command:
action tag nest <0-4095>
where,
<0-4095>: Range of service VLAN tags from which the same tag as in Step
4, above, is to be selected. (Note that nest tag can be assigned to an
internal port, external port, or VLAN.)
8. Bind the second Access List to the internal customer port having the same number
as the port selected in Step 2, above, by invoking the command:
port access-group extra WORD PORTS-GROUP
where,
WORD: Name of second Access List
PORTS-GROUP: Customer port, other than port 11 or 12 of the OS912. The
customer port can be a trunk port. (A trunk port is required to have the
format tX where, X is a number in the range 1 to 9.)
9. Select the OS900 Service Port (UNI) connecting the Customer Site A by invoking
the command:
port tag-outbound-mode tagged PORTS-GROUP
where,
PORTS-GROUP: Service port
Note
For each additional pair of LANs/CPEs to be interconnected, a different
Service VLAN tag must be assigned.
Example
The following example shows how to configure two OS900s to operate in Tag Translation mode
across a network. Although port pairs with different numbers (namely, 1,3 and 2,4) are shown in
the example, port pairs with the same numbers can be selected, e.g., 1,3 and 1,3.
----------Making Customer Port 1 and Service Port 3 members of Inband VLAN Interface 700----------
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port acl-binding-mode by-port 1
OS900(config)# port access-group ACL1 1
OS900(config)#
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port access-group extra ACL2 1
OS900(config)#
---------Making Customer Port 2 and Service Port 4 members of Inband VLAN Interface 700---------
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port acl-binding-mode by-port 2
OS900(config)# port access-group ACL3 2
OS900(config)#
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port access-group extra ACL4 2
OS900(config)#
It is not required to select different customer port numbers and different service port numbers as in
the example above. For instance, the customer port number at both OS900s could be selected as
1 and the service port number at both OS900s could be selected as 3.
As such, for the OS900 at site B ACL1 could be used instead of ACL3 and ACL2 could be used
instead of ACL4.
Purpose
A Port Trunk between two switches increases traffic throughput capacity among stations
connected to the members ports of the trunk. For example, the interconnection of eight full-duplex
Gigabit ports of one OS900 to eight full-duplex Gigabit ports of another OS900, serves as an 8-
Gbps full-duplex Ethernet trunk.
In addition to increased link capacity, link aggregation results in higher link availability. It prevents
the failure of any single link from leading to a disruption of communication between two OS900s.
Number
The maximum number of port trunks that can be configured is by including just two ports per trunk.
For example, for the OS904 up to two port trunks can be configured and for the OS912 up to six
port trunks can be configured.
Principle of Operation
Frame Transfer
When LACP is enabled at both OS900s of the trunk, the OS900s dynamically exchange
configuration information (e.g., presence and capabilities of the group members) between them.
The OS900s compares the information it receives from the peer OS900 with its own setup, and
accordingly dictates which ports are to be aggregated.
The LACP always tries to aggregate the maximum number of compatible ports in a trunk allowed
by the hardware.
When LACP is not able to aggregate all the ports that are compatible (for example, the peer allows
a smaller number of ports in a trunk), then all the ports that are not actively included in the
aggregation are set in standby state.
A member port is excluded from a trunk when, for example, the Tx output of a port fails. In such
case the Rx of the port at the other end of the trunk will not receive. As a result, the LACP will
detect the failure and will reconfigure the trunk to exclude the port with the failed Tx output.
Traffic is distributed among the ports of a trunk according to the L2 addresses and L3 addresses of
packets.
A Port Trunk transmits all unknown, broadcast, and multicasts packets, including BPDUs (which
are multicast frames), via one port only.
MSTP Action
All ports of a Port Trunk participate as one port in MSTP. A Port Trunk functions as a single port.
Rules
The following rules must be used when configuring a Port Trunk:
Configuration
To configure a Port Trunk:
1. Enter configure terminal mode.
2. To create a port trunk, invoke the command:
port trunk NAME PORTS-GROUP
where,
port: Port action.
trunk: Trunking.
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
PORTS-GROUP: Group of ports to be trunked. Any number of ports may be
selected.
Example
OS900(config)# port trunk t2 2,4
OS900(config)#
3. Optionally, in order to provide traffic load balancing, select a hash function
appropriate to the layer at which datagrams are transferred through the trunk
using the command:
port trunk mode l2|l3|l4|port
where,
l2: Hashing based on source/destination MAC address.
l3: Hashing based on source/destination IP address.
l4: Hashing based on TCP/UDP port.
port: Hashing based on physical port or trunk.
Example
OS900(config)# port trunk mode l2
OS900(config)#
Activation
LACP can be activated on a port trunk or on a group of untrunked ports.
Trunk
To activate LACP on a port trunk and to set the port trunk to operate in active mode30, invoke the
command:
port trunk NAME lacp
where,
30
In active mode, the OS900 initiates LACP packets.
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
lacp: Enable LACP.
Example
OS900(config)# port trunk t2 lacp
OS900(config)#
To activate rapid LACP (reduced-time-session-establishment LACP) on a port trunk and to set the
port trunk to operate in active mode, invoke the command:
port trunk NAME rapid-lacp
where,
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
rapid-lacp: Enable rapid LACP.
Example
OS910(config)# port trunk t1 rapid-lacp
OS910(config)#
To activate LACP on a port trunk and to set the port trunk to operate in passive mode31, invoke the
command:
port trunk NAME lacp passive
where,
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
lacp: Enable LACP.
passive: Passive mode for LACP.
Example
OS900(config)# port trunk t2 lacp passive
OS900(config)#
Port
To activate LACP on one or more ports and to set the ports to operate in active mode, invoke the
command:
port lacp (PORTS-GROUP|all)
where,
lacp: Enable LACP.
PORTS-GROUP: Group of ports to participate in LACP.
all: All ports to participate in LACP.
Example
OS910(config)# port lacp 1-3
OS910(config)#
31
In passive mode, the OS900 does not initiate LACP packets. However, it can respond to received LACP packets.
Example
OS910(config)# port rapid-lacp 1,4
OS910(config)#
To activate LACP on one or more port and to set the ports to operate in passive mode, invoke the
command:
port lacp passive (PORTS-GROUP|all)
where,
passive: Passive mode for LACP.
PORTS-GROUP: Group of ports to participate in LACP.
all: All ports to participate in LACP.
Example
OS910(config)# port lacp passive 2-4
OS910(config)#
Deactivation
Trunk
LACP
To deactivate LACP on a port trunk, invoke the command:
no port trunk NAME lacp
where,
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
Example
OS910(config)# no port trunk t1 lacp
OS910(config)#
Rapid LACP
Port
To deactivate LACP on one or more ports, invoke the command:
no port lacp PORTS-GROUP|all
where,
PORTS-GROUP: Group of ports to participate in LACP.
all: All ports to participate in LACP.
Example
OS910(config)# no port lacp 1,4
OS910(config)#
Viewing
To view the port trunk configuration:
Deleting
To delete a port trunk:
1. Enter configure terminal mode.
2. Invoke the following command:
no port trunk NAME
where,
no: Negation.
port: Port action.
trunk: Trunking.
NAME: Trunk name. It must have the format tX, where X represents any
number in the range 1-7.
Example
OS900(config)# no port trunk t6
OS900(config)#
Selecting an SL Criterion
The Trust Mode function is used to select a criterion (Layer 3 DSCP bits, Layer 2 VPT bits, or port
priority) of ingress packets to be mapped to SLs.
To configure Trust Mode:
1. Enter configure terminal mode.
2. Invoke the command:
port qos-trust PORTS-GROUP|all l2|l2l3|l3|port
where,
PORTS-GROUP Group of ports. (Trunk ports may be included in the group.)
all All ports.
l2 Layer 2 VPT bits to be used to assign an SL to a packet.
l2l3 Layer 3 DSCP bits to be used to assign an SL to a packet, otherwise
use Layer 2 VPT bits to assign an SL.
l3 Layer 3 DSCP bits to be used to assign an SL to a packet.
port Default priority (SL) of the ingress port to be used to assign an SL to a
packet.
Original-VPT-to-SL Map
This map is used to assign an SL to an ingress packet according to its VPT.
Default
If the user does not change the Original-VPT-to-SL map, the OS900 uses the default map in Table
9, below.
Table 9: Default Original-VPT-to-SL Map
Original VPT SL
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8
Custom
The user can change the default Original-VPT-to-SL map as follows:
1. Enter configure terminal mode.
2. Invoke the following command:
diffserv orig-vpt RANGE sl <1-8>|default
where,
diffserv Differentiated Services.
orig-vpt VPT value of ingress packet.
RANGE Range of VPT values to be mapped to an SL. Any one or more VPT
values 0-7 can be selected.
sl SL.
<1-8> Range of SLs from which one is to be selected.
default Default SL for the VPT value. (Table 9, above, shows the default
SL for each VPT value.)
To revoke the above command, invoke the command:
no diffserv orig-vpt RANGE
Example
OS900(config)# diffserv orig-vpt 0-3 sl 8
OS900(config)# diffserv orig-vpt 4-7 sl 1
OS900(config)#
View
To view the Original-VPT-to-SL map, invoke the enable mode command show diffserv.
Example
OS900(config)# do show diffserv
Original-DSCP-to-SL Map
It is used to assign an SL to an ingress packet according to its DSCP.
Default
If the user does not change the Original-DSCP-to-SL map, the OS900 uses the map in Table 10,
below.
Table 10: Default Original-DSCP-to-SL Map
Original DSCP SL
0-9,11-17,19,21,23-25,27,29,31-33,35,37,39-45,47-63 1
10 2
20,22 3
18 4
28,30 5
26 6
36,38 7
34,46 8
Custom
The user can change the default Original-DSCP-to-SL map as follows:
1. Enter configure terminal mode.
2. Invoke the following command:
diffserv orig-dscp RANGE sl <1-8>|default
where,
diffserv Differentiated Services.
orig-dscp DSCP value of ingress packet.
RANGE Range of DSCP values to be mapped to an SL. Any one or more
DSCP values 0-63 can be selected.
sl SL.
<1-8> Range of SLs from which one is to be selected.
default Default SL for the DSCP value. (Table 10, page 239, shows the
default SL for each DSCP value.)
View
To view the Original DSCP to SL map, invoke the command do show diffserv.
Example
OS910(config)# do show diffserv
Marking
General
The OS900 can be set to mark egress packets with a new VPT and/or DSCP according to the SL
of the packet. The user can set the OS900 to mark packets according to a global table (as
described in this section) or with an ACL rule action (as described in the section Stage 2 – Actions
on Packet, page 255). The global map only defines the values that will be used when marking is
activated. In order to activate marking, the user has to set the ingress port to do so. (The ingress
port turns on marking for each packet, but the actual marking is done on the egress port.) When
marking per an ACL rule, both the mark mode and mark value are set in the rule.
SL-to-New-VPT Map
This map is used to assign a VPT to an egress packet according to its SL.
Default
If the user does not change the SL-to-New-VPT map, the OS900 uses the map in Table 11, below.
SL Mark (New)
VPT
1 0
2 1
3 2
4 3
5 4
6 5
7 6
8 7
Custom
The user can change the default SL-to-New-VPT map as follows:
1. Enter configure terminal mode.
2. Invoke the following command:
diffserv sl <1-8>|all mark-vpt default|<0-7>
where,
diffserv Differentiated Services.
sl SL.
<1-8> Range of SLs from which one is to be selected for mapping to a VPT
value.
all All eight SLs.
mark-vpt VPT value to be changed.
default Default VPT value for the SL. (Table 11, above, shows the default
VPT value for each SL.)
<0-7> Range of VPT values from which one is to be selected.
To revoke the above command, invoke the command:
no diffserv sl <1-8>|all mark-vpt
The values in the Mark-VPT column can be changed again with the command action mark sl
<1-8> vpt <0-7> under rule under access-list under configure terminal.
Example
OS900(config)# diffserv sl all mark-vpt 5
OS900(config)#
View
To view the SL-to-New-VPT map, invoke the command do show diffserv.
Example
OS900(config)# do show diffserv
OS900(config)#
SL-to-New-DSCP Map
This map is used to assign a DSCP to an egress packet according to its SL.
Default
If the user does not change the SL-to-New-DSCP map, the OS900 uses the map in Table 12,
below.
Table 12: Default SL-to-New-DSCP Map
SL Mark (New)
DSCP
1 12
2 10
3 20
4 18
5 28
6 26
7 36
8 34
Custom
The user can change the default SL-to-New-DSCP map as follows:
1. Enter configure terminal mode.
2. Invoke the following command:
diffserv sl <1-8>|all mark-dscp <0-63>|default
where,
diffserv Differentiated Services.
sl SL.
<1-8> Range of SLs from which one is to be selected.
all All eight SLs.
mark-dscp New DSCP value(s) for ingress packet.
<0-63> Range of DSCP values to be mapped to an SL. Any one of the
DSCP values 0-63 can be selected.
default Default DSCP value for the SL. (Table 12, page 242, shows the
default DSCP value for each SL.)
To revoke the above command, invoke the command:
no diffserv sl <1-8>|all mark-dscp
Example
OS910(config)# diffserv sl 7 mark-dscp 0
OS910(config)#
View
To view the SL-to-New-DSCP map, invoke the command do show diffserv.
Example
OS910(config)# do show diffserv
DSCP Marking Table
==================
orig-dscp service-level mark-dscp
============================================================================
0-3,8-9,11-17,20-25,27,29,31-33,35,37,39-45,47-63 1 12
10 2 10
4-7,19 3 20
18 4 18
28,30 5 28
26 6 26
36,38 7 0
34,46 8 34
Activation
To activate marking:
1. Enter configure terminal mode.
2. Invoke the command:
port qos-marking PORTS-GROUP|all dscp|vpt|vptdscp
where,
PORTS-GROUP Group of ports. (Trunk ports may be included in the group.)
all All ports.
dscp Mark DSCP bits according to the SL of a packet.
vpt Mark VPT bits according to the SL of a packet.
vptdscp Mark Layer 3 DSCP bits and Layer 2 VPT bits according to the SL
of a packet.
Examples
VPT
This example is provided to demonstrate the procedure for setting up the OS900 to direct ingress
packets at a specific port that have a specific VPT to an egress queue having a specific SL and to
mark these packets with a different VPT at egress.
Suppose it is required:
− To direct ingress packets at Port 1
− That have VPT 5
− To the egress queue having SL 6
− And to mark these packets with VPT 4 at egress
The sequence of CLI commands to be invoked to implement the requirement is shown below.
----Modification of Table 9, page 238, so that the same SL is assigned to the VPT at ingress and to that required at egress----
OS900(config)# diffserv orig-vpt 5,4 sl 6
--------------------Modification of Table 11, page 241, so that the required VPT at egress is assigned to required SL--------------------
OS900(config)# diffserv sl 6 mark-vpt 4
------------------------Identification of the port at which ingress packets are to be queued according to their VPT-------------------------
OS900(config)# port qos-trust 1 l2
In the above example, since Port 1 is a dual port32, both the ingress and the egress VPT are
specified in the command diffserv orig-vpt 5,4 sl 6.
Figure 28, below, shows the stages at which a packet passing through the OS900 ports is:
− assigned an SL for placement in an egress queue, and
− marked with the VPT required for egress.
DSCP
This example is provided to demonstrate the procedure for setting up the OS900 to direct ingress
packets at a specific port that have a specific DSCP to an egress queue having a specific SL and
to mark these packets with a different DSCP at egress.
Suppose it is required:
− To direct ingress packets at Port 1
− That have DSCP 10
− To the egress queue having SL 6
−
And to mark these packets with DSCP 18 at egress
The sequence of CLI commands to be invoked to implement the requirement is shown below.
----Modification of Table 10, page 239, so that the same SL is assigned to the DSCP at ingress and to that required at egress----
OS910(config)# diffserv orig-dscp 10,18 sl 6
--------------------Modification of Table 12, page 242, so that the required DSCP at egress is assigned to required SL--------------------
OS910(config)# diffserv sl 6 mark-dscp 18
------------------------Identification of the port at which ingress packets are to be queued according to their DSCP-------------------------
OS910(config)# port qos-trust 1 l3
In the above example, since Port 1 is a dual port33, both the ingress and the egress DSCP are
specified in the command diffserv orig-dscp 10,18 sl 6.
Figure 28, below, shows the stages at which a packet passing through the OS900 ports is:
− assigned an SL for placement in an egress queue, and
− marked with the DSCP required for egress.
32
Dual ports are described in the section Dual (Internal and External) Ports, page 154.
33
Dual ports are described in the section Dual (Internal and External) Ports, page 154.
Statistics
General
This section describes how to enable statistics gathering per-port per-SL while preserving the
mapping function DSCP SL, VPT SL.
The OS900 can be configured to collect up to sixteen sets of counts (since there are sixteen
statistics counters). The readings of the counts are displayed in tabular format. The entry NA means
not applicable.
Configuration
1. Two new global tables can be configured. The first one maps VPT to SL, the second
maps DSCP to SL.
To configure the VPT SL global table:
1.1. Enter configure terminal mode.
1.2. Enter VPT-to-SL mode by invoking the command:
sl-stat-table-vpt
1.3. Invoke the command:
orig-vpt <0-7> sl <1-8>
To configure the DSCP SL global table:
1.4. Exit to configure terminal mode.
1.5. Enter DSCP-to-SL mode by invoking the command:
sl-stat-table-tos
1.6. Invoke the command:
orig-tos TOS_HEX_VALUE TOS_HEX_MASK sl <1-8>
where,
TOS_HEX_VALUE: ToS value (hexadecimal number selectable from the range
0 to FF)
TOS_HEX_MASK: ToS mask (hexadecimal number selectable from the range 0
to FF)
<1-8>: SL value (selectable from the range 1 to 8)
2. Enable global per-port statistics (internally create the ACLs and actions) by invoking
the command:
sl-stat-per-port
3. Enable accounting for one or more ports specifying whether the classification is by
VPT and/or DSCP by invoking any of the following commands:
port sl-account dscp PORTS-GROUP
port sl-account dscp PORTS-GROUP vpt PORTS-GROUP
port sl-account vpt PORTS-GROUP
Viewing
To view the statistics counters:
1. Enter enable mode.
2. Invoke the command:
show sl-stat-counters (PORTS-GROUP|all) sl (SL-GROUP|all)
where,
PORTS-GROUP: Group of ports.
all: (First appearance) All ports.
SL-GROUP: Group of SLs.
all: (Second appearance) All SLs.
To view the statistics counters with refresh (continual data update):
1. Enter enable mode.
2. Invoke the command:
monitor sl-stat-counters (PORTS-GROUP|all) sl (SL-
GROUP|all)
where,
PORTS-GROUP: Group of ports.
all: (First appearance) All ports.
SL-GROUP: Group of SLs.
all: (Second appearance) All SLs.
Clearing
To clear the statistics counters:
clear sl-stat-counters (PORTS-GROUP|all) sl (<1-8>|all)
where,
PORTS-GROUP: Group of ports.
all: (First appearance) All ports.
<1-8>: Group of SLs.
all: (Second appearance) All SLs.
34
Each and every port in the group must NOT have a user-defined ACL bound to it.
Definition
An ACL is a set of rules for handling traffic at each OS900 port or VLAN interface. Each rule
consists of a set of packet attribute values (for the purpose of packet classification) and actions to
be performed on packets that have these values.
Examples of attributes are: Protocol, Source IP address, Destination IP address, Source port,
Destination port, VLAN tag, etc.
Examples of actions are: Drop packet, Forward packet, Mark an SL, Mirror packet to CPU, Handle
packets according to an Action List, etc.
Applicability
An ACL can be applied to one or more:
− VLAN interfaces
− Specific ports (even if the ports are members of different VLAN interfaces)
The advantage in applying one ACL to several ports/interfaces (i.e., using the ACL in sharing
mode) becomes evident when the ACL has to be modified. In such an instance the ACL needs to
be modified just once rather than several times, once for each port/interface.
Also, two ACLs can be created specifying two traffic conditioners to provide dual leaky-bucket
policing of traffic. The procedure is described in the section Dual Leaky-Bucket Policer, page 294.
Number
Up to 1K ACLs can be bound to ports and VLAN interfaces.
Global Profiles
General
A global profile is a policy for all ACLs (whether existing or to be configured in the future) in
handling ingress packets according to their tags.
Types
There are two global profiles:
− Normal
− Doubletag
Either one of these two profiles is mandatorily assigned to all ACLs. The normal global profile is
the default.
Normal
This profile is used for handling single-tag packets. If normal profile is selected:
The classifications35 ctag and c-vpt are illegal classifications. If they are used, binding of
the ACL will fail!
35
Selectable in rule mode, and detailed in the section Stage 1 – Packet Classification, page 249.
The classifications tag and vpt apply to the first tag of the ingress traffic, before addition of a
tag to packets according to the port’s outbound tag mode36.
Doubletag
This profile is used for handling double-tag packets. If double-tag profile is selected:
The classifications ctag and c-vpt apply to the second tag of the ingress traffic, before
handling of packets according to the port’s outbound tag mode.
The classifications tag and vpt apply to the first tag of the ingress traffic, after handling of
packets according to the port’s outbound tag mode.
Selection
The user can select the profile to be assigned to all ACLs as follows:
1. Enter configure terminal mode.
2. Invoke the command:
access-list extended-profile normal|double-tag|mpls-exp
where,
normal: Single-tag packets
double-tag: Double-tag packets
mpls-exp: MPLS EXP-bits packets
Changing
To change the profile selected to be assigned to all ACLs:
1. First make sure that all ACLs are unbound (as described in the section Unbinding,
page 268
2. Invoke the command:
access-list extended-profile normal|double-tag|mpls-exp
where,
normal: Single-tag packets
double-tag: Double-tag packets
mpls-exp: MPLS EXP-bits packets
Default
To select the default profile for all ACLs:
1. Enter configure terminal mode.
2. Invoke either of the following commands:
default access-list extended-profile
Or
access-list extended-profile normal
Creating/Accessing
To create or access an ACL:
1. Enter configure terminal mode
2. Invoke the command:
access-list extended WORD
where,
WORD: Name of the ACL (new or existing)
36
If the mode is q-in-q or untagged, a VLAN tag is added. If the mode is hybrid, a VLAN tag is added to untagged
packets. For details on these modes, refer to the section Outbound Tag Mode, page 139.
Example
OS900> enable
OS900# configure terminal
OS900(config)# access-list extended ACL1
OS900(config-access-list)#
The ACL name (ACL1 in the example above) becomes the instance (current) and the CLI enters
ACL mode (as indicated by the prompt ‘OS900(config-access-list)#’).
If this ACL has just been created, it is empty. To make it useful, rules have to be created for it.
To create, display, edit, move, and delete rules, refer to the section Configuring, page 249.
Configuring
General
Number of Rules
The maximum number of rules that can be configured for an ACL is 1024.
Order of Rules
The order of rules can affect packet handling! For e.g., if one rule dictates dropping of a packet
while the following rule dictates mirroring to the CPU, and the packet meets the requirements of
both rules, the following rule will be overriden by the previous rule, and the packet will be dropped
without mirroring. If the order of these two rules is reversed, the packet will be mirrored rather than
dropped.
Content of Rules
Make sure when creating a rule it complies with the global profile (described in the section Global
Profiles, page 247).
Creating Rule
An ACL rule for packet handling is created in two stages:
Stage 1 – Packet Classification
Stage 2 – Actions on Packet
protocol eq <0-255>|icmp|igmp|ip|tcp|udp
where,
eq: Equal to
<0-255>: Range of IDs of protocols from which one can be selected. The protocols
associated with these IDs can be obtained using the Internet link
http://www.iana.org/assignments/protocol-numbers.
icmp: Internet Control Message Protocol (ID = 1)
igmp: Internet Gateway Message Protocol (ID = 2)
tcp: Transmission Control Protocol (ID = 6)
udp: User Datagram Protocol (ID = 17)
4. [Optional] Select the source IP address of the packets by invoking the command:
source-ip eq A.B.C.D/M|any
where,
eq: Equal to
A.B.C.D./M: Source prefix (IP address/mask) to be matched
any: Any prefix is a match
5. [Optional] Select the destination IP of the packets by invoking the command:
dest-ip eq A.B.C.D/M|any
where,
eq: Equal to
A.B.C.D./M: Destination prefix (IP address/mask) to be matched
any: Any prefix is a match
6. [Optional] Select the TCP/UDP source port of the packets by invoking the
command:
source-port eq PORT_RANGE
where,
eq: Equal to
PORT_RANGE: Port range. The valid range is 0 to 65535. The acceptable formats
are:
numeric – for specifying one port, e.g., 327
numeric/mask – for specifying several ports.
The mask can have any value in the range 0-16,
e.g., 31897/12.
Note
In the above command, the mask is used to select a range of ports. The
mask specifies the number of Most Significant Bits (MSBs) that are to be
the same (fixed) for all port numbers in the range. A port number
(entered in decimal format) is internally translated by the OS900 as a 16-
digit binary number.
Example 1:
This example shows what ports are included in the range when a port
number and mask are entered. For example, the port/mask 240/14 is
translated into the 16-bit binary number 0000000011110000 with a mask
on the 14 MSBs – shown in bold. This is equivalent to the range of ports
0000000011110000, 0000000011110001, 0000000011110010, and
0000000011110011.
Example 2:
This example shows how to determine the argument values to use in
order to select a range of ports between two numbers. Suppose the
numbers are 32 and 127.
The binary equivalent of 32 is 10000. To get all the values between 32
and 63, all the MSBs down to the leftmost 1 must be masked.
Accordingly, the mask must be 16 – 5 = 11. Therefore, to specify this
7. [Optional] Select the TCP/UDP destination port(s) of the packets by invoking the
command:
dest-port eq PORT_RANGE
where,
eq: Equal to
PORT_RANGE: Port range. The valid range is 0 to 65535. The acceptable formats
are:
a numeric – for specifying one port, e.g., 25
numeric/mask – for specifying several ports.
The mask can have any value in the range 0-16,
e.g., 31897/10.
The Note above on masks for the command source-port eq PORT_RANGE applies for
the command dest-port eq PORT_RANGE as well.
8. [Optional] Select the DSCP value of the packet by invoking the command:
dscp eq DSCP_HEX_VALUE [MASK_HEX_VALUE]
where,
eq: Equal to
DSCP_HEX_VALUE: DSCP value. Any hexadecimal number in the range 0x0 to
0xFF can be entered.
[MASK_HEX_VALUE]: Mask of DSCP value. Any hexadecimal number in the range
0x0 to 0xFF can be entered. The mask is used to select several DSCP values. The
mask in binary format is compared to the DSCP value in binary format. In the
positions of the 0s of the mask, the DSCP bits are permitted to be 0 or 1. For e.g., a
DSCP value 0x 9C ( = 10011100) and mask FD ( = 11101101) together are
equivalent to the 22 DSCP values: 10011100, 10001110, 10011110, 10001100.
9. [Optional] Select the VPT value of the packet by invoking the command:
vpt eq <0-7>
where,
eq: Equal to
<0-7>: Range of VPT values. Any value between 0 and 7 can be entered.
10. [Optional] Select the VLAN tag of the packet by invoking either of the following
commands:
tag eq <1-4095> [MASK_HEX_VALUE]
tag eq <0-4095> up-to <1-4095>
ctag eq <0-4095> up-to <1-4095>
where,
tag: For single-tag packets
ctag: For double-tag packets
eq: Equal to
up-to: range
<1-4095>: (First appearance) (Lowest) VLAN tag of packet (in the range).
<1-4095>: (Second appearance) Highest VLAN tag of packet in the range.
[MASK_HEX_VALUE]: Mask hex value in the hexadecimal range 0 to fff. Allows
for selecting a range of VLAN tags. A ‘0’ binary digit in the mask means that the
VLAN tag binary digit in the same position will be considered as ‘0’ and ‘1’ to give
two values. For example, if the VLAN tag is decimal 9, i.e., binary 1001, and the
mask is hex C, i.e., binary 1100, the range of VLAN tags is 1000 to 1011, i.e.,
decimal 8 to 11.
The advantage in using the rule classification command with the keyword up-to is that it
takes up only one rule space instead of several. If the lowest VLAN tag of the range is not
a number that can be expressed as an integral power of 2, the OS900 automatically
rounds up the entered tag to the greatest number smaller than the entered tag that can be
expressed as an integral power of 2. If the highest VLAN tag of the range is not a number
that can be expressed as an integral power of 2, the OS900 automatically rounds up the
entered tag to the smallest number greater than the entered tag that can be expressed as
an integral power of 2. For example, if the entered lowest VLAN tag value is 21, it is
rounded down to 16. If the entered highest VLAN tag value is 58, it is rounded up to 63.
11. [Optional] Select the VLAN tag of the packet by invoking the command:
tag eq <1-4095> [MASK_HEX_VALUE]
where,
eq: Equal to
<1-4095>: VLAN tag of packet.
[MASK_HEX_VALUE]: Mask hex value in the hexadecimal range 0 to fff. Allows
for selecting a range of VLAN tags. A ‘0’ binary digit in the mask means that the
VLAN tag binary digit in the same position will be considered as ‘0’ and ‘1’ to give
two values. For example, if the VLAN tag is decimal 9, i.e., binary 1001, and the
mask is hex C, i.e., binary 1100, the range of VLAN tags is 1000 to 1011, i.e.,
decimal 8 to 11.
12. [Optional] Specify the packet ethertype (follows the VLAN header) by invoking the
command:
ethertype eq ETHERTYPE
where,
eq: Equal to
ETHERTYPE: Ethertype value in the range [0x5dd to 0xffff] and different from the
port core-ethertype
13. [Optional] Specify the source MAC address for non IP/ARP packets by invoking the
command:
src-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
where,
eq: Equal to
MAC_ADDRESS: Source MAC address in hex format (e.g., aa:bb:cc:dd:ee:ff)
[MASK]: Mask in hex format (e.g., aa:bb:cc:dd:ee:ff)
14. [Optional] Specify the destination MAC address for non IP/ARP packets by invoking the
command:
dest-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
where,
eq: Equal to
MAC_ADDRESS: Destination MAC address in hex format (e.g., aa:bb:cc:dd:ee:ff)
[MASK]: Mask in hex format (e.g., aa:bb:cc:dd:ee:ff)
15. [Optional] Specify the source physical port (irrespective of whether the port is a
member of a VLAN interface) by invoking the command:
src-phy-port eq PORT
where,
eq: Equal to
Note
Classification according to EXP bits (using the command mpls-exp-
tagged eq <0-7> or mpls-exp-untagged eq <0-7>) cannot be
combined with classification according to L3 or L4 in the same rule!
An ACL with classification according to EXP bits cannot be bound to
egress ports.
17. If required, create additional rules by repeating steps 2 to 15 above for each rule.
Egress Ports
To perform Stage 1 (packet classification) of any rule for egress ports:
1. Create or access an ACL as described in the section Creating/Accessing, page
248.
2. Create a rule index (ID) by invoking the following command:
rule [RULE_NUM]
where,
[RULE_NUM]: (optional) Index of rule. If this argument is not entered, the rule is
indexed automatically, i.e., it is assigned a number that is a multiple of 10. Further,
this number is the smallest number larger than any of the other indices of the
existing rules in the ACL.
Rules are ordered by their index. A rule with lower index has higher priority. This fact
is significant, as noted in the section Order of Rules, page 249.
On creation of the rule, the rule mode is entered as indicated by the prompt
OS900(config-rule)#. The rule just created does not contain packet classification (or
actions). To include packet classification in the rule, continue with the steps below.
3. [Optional] Select the protocol of the packets by invoking the command:
protocol eq <0-255>|icmp|igmp|ip|tcp|udp
where,
eq: Equal to
<0-255>: Range of IDs of protocols from which one can be selected. The protocols
associated with these IDs can be obtained using the Internet link
http://www.iana.org/assignments/protocol-numbers.
icmp: Internet Control Message Protocol (ID = 1)
igmp: Internet Gateway Message Protocol (ID = 2)
tcp: Transmission Control Protocol (ID = 6)
udp: User Datagram Protocol (ID = 17)
4. [Optional] Select the source IP address of the packets by invoking the command:
source-ip eq A.B.C.D/M|any
where,
eq: Equal to
A.B.C.D./M: Source prefix (IP address/mask) to be matched
any: Any prefix is a match
5. [Optional] Select the destination IP of the packets by invoking the command:
dest-ip eq A.B.C.D/M|any
where,
eq: Equal to
A.B.C.D./M: Destination prefix (IP address/mask) to be matched
any: Any prefix is a match
6. [Optional] Select the DSCP value of the packet by invoking the command:
dscp eq DSCP_HEX_VALUE [MASK_HEX_VALUE]
where,
eq: Equal to
DSCP_HEX_VALUE: DSCP value. Any hexadecimal number in the range 0x0 to
0xFF can be entered.
[MASK_HEX_VALUE]: Mask of DSCP value. Any hexadecimal number in the range
0x0 to 0xFF can be entered. The mask is used to select several DSCP values. The
mask in binary format is compared to the DSCP value in binary format. In the
positions of the 0s of the mask, the DSCP bits are permitted to be 0 or 1. For e.g., a
DSCP value 0x 9C ( = 10011100) and mask FD ( = 11101101) together are
equivalent to the 22 DSCP values: 10011100, 10001110, 10011110, 10001100.
7. [Optional] Select the VPT value of the packet by invoking the command:
vpt eq <0-7>
where,
eq: Equal to
<0-7>: Range of VPT values. Any value between 0 and 7 can be entered.
8. [Optional] Select the VLAN tag of the packet by invoking the command:
tag eq <1-4095> [MASK_HEX_VALUE]
where,
eq: Equal to
<1-4095>: VLAN tag of packet.
[MASK_HEX_VALUE]: Mask hex value in the hexadecimal range 0 to fff. Allows
for selecting a range of VLAN tags. A ‘0’ binary digit in the mask means that the
VLAN tag binary digit in the same position will be considered as ‘0’ and ‘1’ to give
two values. For example, if the VLAN tag is decimal 9, i.e., binary 1001, and the
mask is hex C, i.e., binary 1100, the range of VLAN tags is 1000 to 1011, i.e.,
decimal 8 to 11.
9. [Optional] Specify the packet ethertype (follows the VLAN header) by invoking the
command:
ethertype eq ETHERTYPE
where,
eq: Equal to
ETHERTYPE: Ethertype value in the range [0x5dd to 0xffff] and different from the
port core-ethertype
Note
Packets assigned ethertype 0x806 (ARP) can neither be distinguished by the
classification source-ip (source IP address) nor by the classification dest-
ip (destination IP address).
10. [Optional] Specify the source MAC address for non IP/ARP packets by invoking
the command:
src-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
where,
eq: Equal to
MAC_ADDRESS: Source MAC address in hex format (e.g., aa:bb:cc:dd:ee:ff)
[MASK]: Mask in hex format (e.g., aa:bb:cc:dd:ee:ff)
11. [Optional] Specify the destination MAC address for non IP/ARP packets by
invoking the command:
dest-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
where,
eq: Equal to
MAC_ADDRESS: Destination MAC address in hex format (e.g., aa:bb:cc:dd:ee:ff)
[MASK]: Mask in hex format (e.g., aa:bb:cc:dd:ee:ff)
12. If required, create additional rules by repeating steps 2 to 15 above for each rule.
----------
OS910(config-rule)# no action mark sl
OS910(config-rule)# show
Rule index: 10
Action:
Mark vpt 3
Rule:
Rule is enable.
----------
OS910(config-rule)#
In the above example, the command ‘no action mark sl’ revokes only the action ‘Mark sl 7‘. To
revoke all actions of a rule, invoke the command: no action all.
Up to 56 mark actions can be defined per ACL. A mark action can include one or more of the
following packet attributes: VPT, DSCP, and SL.
Ingress Ports and VLAN Interfaces
To perform Stage 2 (action on packets) of any rule for ingress ports and VLAN interfaces:
1. Enter rule mode of the specific rule. This may require performance of the following
sequence of actions: entry into enable mode, entry into configure terminal
mode, entry into access-list mode for the specific ACL (as described in the
section Creating/Accessing, page 248.), entry into rule mode of the specific rule (as
described in step 2, page 249).
2. Invoke the command37:
action deny|permit
where,
deny: Deny (drop) packets that have all the attribute values (specified in Stage 1 –
Packet Classification, page 249) .
permit: Permit (forward) packets that have all the attribute values.
Note
The actions in steps 3.1 to 3.10 are conditional on the command
action deny|permit.
3. Select any one or more of the following actions, provided they do not conflict with one
another:
3.1. Trap/copy packets to the CPU by invoking the command:
action (trap-to-cpu [high-priority]|mirror-to-cpu)
where,
trap-to-cpu: Trap (send) packets only to the CPU.
high-priority: With high priority.
mirror-to-cpu: Copy packets to the CPU.
3.2. If a rate limit is required for traffic to the CPU, trap/copy the packets to the CPU by
invoking the command:
action redirect port cpu
3.3. Copy packets to the analyzer port/VLAN by invoking the command:
action mirror-to-analyzer
where,
mirror-to-analyzer: Copy packets to the analyzer port/VLAN.
3.4. Loopback and swap MAC SA with MAC DA by invoking the command:
37
This command (action) may be overridden if a rule with a lower index number specifies a conflicting action – see the
section Order of Rules, page 249.
Note
The effect of SL marking depends on the binding of the ACL (using the
command access-group). When an ACL is bound to an interface or
port, the marking sets the internal SL used for ingress shaping. In order
for the marking action to effect the actual egress SL, the ACL should be
bound to a port using the command port access-group extra …).
3.6. Mark packets with a DSCP value by invoking the command:
action mark dscp <0-63>
where,
mark: Marking.
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
3.7. Mark packets with a VPT value by invoking the command:
action mark vpt <0-7>
where,
mark: Marking.
vpt: VPT.
<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)
Note
The effect of VPT marking depends on the binding of the ACL (using the
command access-group) and the ingress port tag-outbound mode.
When ACL is bound to an interface or to a port, the VPT marking is
effective only if the ingress port is not set as ‘untagged’. In order for the
marking action to effect the actual egress packet when ingress port
is‘untagged,’ the ACL should be bound to a port using the command
port access-group extra …).
3.8. Redirect all packets that enter ports (even trunk ports) in a VLAN to a specific port in
the VLAN by invoking the command:
action redirect port PORT
where,
PORT: Port number.
3.9. Swap (replace) the VLAN tag of ingress packets by invoking the command:
action tag swap <0-4095>
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.
Note
In combination with the command port tag-outbound-mode q-
in-q PORTS-GROUP TAG (described in the section Q-in-Q (Service
VLAN Access Mode), page 141), this action can be used to implement
selection of a specific service VLAN in Provider Bridges applications.
3.10. Translate/swap the customer VLAN tag of packets (for the service VLAN tag) by
invoking the command:
action tag swap-ctag <0-4095> stag <0-4095>
where,
<0-4095>: (First appearance) Range of customer VLAN tags from which one
tag is to be selected.
<0-4095>: (Second appearance) Range of service VLAN tags from which
one tag is to be selected.
3.11. Assign a specific Action List by invoking the command:
action list NAME
where,
NAME: Action List name.
3.12. Nest a tag (add a higher level tag, e.g., an IEEE802.1ad q-in-q service provider
bridge tag) to an incoming packet by invoking the command:
action tag nest <0-4095> [vpt <0-7>]
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.
[vpt]: (Optional) VLAN priority tag.
<0-7>: Range of VLAN priority tags from which one tag is to be selected.
3.13. Swap the VLAN tag and VPT value of packets by invoking the command:
action tag swap <0-4095> vpt <0-7>
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.
<0-7>: Range of VLAN priority values from which one value is to be selected.
3.14. Mark packets with an SL and DSCP value by invoking the command:
action mark sl <1-8> dscp <0-63>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. If an SL value
already exists, it is overwritten.
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
3.15. Mark packets with an SL and VPT value by invoking the command:
action mark sl <1-8> vpt <0-7>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
vpt: VPT.
<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)
3.16. Mark packets with an SL, DSCP, and VPT value by invoking the command:
action mark sl <1-8> dscp <0-63> vpt <0-7>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
dscp: is a keyword signifying DSCP.
<0-63>: DSCP values from which one can be selected. (If a DSCP value
already exists, it is overwritten.)
vpt: keyword signifying VPT.
<0-7>: Range of VPT values from which one can be selected. If a VPT value
already exists, it is overwritten.
3.17. Mark packets with an SL value and swap their VLAN tag by invoking the command:
action mark sl <1-8> tag swap <0-4095>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
tag swap: Swap VLAN tag
<0-4095>: Range of VLAN tags from which one tag is to be selected.
3.18. Mark packets with an SL and VPT value and swap their VLAN tag by invoking the
command:
action mark sl <1-8> vpt <0-7> tag swap <0-4095>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. (If an SL value
already exists, it is overwritten.)
vpt: VPT.
<0-7>: Range of VPT values from which one can be selected. (If a VPT value
already exists, it is overwritten.)
tag swap: Swap VLAN tag
<0-4095>: Range of VLAN tags from which one tag is to be selected.
3.19. Mark packets with an SL and DSCP value and swap the VLAN tag of the packets by
invoking the command:
action mark sl <1-8> dscp <0-63> tag swap <0-4095>
where,
mark: Marking.
sl: SL.
<1-8>: Range of SL values from which one can be selected. If an SL value
already exists, it is overwritten.
dscp: DSCP.
<0-63>: Range of DSCP values from which one can be selected. (If a DSCP
value already exists, it is overwritten.)
tag swap: Swap VLAN tag
Egress Ports
To perform Stage 2 (action on packets) of any rule for egress ports:
1. Enter rule mode of the specific rule. This may require performance of the following
sequence of actions: entry into enable mode, entry into configure terminal
mode, entry into access-list mode for the specific ACL (as described in the
section Creating/Accessing, page 248.), entry into rule mode of the specific rule (as
described in step 2, page 249).
2. Invoke the command38:
action deny|permit
where,
deny: Deny (drop) packets that have all the attribute values (specified in Stage 1 –
Packet Classification, page 249) .
permit: Permit (forward) packets that have all the attribute values.
Note
The actions in steps 3.1 to 3.10 are conditional on the command
action deny|permit.
3. Select any one or more of the following actions, provided they are not mutually
conflictual:
Note
Before invoking the command action mark … vpt or action tag
swap … for a port, first make sure that the port is set in tagged or
hybrid mode and the rule action permit has been selected.
38
This command (action) may be overridden if a rule with a lower index number specifies a conflicting action – see the
section Order of Rules, page 249.
Note
The effect of VPT marking depends on the binding of the ACL (using the
command access-group) and the ingress port tag-outbound mode. When ACL
is bound to an interface or to a port, the VPT marking is effective only if the
ingress port is not set as ‘untagged’. In order for the marking action to effect the
actual egress packet when ingress port is‘untagged,’ the ACL should be bound
to a port using the command port access-group extra …).
3.3. Swap (replace) the VLAN tag of packets by invoking the command:
action tag swap <0-4095>
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.
Note
In combination with the command port tag-outbound-mode q-in-q
PORTS-GROUP TAG (described in the section Q-in-Q (Service VLAN Access
Mode), page 141), this action can be used to implement selection of a specific
service VLAN in Provider Bridges applications.
3.4. Swap the VLAN tag and VPT value of egress packets by invoking the command:
action tag swap <0-4095> vpt <0-7>
where,
<0-4095>: Range of VLAN tags from which one tag is to be selected.
<0-7>: Range of VLAN priority values from which one value is to be selected.
3.5. It is possible that no rule will apply to certain packet types. Such packets, by default,
are dropped. To enable forwarding (or dropping) of all such packets:
3.5.1. Enter the access-list mode of the ACL.
To do so when in the rule mode, invoke the command exit.
(To do so when in the configure terminal mode, invoke the
command access-list extended WORD, where WORD is the name of
the ACL.)
3.5.2. Invoke the command:
default policy permit|deny
where,
permit: Permit forwarding of a packet if no rule applies.
deny: Drop (deny forwarding of) a packet if no rule applies.
Example
OS900(config-access-list)# default policy permit
OS900(config-access-list)#
Viewing Rule
To view a specific rule of an ACL:
1. Enter configure terminal mode.
2. Enter the mode of the ACL whose rule(s) is/are to be viewed by invoking the
command:
access-list extended WORD
where,
WORD: Name of the ACL
3. Invoke the command:
show rule RULE_NUM
where,
[RULE_NUM] : Index of rule.
Example
OS900# configure terminal
OS900(config)# access-list extended ACL1
OS900(config-access-list)# show rule 10
Rule index: 10
Action:deny
Source ip:32.32.32.32/32
----------
OS900(config-access-list)#
Editing Rule
To edit an existing or new rule:
1. Invoke the command:
rule RULE_NUM
where,
RULE_NUM: Index of the rule to be edited
Example
OS900(config)# access-list extended Sales
OS900(config-access-list)#
OS900(config-access-list)# rule 2
OS900(config-rule)#
2. Invoke any one or more of the commands noted above for classification and
actions.
Moving Rule
To move a rule, invoke the command:
rule RULE_NUM move NEW_RULE_NUM
where,
RULE_NUM: Index of the rule to be moved
NEW_RULE_NUM: New index to be assigned to the rule. The rule is moved to a position so
that the indexes of all the rules are in ascending order from top to bottom.
Example
OS900(config-access-list)#
OS900(config-access-list)# rule 3 move 1
OS900(config-access-list)#
Deleting Rule
To delete a specific rule:
1. Enter the access-list mode of the ACL.
2. Invoke the command:
no rule RULE_NUM
where,
RULE_NUM: Index of the rule.
Example
OS900(config-access-list)#
OS900(config-access-list)# no rule 2
OS900(config-access-list)#
Note
The command Global Default Policy is effective for ACLs that are bound after
invocation of this command. To make the command Global Default Policy
effective for an ACL that is bound before invocation of this command, unbind all
ACLs, invoke the command Global Default Policy, and then rebind the ACL.
Example
OS900> enable
OS900# configure terminal
OS900(config)# access-list extended-default-policy permit
OS900(config)#
Viewing
Configured ACLs can be viewed from any of the following modes:
− access-list mode
− enable mode
access-list mode
Only the current ACL can be displayed from this mode. To display the ACL, invoke the command:
show [detail]
where,
detail (optional): Information in detail. The command without this argument displays
abbreviations used by the OS900 in displaying rule actions.
Example
OS900(config-access-list)# show
Comment Adding
A user comment on an ACL can be entered with the ACL as follows:
1. Enter the access-list mode of the ACL.
2. Invoke the command:
remark LINE
where,
LINE: Comment on the current ACL.
Example
OS900> enable
OS900# configure terminal
OS900(config)# access-list extended ACL1
OS900(config-access-list)# remark This ACL is to be used for the Sales Dept.
OS900(config-access-list)# show
Binding
Limitations
− Only one ACL can be bound to a VLAN interface.
− Up to two ACLs can be bound to a port.
− A specific ACL can be bound either to ingress ports/VLANs or egress ports; not
both.
Ingress Ports
2. Two ACLs may be bound to a port group. The first ACL is bound as in step 1,
above. To bind a second ACL to a port group, invoke the command:
port access-group extra WORD PORTS-GROUP
where,
WORD: Name of second ACL.
PORTS-GROUP: Same group of Ports as for the first ACL. (The port/s must not
be port 11 or 12 of the OS912.)
Example
OS900(config-vif777)# exit
OS900(config)# port acl-binding-mode ?
by-port Set acl binding by port
by-vlan Set acl binding by vlan
OS900(config)# port acl-binding-mode by-port ?
<cr>
PORTS-GROUP Group of Ports
| Output modifiers
OS900(config)# port acl-binding-mode by-port 2 ?
<cr>
| Output modifiers
OS900(config)# port acl-binding-mode by-port 2
Egress Ports
ACLs can be bound to egress ports only; not egress VLANs
To bind an ACL to an egress port group:
1. Enter configure terminal mode.
2. Select Port Mode by invoking the command:
port acl-binding-mode by-port [PORTS-GROUP]
where,
by-port: (Port Mode) Use ACL bound to a port group.
PORTS-GROUP: Group of ports.
3. Invoke the command:
port access-group egress WORD PORTS-GROUP
where,
WORD: Name of ACL.
PORTS-GROUP: Group of ports.
Unbinding
Ingress Ports
To unbind the first ACL from a group of ports:
1. Enter configure terminal mode.
2. Invoke the command:
no port access-group PORTS-GROUP
where,
PORTS-GROUP: Group of Ports.
Example
OS900# configure terminal
OS900(config)# no port access-group 4
OS900(config)#
Egress Ports
To unbind an ACL from an egress port group:
1. Enter configure terminal mode.
2. Invoke the command:
no port access-group egress PORTS-GROUP
where,
PORTS-GROUP: Group of ports.
Example
OS900(config)# port access-group ACL3 1,3
OS900(config)#
Deleting
To delete an ACL:
1. Unbind the ACL from each interface to which it has been bound as described in
the section Unbinding, page 268.
2. Enter configure terminal mode.
3. Invoke the command:
no access-list WORD
where,
WORD: Name of the ACL
Example
OS900(config)# no access-list ACL1
Access List ACL1 was deleted.
OS900(config)#
Example
Below is a configuration example showing the user inputs (in bold) and OS900 outputs on the CLI
screen. The user inputs include:
− ACL creation
− Adding a comment (remark) on the ACL
− Creation of rules. Each rule consists of a criterion (condition) and the action for the rule
− Creation of an interface to which the ACL is to be applied
− Activation of the ACL using the command access-group.
− ACL status display
− Interface status display
OS900> enable
OS900# configure terminal
OS900(config)# access-list extended ACL1
OS900(config-access-list)# rule 1
OS900(config-rule)# source-ip eq 10.10.10.10/32
OS900(config-rule)# action permit
OS900(config-rule)# exit
OS900(config-access-list)# rule
OS900(config-rule)# source-ip eq 4.4.4.4/32
OS900(config-rule)# action mirror-to-cpu
OS900(config-rule)# exit
OS900(config-access-list)# rule
OS900(config-rule)# source-ip eq 1.1.1.1/32
OS900(config-rule)# action mark sl 7
OS900(config-rule)# exit
OS900(config-access-list)# exit
Access-group is active:
ACL1 Ports: all
OS900(config-vif2005)#
In the example above the new rule (Rule 15) is inserted between Rule 10 and Rule 20.
Method 1
In this method, the effect on the traffic while the rule is being edited is ignored.
To edit an existing rule in an active ACL:
1. Enter the access-list mode of the ACL containing the rule to be edited.
2. Enter the mode of the rule with the old index by invoking the command:
rule RULE_NUM
where,
RULE_NUM: Old index of the rule to be edited
3. So that the rule can be edited, disable it by invoking the command:
no enable
4. Edit the rule (having the new index) by invoking any one or more of the commands
noted in the section Creating Rule, page 249, for classification and actions.
5. To activate the edited rule (having the old index), in its rule mode invoke the
command:
enable
Example
OS900(config)# access-list extended test
OS900(config-access-list)# rule 15
OS900(config-rule)# no enable
OS900(config-rule)# action list rate2
OS900(config-rule)# enable
OS900(config-access-list)#
Method 2
In this method, traffic is allowed to be forwarded unaffected while the rule is being edited.
To edit an existing rule in an active ACL:
1. Enter the access-list mode of the ACL containing the rule to be edited.
2. To allow traffic to be forwarded unaffected according to the unedited rule while the
rule is being edited, copy the rule using a new index as follows:
rule RULE_NUM copy RULE_NUM
where,
RULE_NUM: (First appearance) Old index of the rule to be edited
RULE_NUM: (Second appearance) New index for the rule to be edited
3. Enter the mode of the rule with the old index by invoking the command:
rule RULE_NUM
where,
RULE_NUM: Old index of the rule to be edited
4. So that the rule can be edited, disable it by invoking the command:
no enable
5. Edit the rule (having the new index) by invoking any one or more of the commands
noted in the section Creating Rule, page 249, for classification and actions.
6. To activate the edited rule (having the old index), in its rule mode invoke the
command:
enable
7. Exit to the access-list mode of the ACL containing the rule by invoking the
command:
quit
8. Delete the rule with the new index by invoking the command:
no rule RULE_NUM
where,
RULE_NUM: New index of the rule to be edited
Example
OS900(config)# access-list extended test
OS900(config-access-list)# rule 15 copy 16
OS900(config-access-list)# rule 15
OS900(config-rule)# no enable
OS900(config-rule)# action list rate2
OS900(config-rule)# enable
OS900(config-rule)# quit
OS900(config-access-list)# no rule 16
OS900(config-access-list)#
Example
The following example demonstrates how an active ACL can be modified on-the-fly.
!
action-list rate1
tc-action
drop-red
rate single-leaky-bucket cir 5m cbs 4K
!
action-list rate2
tc-action
drop-red
rate single-leaky-bucket cir 3m cbs 4K
!
access-list extended test
rule 10
action list rate1
dest-ip eq 11.1.1.10/32
!
interface vlan vif100
tag 100
ports 1-2
access-group test
OS900(config-access-list)# rule 15
OS900(config-rule)# source-ip eq 11.1.1.101/32
OS900(config-rule)# action list rate1
OS900(config-rule)# enable
Note that while rule 15 is disabled traffic from the source 11.1.1.101 is denied.
Note that traffic from source 11.1.1.101 is forwarded according to rule 15, i.e., it is not denied,
during the editing.
Terminology
Ingress port – A port at which traffic enters the OS900.
Egress port – A port at which traffic exits the OS900.
Mirrored port – A port whose traffic is replicated at another port/VLAN.
Mirrored VLAN – A VLAN whose traffic is replicated at another port/VLAN.
Analyzer port – A port at which traffic (received at another port/VLAN) is replicated.
Analyzer VLAN – A VLAN at which traffic (received at another port/VLAN) is replicated.
Definition
Port/VLAN mirroring is the replication of traffic received on one or more physical ports (called
mirrored ports) or at a VLAN interface (called mirrored VLAN) at another physical port (called
analyzer or probe port) or at another VLAN interface (called analyzer VLAN).
Purpose
Port/VLAN mirroring provides for the connection of a network protocol analyzer to an analyzer
port/VLAN to identify the types of traffic passing through particular ports/VLANs. The data thus
obtained can be used for statistical analyses to determine how to improve network operation as
well as for troubleshooting a network on a port-by-port basis.
Applicability
Port mirroring can be applied to ingress, egress, or ingress & egress traffic received on one port, a
group of ports, or at a VLAN. Instead of mirroring all traffic received at a port/VLAN, selective
traffic, called a flow39, at the port/VLAN can be mirrored. (To enable flow mirroring, an ACL must
be bound to the port/VLAN. Configuration and binding of ACLs is described in Chapter 14:
Extended Access Lists (ACLs), page 247.)
The packets can be mirrored to one analyzer port or to one analyzer VLAN. The advantage in
selecting an analyzer VLAN is that an analyzer can be connected to a port of another switch in the
network.
39
A flow is traffic at a port/VLAN that is definable with the following characterizations: destination address, source address,
protocol, etc. – see Stage 1 – Packet Classification, page 249.
Analyzer Port/VLAN
Mirroring can be performed to one analyzer port or to one VLAN40 (that may have several member
ports).
The speed of the analyzer port/VLAN is independent of the ingress and egress mirrored
port(s)/VLAN speed. In some cases, the analyzer port/VLAN may be over-subscribed if the
aggregate bandwidth of the mirrored traffic exceeds the analyzer port/VLAN link bandwidth. The
congestion is handled in the same way as a regular transmit port congestion.
Usage
Analyzer Port
An analyzer port can be added, deleted, or viewed.
40
Mirroring to an analyzer VLAN can be performed only with the OS904, OS906/AC-2, OS912-AC-2, and OS912-DC-2.
Analyzer VLAN
An analyzer VLAN can be added, deleted, or viewed.
For the models OS912-AC-2 and OS912-DC-2, before adding or replacing an analyzer VLAN do
the following:
1. Enter configure terminal mode and then boot mode
2. Invoke the command:
analyzer-vlan
3. Exit to enable mode and reboot by invoking the command:
reboot
or
reboot-force
Note
If an analyzer VLAN is configured on OS912-AC-2 or OS912-DC-2,
internal Port 10 will become unavailable for all other operations requiring
its use. For e.g., ‘Rate limiting of flood packets for a second packet type
at Port 10 – see Chapter 9: Rate Limiting of Flood Packets, page
211’, ‘Ingress traffic shaping – see the section Shaping, page 301’, ‘Tag
translation/swapping – see Chapter 11: Tag Translation/Swapping,
page 225’, and ‘Binding a second ACL to a port – see the section
Binding, page 266.’
Configuration
Any of a wide range of mirroring configurations can be implemented based on port ingress/egress
traffic, VLAN, or ACL rule and destination port or VLAN. To cover this range and to serve as a
guide that will enable the user to implement a configuration that best suits the purpose at hand,
three configuration examples are presented below.
Example 1
This is a configuration in which traffic will be mirrored (from one or several ports) to a single port.
The configuration steps are as follows:
Example 2
This is a configuration in which traffic will be mirrored (from one or several ports) to a VLAN.
The configuration steps are as follows:
1. Add one analyzer VLAN as described in the section Adding/Replacing Analyzer
Port, page 278.
2. Add one or more mirrored ports (whose ingress traffic, egress traffic, or both is to
be mirrored) as described in any of the above sections, e.g., Adding/Replacing
Mirrored Ingress Ports, page 280.
Example
OS900# configure terminal
Example 3
This is a configuration in which traffic in a VLAN will be mirrored (to a port).
The configuration steps are as follows:
1. Add one analyzer port as described in the section Adding/Replacing Analyzer
Port, page 278.
2. Select/create a mirrored VLAN (i.e., an interface whose traffic is to be mirrored.
The procedure for creating/selecting an interface is described in Chapter 7:
Interfaces, page 171.)
3. Select VLAN Mode for the ports that are members in the mirrored VLAN.
4. Create an ACL that includes the rule that contains the action action mirror-
to-analyzer.
5. Bind the ACL to the mirrored VLAN.
Example
---------Selecting VLAN Mode for the ports that are members in the mirrored VLAN---------
OS900(config-vif7)# exit
OS900(config)# port acl-binding-mode by-vlan 2-4
OS900(config)#
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# interface vif7
OS900(config-vif7)# access-group ACL99
OS900(config-vif7)#
Definition
Traffic Conditioner41 (TC) is a set of functions for controlling the rate of ingress traffic of specific
flows42. It complements the flow classification process described in Chapter 13: Quality of
Service (QoS), page 237.
Purpose
A TC is used to provide two key services related to aggregate flow:
− SLA enforcement: This service is implemented using metering, selective packet drop, and
SL remarking
− Accounting and billing: For this service, flow aggregate counters are maintained
These two services are needed to limit ingress traffic and to account for it, typically at access
points, such as, an Ethernet-to-Subscriber access box. By combining these services with ingress
and egress traffic shaping (described in the section Shaping, page 301), they form a complete SLA
enforcement set of tools for service providers.
Number
Up to 256 TCs can be configured on an OS900.
Action List
General
An Action List is a set of actions. Currently, a TC action is the only option in an Action List.
To activate a configured TC, its Action List must be included in an Access List (ACL) rule as
described in the section Stage 2 – Actions on Packet, page 255.
Sharing
An Action List (e.g., TC) can be included in any number of ACL rules, which contain actions to be
performed.
The advantage in applying one Action List to several ports/interfaces (i.e., using the Action List in
sharing mode) becomes evident when the Action List has to be modified. In such an instance the
Action List needs to be modified just once rather than several times, once for each port/interface.
Creation/Access
To create/access an Action List:
1. Enter configure terminal mode
2. Invoke the command:
action-list NAME
where,
NAME: Name of the Action List. (The name can be any string of alphanumeric
characters.)
41
Also known as policer, meter, or rate-limiter.
42
A flow is streams of packets that comply with a specific ACL rule.
Example
OS900# configure terminal
OS900(config)# action-list ActionList1
OS900(config-action-list)#
Viewing
To view an Action List:
1. Enter configure terminal mode
2. Invoke the command:
show action-list [detail] [NAME]
where,
detail: Details on the action list.
NAME: Name of the action list. (The name can be any string of alphanumeric
characters. If no name is entered, all the configured action lists are displayed.)
Example
OS900(config)# show action-list detail ACN1
action-list ACN1
================
Status: not active
Number of actions: 1
TC
----
Accounting: enabled, packet-counters
Drop packets marked Red: disabled
Conformance counter set number is #2
Single Leaky Bucket parameters:
cir=5m bits/sec, cbs=10K bytes, ebs=5K bytes
OS900(config)#
Functions
The TC can perform the following functions on ingress traffic:
− Metering
− Actions on Non-Conforming (Red) Traffic
o Dropping or
o Service Level Remarking according to Conformance Level
− Accounting
Metering
Model
Traffic metering is the process of measuring the time-based properties (e.g., rate) of a traffic
stream. A TC may be configured to meter traffic flow according to the OS900’s metering model,
which is a single-rate 2-color marker.
The traffic flow rate is defined with the parameters Committed Information Rate (CIR) and
Committed Burst Size (CBS) of the ‘Leaky Bucket’ mechanism. This mechanism can be likened to
a water bucket having one hole, with CBS analogous to the bucket capacity and CIR analogous to
the rate of water leakage through the hole. CIR can be set in kilobytes/sec, megabytes/sec, or
gigabytes/sec units. CBS can be set in kilobytes or megabytes.
A packet is marked with the Conformance Level as follows:
− Green if it does not exceed the CIR and CBS
− Red otherwise
Figure 30, below, shows how the metering model handles a packet.
Policing Mode
General
A policing mode is whether ingress traffic bytes counting is done to include the parts of Layer 1
frames, Layer 2 frames, or Layer 3 packets. Since a Layer 1 PDU ⊃ Layer 2 PDU ⊃ Layer 3 PDU,
more bytes are counted for a Layer 1 PDU than for a Layer 2 PDU, and more bytes are counted
for a Layer 2 PDU than for a Layer 3 PDU. The policing mode is global and applies for all TCs.
Setting
To set the policing mode,
1. Enter configure terminal mode
2. Invoke the command:
policing mode l1|l2|l3
where,
policing: Global policing.
mode: Mode of policing.
l1: Layer 1 bytes for counting.
l2: Layer 2 bytes for counting. (Default)
l3: Layer 3 bytes for counting.
Example
OS900(config)# policing mode l2
OS900(config)#
Custom
To set the MTU for policing:
1. Enter configure terminal mode.
2. Invoke the command:
policing mtu (1536|2048|10240)
where,
1536: MTU size 1536 bytes
2048: MTU size 2048 bytes (default value)
10240: MTU size 10240 bytes. Use this value for policer and jumbo frames
Default
To set the MTU for policing to the default value (2048 bytes):
1. Enter configure terminal mode.
2. Invoke the command:
no policing mtu
Traffic Rate
To set the traffic rate:
1. Enter configure terminal mode.
Example
OS900> enable
OS900# configure terminal
2. Create/access an Action List by invoking the following command.
action-list NAME
where,
NAME: is the name of the action list. (The name can be any string of
alphanumeric characters up to 20 characters long.)
Example
OS900(config)# action-list ACN1
OS900(config-action-list)#
3. Enter the TC mode by invoking the command:
tc-action
Example
OS900(config-action-list)# tc-action
OS900(config-tc-action)#
4. Invoke the command:
rate single-leaky-bucket cir RATELIMIT cbs BURSTSIZE
where,
rate: Traffic speed.
single-leaky-bucket: Metering/marking algorithm whose coloring action
depends on whether the BURSTSIZE (CBS) is exceeded. If it is not, a packet
is colored green; otherwise it is colored red.
cir: Committed Information Rate (CIR)
RATELIMIT: CIR value. The value may be any number in the range 64K-1G
bits/sec. For OS930, the value may be any number in the range 64K-10G
bits/sec. Valid units are: k, m, g. Examples: 100k, 10m, 1g.
cbs: Committed Burst Rate (CBS)
BURSTSIZE: CBS value. This value is required to be larger than the policer
MTU described in the section Maximum Transmission Unit (MTU) for Policing,
page 287. It is recommended to select a value that is greater than or equal to
the size of the largest possible packet in the stream.
The value may be any number in the range 4K-16M bytes. Valid units are: k,
m. Examples: 7k, 2m.
Default Map
To view the current CL remarking map, invoke the command do show cl-mapping.
Table 13, below, shows the default CL mapping.
Table 13: Default CL Remarking Map
ORIG-SL CL NEW-SL
1 Red 1
2 Red 2
3 Red 3
4 Red 4
5 Red 5
6 Red 6
7 Red 7
8 Red 8
Custom Map
To change an existing CL remarking map:
1. Enter configure terminal mode.
2. Invoke the command:
cl-mapping orig-sl <1-8> red new-sl <1-8>
where,
<1-8>: (first) Range of SL values 1-8, from which one value is to be selected. The
value is the SL marked as described in Chapter 13: Quality of Service (QoS), page
237.
red: CL red
<1-8>: (second) Range of SL values 1-8, from which one new value is to be
selected.
Example
OS900(config)# cl-mapping orig-sl 8 red new-sl 6
OS900(config)#
View Map
To view the existing CL remarking map:
1. Enter configure terminal mode.
2. Invoke the command:
show cl-mapping
Example
OS900(config)# show cl-mapping
ORIG-SL CL NEW-SL
----------------------------------------------
1 red 1
2 red 2
3 red 3
4 red 4
5 red 5
6 red 6
7 red 7
8 red 6
OS900(config)#
Activation
For remarking to take effect, the metering model must be assigned to the Action List (using the
command rate single-leaky-bucket cir RATELIMIT cbs BURSTSIZE as described in
the subsection Traffic Rate, page 288.)
Deactivation
To deactivate remarking:
1. Enter configure terminal mode
2. Invoke the command:
no cl-mapping orig-sl <1-8> red
where,
<1-8>: SL to be selected from the range 1 to 8
Accounting
Counters
There are sixteen Global Counter Sets available for TCs. Each Global Counter Set consists of two
counters. They are:
− Green CL byte Counter (Counts conforming bytes)
− Red CL byte Counter (Counts excess bytes)
Viewing
Method 1
To view the counter readings for a specific TC in TC mode:
1. Enter the TC mode as described in the section Activation, page 290.
2. To display counter readings with refresh (continual update), invoke the command:
monitor tc-counters
3. To display counter readings without refresh, invoke the command:
show tc-counters
Example
OS900# configure terminal
OS900(config)# action-list ACN1
OS900(config-action-list)# tc-action
OS900(config-tc-action)# show tc-counters
Method 2
To view the counter readings for a specific TC from enable mode:
1. Enter enable mode.
2. Invoke the command:
show tc-counters AL_NAME
where,
AL_NAME: Name of the action list. (The name can be any string of
alphanumeric characters up to 20 characters long.)
Clearance
To clear the Specific Counter Set of a TC:
1. Enter the TC mode as described in the section Activation, page 290.
2. Invoke the command:
clear tc-counters
Example
OS900# configure terminal
OS900(config)# action-list ACN1
OS900(config-action-list)# tc-action
OS900(config-tc-action)# clear tc-counters
Aggregation
Configuration
Accounting for several existing TCs (assigned using action lists) can be unified as follows:
1. Enter configure terminal mode.
2. To enter the tc-counters-group mode, invoke the command:
tc-counters-group NAME
where,
NAME: Name for the group of existing TCs whose accounts are to be unified.
(To cancel aggregate accounting, invoke the command no tc-counters-group
NAME.)
3. To provide a textual description for the group of TCs, invoke the command:
description TEXT
where,
TEXT: Textual description for the group.
(To delete the textual description for the group of TCs, invoke the command no
description.)
4. To include an existing TC in the joint accounting, invoke the command:
action-list NAME
where,
NAME: Name for the action list assigned to the existing TC whose account is to
be unified with those of other TCs.
(To delete the action list, invoke the command no action-list NAME.)
5. Repeat the above step for each action list assigned to an existing TC whose
account is to be unified with those of other TCs.
Example
OS900# configure terminal
OS900(config)# tc-counters-group ?
NAME Name of the group
OS900(config)# tc-counters-group WaterPark
OS900(config-tc_group-WaterPark)# description Customers are C118, C119, C120.
OS900(config-tc_group-WaterPark)# action-list ACN1
OS900(config-tc_group-WaterPark)# action-list ACN2
OS900(config-tc_group-WaterPark)#
Viewing
Groups
To view configured groups of Action Lists:
1. Enter enable mode.
2. Invoke either of the following commands:
show tc-counters-group [configuration]
Example
OS900> enable
OS900# show tc-counters-group configuration
!
! TCGROUP configuration
!
tc-counters-group JurassicPark
action-list ACN3
!
tc-counters-group WaterPark
action-list ACN1
action-list ACN2
!
OS900#
Aggregate Counts
Method 1
To view the aggregate counts of a specific group of TCs, whose accounting has been unified, in
tc-counters-group mode:
1. Enter configure terminal mode.
2. Invoke the command:
tc-counters-group NAME
where,
NAME: Name for the group of TCs whose accounts have been unified.
3. Invoke either of the following commands:
show
monitor
where,
show: Display without refresh.
monitor: Display with refresh.
Example
OS900# configure terminal
OS900(config)# tc-counters-group WaterPark
OS900(config-tc_group-WaterPark)# show
Traffic conditioner counters groups:
Flags: a - absent; i - inactive; m - metering;
<1-16> - conformance counter set number
Group:WaterPark
Action-list |Flags| Bytes Green | Bytes Red |
ACN1 i 78905 0
ACN2 i 8063942 0
summary: 0 0
OS900(config-tc_group-WaterPark)#
Method 2
To view the aggregate counts of the group of TCs, whose accounting has been unified, in enable
mode:
1. Enter enable mode.
2. Invoke either of the following commands:
show tc-counters-group [NAME]
monitor tc-counters-group [NAME]
where,
show: Display without refresh.
monitor: Display with refresh.
NAME: Name of the group of TCs whose accounts have been unified.
Example
OS900> enable
OS900# show tc-counters-group configuration
!
! TCGROUP configuration
!
tc-counters-group JurassicPark
action-list ACN3
!
tc-counters-group WaterPark
action-list ACN1
action-list ACN2
!
OS900#
Activation
To activate a configured TC, include its Action List in an ACL rule as described in the section
Stage 2 – Actions on Packet, page 255.
will not drop red traffic but will mark it as red (as having higher drop precedence). In this way,
traffic not conforming with PIR/PBS will be dropped. Traffic conforming with PIR/PBS and not
conforming with CIR/CBS will be marked red on the second TC (this is the equivalent for yellow
traffic in the first TC), and traffic conforming with both will be marked green by the second TC.
Configuration
The configuration steps are:
1. Define two TCs: One for the bigger bucket (PIR, PBS) and the second for the
smaller bucket (CIR, CBS). (Note that a TC may be called ‘smaller’ if either the
burst-size or the rate or both are smaller).
2. Define two ACLs, one for each TC.
3. Set the ingress port (port 1) to by-port ACL binding mode
4. Bind the ACL with the bigger TC to the port.
5. Bind the ACL with the smaller TC to the port as extra (second ACL for the port).
Example
In the example below the PIR is 10 Mbps, the PBS is 100 KB, the CIR is 2 Mbps, and the CBS is
100 KB.
OS900> enable
OS900# configure terminal
OS900(config)# action-list pirpbs
OS900(config-action-list)# tc-action
OS900(config-tc-action)# rate single-leaky-bucket cir 10m cbs 100k
OS900(config-tc-action)# drop-red
OS900(config-tc-action)# counter-set-number 1
OS900(config-tc-action)# exit
OS900(config-action-list)# exit
OS900(config)# action-list circbs
OS900(config-action-list)# tc-action
OS900(config-tc-action)# rate single-leaky-bucket cir 2m cbs 100k
OS900(config-tc-action)# counter-set-number 2
OS900(config-tc-action)# exit
OS900(config-action-list)# exit
OS900(config)# access-list extended pirpbs
OS900(config-access-list)# rule 10
OS900(config-rule)# action list pirpbs
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# access-list extended circbs
OS900(config-access-list)# rule 10
OS900(config-rule)# action list circbs
OS900(config-rule)# exit
OS900(config-access-list)# exit
OS900(config)# port acl-binding-mode by-port 1
OS900(config)# port access-group pirpbs 1
OS900(config)# port access-group extra circbs 1
OS900(config)#
Notes
1. In the above example, the trTcm red bytes counter can
be viewed by viewing the red bytes counter of counter-
set 1, the trTcm yellow bytes counter can be viewed by
viewing the red bytes counter in counter-set 2, and the
trTcm green bytes counter can be viewed by viewing the
green bytes counter in counter-set 2.
2. For implementing an srTcm (RFC 2697) a similar
method can be applied: the CIR will be the rate of both
TCs, the EBS will be the burst size of the first (bigger)
TC and the CBS will be the burst-size of the second
(smaller) TC.
Egress-Queue
Chapter 17:
Manager (EQM)
Definition
The Egress Queue Manager (EQM) is used to provide traffic control and monitoring services on outbound
traffic queues.
Purpose
The purpose of the EQM is to perform the following functions at each physical port:
− Prevent congestion in queues
− Ensure that at least the minimum bandwidth allocated to each queue is provided
− Limit rate to the allocated bandwidth and shape individual queues
− Schedule flows from multiple queues
Global Configuration
The EQM can provide a shared resource (common memory space) for buffering packets that may
not be immediately forwarded at their port/queue due to the fact that the buffer space allocated to
the port/queue is limited.
Port Configuration
The EQM maintains the following per egress port:
• Maximum egress rate set for the port for Token Bucket shaping, in
addition to the per-queue shaping. (This is useful for limiting the egress
bandwidth for each port.)
• Scheduling modes (SP, WRR1, WRR0) for the port’s queues – see the
section Scheduling, page 298, for details.
Queue Configuration
The EQM maintains the following configuration parameters per queue per egress port:
• Queue enable/disable
• Maximum number of packet buffers and descriptors allowed for the
queue, i.e., a per queue per drop-precedence configuration. (This
constraint prevents a congested port/queue from using up all egress
buffer and descriptor space in the OS900.)
• Queue shaping parameters, i.e., shaping Token Bucket profile. (This is
useful for limiting the egress bandwidth for each queue.)
• Weight for WRR scheduler (if the queue is scheduled according to
WRR)
Congestion Avoidance
Congestion is a condition in which the OS900 is unable to receive and process all packets arriving
at its ports. It can occur when:
• The data speed on the transmission link remains smaller than the data
speed on the reception links over a period of time. Examples of
situations that may lead to such congestion are:
1. A Gigabit port transmits more than 100Mbps to a Fast Ethernet
port.
Scheduling
General
Scheduling is the process of selecting packets from egress queues for placement on a
transmission link. Scheduling depends on the scheduling mode (described below) and QoS factors
such as traffic shaping (described in the section Shaping, page 301).
Scheduling Modes
There are three scheduling modes for queues. They are:
− Strict Priority (SP)
− Shape-deficit Weighted Round Robin 1 (WRR1)
− Shape-deficit Weighted Round Robin 0 (WRR0)
The general relationship between the modes is as follows: SP queues are scheduled before
WRR1 queues and WRR0 queues. WRR1 queues are scheduled before WRR0 queues.
The user can set each queue at each port in any one of the scheduling modes.
The user can also set a further relationship between these modes such as rate limit per queue as
described in the section Shaping, page 301.
The general relationship between the modes, the capability to set a queue in any one of the
modes, and the capability to set a rate limit per queue enables support for high level QoS
applications (e.g., the IETF DiffServ standardized PHBs such as Assured Forwarding (AF),
Expedited Forwarding (EF), Best Effort, etc.).
Scheduling queues in both SP and WRR modes enables handling of highly time-sensitive traffic
(such as VoIP and mission critical protocols) and other traffic on the same link bandwidth.
43
SL is DiffServ Service Level or Class of Service (CoS). SL can have any value from 1 to 8.
queue W x 256 bytes will be transmitted from the queue before transmission begins from another
queue.
This above description of WRR operation is roughly correct. The actual operation is more complex
and resembles the WFQ scheduling algorithm that provides fairness among the various WRR
queues.
Accordingly, weight 1 is equivalent to 256 bytes, weight 2 is equivalent to 2 x 256 bytes, etc., so
that weight 255 is 63.75 Kbytes. As a result, the distribution of bandwidth among a queues in a
WRR group will be directly proportional to the weights.
Configuration
General
This section shows how to configure scheduling for each queue by setting it into one of the three
modes and assigning to the queue a weight if it is set in WRR1 or WRR0 mode.
Priority Queuing
To avoid confusion, ensure that:
− Queues in SP mode have higher SL values than queues in WRR1 mode and WRR0
mode, and
− Queues in WRR1 mode have higher SL values than queues in WRR0 mode.
For example, queue 6 should not be set in SP if queue 7 is set in WRR1.
Setting all queues in SP mode without traffic shaping or ingress rate limiting (policing) may prevent
progress of lower SL queues.
The default weights for the eight queues in WRR1 or WRR0 mode are as follows:
Queue 1 2 3 4 5 6 7 8
Weight 1 (= 256 16 (= 4K 32 (= 8K 48 (= 12K 64 (= 16K 80 (= 20K 96 (= 24K 112 (= 28K
bytes) bytes) bytes) bytes) bytes) bytes) bytes) bytes)
To assign modes (SP, WRR0, WRR1) and SLs (1, 2, etc. up to 8) to the queues:
1. Enter configure terminal mode.
2. For WRR0 or WRR1, invoke the command:
priority-queuing sl <1-8> wrr0|wrr1 weight <1-255> profile <1-
7>
where,
<1-8>: Number of Service Level
wrr0: WRR0 mode
wrr1: WRR1 mode
<1-255>: WRR weight value in units of 256 bytes
<1-7>: Profile number
3. For SP or default, invoke the command:
priority-queuing sl <1-8> sp|default profile <1-7>
where,
<1-8>: Number of Service Level
sp: SP mode
default: Assign the queue (SL) to SP mode
<1-7>: Profile number
Profiles
Up to 7 global profiles can be defined for ports using the port priority-queuing profile
command. To each port one profile can be assigned to ingress traffic and one to egress traffic. If
the port is a trunk only one and the same profile can be assigned to the member ports of the trunk.
To assign a profile to egress traffic at a port/group:
1. Enter configure terminal mode.
2. Invoke the command:
port priority-queuing profile <1-7> [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of Ports
To assign a profile to ingress traffic at a port/group:
1. Enter configure terminal mode.
2. Invoke the command:
port priority-queuing profile <1-7> ingress [PORTS-GROUP]
where,
[PORTS-GROUP]: Group of Ports
By default, all ports are assigned to profile 1.
Example
The example below demonstrates how to configure scheduling. Suppose the scheduling conditions
are as follows: :
− Applicability to ports 3 and 4.
− Queues 6 to 8 in SP
− Queues 3 to 5 in WRR1
− Queues 3, 4, and 5 have 5 Kbytes (weight 20), 7.5 Kbytes (weight 30), and 15 Kbytes
(weight 60), respectively of the bandwidth for WRR1
− Queues 1 and 2 in WRR0
− Queues 1 and 2 have 10 Kbytes (weight 40) and 12.5 Kbytes (weight 50), respectively of
the bandwidth for WRR0
Packets entering queues 6 to 8 will be forwarded first. Packets entering queues 3 to 5 will be
forwarded provided the queues 6 to 8 are empty. Packets entering queues 1 and 2 will be
forwarded provided the queues 3 to 8 are empty. Packets in queue 7 will be forwarded provided
queue 8 is empty. Packets in queue 6 will be forwarded provided queues 7 and 8 are empty.
OS900> enable
OS900# configure terminal
OS900(config)# priority-queuing sl 8 sp profile 2
OS900(config)# priority-queuing sl 7 sp profile 2
OS900(config)# priority-queuing sl 6 sp profile 2
OS900(config)# priority-queuing sl 5 wrr1 weight 60 profile 2
Set weight 60 (15k bytes)
OS900(config)# priority-queuing sl 4 wrr1 weight 30 profile 2
Set weight 30 (7.5k bytes)
OS900(config)# priority-queuing sl 3 wrr1 weight 20 profile 2
Set weight 20 (5k bytes)
OS900(config)# priority-queuing sl 2 wrr0 weight 50 profile 2
Set weight 50 (12.5k bytes)
OS900(config)# priority-queuing sl 1 wrr0 weight 40 profile 2
Set weight 40 (10k bytes)
OS900(config)# port priority-queuing profile 2 3,4
port 3 scheduler profile set to: 2
port 4 scheduler profile set to: 2
OS900(config)#
Viewing
To view a configured Flow Scheduler, invoke the command:
PRIORITY-QUEUING
======================
SL GROUP WRR-WEIGHT
---------------------------
Profile 2 Port Members:3-4
-------------------------
1 wrr0 40 (10K)
2 wrr0 50 (12.5K)
3 wrr1 20 (5K)
4 wrr1 30 (7.5K)
5 wrr1 60 (15K)
6 sp -
7 sp -
8 sp -
OS900(config)#
Shaping
General
Shaping is a mechanism for regulating traffic (ingress traffic at dual ports or egress traffic) in order
to smoothen traffic flow.
Shaping can be used to limit and shape the traffic rate for specific egress queues or for the whole
egress port.
Traffic rate per queue is limited by the per-queue Token Bucket mechanism. Traffic that is in-
profile with the Token Bucket parameters is transmitted on the link. Out-of-profile traffic remains in
the queue until it becomes in-profile. When operating in this mode, the queue-scheduling algorithm
is considered non-work-conserving, i.e., queued packets are not transmitted at every opportunity,
but only when the packets match the Token Bucket profile.
Another mechanism for regulating traffic is metering (as described in the section Metering, page
286) coupled with dropping (as described in the section Dropping, page 289).
The difference between the two mechanisms is that metering/dropping can only mark and
optionally drop or forward non-conforming traffic, while shaping can smooth the traffic (by delaying
non-conforming packets, an operation which metering cannot do).
A token bucket shaper is available per port and a token bucket shaper is available per queue. The
port shaper has a higher hierarchical level, meaning that traffic is first shaped by its queue shaper
and then shaped for all eight queues of the port by the port shaper.
The Token Bucket shaper is enabled per queue and per port.
Custom
To set the Maximum Transmission Unit (MTU) for the port shaper:
Default
To set the MTU for the port shaper to the default value (2048 bytes):
1. Enter configure terminal mode.
2. Invoke the command:
no port shaper mtu
Configuration
For the bandwidth limitation to be met according to the configured traffic shaping as described
below, the sizes of the egress packets must not be greater than the MTU size – see the section
Maximum Transmission Unit (MTU) for Port Shaper, page 301.
To configure egress traffic shaping & bandwidth limitation for one or more queues at one or more
ports, invoke the command:
port egress-shaping [per-queue <1-8>] rate RATELIMIT burst-size
BURSTSIZE PORTS-GROUP|all
where,
port: action on port(s).
egress-shaping: Shaping of egress traffic.
per-queue: (optional) Specific queue. If this argument is skipped, the rate limitation
will be applied on the port level.
<1-8>: Eight queues from which one is to be selected. Queue 1 has CoS/service
level 1 (lowest priority). Queue 8 has CoS/service level 8 (highest priority).
rate: Rate (bandwidth) limitation.
RATELIMIT: Rate limitation. This can be any value in the range <65k-1g
bits/sec>. The format is a number indexed with k, m, or g
where, k = kilo = 103, m = mega = 106, g = giga = 109. For example, 200m , which
means 200 Mbps. The number is rounded down to a multiple of 65k bits/sec.
burst-size: Burst size.
BURSTSIZE: Burst size. This can be any value in the range <4k-16m bytes>. The
format is a number indexed with k or m
where, k = 210, m = 220. For example, 11k , which means 11K bytes. The number is
rounded down to a multiple of 4K bytes.
PORTS-GROUP: Group of ports at which the queue(s) is(are) to be rate limited. (Trunk
ports may be included in the group. For a trunk, the rate applies to each member port
of the trunk and is not the total rate of the entire trunk.)
all: All ports at which the queue(s) is(are) to be rate limited.
Ingress traffic shaping & bandwidth limitation applies only for a dual port. A dual port has one
internal and one external port. For details, refer to the section Dual (Internal and External) Ports,
page 154. If an analyzer VLAN has been configured on OS912-AC-2 or OS912-DC-2, internal Port
10 will become unavailable for ingress traffic shaping & bandwidth limitation.
To configure ingress traffic shaping & bandwidth limitation for one or more queues at one or more
dual ports, invoke the command:
port ingress-shaping [per-queue <1-8>] rate RATELIMIT burst-size
BURSTSIZE PORTS-GROUP|all
where,
port: action on port(s).
Example
Below is an example showing the user inputs (in bold) and OS900 outputs on the CLI screen.
MRV OptiSwitch 910 version 1_0_11
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
OS900(config)# port egress-shaping per-queue 7 rate 200m burst-size 18k 2-4
Note that machine limitation is rate in steps of 65k bits/sec
Note that machine limitation is burst in steps of 4k bytes
port 2 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes
port 3 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes
port 4 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes
OS900(config)#
Note
In allocating buffers, the following requirements must be met:
The total of packet buffers allocated to all the ports plus the
buffers allocated as the shared resource does not exceed 4K
and the total of descriptors allocated to all the ports plus the
shared resource does not exceed 4K. The shared resource is
automatically configured to have what is left of the total 4K. Out
of the total budget there are some buffers/descriptors allocated
for internal use of the device and the automatic configuration of
the shared resource takes this allocation into account.
Profile 1:
-----------
Port Members: 1-4
Port Ingress Members:
sl<1> Green Buffers: 28 Green Descriptors: 28
sl<1> Red Buffers: 5 Red Descriptors: 5
sl<2> Green Buffers: 28 Green Descriptors: 28
sl<2> Red Buffers: 5 Red Descriptors: 5
sl<3> Green Buffers: 28 Green Descriptors: 28
sl<3> Red Buffers: 5 Red Descriptors: 5
sl<4> Green Buffers: 28 Green Descriptors: 28
sl<4> Red Buffers: 5 Red Descriptors: 5
sl<5> Green Buffers: 28 Green Descriptors: 28
sl<5> Red Buffers: 5 Red Descriptors: 5
sl<6> Green Buffers: 28 Green Descriptors: 28
sl<6> Red Buffers: 5 Red Descriptors: 5
sl<7> Green Buffers: 12 Green Descriptors: 12
sl<7> Red Buffers: 5 Red Descriptors: 5
sl<8> Green Buffers: 12 Green Descriptors: 12
sl<8> Red Buffers: 5 Red Descriptors: 5
The default profile for all ports is Profile 1 as shown in the example above. Each port is allocated
120 port buffers, 120 port descriptors. These descriptors and buffers are divided among the two
CLs (green, red) and eight SLs (1 to 8) for a port. The shared resource is configured to have 96
shared buffers and 96 shared descriptors.
Egress Traffic
To bind any one of 7 global buffer profiles to a port for egress traffic, invoke the command:
port buffers profile <1-7> [PORTS-GROUP]
where,
profile: Buffer profile.
<1-7>: Profile number. Profile 7 is machine-defined, fixed, and allocates much fewer
buffers than the default configuration of the other profiles.
[PORTS-GROUP]: Group of Ports. Default = all ports
Example
OS900(config)# port buffers profile 2 1,3
port 1 buffers profile set to: 2
port 3 buffers profile set to: 2
OS900(config)#
WARNING!
It is strongly recommended to use the default configuration of buffers and
descriptors for memory resource management.
In changing descriptor or buffer budgets, take into account unexpected
packet loss.
Egress Counters
An egress counter is used to count packets in an egress queue according to one or more of the
following attributes:
− Physical ports
− VLAN tag (Interface ID)
− Service Level
− Conformance Level
There are two sets of four egress counters, identified as ‘set1’ and ‘set2’. The egress counters in a
set are:
− UNICAST (counts the number of unicast packets)
− MCAST/UNKNOWN (counts the number of multicast/unknown packets)
− BCAST (counts the number of broadcast packets)
− TxQ Congest (counts the number of packets dropped due to Tx queue congestion)
Activation
To activate a set of egress queue counters:
1. Enter configure terminal mode.
Example
OS900# configure terminal
OS900(config)#
2. Invoke the command:
egress-counters set1|set2 port PORT|all tag <1-4096>|all sl <1-
8>|all cl all|green|red
where,
set1: First egress counters set
set2: Second egress counters set
port: Egress port
PORT: Range of port numbers from which one can be selected
all: (first) All ports
tag: VLAN interface tag
<1-4096>: Range of VLAN Interface IDs from which one can be selected
all: (second) All VLAN Interface IDs
sl: Egress traffic service level
<1-8>: Range of service levels from which one can be selected
Viewing
To view the egress queue counters
1. Enter configure terminal mode.
2. Invoke either of the following commands:
show egress-counters set1|set2
monitor egress-counters set1|set2
where,
show: Display without refresh.
monitor: Display with refresh.
set1: First egress counters set
set2: Second egress counters set
Example
OS900(config)# monitor egress-counters set1
Egress counters group is active for port 3, tag 2006, sl 5, cl red
Definition
Ethernet Service OAM is a set of management functions for managing Ethernet services. Such
management functions are specified in the IEEE 802.1ag and ITU-T SG 13 Y.1731 standards.
Ethernet Service OAM includes Fault Management as well as Performance Management (per
Y.1731).
Purpose
The purpose of Ethernet Service OAM is to enable service providers to operate, administer, and
maintain Ethernet services. In particular, the path through bridges and LANs taken by frames
addressed to and from specified network users can be discovered and verified and faults can be
detected and isolated to an individual bridge or LAN.
Applicability
Ethernet Service OAM can be applied to single-domain and multi-domain Ethernet services.
Terminology
Following is a list of terms with their meaning as used in this chapter:
CCM A multicast CFM PDU transmitted periodically by a MEP in order to verify
connectivity over the MA to which the transmitting MEP belongs. No reply is sent
by any MP in response to receiving a CCM.
CFM An end-to-end44 per-service-instance-per-VLAN Ethernet layer OAM protocol for
proactive connectivity monitoring, fault verification, and fault isolation. These actions
are performed using IEEE 802.1ag standard Layer 2 PING, Layer 2 traceroute, and
end-to-end connectivity check of Ethernet networks.
LBR A unicast CFM PDU transmitted by a MEP or MIP to a MEP, in response to an
LBM received from that MEP.
LTM A CFM PDU initiated by a MEP, and forwarded from MIP to MIP, with each MIP
generating an LTR (Link Trace Reply), up to the point at which the LTM
(LinkTrace Message) reaches its destination or can no longer be forwarded.
MA A set of MEPs, each configured with the same MAID (MA IDentifier) and MD Level
(Maintenance Domain Level), established to verify the integrity of a single service
instance. An MA can also be thought of as a full mesh of Maintenance Entities
among a set of MEPs so configured.
MAID An MA identifier for an MA, unique over the domain that CFM is to protect against
the accidental concatenation of service instances. MAID has two parts: the
Maintenance Domain Name and the Short MA Name.
44
End-to-end means spanning the Provider Edge or Customer Edge.
MD Level Maintenance Domain Level is a value in the range 0-7 which together with the
VLAN tag is used to determine which OAM PDU is to be handled at the current
level and which OAM PDU is to be forwarded in the VLAN.
OAM allows transparent forwarding of OAM PDUs from higher level domains via
lower level domains when the domains are nested.
It is possible to set a name for a domain level. This name can be one of following
types: DNS, string, or MAC address with a 2-octet unsigned integer. A domain
name has to be the same, in respect to type and value, for all MEPs in service.
MDN Maintenance Domain Name is the identifier, unique over the domain for which
CFM is to protect against accidental concatenation of service instances, of a
particular Maintenance Domain.
ME Maintenance Entity is a point-to-point relationship between two MEPs within a
single MA.
MEG Maintenance Entity Group is a group of Maintenance Entities.
MEP An actively managed OAM entity associated with a specific access port of a
service instance that can generate and receive OAM PDUs as well as track any
response. It is an end point of a single service that can branch out to other MEPs.
This means that a single service may have several MEPs as end points. A MEP
resides in a bridge that receives OAM PDUs and transmits them in the direction of
the Bridge’s Relay Entity. Each MEP maintains a list of MEPs with whom it is
connected. Each MEP has a primary VLAN whose tag it sends with OAM PDUs.
MHF A CFM entity, associated with a single Maintenance Domain, and thus with a
single MD Level and a set of VIDs, that can generate CFM PDUs, but only in
response to received CFM PDUs.
MIP A CFM entity consisting of one or more MHFs.
Primary VLAN The VLAN in a group associated with a service instance, on which all CFM PDUs
generated by MPs, except for forwarded LTMs, are to be transmitted.
Service A set of MEPs, each configured with the same service ID and MD level,
established to verify the integrity of a single service instance. Every service
maintains a list of VLANs for whose connectivity it is responsible. The service is
uniquely identified by MD level and service name (ID). If the service name is not
defined explicitly, it is assigned the first VLAN tag in the list of VLANs. Each
service maintains a remote list of MEPs. No OAM request is handled if it arrives
from a remote MEP that does not appear on this list.
Management Functions
In a layered network model, Ethernet Service OAM is active at the Ethernet Service Layer.
In OAM, a switch (such as the OS900) plays the role of a bridge defining all its Maintenance Entity
Groups (MEGs) as MEPs. Each MEP can be uniquely identified by administrative domain level,
service ID, and MEP ID. The bridge transmits OAM frames to all ports that belong to the same
VLAN except to the MEP ports. A MEP port is required to provide transparency only to higher MD
levels.
Fault Management
The Fault Management OAM contains the following functions, each of which is supported in
software:
generate PDUs with ETH-CC information, it also expects to receive PDUs with ETH-CC
information from its peer MEPs in the MEG. A MEP always reports reception of a PDU with
unexpected ETH-CC information.
A field of flags is incorporated in each CCM. This field is used to indicate the defect detected (if
any) and the period during which CCMs are transmitted. In case of a Continuity Fault, a Fault
Alarm is generated. Fault Alarm is an out-of-band signal that is both an SNMP notification and a
CLI message.
The following defects can be detected by ETH-CC:
RDI Remote Defect Indication. It is used by a MEP to communicate to its peer
MEPs that a defect condition has been encountered. A MEP that is in a defect
condition transmits frames with ETH-RDI information. A MEP, upon receiving
frames with ETH-RDI information, determines that its peer MEP has
encountered a defect condition.
MAC MAC status defect. It is indicated if the:
o Bridge port on which the transmitting MEP resides, has no ability to
pass ordinary data, or
o MEP's primary VLAN is down.
RMEP Remote MEP defect. If no CCM frames are received from a peer MEP within
an interval equal to 3.5 times the receiving MEP's CCM transmission period,
LOC with the peer MEP is flagged.
ERROR Transmission period error. A MEP received a CCM frame with an incorrect
value of the transmission period.
XCON Cross-connect defect. Incompatibility in one or more of expected parameters
in a CCM frame such as: domain level, domain name type, service name type,
service ID, etc.
Performance Management
Ethernet Performance Management (ETH-PM) is an on-demand OAM function which causes
MEPs to send PM (Performance Management) unicast packets to point-to-point MAs. Whenever a
valid unicast PM frame is received by the target MEP, a PMR frame is generated and transmitted
to the requester MEP. Every field in the PM frame is copied to the PMR frame with the following
exceptions:
− The source and destination MAC addresses are swapped.
− The OpCode field is changed from PMM to PMR.
− Rx and Tx time stamps are inserted.
The following performance parameters are measured by respective Performance Measurement45
messages:
1. Frame Loss Ratio (FLR) – Percentage of undelivered service frames, divided by the total
number of service frames during a time interval. The number of service frames not
delivered is the difference between the number of service frames sent to an ingress UNI
and the number of service frames received at an egress UNI.
2. Frame Delay (FD) - Time taken by a frame to make the round-trip from the source node,
through the destination node, and back to the same source node. This time is measured
from the start of transmission of the first bit of the frame by a source node until the
reception of the last bit of the frame by the same source node.
3. Frame Delay Variation (FDV) or jitter - Measure of the variations in the FD between a pair
of service frames belonging to the same CoS instance on a point-to-point Ethernet
connection.
4. Inter-arrival jitter – Estimate of the statistical variance of the Performance Measurement
data packet inter-arrival time, measured in timestamp units and expressed as an unsigned
integer, as defined in RFC1889.
Configuration
Rules
The following rules apply when configuring the OS900 to operate Ethernet Service OAM:
1. A user-created service must be assigned a service ID in the range 1 to 65535.
2. Only one MEP may be defined per port.
3. A user-created MEP must be assigned a MEP ID in the range 1 to 4095.
4. MEP is uniquely defined by domain level, service ID, and MEP ID.
5. Port number and VLAN tag uniquely define one MEP.
6. Every port that belongs to the same VLAN of a MEP should preferably be tagged.
7. Every MEP that belongs to the same service must be defined in the same domain level.
8. Every MEP that belongs to the same service must be defined with the same domain
name.
9. Every MEP that belongs to the same service must be defined with the same service ID.
10. Every MEP that belongs to the same service must be defined with the same service name.
11. Every remote MEP that belongs to the same service must be included in the remote MEPs
list of the MEP.
12. All remote MEP VLAN tags that belong to the same service must be included in the
remote VLANs list of each MEP.
13. The same CCM interval must be defined for all MEPs in the same service.
14. In the same domain, different services must be assigned different primary VLANs.
45
Supported by OS900s with FPGA version 0x19 or later. To view the FPGA version of an OS900, enter enable mode
and invoke the command show fpga version.
Network
The network shown in Figure 31, below, is used as an example in the procedure for configuring the
OS900 to operate Ethernet Service OAM.
Figure 31: Network used for Ethernet Service OAM Configuration Procedure
The planned initial setup is as follows:
− Two bridges (OS900_A and OS900_B).
− Ethernet VLAN interfaces vif10 and vif20 in OS900_A and OS900_B and participate in
the service 1 in domain level 4.
− Ports 1 to 3 are members of inband VLAN interfaces vif10 and vif20 in OS900_A.
− Port 1 in OS900_A is an access port.
− Inband VLAN interface vif10 in OS900_B can have any group of ports as members.
Although vif10 here does not actively participate in the service, its existence is required
because it belongs to the service.
− Ports 1 to 3 are members of inband VLAN interface vif20 in OS900_B.
− Port 1 in vif20 in OS900_B is an access port.
Procedure
Following is the basic procedure for configuring the OS900 to operate Ethernet Service OAM using
the network described above as an example. Additional settings may be made using the
commands detailed in the section Optional Configuration Parameters, page 316.
Configuring OS900 A
1. Set at least one provider port (e.g., 2 or 3 in OS900_A) in tagged mode using the
command:
port tag-outbound-mode tagged PORTS-GROUP
where,
PORTS-GROUP: Group of ports
Example
OS900_A(config)# port tag-outbound-mode tagged 2,3
OS900_A(config)#
2. Create interface VLANs (e.g., vif10 and vif20 in OS900_A) each including at
least two ports (e.g., 1 to 3)
3. Create an Ethernet OAM domain level (e.g. 4) using the command:
ethernet oam domain <0-7>
where,
<0-7>: Range of eight domain levels from which an
integer value is to be selected
Example
OS900_A(config)# ethernet oam domain 4
OS900_A(config-ethoam-Lev4)#
(To prevent one or more remote MEPs from participating in the service, invoke the
command:
no remote-meps LIST-OF-MEPS|all
6. Select VLANs (e.g., 10 and 20) that are to participate in the service using the
command:
vlans LIST-OF-VIDS|all
where,
LIST-OF-VIDS: IDs (tags) of VLANs. IDs are to be selected from the range
1 to 4095
7. Create a MEP (e.g., 100) on the access port (e.g., 1) and assign a VLAN as the primary
VLAN (e.g., 10).
mep <1-4095> primary-vlan TAG
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
primary-vlan: Primary VLAN
TAG: Primary VLAN ID
Example
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 100 port 1
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 100 primary-vlan 10
OS900_A(config-ethoam-Lev4:MAiD#1)#
Configuring OS900 B
Repeat steps 1 to 9, above, for OS900_B.
Example
OS900_B(config)# interface vlan vif10
OS900_B(config-vif10)# tag 10
OS900_B(config-vif10)# ports 2-3
OS900_B(config-vif10)# exit
OS900_B(config)# interface vlan vif20
OS900_B(config-vif20)# tag 20
OS900_B(config-vif20)# ports 1-3
OS900_B(config-vif20)# exit
OS900_B(config)# ethernet oam domain 4
OS900_B(config-ethoam-Lev4)# service 1
OS900_B(config-ethoam-Lev4:MAiD#1)# vlans 10,20
OS900_B(config-ethoam-Lev4:MAiD#1)# ccm-interval 10s
OS900_B(config-ethoam-Lev4:MAiD#1)# remote-meps 100,300
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 port 1
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 primary-vlan 20
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 activate
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 ccm-activate
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure rmep 100,300
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure priority 5
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure history-size 10
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure burst-interval 10
OS900_B(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure enable
OS900_B(config-ethoam-Lev4:MAiD#1)# exit
OS900_B(config-ethoam-Lev4)# exit
OS900_B(config)# ethernet oam enable
OS900_B(config)#
Ethertype
The OAM ether-type is not specified in the IEEE 802.1ag standard (still to be finalized).
To specify (identify) the OAM ethertype of a frame, invoke the command:
ethernet oam ether-type [HEXLINE]
where,
HEXLINE: Range of OAM ethertypes. Either a decimal number from the range 0 to
65535 or a hexadecimal number from the range 0x0000 to 0xffff may be
selected. Default: 0x88e6.
Example
OS900(config)# ethernet oam ether-type 0x1a1a
OS900(config)#
(To delete specification (identification) of the OAM ethertype of a frame, invoke the command:
In the example above, 0x designates hex and aaaaa are the values of x1 to x5.
(To revoke changing of a multicast MAC address, invoke the command:
no ethernet oam mac [HEXLINE])
To revoke the setting of the multicast destination MAC address in CCMs to be sent by MEPs,
invoke the command:
no ethernet oam destination-multicast mac [MAC_ADDRESS]
TLVs
A TLV is a datagram consisting of Type, Length, and Value fields. The fields are as follows:
Type Numeric code indicating the kind of field that the message designates
Length Size of the Value field
Value Variable size that contains data for the message
Setting
To set TLVs (for appending to CCMs), invoke one or both of the following commands:
ethernet oam organization-specific-tlv set OUI <0-255> length <0-
1350>
or
ethernet oam organization-specific-tlv set OUI <0-255> VALUE
where,
set: Set
OUI: Organizationally Unique Identifier. 6-digit hex number in the format
0xyyyyyy, where 0x designates hex. Example: 0x0a0b0c.
Note
If the Value of length specified is greater than the TLV data
length, the data is replicated until it is equal to the length. If the
TLV data length is greater than the length specified, the LSB of
the data is truncated so that it becomes equal to the length
specified.
Example
OS900(config)# ethernet oam organization-specific-tlv set 0xaabbcc 40 length 20
(Set organization specific TLV where OUI is 0xaabbcc and sub type is equal to
40 and length 20.)
(To revoke setting of TLVs (for appending to CCMs), invoke the command:
no ethernet oam organization-specific-tlv set OUI <0-255>)
Appending
In order to append a specific TLV to CCMs, invoke the command:
ethernet oam organization-specific-tlv enable OUI <0-255>
where,
enable: Enable
OUI: Organizationally Unique Identifier. 6-digit hex number in the format
0xyyyyyy, where 0x designates hex. Example: 0x0a0b0c.
<0-255>: Range of type values from which one value is to be selected
Example
OS900(config)# ethernet oam organization-specific-tlv enable 0xaabbcc 40
OS900(config)#
Domain Parameters
Encapsulation
To set the OS900 to encapsulate frames belonging to a given domain level with a specific
type, invoke the command:
encapsulation-type (default|llc|type-length)
where,
default: Default (Type/Length header encapsulation type)
llc: LLC header encapsulation type
type-length: Type/Length header encapsulation type.
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# encapsulation-type llc
OS900(config-ethoam-Lev4)#
Domain Name
The domain name type and value must be the same for every MEP in a domain.
To assign a domain name type (IEEE 802.1ag compatible), invoke any one of the
following commands:
DNS Type
name dns NAME
where,
NAME: Name of the domain.
String Type
name string NAME
where,
NAME: String (e.g., mnemonic) for the domain.
MAC Address Type
name mac-addr-and-uint NUMBER
where,
NUMBER: MAC address with a 2-octet unsigned integer. Decimal number (in the
range 0 to 65535) or hex number (in the range 0x0000 to 0xffff).
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# name string MRV-domain
OS900(config-ethoam-Lev4)#
Service Parameters
Enabling a MEP to Send CCM PDUs
Enable a specific MEP to send CCM PDUs (when Ethernet OAM is enabled).
mep <1-4095> ccm-activate
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
ccm-activate: Enable sending of CCM PDUs
Example
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 100 ccm-activate
OS900_A(config-ethoam-Lev4:MAiD#1)#
ccm-interval [TIME_INTERVAL]
where,
TIME_INTERVAL: Time interval between CCM PDUs.
Choices: 100ms, 10ms, 10s, 1s, 300Hz (31/3 millisecond), 600s, and
60s. Default: 1s (1 second).
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# ccm-interval 10s
OS900(config-ethoam-Lev4:MAiD#1)#
(To reset the time interval between CCM PDUs to the default value, invoke the command:
no ccm-interval)
Note
The chosen time interval between CCM PDUs must be the same in
every MEP in a service.
InterfaceStatusTLV in CCM
By default, MEPs send the InterfaceStatusTLV with the CCM.
To cause a MEP to send the InterfaceStatusTLV, invoke the command:
mep <1-4095> send-interface-tlv
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS900(config-ethoam-Lev4:MAiD#1)# mep 44 send-interface-tlv
OS900(config-ethoam-Lev4:MAiD#1)#
PortStatusTLV in CCM
By default, MEPs send the PortStatusTLV with the CCM.
To cause a MEP to send the PortStatusTLV, invoke the command:
mep <1-4095> send-port-tlv
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS910(config-ethoam-Lev4:MAiD#1)# mep 44 send-port-tlv
OS910(config-ethoam-Lev4:MAiD#1)#
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 debug rx-ccm
OS900(config-ethoam-Lev4:MAiD#1)#
46
of handling
To revoke the service name type and value, invoke the command:
no name
Default Primary-VLAN for MEPs
To create a default primary-VLAN for every MEP in service, invoke the command:
primary-vlan <1-4095>
where,
<1-4095>: Range of VLANs.
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# primary-vlan 10
OS900(config-ethoam-Lev4:MAiD#1)#
To reset the time that defects must be present before a Fault Alarm is issued, invoke the
command:
no mep <1-4095> fng-alarm-time
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
To reset the time that defects must be absent before a Fault Alarm is disabled, invoke the
command:
no mep <1-4095> fng-reset-time
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Thresholds
To set the Performance Monitoring threshold for averages in a burst that will send alarms,
invoke the command:
mep <1-4095> threshold (frame-delay|ds-jitter|sd-jitter) rise <0-
100000> fall <0-100000>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
frame-delay: Frame delay
ds-jitter: Destination-Source jitter
sd-jitter: Source-Destination jitter
<0-100000>: (First appearance) Rise threshold value (microseconds)
<0-100000>: (Second appearance) Fall threshold value (microseconds)
Example
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 threshold frame-delay rise 200 fall 150
OS900(config-ethoam-Lev4:MAiD#1)#
Delay-Measurement/Loopback Parameters
For Delay-Measurement or Loopback, the remote MEP(s) must be specified in the service by
invoking either of the commands in the section Remote MEPs, just below.
Remote MEPs
To select the remote (destination) MEPs for a MEP, use either of the following methods.
Method 1 (Remote MEP identified by its ID)
To select the local MEP and remote MEPs (between which the Delay-Measurement is to be set or
Loopback testing is to be performed)
For a specific MEP in the service, invoke the command:
Number of Bursts
To set the number of frame transmission bursts
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback burst-number <1-255>|forever
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-255>: Number of bursts to be selected from the range 1-255. Default: 1
forever: Continuous transmission
(To reset the burst number to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback burst-number)
Number of History Entries
To limit the number of most recent history entries:
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback history-size <2-120>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<2-120>: Maximum number of history entries to be recorded from the range 2-
120. Default: 5
(To reset the number of history entries to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback history-size)
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure history-size 20
Time Interval
To set the time interval between every two packets in a burst
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback interval <1-1000> [msec| µsec]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-1000>: Time interval to be selected from the range 1 to 1000. Default: 100
[msec| µsec]: milliseconds or microseconds. Default: msec (milliseconds)
(To reset the time interval to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback interval)
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure interval 200
OS900(config-ethoam-Lev4:MAiD#1)#
CLI Messages
To cause the display of a CLI message for every Delay-Measurement or Loopback attempt (i.e.,
reply by echoing the PDU from the local MEP)
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback echo-reply-mode
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
echo-reply-mode: Reply by echoing the PDU from the local MEP.
(By default CLI messages are not displayed.To prevent display of CLI messages,
invoke the command:
no mep <1-4095> delay-measure|loopback echo-reply-mode)
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure echo-reply-mode
OS900(config-ethoam-Lev4:MAiD#1)#
PDU Length
To set the PDU length (measured in the Layer 2 header up to and excluding CRC) that will help
diagnose faults sensitive to this length
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback length <60-9000>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<60-9000>: PDU length (in octets) to be selected from the range 68 to 9000.
Default: 60
(To reset the PDU length to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback length
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure length 80
OS900(config-ethoam-Lev4:MAiD#1)#
Data Pattern
To set a data pattern (inside a PDU) that will help to diagnose faults sensitive to incompleteness of
data in a frame
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback pattern HEXLINE
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
HEXLINE: Pattern (dataFill) of DataTLV using hexadecimal digits, e.g.,
0f0f0a0a880c
If a conflict exists between PDU length and pattern size, the whole pattern is used.
(To delete the data pattern, invoke the command:
no mep <1-4095> delay-measure|loopback pattern
Layer 2 PDU Priority
To set the Layer 2 PDU priority
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback priority [<0-7>]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
[<0-7>]: Layer 2 PDU priority to be selected from the range 0 to 7. Default:
Same as MEP priority
(To reset the Layer 2 PDU priority to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback priority
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 delay-measure priority 5
OS900(config-ethoam-Lev4:MAiD#1)#
Number of Packets
To set the number of packets to be sent during each burst interval
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback packets <1-1000000>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-1000000>: Number of packets to be sent to be selected from the range 1 to
1000000. Default: 3.
(To reset the number of packets to be sent to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback packets
Burst Interval
To set the time interval between every two bursts
For a specific MEP in the service, invoke the command:
mep <1-4095> delay-measure|loopback burst-interval <1-86400>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-86400>: Burst interval (in seconds) to be selected from the range 1 to 86400.
Default 60.
(To reset the burst interval to the default value, invoke the command:
no mep <1-4095> delay-measure|loopback burst-interval
Activating
To activate the PDU delay-measure or loopback function, invoke the command:
mep <1-4095> (delay-measure|loopback) enable [slow]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
[slow]: Execute slow (CPU/software-controlled) Delay-Measurement or Loopback.
Default: Execute fast (FPGA/hardware-controlled) Delay-Measurement or
Loopback test. If the OS900 model does not have an FPGA, the mode of
Delay-Measurement and Loopback will be slow even if the argument slow
is not selected. Enabling FPGA/hardware-controlled Delay-Measurement
and Loopback test provides for presenting time parameters with extremely
higher accuracy, i.e., in nanoseconds!
Alternatively, Delay-Measurement/Loopback can be activated in enable mode by invoking the
command: ethernet oam domain <0-7> service NUMBER mep <1-4095> delay-
measure|loopback enable.
Example 1
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure enable
OS900_A(config-ethoam-Lev4:MAiD#1)#
Example 2
OS900_A(config-ethoam-Lev4:MAiD#1)# mep 200 delay-measure enable slow
Results of delay measure for Level=4 MA=1 MEPiD=200:
Started:Sat Mar 4 17:57:22 2000 on target: rmep 201 mac
00:0f:bd:01:5e:88
10 packets transmitted; 10 packets received, 0.00% packet loss
Round-trip min/avg/max: 2.526/15.585/44.248 ms
Jitter SD min/avg/max: 0.000/ 2.278/ 11.212 ms; number=10
Jitter DS min/avg/max: 0.000/ 8.655/ 41.205 ms; number=10
OS900_A(config-ethoam-Lev4:MAiD#1)#
Deactivating
To deactivate the PDU Delay-Measurement or Loopback mechanism, invoke the command:
no mep <1-4095> (delay-measure|loopback) enable
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Storm Guard
A storm guard can be enabled over a group of ports, i.e., the ports can be set to automatically
disconnect from the network when a user-specified ingress OAM frame rate is exceeded.
Enabling
To enable a storm guard over a group of ports, invoke the command:
ethernet oam pdu-storm-guard [VALUE] PORTS-GROUP|all
where,
VALUE: Maximum number of OAM PDUs per port per second. Default: 50 frames
per second.
PORTS-GROUP: Group of ports
all: All ports
Example
OS900(config)# ethernet oam pdu-storm-guard 7 3-5
OS900(config)#
Disabling
To disable the storm guard over a group of ports, invoke the command:
no ethernet oam pdu-storm-guard PORTS-GROUP|all
where,
VALUE: Maximum number of OAM PDUs per port per second. Default: 50 frames
per second.
PORTS-GROUP: Group of ports
all: All ports
Example
OS900(config)# no ethernet oam pdu-storm-guard 3-5
OS900(config)#
Reconnecting Ports
To reconnect the ports to the network after they have been disconnected by the storm guard,
invoke the command:
port state enable PORTS-GROUP|all
where,
enable: Enable
PORTS-GROUP: Group of ports
all: All ports
Example
OS900(config)# port state enable 2
port 2 state set to: ENABLE
OS900(config)#
Viewing
Ethernet OAM Defaults
To view the default settings for Ethernet OAM parameters:
1. Enter enable mode
Service Lev=4:Ma#1
MEPiD Port VID RDI MAC RMEP ERROR XCON highestDefect rCCMseq.Errors Tx Rx
100 2 20 n Up n n n XCON 0 843 736
Service Lev=4:Ma#1
MEPiD Port VID RDI MAC RMEP ERROR XCON highestDefect rCCMseq.Errors Tx Rx
200 1 10 Y Dn n n n MACStatus 0 217 211
End of Table.
OS900(config-ethoam-Lev4)#
MEP Status
To display the status of a specific MEP, from the service’s mode invoke the command:
show mep status <1-4095>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show mep status 100
mepid port act cc-act vid mac
100 2 n n 0 00:00:00:00:00:00
End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#
OAM Configuration
To view the Ethernet OAM configuration, from a domain or service mode invoke the command:
show configuration
Example (from service mode)
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show configuration
!
! Ethernet OAM configuration
!
ethernet oam domain 4
service 1
vlans 10,20
remote-meps 100,200,300
mep 100 port 2
mep 100 primary-vlan 10
mep 100 activate
mep 100 ccm-activate
ethernet oam enable
OS900(config-ethoam-Lev4:MAiD#1)#
End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#
Service Lev=4:Ma#1
MEPiD Port VID RDI MAC RMEP ERROR XCON highestDefect rCCMseq.Errors Tx Rx
100 1 10 Y Dn n n n MACStatus 0 251 210
End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#
Service Lev=4:Ma#1
MEPiD Port VID RDI MAC RMEP ERROR XCON highestDefect rCCMseq.Errors Tx Rx
100 1 10 Y Dn n n n MACStatus 0 226 210
End of Table.
OS900(config-ethoam-Lev4:MAiD#1)#
Delay-Measurement/Loopback Status
To view the latest Delay-Measurement or Loopback status of a specific MEP or all MEPs:
1. Enter the mode of the service for which the loopback status(es) of the MEP(s) is
(are) to be viewed
2. Invoke the command:
show delay-measure|loopback [mep <1-4095>]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
If the optional parameter [mep <1-4095>] is not used, the loopback statuses of all the MEPs are
displayed.
Example
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# show loopback
Service Lev=4:Ma#1
mepid Active NextId ExpectID Absent rmepid
100 No 0 0 0 0
Started:Sun Jan 0 00:00:00 1900 on target: mac b3:90:ce:a7:9b:6d
200 packets transmitted; 200 packets received, 0.00% packet loss
OS900(config-ethoam-Lev4:MAiD#1)#
CCM Status
To view the CCM configuration for all MEPs:
1. Enter enable mode
2. Invoke the command:
show ethernet oam ccm
show ethernet oam delay-measure|loopback
show ethernet oam linktrace [detailed-output]
show running-config ethernet [oam]
Note
Note that the defect type in a MEP is indicated if it occurred
during sysUpTime.
Example
Below is an example of a CC alarm notification.
EthOam Fault:MACStatus MEP={Level=4 MA=0x1 MEPiD=100} sysUpTime=00:01:23,75
History
Setting Number of Loopback History Entries
To set the number of latest loopback history entries (bursts) whose results are to be displayed for
a specific MEP, invoke the command:
mep <1-4095> loopback history-size <2-120>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
loopback: Loopback
history-size: History entries to be held
<2-120>: Range of numbers of history entries. Default: 5.
Delay-Measurement/Loopback History
Results of Delay-Measurement/Loopback History are displayed with ns accuracy if Delay-
Measurement/Loopback was enabled for control by FPGA/hardware using the command mep <1-
4095> (delay-measure|loopback) enable described in the section Activating, page 327.
All MEPs
To view Delay-Measurement/Loopback history for all MEPs:
From enable mode invoke the command:
show ethernet oam delay-measure|loopback history
or
From a service mode invoke the command:
show delay-measure|loopback history
Example 1
OS906C(config-ethoam-Lev1:MAiD#14)# show delay-measure history
Service Lev=1:Ma#14
Service Lev=1:Ma#14
Specific MEP
To view the Delay-Measurement/Loopback history for a specific MEP, from the mode of a
service invoke the command:
show delay-measure|loopback history mep <1-4095>
Example 1
OS900(config-ethoam-Lev4:MAiD#1)# show delay-measure history mep 100
Service Lev=4:Ma#1
OS900(config-ethoam-Lev4:MAiD#1)#
Example 2
OS900(config-ethoam-Lev4:MAiD#1)# show loopback history mep 100
Service Lev=4:Ma#1
OS900(config-ethoam-Lev4:MAiD#1)#
Link Trace
The Link Trace (LT) function causes a MEP to send LT request PDUs to remote bridges
participating in a service on an on-demand basis. Depending on the replies, LT produces a
sequence of the bridges from the MEP to the target bridge. The MEP expects to receive LT reply
PDUs within a specified period of time. Bridges that do not reply are excluded from the sequence.
LT can be used for:
• Retrieval of adjacency relationships between a MEP and remote bridges participating in
the service, i.e., retrieval of the sequence of bridges from the source MEP to the target
bridge.
• Fault localization. When a fault (e.g., link or device failure) or a forwarding plane loop
occurs, the sequence of bridges will likely be different from the expected one. The
difference in the sequences provides information about the fault location.
Setting
Activation
To activate the link trace function, invoke the command:
mep <1-4095> linktrace rmep <1-4095>
or
mep <1-4095> linktrace mac MAC_ADDRESS
where,
<1-4095>: (First appearance) Local (source) MEP ID to be selected from the range 1 to
4095
<1-4095>: (Second appearance) Remote (destination) MEP ID to be selected from the
range 1 to 4095
OS900(config-ethoam-Lev4:MAiD#1)#
Example 2
OS900(config)# ethernet oam domain 4
OS900(config-ethoam-Lev4)# service 1
OS900(config-ethoam-Lev4:MAiD#1)# mep 100 linktrace mac 00:0F:BD:01:22:79
Time-To-Live
To set the time-to-live for linktrace packets, invoke the command:
mep <1-4095> linktrace ttl <1-255>
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
<1-255>: Time-to-live for linktrace packets from the range 1 to 255: Default: 255
To reset the time-to-live to the default value (255), invoke the command:
no mep <1-4095> linktrace ttl
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Viewing
To view the linktrace setting for a MEP, invoke the command:
show linktrace [mep <1-4095>] [detailed-output]
where,
<1-4095>: Local MEP ID to be selected from the range 1 to 4095
Debug
Type of CCM Message to Send
To select the type of message a specific MEP is to send, invoke the command:
debug ethernet oam domain <0-7> service NUMBER mep <1-4095> port PORT
(ccm-freeze|fng|rx-ccm|tx-ccm)
where,
ccm-freeze Freeze CCM
fng Fault Notification Generator
rx-ccm Received CCM PDUs
tx-ccm Transmitted CCM PDUs
To revoke the type of message a specific MEP is to send, invoke the command:
no debug ethernet oam domain <0-7> service NUMBER mep <1-4095> port
PORT (ccm-freeze|fng|rx-ccm|tx-ccm)
References
[1] IEEE 802.1ag, Virtual Bridged Local Area Networks – Amendment 5: Connectivity Fault
Management, Draft 8, February 2007, IEEE 802.1 Committee
[2] Draft Recommendation Y.1731 – OAM Functions and Mechanisms for Ethernet based
Networks, January 2006 Draft, ITU-T SG 13 WP /Q5
[3] Fujitsu – Ethernet Service OAM: Overview, Applications, Deployment, and Issues, Copyright
2006 Fujitsu Network Communications Inc.
General
Implementation of the OAM (for Ethernet in the First Mile) in the OS900 is based on the IEEE
802.3ah standard. This standard specifies OAM protocols and Ethernet interfaces for management
over Ethernet in the First Mile (EFM). The OAM sublayer is within the Data Link Layer of the OSI
model. The OAM protocol defines mechanisms to monitor the health of a network link and locate
faults using the transport layer [IEEE 802.3ah clause 57]. These mechanisms include the following
set of functions:
− Branch link performance monitoring
− Fault detection
− Loopback testing
− Setting of network event types to be announced
The number of OAM frames is usually limited to as little as ten per second, so there should be no
appreciable impact on the user traffic stream under normal conditions.
The OAM frames are fixed-size and can be distinguished from other frames by the Destination
MAC address and the Ethernet type & subtype.
Purpose
The OAM model provides reliable service assurance mechanisms for provider as well as customer
networks so as to avoid expensive time-consuming in-the-field truck rolls for isolating faults.
Application
A common application for the OAM functions is to Ethernet in the First Mile (EFM) networks. Each
such network consists of:
− A port of a Central Office OAM device (e.g., OS9000 located at a
central office)
− The cable connecting a Central Office OAM device port to a port of a
Branch OAM device (e.g., OS900 located at a customer’s premises),
and
47
CPE
Figure 32: EFM Link for Running the IEEE 802.3ah OAM Protocol
Advantages
EFM networks implemented with MRV’s OS9000 and OS900s provide the following advantages:
• Single-point of management
• Low-cost simple IP-less solution (i.e., the devices do not need IP
provisioning or IP addresses)
• Branch power failure indication
• End-to-end built-in self test for the fiberoptic link
• Independent of traffic loads, network configuration changes, and IP
connectivity failure
OAM Functionality
OAM Review
The OAM sublayer provides mechanisms to monitor the health of a network link and locate faults.
Vendor specific extensions are allowed to provide functions such as station management,
bandwidth allocation, and provisioning. The OAM sublayer software:
− Supports a single instance of the OAM entity and OAM client [ah 57.2-57.6];
− Operates in passive mode [ah 57.2.9];
− Facilitates the notification of critical events [ah 57.2.10];
− Provides a data link layer frame-level loopback mode [ah 57.2.11]; and
− Utilizes basic (untagged) IEEE 802.3 frames, or OAM Protocol Data Units
(OAMPDUs), to convey standard and vendor specific information [ah 57.4].
Operational Mode
As a passive OAM sublayer, the OS900 begins transmitting Information OAMPDUs only after
receiving one. The exchange of Information OAMPDUs and agreement on parameters advances
the discovery process to the SEND_ANY state, allowing any OAMPDU to be sent.
The OAM sublayer uses a timer to limit transmission of OAMPDUs (ten per second), and to ensure
that at least one is sent every second. A second timer detects loss of expected traffic.
Critical Events
Critical events are signaled using flag bits that are present in every OAMPDU sent.
Dying Gasp
Indicates time to failure due to power outage.
Note
The dying gasp indication is always sent to the Central Office device.
If a Layer 3 connection is present between the OS900 and an SNMP
host (manager) the dying gasp trap is sent directly to the SNMP host.
The procedure for configuring hosts that are to receive dying gasps and
other traps is described in the section Trap Host Specification, page 110.
Loopback
Loopback is performed on the OS900 port that is connected to the Central Office OAM device.
The OS9000 or another IEEE 802.3ah-capable manager (CO) may instruct the Branch OS900 to
enter loopback mode. In this mode, the Branch end OAM sublayer will return all packets received
and the initiating OAM sublayer will discard them. Packet and byte count statistics will be kept to
assist in diagnosing link problems.
The OS900 PHY interfaces can be tested in a loopback mode. Performing a loopback on a port via
a Branch management interface may cause loss of connectivity to that management port.
Requirement
Before activating the IEEE 802.3ah Ethernet OAM protocol, make sure that the ports of the OS900
to participate in this protocol are not set to tagged mode. For setting of modes, refer to the section
Outbound Tag Mode, page 139.
Activation
To activate the IEEE 802.3ah Ethernet OAM protocol, invoke the command:
1. Enter configure terminal mode.
2. Invoke the command:
efm-cpe ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports to operate with IEEE 802.3ah OAM.
Example
OS900(config)# efm-cpe ports 2-4
OS900(config)#
To deactivate the IEEE 802.3ah Ethernet OAM protocol, invoke the command:
no efm-cpe ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports to operate with IEEE 802.3ah OAM.
Principles of Operation
The OS900 acts as a Network Access Server (NAS) for requesters, and therefore functions as an
AAA client passing requester information (e.g. username, password, etc.).
The AAA Server, on the other hand, is responsible for receiving requester connection requests,
authenticating or disqualifying the requester, and sending the permit or deny response to the client
OS900.
Transactions between the OS900 and the AAA Server are permitted by shared secrets, which are
never sent over the network. In addition, every administrator password is encrypted before it is
sent between the OS900 and the AAA Server in order to prevent deciphering.
The AAA Server can also provide accounting of requester commands and of changes in
authorization level. This information is recorded in a special log file that enables a supervisor to
view the activities of all the administrators. Accounting can include logging of commands or logging
of transitions from one mode to another.
Note
To allow a user attempting to enter enable mode of the OS900
immediately after49 successfully logging onto the OS900 using the admin
password, set the ‘Service Type’ parameter on the AAA Server to the
value ‘administrative user.’
48
The AAA server may be the AAA server itself or a device via which the OS900 communicates with the AAA server.
49
‘immediately after’ means without having to type the password required to enter enable mode.
Note
Invocation of the command radius-server enable user NAME or
tacacs-server enable user NAME is a prerequisite for the AAA-
involving commands in step 4, page 352.
debug: Set the OS900 to request authentication from the AAA Server when
an attempt is made to access the OS900 at debug mode.
NAME: Username. This username must be the same as that on the AAA
Server. When an attempt is made to access the OS900 at debug mode, the
OS900 sends this username to the AAA Server. The AAA Server finds the
associated password, which it sends to the OS900. The OS900 then
prompts the requester to enter a password. Only if both the username and
password match, access is granted.
On the OS900, only one username can be defined for debug mode. This means that the
same username must be configured on all AAA Servers if they are to provide their service
to the OS900. This username is generic, meaning that, administrators with different login
usernames can access this mode. This is so because the OS900 sends the generic
username and not the login username to the AAA Server.
Note
Invocation of the command radius-server debug user NAME or
tacacs-server debug user NAME is a prerequisite for an AAA-
involving command in step 6, page 354.
5. To set a common key for all AAA Servers, invoke the command:
radius-server key LINE
Or
tacacs-server key LINE
where,
LINE: Text of shared encryption key between the OS900 and any AAA
Server. Any alphanumeric unbroken string may be entered. The default
encryption/decryption key is testing123.
6. To set a common timeout for all AAA Servers, invoke the command:
radius-server timeout NUMBER
Or
tacacs-server timeout NUMBER
where,
NUMBER: Timeout time, i.e., the time (in seconds) the OS900 waits for a
response from the AAA Server. If the AAA Server gives a negative response
or if it does not a respond within this time, access to the OS900 is denied.
The default timeout is 3 seconds.
Setting Authentication
For each mode (login, enable, debug or configure), any one of the following authentication
options can be selected:
local Perform authentication locally and without AAA Server mediation, i.e.,
using only the login username and password stored in the OS900’s
memory.
radius-local Perform authentication with the RADIUS Server first. If no response is
received from the RADIUS Server within the timeout time, perform
authentication using only the login username and password stored in the
OS900’s memory.
tacacs-local Perform authentication with the TACACS+ Server first. If no response is
received from the TACACS+ Server within the timeout time, perform
authentication using only the login username and password stored in the
OS900’s memory.
radius Perform authentication with the RADIUS Server.
(Access to the OS900 is denied if the Server gives a negative response or
WARNING!
Before selecting the argument radius or tacacs, ensure that the AAA
Server is operational and that at least the following parameters are set
correctly on the OS900: AAA Server IP address, Server TCP
authentication port number, and encryption/decryption key.
You can make sure using the following safe method: Open a CLI
session50 and a TELNET session. In the TELNET session, enter the
mode configure terminal, and invoke the command
authentication login default radius or authentication
login default tacacs. Now close the TELNET session and then
attempt to reopen another. This way, if the attempt fails (possibly
because of an incorrect AAA parameter setting) access to the CLI agent
is retained (via the CLI session) and any AAA parameter setting can be
corrected in the CLI session.
To cause the OS900 to “prevent login”, invoke the command:
authentication login default none
WARNING!
Invoking the command authentication login default none will
lock the OS900, preventing any access to it.
4. To cause the OS900 to “try to get a permit or deny response from an AAA Server
first when an attempt is made to access the OS900 at enable mode, and, if no
response is received within the timeout time, perform authentication using the
enable password stored only in the OS900’s memory”, invoke the command:
authentication enable default radius local
Or
authentication enable default tacacs local
50
Using a serial/RS-232 connection.
To cause the OS900 to “try to get a permit or deny response from an AAA Server when an
attempt is made to access the OS900 at enable mode, and, if no response is received
within the timeout time, deny access”, invoke the command:
authentication enable default radius
Or
authentication enable default tacacs
WARNING!
Before selecting the argument radius or tacacs, ensure that the AAA
Server is operational and that at least the following parameters are set
correctly on the OS900: AAA Server IP address, Server TCP
authentication port number, and encryption/decryption key.
You can make sure using the following safe method: Open a CLI session
and a TELNET session. In the TELNET session, enter the mode
configure terminal, and invoke the command authentication
enable default radius or authentication enable default
tacacs. Now close the TELNET session and then attempt to reopen
another. This way, if the attempt fails (possibly because of an incorrect
AAA parameter setting) access to the CLI agent is retained (via the CLI
session) and any AAA parameter setting can be corrected in the CLI
session.
5. To cause the OS900 to “try to get a permit or deny response from an AAA Server
first when an attempt is made to access the OS900 at configure mode, and, if
no response is received within the timeout time, perform authentication using the
debug password stored only in the OS900’s memory”, invoke the command:
authentication configure default radius local
Or
authentication configure default tacacs local
To cause the OS900 to “try to get a permit or deny response from an AAA Server when an
attempt is made to access the OS900 at configure mode, and, if no response is
received within the timeout time, deny access”, invoke the command:
authentication configure default radius
Or
authentication configure default tacacs
WARNING!
Before selecting the argument radius or tacacs, ensure that the AAA
Server is operational and that at least the following parameters are set
correctly on the OS900: AAA Server IP address, Server TCP
authentication port number, and encryption/decryption key.
You can make sure using the following safe method: Open a CLI session
and a TELNET session. In the TELNET session, enter the mode
configure terminal, and invoke the command authentication
configure default radius or authentication configure
default tacacs. Now close the TELNET session and then attempt to
reopen another. This way, if the attempt fails (possibly because of an
incorrect AAA parameter setting) access to the CLI agent is retained (via
the CLI session) and any AAA parameter setting can be corrected in the
CLI session.
To cause the OS900 to “prevent login”, invoke the command:
authentication configure default none
WARNING!
Invoking the command authentication configure default
none will allow access to the OS900 without the need for entering the
‘debug’ mode password.
6. To cause the OS900 to “try to get a permit or deny response from an AAA Server
first when an attempt is made to access the OS900 at debug mode, and, if no
response is received within the timeout time, perform authentication using the
debug password stored only in the OS900’s memory”, invoke the command:
authentication debug default radius local
Or
authentication debug default tacacs local
To cause the OS900 to “try to get a permit or deny response from an AAA Server when an
attempt is made to access the OS900 at debug mode, and, if no response is received
within the timeout time, deny access”, invoke the command:
authentication debug default radius
Or
authentication debug default tacacs
WARNING!
Before selecting the argument radius or tacacs, ensure that the AAA
Server is operational and that at least the following parameters are set
correctly on the OS900: AAA Server IP address, Server TCP
authentication port number, and encryption/decryption key.
You can make sure using the following safe method: Open a CLI session
and a TELNET session. In the TELNET session, enter the mode
configure terminal, and invoke the command authentication
debug default radius or authentication debug default
tacacs. Now close the TELNET session and then attempt to reopen
another. This way, if the attempt fails (possibly because of an incorrect
AAA parameter setting) access to the CLI agent is retained (via the CLI
session) and any AAA parameter setting can be corrected in the CLI
session.
Accounting
General
Accounting is the reporting of information (ID and activities) on requesters. The following
information is sent by the OS900 to the AAA or RADIUS Server:
− User (requester) name
− Date of access
− Time of access
− Accounting flags. If the command accounting exec radius|tacacs (for activating
accounting – see below) is executed, each start (login) and each stop (logout) is reported.
If the command accounting commands radius|tacacs is executed, each stop
(completion of command execution) is reported.
− Service (e.g., Shell, ARAP, SLIP, PPP, etc.)
− NAS (OS900) Port name
− NAS (OS900) IP address
− Commands invoked & executed
Activating Accounting
To activate accounting:
1. Enter configure terminal mode.
2. Enter aaa mode.
3. Invoke either of the following the commands:
accounting commands radius|tacacs
Or
Configuration Examples
For convenience, the parts of the configuration example are headed with a number (1, 2, etc.). The
description of each part is given below:
1. Setting of AAA Server criteria: IP address, key, timeout.
2. Setting of application port (protocol or service) that will be common to all AAA Servers.
3. Setting the OS900 to request authentication from the AAA Server when an attempt is
made to access the OS900 enable, debug, and configure mode.
4. Setting the authentication.
5. Activating accounting.
6. Displaying configuration.
7. Saving configuration in permanent memory.
RADIUS
MRV OptiSwitch 910 version d0907-21-07-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
1.
OS900(config)# radius-server host 193.85.1.67 key testing6789 timeout 5
2.
OS900(config)# radius-server host 193.85.1.67 port 3444
3.
OS900(config)# radius-server enable user TigerEnable
OS900(config)# radius-server debug user TigerDebug
4.
OS900(config-aaa)# authentication login default radius local
OS900(config-aaa)# authentication enable default radius local
OS900(config-aaa)# authentication configure default radius local
OS900(config-aaa)# authentication debug default radius
5.
OS900(config-aaa)# accounting exec radius
6.
OS900(config-aaa)# write terminal
Building configuration...
Current configuration:
! version d0907-21-07-05
!
radius-server enable user TigerEnable
radius-server debug user TigerDebug
radius-server host 193.85.1.67 port 3444
radius-server host 193.85.1.67 key testing6789 timeout 5
!
aaa
authentication login default radius local
authentication enable default radius local
authentication configure default radius local
authentication debug default radius
accounting exec radius
7.
OS900(config-aaa)# write file
TACACS+
MRV OptiSwitch 910 version d0907-21-07-05
OS900 login: admin
Password:
OS900> enable
OS900# configure terminal
1.
OS900(config)# tacacs-server host 193.85.1.67 key testing6789 timeout 5
2.
OS900(config)# tacacs-server host 193.85.1.67 port 3444
3.
OS900(config)# tacacs-server enable user TigerEnable
OS900(config)# tacacs-server debug user TigerDebug
4.
OS900(config-aaa)# authentication login default local tacacs
OS900(config-aaa)# authentication enable default local tacacs+
OS900(config-aaa)# authentication configure default local tacacs+
OS900(config-aaa)# authentication debug default tacacs
5.
OS900(config-aaa)# accounting exec TACACS+
6.
OS900(config-aaa)# write terminal
Building configuration...
Current configuration:
! version d0907-21-07-05
!
tacacs-server enable user TigerEnable
tacacs-server debug user TigerDebug
tacacs-server host 193.85.1.67 port 3444
tacacs-server host 193.85.1.67 key testing6789 timeout 5
!
aaa
authentication login default local tacacs
authentication enable default local tacacs
authentication configure default local tacacs+
authentication debug default tacacs
accounting exec TACACS+
7.
OS900(config-aaa)# write file
Purposes
To:
• Test connectivity between the OS900 and other devices.
• Determine whether a target (destination) device is active
• Determine the RTT51 in communicating with a target device
• Collect probe history
• Collect statistical data for predicting and remodeling network operation
• Generate SNMP traps and SNA Alerts/Resolutions when a connection
is lost, a connection is reestablished, a timeout occurs, or a user-
configured threshold is exceeded. (Thresholds can also be used to
trigger collection of additional statistics.)
Scope
• Echo probes are available for use in SA PING.
• From the same OS900, several administrators can send SA PING
requests and each administrator can send several probes.
• Set a udpEcho probe
• Reset a probe
Principle of Operation
SA PING uses a series of alternating ICMP UDP echo request and UDP echo reply messages. It
sends an echo request message (packet) towards the destination address.
The following three factors determine how the OS900 will react: 1) ‘RTT’ 2) ‘frequency’, and 3)
‘timeout'.
‘RTT’ is the time between sending an ICMP request and receiving the corresponding response.
The ‘frequency’ is the number of milliseconds to wait before repeating a PING test. This time is
user-settable to any value in the range 1 to 107 (in milliseconds) in the CLI mode ‘rtr.’
The ‘timeout' is the time the OS900 waits (from the moment it sends an echo request) for an
echo response. If no echo response is received within this time, the OS900 registers a failed
response. This time is user-settable to any value in the range 1 to 107 (in milliseconds) in the mode
‘rtr.’
1. RTT < timeout; timeout < frequency: The OS900 waits until the end of the current
‘frequency’ time interval before sending the next echo.
2. RTT > timeout; timeout < frequency: The OS900 registers a failed request and
waits until the end of the current ‘frequency’ time interval before sending the next echo
request.
51
RTT is Round-Trip Time
3. RTT < timeout; timeout > frequency: The OS900 waits until the end of the current
‘frequency’ time interval that is overlapped by the ‘timeout‘ time before sending the next
echo request.
4. RTT > timeout; timeout > frequency: The OS900 registers a failed request and
waits until the end of the current ‘frequency’ time interval before sending the next echo
request.
Actions
Creating an SA PING Probe or Entering its Mode
To create an SA PING probe and/or to enter the mode of an existing SA PING probe:
1. Enter configure terminal mode.
2. Invoke the command:
rtr echo OWNER [NAME]
where,
OWNER: Owner name (e.g., Tarzan)
NAME: Probe name (e.g., Probe-1)
Note that several probe names can be defined per owner name!
Example
OS900(config)# rtr echo ?
OWNER Owner name
OS900(config)# rtr echo Edi ?
<cr>
NAME Probe name
| Output modifiers
OS900(config)# rtr echo Edi first
OS900(config-rtr)#
Example
OS900(config)# rtr echo Edi
OS900(config-rtr)# ?
alias Command alias
buckets-of-history-kept The maximum number of entries allowed in the History table
count Number of times to perform a probe
default Set a command to its defaults
description Set a description for current rtr entry
end End current mode and down to previous mode
exit Exit current mode and down to previous mode
frequency Probe frequency for current rtr entry (in milliseconds)
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
pattern Set pattern of a data portion of a probe packet
quit Exit current mode and down to previous mode
request-data-size Size of the data portion to be transmitted
show show current rtr entry
start Start current rtr entry
stop Stop current rtr entry
target Set target address
timeout Probe timeout for current rtr entry (in milliseconds)
trap Probe notifications control
ttl Time-to-live field of sending packet
write Write running configuration to file or terminal
OS900(config-rtr)#
OS900(config-rtr)# count ?
<0-10000000> Probe count (0 - forever)
OS900(config-rtr)# count 0
OS900(config-rtr)# buckets-of-history-kept ?
<0-10000> Value of mximum number of entries allowed in the History table
OS900(config-rtr)# buckets-of-history-kept 20
OS900(config-rtr)# trap ?
all Generate all notifications
pathChange Generate pathChange notification
probeFailure Generate pingProbeFailed notification
testCompletion Generate testCompletion notification
testFailure Generate testFailure notification
filter Filter probeFailure notifications
OS900(config-rtr)# trap all
Jitter, RTT, and packet loss values, in addition to bandwidth, serve to determine whether the
network in its present configuration can provide the requisite level of service essential for time-
sensitive applications such as VoIP and video streaming. For VoIP, a delay (time it takes for an
ICMP request to reach its destination) of up to 150 ms is usually acceptable.
Jitter is defined as the current RTT – previous RTT. Accordingly, jitter may be positive or
negative. Six types of jitter are measured by the OS900:
Neg. Jitter min – The minimum negative jitter recorded.
Neg. Jitter avg – The average of the negative jitters recorded.
Neg. Jitter max – The maximum negative jitter recorded.
Pos. Jitter min– The minimum positive jitter recorded.
Pos. Jitter avg – The average of the positive jitters recorded.
Pos. Jitter max – The maximum positive jitter recorded.
The number of positive and negative jitters are also recorded. The example above shows that the
‘number’ of negative jitters is ‘13’ and the ‘number’ of positive jitters is ‘16’.
RTT is defined as the time between sending an ICMP request and receiving the corresponding
response.
Packet loss is defined as ‘packets sent’ – ‘packets received’.
Example 2
OS900(config-rtr)# show history
## Responce Status Time
127. 0.45 OK Sun September 8 12:06:21 2006
128. 0.45 OK Sun September 8 12:06:22 2006
129. 0.45 OK Sun September 8 12:06:23 2006
130. 0.45 OK Sun September 8 12:06:24 2006
131. 0.49 OK Sun September 8 12:06:25 2006
132. 0.46 OK Sun September 8 12:06:26 2006
133. 0.45 OK Sun September 8 12:06:27 2006
134. 0.45 OK Sun September 8 12:06:28 2006
135. 0.46 OK Sun September 8 12:06:29 2006
136. 0.47 OK Sun September 8 12:06:30 2006
137. 0.44 OK Sun September 8 12:06:31 2006
138. 0.44 OK Sun September 8 12:06:32 2006
139. 0.46 OK Sun September 8 12:06:33 2006
140. 0.44 OK Sun September 8 12:06:34 2006
141. 0.47 OK Sun September 8 12:06:35 2006
142. 0.48 OK Sun September 8 12:06:36 2006
143. 0.45 OK Sun September 8 12:06:37 2006
144. 0.45 OK Sun September 8 12:06:38 2006
145. 0.49 OK Sun September 8 12:06:39 2006
146. 0.50 OK Sun September 8 12:06:40 2006
OS900(config-rtr)#
Definition
The scheduler function of the OS900 is used to schedule execution of administrator-specified
commands at times pre-set by the administrator. The command types may be CLI or Linux. A CLI
command may be a regular command or a script52.
Purpose
The scheduler allows the administrator to ensure that certain actions by/on the OS900 will be
performed at the right time and automatically.
Examples of uses of the scheduler are: reboot the OS900 at the end of the day, load a new
configuration at a pre-specified time, etc.
Scope
If the type of a Single-Execution, Periodic-Execution, or Extended scheduler command is CLI, it is
required to belong to enable mode.
The execution time for these scheduler commands can be set to within a 1-minute margin.
The Single-Execution and Periodic-Execution scheduler commands provide for sending event
notification following execution.
The Single-Execution scheduler command is used to execute a command just once.
The Periodic-Execution scheduler command is used to execute a command periodically as follows:
− Every minute
− Every hour at a specific minute
− Every day at a specific hour and minute
− Every month on a specific day and at a specific hour and minute
52
A script is a set of CLI commands that the OS900 can execute in succession without user intervention. For details, refer
to the section Scripts, page 120.
− At a specific day of the week (e.g., Sunday) every month or a specific month at a specific
hour and minute
The Periodic-Execution scheduler command cannot be used to execute a command periodically if
the period is in the range:
− 2 and 59 minutes (e.g., every 2 minutes)
− 2 and 23 hours (e.g., every 2 hours)
− 2 or more days (except 7, because it can be executed every weekday)
−2 or more months
The Extended scheduler command has more capability than the Periodic-Execution scheduler
command. It can be used to execute a command periodically for any period (e.g., every 2
minutes). Further, unlike the Single-Execution Scheduler Command and Periodic-Execution
Scheduler Command, several (up to 65535) such scheduler commands can be pre-configured
concurrently for execution.
Syntax
The command syntax is as follows:
schedule once MONTH DAY TIME [notifying] (cli|linux) COMMAND
where,
MONTH: Month (e.g., June) during which the command is to be executed. Either type the
full name of the month or at least the first three letters (e.g., Jun). In any case, the month
name must begin with capital (upper case) letter.
DAY: Day (e.g., 27) on which the command is to be executed. The day can be any number
in the range 1-31, provided the day is valid for the month. (For e.g., 31 for the month of
June is not valid.)
TIME: Time (e.g., 13:15) at which the command is to be executed. The time must typed
in the following format:
HH:MM
where,
HH: Hour as a 2-digit number.
The hour can be any number in the range 0-23.
MM: Minute as a 2-digit number.
The minute can be any number in the range 0-59.
[notifying]: Send event notification following execution of the scheduling command.
(cli|linux): Choice between cli and linux.
cli is CLI command type.
linux is Linux command type.
COMMAND: The specific CLI or Linux command to be executed by the OS900. If the
command type is CLI, it is required to belong to enable mode.
Example 1:
In order to cause a configuration to be saved on June 15 at the time 23 hr and 51 min, invoke the
following CLI command:
schedule once Aug 7 23:51 cli write file
Example 2:
In order to cause the OS900 to reboot on December 7 at the time 18 hr and 35 min, invoke the
following CLI command:
schedule once Dec 7 18:35 cli reboot
Syntax
The command syntax is as follows:
schedule period MINUTE HOUR DAY MONTH WDAY [notifying] (cli|linux)
COMMAND
where,
MINUTE: Minute at which the command is to be executed.
Either type:
− A number in the range 0-59, e.g., 43
Or
− * for execution every minute.
HOUR: Hour at which the command is to be executed.
Either type:
− A number in the range 0-23, e.g., 16
Or
− * for execution every hour.
DAY: Day on which the command is to be executed.
Either type:
− A number in the range 1-31, e.g., 27. (For example, 31 for the month of
February, April, June, etc. is not valid since each of these months has less than
31 days!)
Or
− * for execution every day.
MONTH: Month during which the command is to be executed.
Either type:
− The full name of the month (e.g., June) or at least the first three letters (e.g.,
Jun). In any case, the month name must begin with capital (upper case) letter.
Or
− * for execution every month.
WDAY: Day of the week on which the command is to be executed.
Either type:
− The full name of the weekday (e.g., Sunday)
Or
−
* for ignoring what day it is of the week.
[notifying]: Send event notification following execution of the scheduling command.
(cli|linux): Choice between cli and linux.
cli is CLI command type.
linux is Linux command type.
COMMAND: The specific CLI or Linux command to be executed by the OS900. If the
command type is CLI, it is required to belong to enable mode.
Note
In selecting the values for MONTH and WDAY, make sure that they are
compatible according to the calendar!
Example
In order to cause the OS900 configuration to be saved on the FTP server whose IP address is
195.90.123.5 in the directory c:/config_bak every day at the time 23 hr and 0 min, invoke
the following CLI command:
schedule period 00 23 * * * cli copy startup-config ftp 195.90.123.5
c:/config_bak
Configuration
Setup
1. Enter configure terminal mode.
2. Invoke the command:
schedule extended <1-65535>|new
where,
<1-65535>: Range of schedule IDs from which one is to be selected by the user.
new: Schedule ID to be selected by the OS900. The OS900 assigns the highest ID
in the range that is available. For e.g., if 65535 and 65533 are assigned and 65534
is available, the use of the argument new will assign the ID 65534 to the next
scheduler command that is set up.
3. Invoke the command:
command cli|linux COMMAND
where,
cli: CLI command type.
linux: Linux command type.
COMMAND: The specific CLI or Linux command to be executed by the OS900. If the
command type is CLI, it is required to belong to enable mode.
enable mode.
4. Invoke the command:
interval <1-527040>
where,
<1-527040>: Interval between two consecutive command executions in minutes.
5. Invoke the command in one of the following two options:
Option 1: Number of times command is to be executed.
number-of-times <1-527040>
where,
<1-527040>: Number of times command is to be executed.
Option 2: Time by which the schedule will stop.
end-time forever|(MONTH DAY TIME)
where,
forever: Schedules the command to run indefinitely.
MONTH: The Month (e.g., March, * for this month).
DAY: The day (e.g., 10, * for this day).
TIME: The time (e.g., 13:15).
6. Set the time at which the schedule can start by invoking the command:
start-time now|(MONTH DAY TIME)
where,
now: The schedule is to start immediately.
MONTH: The Month (e.g., March, * for this month).
DAY: The day (e.g., 10, * for this day).
TIME: The time (e.g., 13:15).
7. (Optional) Add a user comment on the scheduler command by invoking the command:
remark STRING
where,
STRING: User comment on the scheduler command. The comment may be up to
132 characters long.
Enabling
A scheduler command can be enabled for execution only after it has been set up as described in
the section Setup, page 368, just above.
To enable execution of a scheduler command that has already been set up:
1. Enter configure terminal mode.
2. Enter the mode of the scheduler command that is to be enabled by invoking the command:
schedule extended <1-65535>
where,
<1-65535>: Range of schedule IDs from which the ID of the scheduler command
that is to be enabled must be selected.
3. Invoke the command:
enable
Example 1
In this example, running of loopback test is configured. The test starts on the 20th of November at
13:15, will be run every hour (60 minutes) indefinitely.
schedule extended 1
remark run loopback test with burst of 10 frames
start-time Nov 20 13:15
end-time forever
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable
Example 2
In this example too, running of loopback test is configured. However, the test is set to start
immediately, will run every hour in the 3 following hours.
schedule extended 2
remark run loopback test with burst of 10 frames
start-time now
number-of-times 3
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable
Notes
1. In case of conflicting configuration commands, for example, end-time
forever and number-of-times <1-527040>, the last command is
reinforced.
2. If entry configured to “start-time now” and “enable”, then in case of device
reset, the scheduler will run the scheduled command immediately, even if
it had been completed before the reset.
3. The old extended scheduler entry format is supported only from start up
configuration.
Viewing
All Configured Scheduler Commands
In Brief
To view all the configured scheduler commands in brief:
1. Enter enable mode.
2. Invoke the command
show schedule
Example
OS900(config)# show schedule
Schedule table is empty.
Id Enable Complete Start-time End-time Number Interval Type Command
==============================================================================
1 Yes No Nov 20 13:15 Forever - 60 cli etherne
2 Yes No Now - 3 60 cli etherne
OS900(config)#
In Detail
To view all the configured scheduler commands in detail:
1. Enter enable mode.
2. Invoke the command:
show schedule extended details
Example
OS900# show schedule extended details
Shedule 1 details:
-------------------
Enable : Yes
Complete : No
Start-time : Nov 20 13:15
End-time : Forever
Number of times: -
Interval : 60
Command type : cli
Command : ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 1
Shedule 2 details:
-------------------
Enable : Yes
Complete : No
Start-time : Now
End-time : -
Number of times: 3
Interval : 60
Command type : cli
Command : ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 1
OS900#
[INDEX]: ID (in the range <1-65535>) of the scheduler command about which
information is to be viewed.
Example
OS900# show schedule extended details 1
Shedule 1 details:
-------------------
Enable : Yes
Complete : No
Start-time : Nov 20 13:15
End-time : Forever
Number of times: -
Interval : 60
Command type : cli
Command : ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 1
OS900#
Method 2
1. Enter configure terminal mode.
2. Invoke the command:
schedule extended <1-65535>
where,
<1-65535>: Range of schedule IDs from which one is to be selected by the user.
3. Invoke the command:
show scheduler
Example
OS900# configure terminal
OS900(config)# schedule extended 1
OS900(sched-1)# show scheduler
remark run loopback test with burst of 10 frames
start-time Nov 20 13:15
end-time forever
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable
OS900(sched-1)#
Example
OS900# show running-config schedule extended
schedule extended 1
remark run loopback test with burst of 10 frames
start-time Nov 20 13:15
end-time forever
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable
schedule extended 2
remark run loopback test with burst of 10 frames
start-time now
number-of-times 3
interval 60
command cli ethernet oam domain 4 service 1 mep 1000 loopback rmep 2000 10
enable
OS900#
Syntax
The command syntax is as follows:
no schedule COMMAND
where,
COMMAND – Specific CLI or Linux command to be canceled.
Example
In order to stop the saving of the OS900 configuration on the FTP server whose IP address is
195.90.123.5 in the directory c:/config_bak every day (at the time 23 hr and 0 min), invoke the
following CLI command:
no schedule copy startup-config ftp 195.90.123.5 c:/config_bak
Syntax
The command syntax is as follows:
show schedule [COMMAND]
where,
[COMMAND] – (optional) The specific CLI or Linux command schedule to be viewed. If the
argument is typed, all arguments of this scheduled command will be shown. If the
argument is not typed, all defined scheduled commands and their arguments will be
shown.
Below is an example showing two schedules.
Transparent Mode
Chapter 23:
Media Cross Connect
General
The Media Cross Connect application provides it with intelligent patchpanel-like functionality. In
typical patchpanels, wires must be physically disconnected, moved, and reconnected to change
the network configuration. In the OS900, (and herein lies its great advantage) physical connections
are left unchanged; only logical connections are changed – purely by software control – to give the
desired port-to-port interconnections.
One application of Media Cross Connect is to forward data via a WDM technology port.
Principle of Operation
Media Cross Connect allows the administrator to program the OS900 to forward traffic entering
one user-specified port to another or to flood another user-specified port group – in transparent
mode. In this mode, the forwarding is done like that by a repeater; fully transparently (i.e., with no
MAC address learning and no processing).
Figure 33, below, illustrates Media Cross Connect.
Examples
Example 1
The example below shows how to configure Media Cross Connection between ports 3 and 4.
OS900(config)# port tag-outbound-mode q-in-q 3-4 20
OS900(config)# interface vlan vif20
OS900(config-vif20)# tag 20
OS900(config-vif20)# ports 3-4
OS900(config-vif20)# exit
OS900(config)# no port lt-learning 3-4
OS900(config)#
Example 2
This example shows use of a script to program media cross connect.
OS900(config)# script cross-connect
Current configuration:
! version 1-0-0
!
script cross-connect
parameter 10 ID type vifN description IF for X-connect
parameter 20 POID type ports description Ports for X-connect
line 20 port tag-outbound-mode q-in-q $POID $ID
line 30 interface vlan vif$ID
line 40 tag $ID
line 50 ports $POID
line 60 no port lt-learning $POID
!
OS900(script-cross-connect)# exit
OS900(config)# exit
OS900# cross-connect ?
<1-4095> cross-connect_ID(range:2-4095)
OS900# cross-connect 20 ?
PORT_GROUP_STR cross-connect_ports(e.g 2-3)
OS900# cross-connect 20 8-10
execute: port tag-outbound-mode q-in-q 3-4
execute: interface vlan vif20
execute: tag 20
execute: ports 3-4
Interface is activated.
execute: no port lt-learning 3-4 entries 0
OS900#
Firmware Viewing
Chapter 24:
and Upgrading/Downloading
General
This chapter provides general information on the:
− OS900 image (operative-program firmware)
− FPGA firmware
And shows how to upgrade/download an OS900 image, and how to reboot the OS900 so that it
runs with the new firmware.
The image, containing the executable code that runs on the OS900, is preinstalled at the factory in
the OS900 storage device in compressed form. The OS900 automatically decompresses the file
before activating the image. The image should be upgraded as new versions are released. For the
latest image, you can: Contact your local MRV representative, E-mail us at
[email protected], or Visit our MRV Web site at http://www.mrv.com
The image is upgraded using a download procedure from a File Transfer Protocol (FTP) server on
the network.
The OS900 storage device has the following partitions:
− 2 partitions for firmware images (current, backup)
− 2 partitions for configuration files (current, backup) – see Chapter 25: Configuration ,
page 383.
During upgrading/downloading of a new image, the partition that does not contain the image being
run is formatted and the new image is downloaded in a backup store there. The boot sector is then
updated in such a way that at the next boot the image in the backup store becomes the current
OS900 image. As part of the upgrade procedure the relevant configuration files are upgraded
without affecting the custom configurations.
Requirements
To upgrade/download the OS900 image from a version that is lower than 1.0.11 to version 3.1.2,
the OS900 image must first be upgraded to version 1.0.11. The image must then be run (by
rebooting) and only then the version 1.0.11 can be upgraded to version 3.1.2. You can use the
procedure given below without Step 5 to upgrade to 1.0.11
In order to upgrade an OS900 unit to firmware version 3.1.2 (or later), its associated activation key
is required. To receive the activation key, email your request to [email protected].
Note
Powering the OS900 off and on will also run the new image.
To revert to the previous image, use the procedure described in the section Rerunning the
Previous OS900 Image, page 379.
Example
OS900# upgrade ftp 194.90.136.241 pub OS900-1-0-4.ver
OS900#
Procedure
The procedure for changing the bootpart value is as follows:
(For security reasons, this procedure cannot be performed using a remote connection, e.g.,
TELNET, SSH, or SNMP.)
1. Connect a craft terminal (e.g., PC with an ASCII terminal emulation software
application) to the OS900 CONSOLE EIA-232 port with a Serial/RS-232 line as
shown in Figure 14, page 70.
2. Boot or reboot the OS900.
3. As soon as the following first lines of U-BOOT initialization appear on your
terminal:
U-Boot 1.1.1 (Apr 18 2004 - 16:11:20)
bootpart=1
stdin=serial
stdout=serial
stderr=serial
cpuid=1
hwver=1
boardsn=0000000001
FPGA
Applicability
FPGA applies only to the OS904, OS906, and OS912 models.
It appears in the OS900 only after it has been copied as described in the section Firmware
Copying, just below. It is only used to upgrade the FPGA.
Firmware Copying
To copy the FPGA firmware53 from an FTP server to the FPGA File (temporary) in the OS900,
invoke the command:
copy ftp fpga FTP-SERVER REMOTE-DIR REMOTE-FILENAME [USERNAME]
[PASSWORD]
where,
FTP-SERVER: Hostname of the FTP server (or IP address)
REMOTE-DIR: Full path to the directory containing the FPGA firmware on the FTP
server.
REMOTE-FILENAME: Name of the FPGA File in the directory.
USERNAME: Name of the user authorized to access the FTP server.
PASSWORD: Password for accessing the FTP server.
Example
OS900# copy ftp fpga 194.90.136.153 pub rev9.bit
/usr/local/nbase/bin/copy_ethoam_fpgaver.sh 194.90.136.153 pub rev9.bit
Check route to 194.90.136.153
Netmask = 255.255.255.0
FTP file pub/rev9.bit from 194.90.136.153 user password...
FTP Succeed
OS900#
Firmware Upgrading
Upgrading the FPGA will cause the old firmware version to be overwritten with the new one.
Before performing upgrade:
1. Enter configure terminal mode
2. Disable all scheduler commands set to perform OAM actions by entering the
modes of the commands and invoking the command:
no enable
3. Disable Ethernet OAM by invoking the command:
no ethernet oam enable
To run the FPGA with the firmware version stored in the FPGA File, invoke the command:
upgrade fpga
Example
OS900# upgrade fpga
FPGA version successfully upgraded.
OS900#
File Deleting
To delete the FPGA File, invoke the command:
remove fpga-file
Example
OS900# remove fpga-file
OS900#
53
This firmware can optionally be used, at a later stage, to replace the existing firmware running the FPGA.
Configuration
Chapter 25:
Management
Viewing Configuration Files
Available
To view the available configuration files, invoke the command:
show file
Example
OS900# show file
drwxrwxrwx 2 admin admin 140 Dec 25 14:13 .
drwxrwxrwx 4 root admin 200 Dec 25 14:11 ..
-rw-rw---- 1 admin admin 231538 Dec 23 17:58 1000vc
-rwxrwxrwx 1 root admin 7709 Dec 25 10:59 System.conf
-rw-rw---- 1 admin admin 7709 Dec 25 14:13 koko
-rwxrwxrwx 1 root admin 231538 Dec 23 17:57 kuku
OS900#
Current
To view the current configuration file, invoke the command:
show boot-config-file
Example
OS900# show boot-config-file
boot config file: /usr/local/etc/sys/System.conf
OS900#
Saving Configuration
To save the run-time configuration to the Startup configuration file (in flash permanent memory),
use any one of the following methods:
Method 1
1. Enter the enable mode or any other mode under it.
2. Invoke the following command:
write file [NAME]
where,
[NAME]: Name of the file in which the configuration of the OS900 is to be
saved. By default (i.e., if this optional argument is not specified), the
configuration is saved in the file system.conf.
Example
OS900# write file
Building Configuration...
[OK]
OS900#
Method 2
1. Enter the enable mode or any other mode under it.
2. Invoke the following command:
write memory
Example
OS900# write memory
Building Configuration...
[OK]
OS900#
Method 3
1. Enter the enable mode or any other mode under it.
2. Invoke the following command:
copy running-config startup-config
where,
running-config: Copy from Run-time configuration file.
startup-config: Copy to Startup configuration file.
Example
OS900# copy running-config startup-config
Building Configuration...
[OK]
OS900#
Example
OS900# write terminal
Building configuration...
Current configuration:
! version 1-0-4
!
port flood-limiting rate 2m 1,2
port flood-limiting rate 16.96m 3,4
port flood-limiting multicast 3,4
port flood-limiting tcp-syn 4
!
port tag-outbound-mode tagged 1-2
!
interface vlan vif7
!
interface vlan vif10
tag 980
ports 1-2
!
interface vlan vif20
tag 20
ip 23.0.0.3/24
ports 3-4
management
!
interface vlan vif100
!
interface out-of-band eth0
ip 194.90.136.38/24
management
!
spanning-tree
enable
!
OS900(config)#
To make the factory default configuration run-time, invoke the command reboot.
Example
OS900> enable
OS900# write old-configuration
Restore last erased configuration.
OS900#
This action will delete all the user-configurations performed after the command write erase was
invoked.
Upload
The Startup Configuration File in the OS900 can be uploaded to an FTP server on your network.
The uploaded file is ASCII coded and retains the CLI format. Once the file is uploaded, you can:
• Modify the configuration using a text editor, and later download a copy
of the file to the same OS900, or to one or more other OS900s.
• Send a copy of the configuration file to the MRV Customer Support
Department for troubleshooting.
• Automatically upload the configuration file periodically, e.g., each day,
each week, etc., so that the FTP server can archive the configuration.
(The procedure for setting the OS900 to schedule periodic upload of the
configuration – or any other CLI command action – is described in the
section Scheduler, page 365.)
To copy the Startup configuration file to an FTP or SSH Server:
1. Enter enable mode.
2. Invoke the command in either of the following methods:
Method 1: (Without Encryption using FTP)
copy startup-config ftp FTP-SERVER REMOTE-DIR [USERNAME]
[PASSWORD]
where,
copy Copy file.
startup-config From Startup configuration.
ftp To FTP server.
FTP-SERVER: DNS Host name or IP address of the FTP server.
REMOTE-DIR: Full pathname to the directory on the FTP server.
[USERNAME]: Username for FTP login.
[PASSWORD]: Password for FTP login.
Method 2: (With Encryption using Secure Copy)
copy startup-config scp SERVER REMOTE-DIR USERNAME PASSWORD
where,
copy Copy file.
Download
To copy a configuration file that is on an FTP/SSH Server to the Startup configuration file:
1. Enter enable mode.
2. Invoke the command in either of the following methods:
Method 1: (Without Encryption using TELNET)
copy ftp startup-config FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
where,
copy Copy file.
ftp From FTP server.
startup-config: To Startup configuration file.
FTP-SERVER: DNS Host name or IP address of the FTP server.
REMOTE-DIR: Full pathname to the directory on the FTP server.
REMOTE-FILENAME: Filename in the directory on the FTP server.
[USERNAME]: Username for FTP login.
[PASSWORD]: Password for FTP login.
Method 2: (With Encryption using SSH)
copy scp startup-config SERVER REMOTE-DIR REMOTE-FILENAME
USERNAME PASSWORD
where,
copy Copy file.
scp From SSH server.
startup-config To Startup configuration file.
SERVER DNS Host name or IP address of the server.
REMOTE-DIR Full pathname to the directory on the server.
REMOTE-FILENAME Filename in the directory on the server.
USERNAME Username for login.
PASSWORD Password for login.
To make the downloaded configuration file run-time, reboot the OS900 using the command
reboot.
Example
OS900> enable
OS900# copy ftp startup-config 194.83.132.65 ./Configurations MyFile Zorro Mypass
OS900# reboot
Server Mode
General
In Server Mode, the OS900 functions as a DHCP server. The administrator can specify OS900
interfaces at which the OS900 will listen for DHCP requests.
Setting
To set the OS900 in DHCP Server Mode:
1. Directing DHCP Requests to the CPU
In order to prevent DoS attacks, the OS900, by default, blocks non-ARP broadcasts to the
CPU. To enable DHCP broadcast requests to reach the DHCP server (or relay), the packets
must be explicitly trapped to the CPU using an ACL.
The procedure for enabling DHCP broadcasts requests to reach the OS900 set as a DHCP
server (or relay) is as follows:
1.1. Create an extended ACL using the command:
access-list extended WORD
where,
WORD: Name of the ACL
1.2. Create a rule as follows:
a. Create a rule that characterizes the packet as being of UDP protocol, with
destination port DHCP server (67), and destination MAC address type
broadcast using the commands:
rule [RULE_NUM]
where,
[RULE_NUM]: (optional) Index of rule. If this argument is not entered,
the rule is indexed automatically, i.e., it gets a number that is a multiple
of 10. This number is the smallest that is larger than the highest in the
group of rules created for the ACL.
protocol eq udp
dest-port eq 67
where,
67: DHCP server port
source-ip eq 0.0.0.0
b. Select the action that traps packets to the CPU using the command:
action trap-to-cpu
1.3. Set the default policy to permit packet forwarding (in case no rule applies for the
packet type) using the command:
default policy permit
1.4. Bind the ACL to each interface for which DHCP broadcast packets are to be trapped
to the CPU using the command:
access-group WORD
where,
WORD: ACL name
2. Enter the following modes in succession:
enable configure terminal dhcp
3. Enter the VLAN interface ID at which the OS900 will listen for DHCP requests or the Subnet
IP address/mask of the OS900 by invoking the command:
entry IFNAME|SUBNET/MASK
where,
IFNAME: VLAN interface ID at which the OS900 will listen for DHCP requests.
SUBNET/MASK: Subnet IP address/mask of the OS900.
4. Enter the range of IP addresses from which the OS900 is to allocate addresses to clients by
invoking the command:
range LOWER-RANGE [UPPER-RANGE]
where,
LOWER-RANGE: Lower limit of range of IP addresses from which the OS900 is to
allocate addresses to clients
UPPER-RANGE: Upper limit of range of IP addresses from which the OS900 is to
allocate addresses to clients
5. (Optional) Set the IP Default Gateway and Subnet Mask for the host by invoking the following
commands:
router ROUTER_IP
where,
ROUTER_IP: IP address of Default Gateway for host
subnet-mask MASK
where,
MASK: IP address mask for host
6. (Optional) Set the Domain Name to be published by the OS900 by invoking the command:
domain DOMAIN_NAME
where,
DOMAIN_NAME: Domain Name to be published by the OS900. It identifies one or more
hostnames. Examples of domain names are mrv.com and worldcharity.org. An
example of a hostname belonging to the domain mrv.com is torro.mrv.com. Every
domain name has a suffix that indicates the Top-Level Domain (TLD) to which it
belongs. In the examples above, the domain name suffixes are com and org.
(To revoke the above command, use the prefix no with the command.)
7. (Optional) Enter the IP address of the OS900 to be used by DHCP clients by invoking the
following command.
dns SERVER_IP
where,
SERVER_IP: IP address of the OS900
8. (Optional) Set the maximum lease time allowed for any client by invoking the command:
max-lease-time TIME
where,
TIME: Maximum lease time (in seconds). Any value in the range 1 to 2147483646
may be selected. Selecting 0 will set the maximum lease time to the default value,
86400.
(To revoke the above command, use the prefix no with the command.)
9. (Optional) Set the lease time that will be allotted to clients who do not specify the lease time
by invoking the command:
default-lease-time TIME
where,
TIME: Default lease time (in seconds). Default: 86400 seconds. (This time must not
exceed the maximum lease time.)
(To revoke the above command, use the prefix no with the command.)
10. (Optional) If a separate log file for the DHCP server log messages is to be assigned, invoke
the command:
separate-log
11. (Optional) To enable the OS900 to perform the ‘NetBIOS over TCP/IP Name Server’ function
of the NetBIOS service, invoke the command:
netbios name-server IP_ADDRESS
where,
IP_ADDRESS: IP address of the NetBIOS name server
For more than one name server, repeat the above command for each name server in
order of preference.
12. (Optional) To enable the OS900 to perform the ‘NetBIOS over TCP/IP Node Type’ function of
the NetBIOS service, invoke the command:
netbios node-type NODETYPE
where,
NODETYPE: 1 (B-node), 2 (P-node), 4 (M-node), or 8 (H-node).
13. Enable DHCP Server mode for the OS900 by invoking the command:
enable
(To revoke the above command, use the prefix no with the command.)
Viewing
To view DHCP server configuration details:
1. Enter configure terminal mode or dhcprelay mode.
2. Invoke the command:
show dhcp
To print out the DHCP file showing the leases, invoke the command:
show dhcp leases
where,
leases: Print out the DHCP file showing the leases.
Example
MRV OptiSwitch 910 version 2_0_10
OS910 login: admin
Password:
OS910> enable
OS910# configure terminal
OS910(config-access-list)# rule 10
OS910(config-rule)# action trap-to-cpu
OS910(config-rule)# protocol eq udp
OS910(config-rule)# source-ip eq 0.0.0.0/32
OS910(config-rule)# dest-port eq 67
OS910(config-rule)# exit
OS910(config-access-list)# exit
OS910(config)# dhcp
Relay Mode
General
In Relay Mode, the OS900 functions as a DHCP relay. The user can specify separate OS900
interfaces for the servers and clients.
Setting
To set the OS900 in DHCP Relay Mode:
1. Enable DHCP packets to be trapped to the CPU by performing the procedure described in
Step 1, page 389.
2. Enter the following modes in succession:
Note
Either perform both Steps 4 and 5 (below) or skip them. If you skip them,
all the IP interfaces of the OS900 will be listened on for DHCP requests.
4. Define one or more interfaces at which server replies are to be received by invoking the
command:
entry IFNAME
where,
IFNAME: ID of DHCP server interface
(To revoke the above command, use the prefix no with the command.)
Example
OS910(config-dhcprelay)# entry vif5
OS910(config-dhcprelay)#
5. Define one or more interfaces at which DHCP client requests are to be forwarded by invoking
the command:
entry IFNAME
where,
IFNAME: ID of DHCP client interface
(To revoke the above command, use the prefix no with the command.)
Example
OS910(config-dhcprelay)# entry vif6
OS910(config-dhcprelay)#
Note
The OS900 does not assign the interfaces defined in steps 4 and 5,
above, to the servers and clients. The relays and clients must be
configured to connect to these interfaces.
6. (Optional) Option 82
The DHCP Relay Agent Information Option (No. 82) – described in RFC 3046 – can be
activated in the OS900 set in DHCP relay mode. This option enables the OS900 to include
information about itself when forwarding client-originated DHCP packets to a DHCP server.
The DHCP server can use this information (e.g., OS900 physical port for DHCP
communication) to implement policies for assignment of parameters (e.g., IP address).
To activate Option 82 in the OS900 set in DHCP relay mode:
6.1. From configure terminal mode, enter DHCP Relay mode by invoking the
command:
dhcprelay
6.2. Invoke the command:
option82
(To revoke the above command, use the prefix no with the command.)
7. Enable DHCP Relay mode for the OS900 by invoking the command:
enable
(To revoke the above command, use the prefix no with the command.)
Example
OS910(config-dhcprelay)# enable
OS910(config-dhcprelay)#
Viewing
To view DHCP relay configuration details:
1. Enter configure terminal mode or dhcprelay mode.
2. Invoke the command:
show dhcprelay
Example
Following is an example demonstrating configuration of the OS900 as a DHCP relay.
MRV OptiSwitch 910 version 2_0_10
OS910 login: admin
Password:
OS910> enable
OS910# configure terminal
OS910(config)# dhcprelay
OS910(config-dhcprelay)# server 192.168.1.1
OS910(config-dhcprelay)# entry vif50
OS910(config-dhcp-subnet)# exit
OS910(config-dhcprelay)# entry vif60
OS910(config-dhcp-subnet)# exit
OS910(config-dhcprelay)# option82
OS910(config-dhcprelay)# enable
Infinite
To remove the time limit for a response from the BOOTP server to a request from the OS900,
invoke the command:
bootp-option timeout unlimited
Default
To reset the time limit (for a response from the BOOTP server to a request from the OS900) to the
default value (60 seconds), invoke the command:
no bootp-option timeout
Usage
IP Address only from DHCP Server Automatically
To set the OS900 to do the following:
1. Create a VLAN interface via which BOOTP is to be run
2. Obtain an IP address for the OS900 from a DHCP server via the VLAN interface
3. Enter boot mode.
4. Invoke one or both of the following commands:
Enabling In-band Ethernet Ports to Receive IP Addresses
bootp VLAN-TAG PORTS TAGGED_PORTS
where,
VLAN-TAG: Tag of VLAN interface via which BOOTP is to be run
PORTS: Ports of the VLAN interface via which BOOTP is to be run
TAGGED_PORTS: Ports of the VLAN interface that are tagged. Enter 'none' if
all ports are untagged
Enabling the Out-of-band Ethernet Port to Receive IP Addresses
To enable the MGT ETH port54 to receive IP addresses from a BOOTP server, invoke the
command:
bootp eth0
To make the setting runtime
1. Save the settings in permanent memory by invoking the command write file
or write memory.
2. Enter enable mode.
3. Invoke the command:
reboot
or
reboot-force
54
Out-of-band Ethernet 10/100Base-TX port for TELNET, SSH, and/or SNMP out-of-band connection and marked
Management Ethernet Port in Figure 2, page 54.
reboot
or
reboot-force
Configuration
To configure the OS900 to run NTP, do the following:
1. Enter configure terminal mode.
2. To set any zonetime, invoke the command:
clock timezone NAME ABBREVIATION HH [0-59]
where,
NAME: Name for the time zone
ABBREVIATION: Abbreviation for the time zone (e.g., GMT, E%sT, etc. ‘%s’ is a
2-value variable. The value of the variable is automatically set and is displayed
when the command show time is invoked as shown in the example below. The
value of the variable may be ‘S’ or ‘D’. The value ‘S’ designates non-summer time.
The value ‘D’ designates summer (daylight-saving) time.
HH: Hours offset from UTC/GMT in the interval [-12, +12]
[0-59]: Minutes offset from UTC (in addition to hours offset) in the interval [0, 59]
Default: 0
To set the zonetime to that of Central Europe or Sweden, invoke the command:
clock timezone central-europe|sweden
Example
OS900(config)# clock timezone NAME E%sT -2 31
Please login again following execution of this command.
OS900(config)#
3. To set the start and end times for the summer, invoke the command:
clock summer-time MONTH DAY <1993-2035> HH:MM MONTH DAY <1993-
2035> HH:MM [OFFSET]
where,
55
UTC is a time scale that couples GMT, which is based solely on the Earth's varying rotation rate, with the time of highly
accurate atomic clocks.
MONTH: (First appearance) Month in which summer starts. Any one of the following
may be entered: jan, feb, mar, apr, may, jun, jul, aug, sep, oct, nov, dec
DAY: (First appearance) Day in the month in which summer starts. Examples of
valid entries are: 5, 18, lastSun, lastMon, Sun>=8, Mon>=8, Sun<=7, Mon<=7
where,
lastSun: Last Sunday in the month
lastMon: Last Monday in the month
Sun>=8: Earliest Sunday on or after the 8th of the month
Mon>=8: Earliest Monday on or after the 8th of the month
Sun<=7: Latest Sunday on or before the 7th of the month
Mon<=7: Latest Monday on or before the 7th of the month
<1993-2035>: (First appearance) Year in which summer starts in the interval
[1993, 2035]
HH:MM: (First appearance) Time-of-day at which summer starts
MONTH: (Second appearance) Month in which summer ends. Any one of the
following may be entered: jan, feb, mar, apr, may, jun, jul, aug, sep, oct,
nov, dec
DAY: (Second appearance) Day in the month in which summer ends. Examples of
valid entries are: 5, 18, lastSun, lastMon, Sun>=8, Mon>=8, Sun<=7, Mon<=7
where,
lastSun: Last Sunday in the month
lastMon: Last Monday in the month
Sun>=8: Earliest Sunday on or after the 8th of the month
Mon>=8: Earliest Monday on or after the 8th of the month
Sun<=7: Latest Sunday on or before the 7th of the month
Mon<=7: Latest Monday on or before the 7th of the month
<1993-2035>: (Second appearance) Year in which summer ends in the interval
[1993, 2035]
HH:MM: (Second appearance) Time-of-day at which summer ends
[OFFSET]: The forward offset (in the format HH:MM) to add to the time-of-day at
which summer starts, i.e., to HH:MM. Default: 01:00
Example
OS900(config)# clock summer-time mar 17 2009 23:30 sep 4 2010 23:30 01:30
Please login again following execution of this command.
OS900(config)#
4. Get the Zonetime and summertime information by invoking the command:
clock timezone ftp FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
where,
clock: Clock
timezone: Time zone.
ftp: FTP.
FTP-SERVER: IP address or DNS name of the zonetime FTP server.
REMOTE-DIR: Name of the directory containing the file that contains the zone
information.
REMOTE-FILENAME: Name of the file containing the zone information.
[USERNAME]: (optional) Username that will be requested when attempting to
access the NTP server on reentry to configure terminal mode.
[PASSWORD]: (optional) Password that will be requested when attempting to
access the NTP server on reentry to configure terminal mode.
As a result, a binary file with filename localtime is created containing zonetime and
summertime information. The file is located in the directory /etc.
Example
OS900(config)# clock timezone ftp 194.90.136.190 ./File Tiger MyPassWord
OS900(config)#
5. Enter ntp mode.
6. Set the OS900 to operate in either of the following modes:
Client Mode
In this mode, the OS900 can be synchronized to the remote NTP server but not vice versa.
To set the OS900 to operate in client mode with a remote NTP server, invoke the
command:
server IPADDR [key KEYNUM] [version VERNUM] [prefer]
where,
IPADDR: IP address of the remote NTP server that is to provide UT timestamps to
the OS900.
key: Authentication key.
KEYNUM: Code number with which authentication fields of each packet sent to a
remote NTP server are to be encrypted. (This number must match the code
number configured on the NTP server.)
version: NTP version.
VERNUM: NTP Version number to be used with outgoing NTP packets. Valid
numbers are 1 to 3.
prefer: Mark the remote NTP server as the preferred source.
Below is an example showing the administrator inputs (in bold) for obtaining a UT
timestamp.
OS900(config-ntp)# server 194.90.136.183 key 213213587 version 3 prefer
OS900(config-ntp)#
Peer Mode
In this mode, the OS900 can be synchronized to the NTP server or vice versa. The OS900
operates in symmetric active mode with the remote NTP server. To set the OS900 to
operate in peer mode with a remote NTP server, invoke the command:
peer IPADDR [key KEYNUM] [version VERNUM] [prefer]
where,
IPADDR: IP address of the remote NTP server that is to provide UT timestamps to
the OS900 or vice versa.
key: Authentication key.
KEYNUM: Code number with which authentication fields of each packet sent to a
remote NTP server are to be encrypted. (This number must match the code
number configured on the NTP server.)
version: NTP version.
VERNUM: NTP Version number to be used with outgoing NTP packets. Valid
numbers are 1 to 3.
prefer: Mark the remote NTP server as the preferred source.
7. (Optional) Include additional remote NTP servers by repeating step 6, above.
8. (Optional) Enable the NTP authentication feature of the OS900 by invoking the
command:
authenticate
9. (Optional) Define an authentication key by invoking the command:
authentication-key KEYNUM md5 KEYVALUE
where,
KEYNUM: Code number for accessing the remote NTP server in order to
synchronize with it. (This number must match the code number configured on the
remote NTP server.)
md5: Message Digest 5 encryption code/algorithm.
KEYVALUE: Authentication key value.
10. (Optional) Specify an encryption key that is trusted for the purpose of
authenticating peers suitable for synchronization by invoking the command:
trusted-key KEYNUM
where,
KEYNUM: Code number to be used with the NTP xntpc query/control program that
diagnoses and fixes problems that affect the xntpd daemon operation. (This
number must match the code number configured on the remote NTP server.)
11. Run NTP by invoking the command:
enable
Viewing
NTP Status
To view the status of the NTP on the OS900, invoke the command:
show ntp status
There are three possible statuses:
1. ntp status = disable. This means that NTP is not running.
2. ntp status = enable but not running. This means that the OS900 cannot access the
NTP server. In such case, there is no need to re-invoke the command enable (in
step 11, above) since the OS900 will attempt to connect to the NTP server about
once every minute.
3. ntp status = enable and running. This means that the OS900 cannot access the
NTP server and NTP is running.
Below, are three examples, one for each status. The administrator inputs are marked bold. The
line applicable to the status is marked red.
Example 1
OS900(config-ntp)# show ntp status The answer may take some seconds.
NTP STATUS:
SERVERS:
server=194.90.136.183
PEERS:
peers are not defined
BROADCAST SERVER:
broadcast is disable
BROADCAST CLIENT:
broadcast client is disable
AUTHENTICATE:
authentication parameters are not defined
MISCELANIOUS:
broadcast delay is not defined
NTP ACTIVE MODE:
ntp status = disable
OS900(config-ntp)#
Example 2
OS900(config-ntp)# show ntp status
The answer may take some seconds.
NTP STATUS:
SERVERS:
server=194.90.136.254
PEERS:
Example 3
OS900(config-ntp)# show ntp status The answer may take some seconds.
NTP STATUS:
SERVERS:
server=194.90.136.183
PEERS:
peers are not defined
BROADCAST SERVER:
broadcast is disable
BROADCAST CLIENT:
broadcast client is disable
AUTHENTICATE:
authentication parameters are not defined
MISCELANIOUS:
broadcast delay is not defined
NTP ACTIVE MODE:
ntp status = enable and running.
OS900(config-ntp)#
NTP Associations
To view the NTP associations, invoke the command:
show ntp associations
If the OS900 cannot access an NTP server, the message ntpq: read: Connection refused is
displayed.
If the OS900 is connected to an NTP server, the NTP associations are displayed.
Example
OS900(config-ntp)# show ntp associations
remote refid st t when poll reach delay offset jitter
===============================================================================
194.90.136.183 128.139.6.30 2 u 7 64 7 0.634 385.097 37.608
OS900(config-ntp)#
NTP associations are displayed with variables and indicators, as shown in the example above.
Variables
remote (peer)– IP address of peer.
refid (reference clock) – IP address of the server from which the NTP server obtained its
timestamp (for the OS900).
st (Peer’s stratum) – The downstream order of the peer. The stratum of the primary peer (source)
is 1. Accordingly, if a peer stratum is 2, it means that it receives directly from the primary peer. If a
peer stratum is 3, it means that it receives from the peer whose stratum is 2.
t – Time scale. (The value u designates UTC scale)
when – Time since last NTP packet received from peer.
poll – Polling interval (seconds)
reach – Peer reachability (bit string, octal)
Indicators
Following are indicators and a
* (if present) – Synchronized to this peer (NTP server).
# (if present) – Almost synchronized to this peer.
+ (if present) – Peer selected for possible synchronization.
- (if present) – Peer is a candidate for selection.
~ (if present) – Peer is statically configured.
Purpose
NAT is used to:
− Connect hosts with non-registered (non-globally routable) IP addresses
− Save on registered (globally routable) IP addresses
− Provide security (by making an organization appear from the outside as using an
IP address space that is in fact different from what the organization is using
internally)
− Improve administration (by partitioning local/private IP addresses into groups,
each having just one registered IP address or by renumbering into CIDR blocks)
Compliance
NAT complies with RFC 1631.
Types
There are two types of NAT:
Source NAT – One or more local (private) IP addresses are translated (mapped) into one
global (public) IP address.
Destination NAT – One global IP address is translated (mapped) into one or more local IP
addresses.
Modes
There are two modes of NAT:
Inband – For this mode only inband ports are used. Additional processing is performed by
software in the address translation process. As a result, the throughput rate is only one-third
that of out-of-band mode.
Out-of-band – For this mode the out-of-band port as well is used. Address translation is
performed directly. As a result, the throughput rate is triple that of inband mode.
Principles of Operation
Figure 34, page 408, schematically describes the principles of operation of Source NAT (SNAT)
and Destination NAT (DNAT).
Source NAT
In SNAT, the source IP address and/or source port ID is replaced.
Destination NAT
In DNAT, the destination IP address and/or destination port ID is replaced.
Data Paths
Inband Mode
Source NAT
Assuming that Source NAT has been activated, a packet from the LAN (local or private side)
enters Local Interface. From the Local Interface it is sent to the CPU. The CPU translates the
Local IP address into the appropriate Global IP address. The packet with the Global IP address is
sent to the Global Interface and out to the WAN.
Destination NAT
Assuming that Destination NAT has been activated, a packet from the WAN (global or public side)
enters the Global Interface. From the Global Interface it is sent to the CPU. The CPU translates
the Global IP address into the appropriate Local IP address. The packet with the Local IP address
is sent to the Local Interface and in to the LAN.
Out-of-band Mode
Source NAT
Assuming that Source NAT has been activated, a packet from the LAN (local or private side)
enters Local Port (Port 1 in the example). From the Local Port it is duplicated to the Co-Port56 of
the Out-of-band Port (Port 8 in the example), which is in the same VLAN as the Local Port. From
Co-Port it is sent to the Out-of-Band Port and thereon to the CPU. The CPU translates the Local IP
address into the appropriate Global IP address. The packet with the Global IP address is resent to
the Out-of-Band Port and thereon to the Co-port. Using the ACL (which uses the direction of the
packet to determine whether the packet is to be sent to the Local or Global VLAN), the Co-port
selects the Global VLAN as the VLAN to which the packet belongs.
Destination NAT
Assuming that Destination NAT has been activated, a packet from the WAN (global or public side)
enters the Global Port (Port 2 in the example). From the Global Port it is duplicated to the Co-port
of the Out-of-band Port (Port 8 in the example), which is in the same VLAN as that of the Global
Port. From the Co-port it is sent to the Out-of-Band Port and thereon to the CPU. The CPU
translates the Global IP address into the appropriate Local IP address. The packet with the Local
IP address is resent to the Out-of-Band Port and thereon to the Co-port. Using the ACL (which
uses the direction of the packet to determine whether the packet is to be sent to the Local or
Global VLAN), the Co-port selects the local VLAN as the VLAN to which the packet belongs.
56
The Co-port of an Out-of-band Port is a physical network port of the OS900 that is directly connected (with a patch
cable) to the out-of-band port. The out-of-band port is marked MGT ETH on the front panel of the OS900.
Implementation
General
If the number of Local and Global IP addresses are different (e.g., several Local IP addresses and
one Global IP address) NAT as well as Layer 4 port translation is performed.
NAT can be implemented to function in either of the following modes:
− Inband Mode
− Out-of-band Mode
Inband Mode
Source NAT
To implement Source NAT in inband mode:
1. Enter configure terminal mode.
2. Invoke the command:
ip nat local IPV4_ADDR global IPV4_ADDR
where,
IPV4_ADDR (first appearance): IP address & mask of the local (private)
interface in the format a.b.c.d[/mask]
IPV4_ADDR (second appearance): IP address & mask of the global (public)
interface in the format a.b.c.d[/mask]
Example
Required: The Local (Private) network IP address is 10.80.80.0/24 and is to be represented
in the Global (Public) network (e.g., Internet) by the IP address 194.20.2.1.
Solution: Invoke the following Source NAT command:
ip nat local 10.80.80.0/24 global 194.20.2.1/32
where,
10.80.80.0/24: Local network IP address range
194.20.2.1/32: Global IP address representing it
Destination NAT
To implement Destination NAT in inband mode:
1. Enter configure terminal mode.
2. Invoke the command:
ip nat global IPV4_ADDR local IPV4_ADDR
where,
IPV4_ADDR (first appearance): IP address & mask of the global (public)
interface in the format a.b.c.d[/mask]
IPV4_ADDR (second appearance): IP address & mask of the local (private)
interface in the format a.b.c.d[/mask]
Example
Required: To permit Public (Internet) access to a server (e.g., TELNET server) in the local
network using NAT. The local network IP address of the Server is 10.80.80.1 and
the Internet IP address used for the access is 194.20.2.1.
Solution: Invoke the following Destination NAT command:
ip nat global 194.20.2.1/32 local 10.80.80.1/32
where:
194.20.2.1/32: Public IP address of the server
Out-of-band Mode
To implement Source or Destination NAT in out-of-band mode:
1. Interconnect the out-of-band Management Port (MGT ETH) of the OS900 and a network
port (e.g., Port 8) with an Ethernet Cross- or Straight-wired patch cable – see Figure 63 or
2. Figure 64. (This network port will be referred to as the Co-port.)
3. Create a ‘Local’ VLAN interface as follows:
3.1. Include the Co-port and a network port that will serve as the Local Port (e.g., Port
1).
3.2. Define a tag for the VLAN interface (e.g., Tag 10).
4. Create a ‘Global’ VLAN interface as follows:
4.1. Include the Co-port and a network port that will serve as the Global Port (e.g.,
Port 2).
4.2. Define a tag for the VLAN interface (e.g., Tag 20).
5. In the out-of-band Ethernet interface mode (entered by invoking the command
interface out-of-band eth0):
5.1. Enter the Destination IP address of the packets to be sent to the Local Port.
5.2. Enter the Destination IP address of the packets to be sent to the Global Port.
6. Create an ACL that will enable the Co-port to direct an ingress packet to the Local Port or
according to the Destination IP address as follows:
6.1. To forward IP packets, create a rule that specifies the:
6.1.1. Destination IP address of the packet to be forwarded to the
Local Port using the command:
dest-ip eq DEST_IP
6.1.2. Action that swaps the VLAN Tag of the packet to that of the
Local VLAN interface using the command:
action tag swap TAG
6.2. To forward ARP packets, create a rule that specifies the:
6.2.1. Destination IP address of the packet to be forwarded to the
Local Port using the command:
dest-ip eq DEST_IP
6.2.2. Packet ethertype after the VLAN header using the
command:
ethertype eq ETHERTYPE
6.2.3. Action that swaps the VLAN Tag of the packet to that of the
Local VLAN interface using the command:
action tag swap TAG
6.3. To forward IP packets, create a rule that specifies the:
6.3.1. Destination IP address of the packet to be forwarded to the
Global Port using the command:
dest-ip eq DEST_IP
6.3.2. Action that swaps the VLAN Tag of the packet to that of the
Global VLAN interface using the command:
action tag swap TAG
6.4. To forward ARP packets, create a rule that specifies the:
6.4.1. Destination IP address of the packet to be forwarded to the
Global Port using the command:
dest-ip eq DEST_IP
6.4.2. Packet ethertype after the VLAN header using the
command:
ethertype eq ETHERTYPE
6.4.3. Action that swaps the VLAN Tag of the packet to that of the
Global VLAN interface using the command:
action tag swap TAG
7. Bind the ACL to the Co-port using the command:
port acl-binding-mode by-port CO-PORT
8. Activate the ACL at the Co-port using the command:
port access-group ACL CO-PORT
9. The out-of-band management port (MGT ETH) can operate only with untagged packets.
Since the Co-port is directly connected to the out-of-band management port, it to can
operate only with untagged packets. As a result, the Co-port normally can be a member of
only one VLAN. To enable the Co-port to be a member of two (or more) VLANs, invoke
the command:
port untagged-multi-vlans CO-PORT
10. To implement Source NAT (in out-of-band mode), invoke the command:
ip nat local IPV4_ADDR global IPV4_ADDR
where,
IPV4_ADDR (first appearance): IP address & mask of the local (private)
interface in the format a.b.c.d[/mask]
IPV4_ADDR (second appearance): IP address & mask of the global (public)
interface in the format a.b.c.d[/mask]
11. To implement Destination NAT (in out-of-band mode), invoke the command:
ip nat global IPV4_ADDR local IPV4_ADDR
where,
IPV4_ADDR (first appearance): IP address & mask of the global (public)
interface in the format a.b.c.d[/mask]
IPV4_ADDR (second appearance): IP address & mask of the local (private)
interface in the format a.b.c.d[/mask]
Example
OS910(config)# write terminal
Building configuration...
Current configuration:
! version 2-0-3
rule 20
action tag swap 10
ethertype eq 0x806
dest-ip eq 11.1.0.0/24
rule 30
action tag swap 20
dest-ip eq 194.90.136.0/24
rule 40
action tag swap 20
ethertype eq 0x806
dest-ip eq 194.90.136.0/24
!
port acl-binding-mode by-port 8
port access-group acl1 8
port untagged-multi-vlans 8
!
ip nat local 11.1.0.10/24 global 194.90.136.192/32
!
ip nat global 194.90.136.207/32 local 11.1.0.10/32
!
Purpose
The WDM module is utilized to add or drop optical data carrier wavelengths.
Application
To form (or participate in) WDM networks having point-to-point, multipoint, and ring topologies –
see the section Data paths in Networks of Various Topologies, page 414.
Types
The following three types of WDM module are available:
OADM Scalable, passive optical “add” and “drop” multiplexer/demultiplexer that can add
and/or drop a specific channel (wavelength) to/from an optical WDM signal, while all
other channels are routed from the input to the output with minimal attenuation.
OADMs are required in ring and multipoint network topologies.
OADMs can be used to create a network topology in which a single wavelength can
be added or dropped on demand, allowing an Optical Service Channel (OSC) to be
provided at any point along a trunk. The technology enables flexible and intelligent
planning and provisioning of optical services while at the same time simplifying
deployment and maintenance of optical networks.
Dual-interface OADMs are available for building carrier networks protected by
redundancy.
Models with 1 to 8 channels are available. The modules are passive and use optics
only for their operation.
EXP ports IN and OUT carry only channels to be continued to the next OS900, and
are used only in ring network topologies.
Mux Multiplexes egress data coming over WDM channels57 onto a single physical fiber.
The module can multiplex up to 8 channels. The modules are passive and use optics
only for their operation.
Demux Demultiplexes ingress58 data coming over WDM channels onto a single physical fiber.
The multiplexer can demultiplex up to 8 channels. The modules are passive and use
optics only for their operation.
57
WDM channels carry data from one WDM unit (e.g., OS900, LambdaDriver) to another.
58
Data entering the OS900.
Layout
Mounting
WDM modules (up to two) can only be mounted in the OS910-M. To mount a WDM module:
1. Choose a receptacle59 in the OS910-M into which the WDM module is to be inserted.
2. Holding the WDM module with the right side up, place the edges of the module’s PCB
between the left and right rails in the receptacle and slide it until its panel is level with the
front panel of the OS910-M.
3. With a flat-head No.1 screwdriver, fasten the module with the two captive screws that are
located on its edges.
4. With a philips screwdriver no. 1, fasten the module with the two captive screws that are
located on its edges.
Network Connection
The WDM module ports to be connected depend on the network configuration – see Data paths in
Networks of Various Topologies, in below.
Operation
The WDM Module is a plug-and-play passive device that does not require the user to set it into
operation.
Point-to-Point Topology
The data flow through the WDM part of the network in point-to-point topology is shown in Figure
36, below.
59
Going from left to right across the front panel of the OS910-M model, the first receptacle (slot) for a service module is
identified as number 2 and the second as number 3.
Multipoint Topology
The data flow through the WDM part of the network in multipoint topology is shown in Figure 38,
below.
Ring Topology
The data flow through the WDM part of the network in ring topology is shown in Figure 38, below.
The WDM module used is a dual-sided OADM module like that shown in Figure 35, page 414. The
connection of three long-haul fiber pairs instead of two provides fiber redundancy protection. This
means that even if two of any of the long-haul fibers fail, the network will recover automatically
within milliseconds and continue normal operation.
OS910-M A ports 1-4 are logically connected to OS910-M B ports 5-8. OS910-M B ports 1-4 are
logically connected to OS910-M C ports 5-8. OS910-M C ports 1-4 are logically connected to
OS910-M A ports 5-8.
Figure 38: Data Flow in a WDM Ring Topology having Fiber Redundancy
Applicability
The E1/T1 CES module applies to OS910-M only.
Terminology
E1: European digital transmission format of thirty-two 8-bit voice channels
(time slots) together having a total bandwidth of 2.048 Mbps.
T1: American digital Transmission format of twenty-four 8-bit voice channels
(time slots) together having a total bandwidth of 1.544 Mbps.
CES: (Circuit-Emulation Service) Service that emulates synchronous circuits
(e.g., E1 or T1) over asynchronous networks (e.g., Ethernet).
Pseudowire Network: An emulated synchronous circuit (e.g., E1 or T1) in a packet-switching
network.
Pseudowire: Stream of packets (in a pseudowire network) between two E1/T1 CES
modules and containing data from one or more synchronous E1/T1
channels.
Session: Specification of the source E1/T1 CES module port, pseudowire packet
format, maximum jitter, header format, and address of target E1/T1 CES
module.
Gateway: A device interfacing networks of different protocols and functioning as a
protocol converter in order to provide interoperability of systems
interconnected across the networks.
TDM: (Time-Division Multiplexing) A method of placing multiple data streams in
a single signal. The segments of each specific stream are time-separated
from one another by segments of other streams in a periodic manner. At
the receiving end, the segments of each data stream are reassembled
using timing.
Overview
Purpose
The E1/T1 CES module is an E1/T1 CES gateway TDM for IP/Ethernet networks. It is used to
perform the following primary functions:
− Multiplex voice/data signals coming from local E1/T1 channels and send them over
Ethernet
− Receive multiplexed voice/data signals coming from remote E1/T1 channels over Ethernet
and demultiplex them to their respective local E1/T1 channels.
Models
The models of the E1/T1 CES Module for the OS910-M are described in Table 1, below.
Model Description
EM9-CES-E1 1-port E1 Circuit Emulation Service TDM over packet.
Can operate only one unstructured pseudowire session.
EM9-CES-4E1 4-port E1 Circuit Emulation Service TDM over packet.
Can operate up to thirty-two pseudowire sessions.
EM9-CES-4E1c 4-port E1 Circuit Emulation Service TDM over packet with high-precision
clock.
Can operate up to thirty-two pseudowire sessions.
EM9-CES-T1 1-port T1 Circuit Emulation Service TDM over packet.
Can operate only one unstructured pseudowire session.
EM9-CES-4T1 4-port T1 Circuit Emulation Service TDM over packet.
Can operate up to thirty-two pseudowire sessions.
EM9-CES-4T1c 4-port T1 Circuit Emulation Service TDM over packet with high-precision
clock.
Can operate up to thirty-two pseudowire sessions.
Application
General
Specific
Figure 40: Cellular Backhaul for GSM, UMTS and GPRS Networks
Network Topologies
Point-to-Point
In the point-to-point topology two E1/T1 CES modules are interconnected over an Ethernet
network.
Star
In the star topology one E1/T1 CES 4-port module is connected to multiple E1/T1 CES modules
over an Ethernet network. The multiple E1/T1 CES modules can be 1-port or 4-port models.
Requirements
• 6-inch flat-tip screwdriver (for fastening clock input)
• One OS910-M for housing up to two E1/T1 CES modules
• E1/T1 CES modules (per the network topology)
• For external clock input: RG-174 cable with SMB male connector, up to 5 m (16.5 ft), and
having 50 Ω impedance (1 cable per E1/T1 CES module)
• Ethernet cables (per the network topology)
Layout
Mounting
1. Choose slot 2 or 360 in the OS910-M into which the E1/T1 CES module is to be
inserted.
60
Slots 2 and 3 are indicated in the Front view of the OS910-M, page 52.
2. If a Blank Panel is covering the slot, using a philips screwdriver no. 1 remove it by
undoing the two philips screws.
3. Holding the E1/T1 CES module with the right side up, place the edges of the
module’s PCB between the left and right rails in the slot and slide it until its panel
is level with the front panel of the OS910-M. (This assures that the module’s
connector is inserted into place.)
4. With a flat-head No.1 screwdriver, fasten the module with the two captive screws
that are located on its edges.
Cabling
1. Connect the E1/T1 lines to the E1/T1 ports of the E1/T1 CES modules.
2. Connect the Ethernet ports of the OS910-Ms to Ethernet network.
Power
Make sure that the OS910-Ms are powered up.
LEDs
Table 16: Front Panel LEDs
LEDs Significance
L (Link) AL (Alarm)
ON-Green OFF Link to TDM port OK.
ON-Green ON-Red Red alarm due to framing error.
(Red alarm means that the EM9-CES is unable to recover
the framing reliably. As a result, connectivity to the EM9-
CES is lost. Red alarm is caused by corruption or loss of
signal. In this state, the status of connectivity to the far end
is not known.)
OFF ON-Red Red alarm due to loss of carrier.
OFF ON-Yellow Yellow alarm.
(Yellow alarm means that a Red alarm is present at the far
end of the link. There is reception from the far end of a data
or framing pattern that reports the far end is in the Red
alarm state. Red alarm and Yellow alarm states cannot
coexist on the same EM9-CES because the Yellow alarm
pattern must be received within a framed signal.)
ON-Green BLINKING- Blue alarm.
Yellow (Blue alarm means that the incoming signal is absent. There
is a disruption in the communication path between the
terminal equipment connected to the EM9-CES.
Communication integrity is maintained but no framing to the
terminal equipment is provided.
BLINKING- Yellow Port in loopback mode.
Green
Principle of Operation
Pseudowire Modes
There are two modes in which a pseudowire can be formed:
− Unstructured
− Structured
Unstructured
In unstructured mode all channels (timeslots) from a port are assigned to one destination. The bit
stream is packetized according to the session header and other session parameters and then sent
to the Packet-Switching Network (PSN). The packet stream has no discernible channel boundaries
or any other signaling information.
Structured
In structured mode, all channels or specific channels from a port can be sent to the destination.
The E1/T1 CES module at the receiving end of the pseudowire samples the bit stream on the
basis of the type of PCM (whether for E1 or T1) specified in the session . The E1/T1 CES module
uses this basis to obtain the signaling information, strips the bit stream of its signaling information,
and sends only the data. When necessary it sends a signaling packet stream to indicate change in
signaling information.
SAToP
This header format complies with the IETF PWE3 SAToP standard for unstructured TDM over
PSNs. The header requires 62 bytes per packet, including Ethernet, IP, UDP, and RTP headers
and the SAToP control word.
CESoPSN
This header format complies with the IETF PWE3 CESoPSN standard for structured TDM over
PSNs. The header requires 62 bytes per packet, including Ethernet, IP, UDP, and RTP headers
and the CESoPSN control word.
CESoETH
This header format complies with the MEF 8 specification Implementation Agreement for the
Emulation of PDH Circuits over Metro Ethernet Networks. It supports both unstructured and
structured pseudowires. The header consists of an Ethernet header, an emulation circuit definition
(ECID), and a CESoETH control word having a length of 22 bytes.
Interfaces
Names
Four VLAN interfaces are reserved for two E1/T1 CES modules in an OS910-M. These VLAN
interfaces are TDMS2W, TDMS3W, TDMS2L, and TDMS3L. Their relation to configuration,
management, and the slots in the OS910-M housing the E1/T1 CES module are shown in Table
17, below.
Slot 2 Slot 3
CES Configuration TDMS2W TDMS3W
CES Management TDMS2L TDMS3L
If no E1/T1 CES module is inserted (sensed) in slot 2 the VLAN interfaces TDMS2W and TDMS2L
are not created. The VLAN interfaces are created automatically when an E1/T1 CES module is
inserted in slot 2.
Similarly, if no E1/T1 CES module is inserted (sensed) in slot 3 the VLAN interfaces TDMS3W and
TDMS3L are not created. The VLAN interfaces are created automatically when an E1/T1 CES
module is inserted in slot 3.
The user cannot manipulate these interfaces in any other way!
To view these interfaces:
1. Enter enable mode.
2. Invoke the command:
show interface
Example
OS910-M# show interface
INTERFACES TABLE
================
OS910-M#
The four VLAN interfaces TDMS2W, TDMS3W, TDMS2L, and TDMS3L are displayed as in the above
example when two E1/T1 CES modules are present in the OS910-M.
Tags
When E1/T1 CES modules are inserted into an OS910-M, VLAN tags are automatically assigned
to the VLAN interfaces of the E1/T1 CES modules according to Table 18, below. The user cannot
assign these VLAN tags to other VLAN interfaces while the E1/T1 CES modules are in the slots.
Table 18: VLAN Names and Associated VLAN Tags
Interface Subnet
The interface subnet 10.10.10.0/24 is reserved for the VLAN interfaces TDMS2W, TDMS3W,
TDMS2L, and TDMS3L.
During initialization61 of the E1/T1 CES modules, the VLAN interfaces are continually updated until
TDMS2W and TDMS3W are set in NA (Not Active) state while the VLAN interfaces TDMS2L and
TDMS3L are set to be in the UP state permanently. These are the final states of the VLAN
interfaces required for the E1/T1 CES modules to operate properly.
Configuration
To configure a E1/T1 CES module, first enter the TDM mode from configure terminal mode
by invoking the following command:
tdm SLOT-NUM
where,
SLOT-NUM: Number of the slot occupied by the E1/T1 CES module. Valid numbers are 2
and 3.
Example
OS910-M# configure terminal
OS910-M(config)# tdm 2
OS910-M(config-tdm2)#
61
Initialization of the E1/T1 CES modules starts when the hosting OS910-M is powered up.
Example
interface vlan vif10
tag 10
ip 1.1.1.1/8
port 1
tdm 2
clock mode internal
module-ip 1.1.1.10/8 interface vif10
session s1 description port_1
session s1 port 1
session s1 header-proto l3 target-ip 2.2.2.10
session s1 local-udp-port 49152
session s1 target-udp-port 49152
In the above example, an E1/T1 CES module is in slot 2 (as indicated by the 2 in tdm 2). The IP
address assigned to the E1/T1 CES module is 1.1.1.10, taken from the interface subnet of the
VLAN interface vif10.
vif10 will remain permanently UP independently of its member port 1, i.e., even if the port has no
link, is unconnected, or connected to another device! Accordingly, vif10 can be configured without
any port as a member as shown for VLAN interfaces vif6 and vif8 in the section Configuration
Example 3, page 448.
Clock Exportation
When clock mode is set to external, recovery, or line1 source mode, the received clock
can be exported to the E1/T1 CES module located in the neighbor slot by invoking the command:
clock output (default|bnc|recovered)
where,
default: Do not export the clock to the neighbor slot. Default.
bnc: Export the clock from the external clock source to the neighbor slot.
recovered: Export recovered clock (set using the command clock mode recovery)
or TDM clock (set using the command clock mode line1) for the neighbor slot.
Example
OS910-M(config-tdm2)# clock output recovered
OS910-M(config-tdm2)#
The E1 data, in PCM 30 format, divided into 32 time slots, each of 8 bits. Each of the time slot
sends and receives an 8-bit sample 8000 times per second. One timeslot (TS0) is reserved for
framing purposes, and alternately transmits a fixed pattern. This allows the receiver to lock onto
the start of each frame and match up each channel in turn. The standard allows for a full Cyclic
Redundancy Check to be performed across all bits transmitted in each frame, and to detect
whether the circuit is losing bits (information). Another timeslot (TS16) is reserved for signaling
purposes, to control call setup and tear down according to one of several standard
telecommunications protocols.
To set the frame format, invoke the command:
port PORT liu-frame-format (e1_pcm30|e1_pcm31|t1_d4|t1_esf|default)
where,
PORT: Number of E1 or T1 port in the E1/T1 CES Module .
e1_pcm30: Framing format PCM30 (for E1 only).
e1_pcm31: Framing format PCM31 (for E1 only).
t1_d4: Framing format D4 (for T1 only).
t1_esf: Framing format ESF (for T1 only).
default: Frame format set by E1/T1 CES Module. (Default.)
Example
OS910-M(config-tdm2)# port 4 liu-frame-format e1_pcm30
OS910-M(config-tdm2)#
Deleting a Session
To delete an existing session, invoke the command:
no session NAME
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
Example
OS910-M(config-tdm2)# no session s05
OS910-M(config-tdm2)#
To assign an E1/T1 port to a session in structured mode with all timeslots or in unstructured mode,
invoke the command:
session NAME port PORT
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
PORT: E1/T1 port number in the module.
To assign an E1/T1 port to a session in structured mode with some timeslots, invoke the
command:
session NAME port PORT timeslots VALUE
where,
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
PORT: E1/T1 port number on the TDM module.
VALUE: Timeslots list.
Example
OS910-M(config-tdm2)# session s05 port 4
OS910-M(config-tdm2)#
or
Example
OS910-M(config-tdm2)# session s02 target-oos-udp-port 49152
OS910-M(config-tdm2)#
Example
OS910-M(config-tdm2)# session s02 jitter 10
OS910-M(config-tdm2)#
Recovery Clock
General
The clock rate of a TDM circuit over a pseudowire must be consistent so that there is no overflow
or underflow due to clock differences. That is, the clock rate for the TDM data transmitted at one
end of the emulated circuit (Tx clock) must be the same as the clock rate of the same TDM stream
received at the other end of the emulated circuit (Rx clock).
To maintain clock continuity of the E1/T1 circuits across a PSN and to meet the ITU G.823 and
G.824 standards, the E1/T1 CES Module recovers the clock from the pseudowire data stream.
One E1/T1 CES Module is designated as Master while the others are designated as Slaves. Slave
E1/T1 CES Modules derive the local Tx clock from the received pseudowire packets.
The E1/T1 CES Module employs an adaptive clock recovery algorithm based on criteria such as:
the number of packets received over certain time intervals, the measured Packet Delay Variation
(PDV), and the state of the jitter buffer. The algorithm accuracy depends on the 1 Part Per Million
(PPM) system clock provided by the module’s temperature-compensated crystal oscillator (TCXO).
The TCXO is sufficiently accurate to meet the ITU standards for jitter and wander. If a more
stringent standard is to be met, a more accurate and stable clock source, such as the oven-
controlled crystal oscillator OCXO, may be provided to the user.
To determine whether the crystal oscillator in the E1/T1 CES Module is of type TCXO or OCXO, in
the TDM mode (entered using the command tdm SLOT-NUM), invoke the command show
module.
Modes
The E1/T1 CES Module can be set to attempt clock recovery in either of the following modes:
Single-Recovery-Clock Mode: The single-recovery-clock mode allows the use of one clock
(recovered from one currently active session) for all E1/T1 ports
of a E1/T1 CES Module.
A recovery clock has two clock input controllers. The single-
recovery-clock mode allows connection of one session (PW-1)
to the clock input controller 1 (primary) and a second session
(PW-2) to clock input controller 2 (secondary). One clock input
controller is active (for example, the controller connected to the
session PW-1), while the second serves as backup. The second
session will become active instead of the first in the event that
the first fails).
Multiple-Recovery-Clocks Mode: The multiple-recovery-clocks mode allows the use of one clock
(recovered from one currently active session) per E1/T1 port of
a E1/T1 CES Module. The recovery clocks are independent of
one another.
Every clock utilizes the primary pseudowire for clock recovery
and switches to the secondary pseudowire, if the primary one is
disabled by the user.
Example
OS910-M(config-tdm2)# recovery-clock independent-domain-cfg single
OS910-M(config-tdm2)#
Default SL
To set the DiffServ level (SL) for CES traffic sent to an Ethernet port to the default value (1, lowest
priority), invoke the command:
no ces-traffic egress sl
Example
OS910-M(config-tdm2)# no ces-traffic egress sl
OS910-M(config-tdm2)#
User-defined SL
To set the SL for CES traffic sent to an Ethernet port, invoke the command:
ces-traffic egress sl <1-8>
where,
<1-8>: SL selectable from the range 1 to 8.
Example
OS910-M(config-tdm2)# ces-traffic egress sl 8
OS910-M(config-tdm2)#
Viewing
General Configuration and Status Information
Viewing MAC Address
To view the MAC address of the E1/T1 CES Module, invoke the command:
MAC-addr : 00:12:72:00:5e:54
OS910-M(config-tdm3)#
Item : Value
------------------------------------------------------
In octets : 1627156548
Out octets : 1525313958
Frames received : 5770059
Frames transmited : 5777704
In multicast : 0
Out multicast : 0
In broadcast : 3
Out broadcast : 6
Single collisions : 0
Multicast collisions : 0
Defered frames : 0
Excessive defered frames : 0
late collisions : 0
Excessive collisions : 0
Mac in pause frames : 0
Mac out pause frames : 0
Ip datagram received : 0
Align errors : 0
Crc errors : 0
Frames too long : 0
Mac rx error : 0
Short frames : 0
Mac tx errors : 0
Code errors : 0
Mac in unknown opcode : 0
Ip header errors : 0
Rx fifo overrun : 0
Tx underrun : 0
Bundle overflow : 0
Range length errors : 0
Out of range length errors : 0
Retransmits timeout : 0
No buffer discards : 0
Rx discards : 0
OS910-M(config-tdm3)#
Example
OS910-M(config-tdm3)# show module-system-info
SW version : AG1624R01.00.00_D017
DB model template : R1624ETEA1001
Board Type : 18
Board Revision : 0
CPLD Revision : 2
FPGA ID : 12
FPGA version : 105
CM PLL Type : 0
DB product enum : 5
DB model enum : 9
Detect card : 1
Redux_board : 1
Application ct : 18
Current system tick : 592763
Silicon ID : 1
Silicon version : 0
ROM archit : 0
MAC-addr : 00:12:72:00:5e:54
Shift register value : 0
OS910-M(config-tdm3)#
Clock
Viewing Clock Configuration
To view the current clock configuration, invoke the command:
show clock
Example
OS910-M(config-tdm2)# show clock
Port
Viewing E1/T1 Port LIU Information
To view the configuration and status information on the ports of the E1/T1 CES Module, invoke the
command:
show tdm-ports
Example
OS910-M(config-tdm2)# show tdm-ports
Clocking_mode : LINE_1
LIU line format : E1
--------------------Configuration Information--------------------
--------------------Status Information--------------------
Example
OS910-M(config-tdm2)# show tdm-ports config
Clocking_mode : LINE_1
LIU line format : E1
Example
OS910-M(config-tdm2)# show tdm-ports default-config
Session
Viewing Sessions
To view the sessions created on the E1/T1 CES Module, invoke the command:
show session
Example
OS910-M(config-tdm2)# show session
OS910-M(config-tdm2)#
--------------------------------------------------------------------------
Example
OS910-M(config-tdm2)# show session detail s02
CONFIGURATION
Item : Value
------------------------------: ---------
Session mode : Enable
Header type : CESoETH
Local ECID : 34
Target ECID : 34
Target MAC : 00:12:72:00:5e:54
Layer 2 support mode : VLAN
Payload length (frames) : 8
Jitter maximum level (ms) : 5
VLAN enable : Disable
MPLS enable : Disable
RTP enable : Disable
Transport emulation type : Unstructured
Session bandwidth (in Kbps) : 2256
Payload suppresion : Disable
Port : 1
Time Slots : 1-32
STATUS/STATISTICS
Item : Status/Value
-----------------------------------: ---------
Clocking mode : LINE1
Eth to TDM direction : UP
TDM to Eth direction : UP
Current jitter buffer delay (ms) : 4.492
Jitter maximum level (ms) : 4.996
Jitter minimum level (ms) : 3.996
Valid Eth packets per sec : 100
Handled Eth packets : 229302
Late Eth packets : 0
Lost Eth packets : 0
Packets per seconds : 1000
Underrun Eth packets : 406
Overrun Eth packets : 0
Malformed packets counter : 0
Duplicate Eth packets : 0
OS910-M(config-tdm2)#
Example
OS910-M(config-tdm2)# show session detail s02 config
CONFIGURATION
Item : Value
------------------------------: ---------
Session mode : Enable
Header type : CESoETH
Local ECID : 34
Target ECID : 34
Target MAC : 00:12:72:00:5e:54
Layer 2 support mode : VLAN
Payload length (frames) : 8
Jitter maximum level (ms) : 5
VLAN enable : Disable
MPLS enable : Disable
RTP enable : Disable
Transport emulation type : Unstructured
Session bandwidth (in Kbps) : 2256
Payload suppresion : Disable
Port : 1
Time Slots : 1-32
OS910-M(config-tdm2)#
STATUS/STATISTICS
Item : Status/Value
-----------------------------------: ---------
Clocking mode : LINE1
Eth to TDM direction : UP
TDM to Eth direction : UP
Current jitter buffer delay (ms) : 4.492
Jitter maximum level (ms) : 4.996
Jitter minimum level (ms) : 3.996
Valid Eth packets per sec : 100
Handled Eth packets : 229302
Late Eth packets : 0
Lost Eth packets : 0
Packets per seconds : 1000
Underrun Eth packets : 406
Overrun Eth packets : 0
Malformed packets counter : 0
Duplicate Eth packets : 0
OS910-M(config-tdm2)#
NAME: ID of session in the format sNUM, where NUM is a number selectable from the
range 1 to 100. Example: s98.
Example
OS910-M(config-tdm2)# show session detail s02 default-cfg
Configuration Example 1
Figure 43: Interconnection for Layer-3 Traffic and using Internal Clock
In the above setup:
− Three sessions are defined on E1 ports P1, P2, P4 on OS910-M (A) as well as on OS910-
M (B)
− Layer-3 protocol is used for circuit emulation
− Unstructured pseudowire is used on port P1 and P2 while structured pseudowire is used
on port P4
− Both E1/T1 CES modules are on the same subnet. As a CES transport interface, a VLAN
interface (vif6) is configured (on each module, and with the same subnet mask) to
enable internal switching.
− The IP modules addresses belong to the subnet configured on vif6.
− CES (L) in OS910-M (A) is set to use its internal clock (for clock mode).
− CES (L) in OS910-M (B) is set to use attempt clock recovery in Single-Recovery-Clock
mode (using the command recovery-clock independent-domain-cfg single)
− The Transmit Clock used on OS910-M (B)ports P1 and P4 is recovered from session s02.
The following three routes between OS910-M (A) and OS910-M (B) are defined:
Route 1
P1 on OS910-M (A) s02 on OS910-M (A) (Ethernet VLAN interface vif6) s02 on
OS910-M (B) P1 on OS910-M (B).
Route 2
P2 on OS910-M (A) s03 on OS910-M (A) Ethernet VLAN interface vif6 s03 on
OS910-M (B) P2 on OS910-M (B).
Route 3
P4 on OS910-M (A) s04 on OS910-M (A) Ethernet VLAN interface vif6 s04 on
OS910-M (B) P4 on OS910-M (B).
The following session parameter values on OS910-M (A) and on OS910-M (B) must be the same:
Header protocol, Timeslots (for structured pseudowire), UDP local and target ports, Target and
Source IP. E1/T1 port numbers, however, may be different.
E1/T1 Analyzer 1 and 2 clock source can be from the E1/T1 CES Module or the analyzer itself.
Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.11/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode internal
module-ip 60.1.1.4/24 interface vif6
port 4 transport-emulation-type struct
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.2
session s02 local-udp-port 49152
session s02 target-udp-port 49152
session s03 description SESSiON-1-2
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.2
session s03 local-udp-port 49155
session s03 target-udp-port 49155
session s04 description SESSiON-3-1
session s04 port 4 timeslots 2-10
session s04 header-proto l3 target-ip 60.1.1.2
session s04 local-udp-port 49156
session s04 target-udp-port 49156
!
OS910-M#
Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.1/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 60.1.1.2/24 interface vif6
port 4 transport-emulation-type struct
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.4
session s02 local-udp-port 49152
session s02 target-udp-port 49152
session s03description SESSiON-2-1
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.4
session s03 local-udp-port 49155
session s03 target-udp-port 49155
session s04 description SESSiON-3-1
session s04 port 4 timeslots 2-10
session s04 header-proto l3 target-ip 60.1.1.4
session s04 local-udp-port 49156
session s04 target-udp-port 49156
recovery-clock independent-domain-cfg single
recovery-clock session s02 controller 1
!
Configuration Example 2
The setup & configuration is the same as in the Configuration Example 1, page 444 except for the
following differences:
− Multiple-Recovery-Clocks mode instead of Single-Recovery-Clock mode is set
on OS910-M (B). Transmit Clock used on port P1 is recovered from session
s02, while Transmit Clock used on port P4 of OS910-M (B) is recovered from
session s04.
− The clock configurations are as follows:
E1/T1 Analyzer 1 and 2 clock source can be from the E1/T1 CES Module or the analyzer
itself.
OS910-M (A): Clock mode is loopback
OS910-M (B): Clock mode is recovery; Recovery clock mode is multiple.
Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.11/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode loopback
module-ip 60.1.1.4/24 interface vif6
port 4 transport-emulation-type struct
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.2
session s02 local-udp-port 49152
session s02 target-udp-port 49152
session s03 description SESSiON-1-2
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.2
session s03 local-udp-port 49155
session s03 target-udp-port 49155
session s04 description SESSiON-3-1
session s04 port 4 timeslots 2-10
session s04 header-proto l3 target-ip 60.1.1.2
session s04 local-udp-port 49156
session s04 target-udp-port 49156
!
OS910-M#
Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.1/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 60.1.1.2/24 interface vif6
port 4 transport-emulation-type struct
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.4
session s02 local-udp-port 49152
session s02 target-udp-port 49152
session s03 description SESSiON-2-1
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.4
session s03 local-udp-port 49155
session s03 target-udp-port 49155
session s04 description SESSiON-3-1
session s04 port 3 timeslots 2-10
session s04 header-proto l3 target-ip 60.1.1.4
session s04 local-udp-port 49156
session s04 target-udp-port 49156
recovery-clock independent-domain-cfg multiple
recovery-clock session s02 controller 1
recovery-clock session s04 controller 1
!
Configuration Example 3
Figure 44: Interconnection for Layer-3 Traffic and using Different Subnets
In the above setup:
− The E1/T1 CES Modules in the OS910-M (A) and OS910-M (B) have source IP addresses
of different subnets.
− The subnet used for Ethernet connectivity (CES transport) between OS910-M (A) and
OS910-M (B) is different from those of the E1/T1 CES Modules. This means that the
E1/T1 CES Module in OS910-M (A) and in OS910-M (B) need to route traffic between
them (using a static route).
If a subnet (VLAN interface) is to be used only by the E1/T1 CES Module in OS910-M (A)
or in OS910-M (B), it is enough to configure the tag and IP address for the VLAN interface.
That is, there is no need to include ports in the VLAN interface.
The Layer-3 traffic route between the E1/T1 CES Module in OS910-M (A) and the E1/T1 CES
Module in OS910-M (B) is as follows:
E1/T1 CES Module in OS910-M (A) (IP 60.1.1.4) OS910-M (A) VLAN Interface (IP
60.1.1.11/24) OS910-M (A) subnet (IP 70.1.1.11/24) OS910-M (B) subnet (IP
70.1.1.1/24) OS910-M (B) VLAN Interface (IP 80.1.1.1/24) E1/T1 CES Module in
OS910-M (B) (IP 80.1.1.2).
OS910-M (A) Configuration
OS910-M# write terminal
Building configuration
Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.11/24
!
interface vlan vif7
tag 70
ip 70.1.1.11/24
ports 7
!
ip route 80.1.1.0/24 70.1.1.1
!
dhcp
enable
!
tdm 2
clock mode internal
module-ip 60.1.1.4/24 interface vif6
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 80.1.1.2
session s02 local-udp-port 49152
session s02 target-udp-port 49152
!
OS910-M#
Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif7
tag 70
ip 70.1.1.1/24
ports 7
!
interface vlan vif8
tag 80
ip 80.1.1.1/24
!
ip route 60.1.1.0/24 70.1.1.11
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 80.1.1.2/24 interface vif80
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.4
session s02 local-udp-port 49152
session s02 target-udp-port 49152
recovery-clock independent-domain-cfg single
recovery-clock session s02 controller 1
!
OS910-M#
Configuration Example 4
Figure 45: Interconnection for Layer-2 Traffic and using IP and DHCP
In the above setup:
− Layer-2 protocol is used.
− The interface used for CES transport is an IP VLAN interface and source IP address is
defined for the E1/T1 CES Modules.
To get the MAC address of the partner E1/T1 CES Module invoke the following command on the
partner CLI:
show module mac-addr
Configuration Example 5
Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.1/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode line1
module-ip 60.1.1.2/24 interface vif6
clock output recovered
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.12
session s02 local-udp-port 49152
session s02 target-udp-port 49152
!
tdm 3
clock mode external
module-ip 60.1.1.3/24 interface vif6
clock input-ext other-slot-recovered
session s03 description SESSiON-2-1
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.13
session s03 local-udp-port 49153
session s03 target-udp-port 49153
!
#OS910-M#
Current configuration:
! version main-d1550-10-11-06
!
interface vlan vif6
tag 60
ip 60.1.1.11/24
ports 6
!
dhcp
enable
!
tdm 2
clock mode recovery
module-ip 60.1.1.12/24 interface vif6
clock output recovered
session s02 description SESSiON-1-1
session s02 port 1
session s02 header-proto l3 target-ip 60.1.1.2
session s02 local-udp-port 49152
session s02 target-udp-port 49152
recovery-clock independent-domain-cfg single
recovery-clock session s02 controller 1
!
tdm 3
clock mode external
module-ip 60.1.1.13/24 interface vif6
clock input-ext other-slot-recovered
session s03 description SESSiON-2-1
session s03 port 2
session s03 header-proto l3 target-ip 60.1.1.13
session s03 local-udp-port 49153
session s03 target-udp-port 49153
!
Configuration Example 6
− CES (L) in OS910-M (A): Clock mode is line1, Clock exportation is recovered, Diffserv
Level is highest (8)
− CES(R)-OS910-M (A): Clock mode is external, Clock selected from neighbor slot (using
the command clock input-ext other-slot-recovered), Diffserv Level is highest
(8)
− CES (L) in OS910-M (B): Clock mode is line1, Clock mode is recovery, Diffserv Level
is highest (8)
The DSCP value = 46 corresponds to ToS value=184.
OS910-M (A) Configuration
access-list extended acl1
rule 10
dscp eq 0xb8
action mark sl 8
!
!
interface vlan vif10
tag 10
ip 192.168.1.1/24
ports 1-2
access-group acl1 1
!
dhcp
enable
!
tdm 2
clock mode line1
module-ip 192.168.1.10/24 interface vif10
clock output recovered
ces traffic egress sl 8
session s01 description s01
session s01 port 1
session s01 header-proto l3 target-ip 192.168.1.30
session s01 ip-tos 184
session s01 local-udp-port 49152
session s01 target-udp-port 49152
!
tdm 3
clock mode external
module-ip 192.168.1.20/24 interface vif10
clock input-ext other-slot-recovered
ces traffic egress sl 8
session s02 description s02
session s02 port 4
session s02 header-proto l3 target-ip 192.168.1.40
session s02 ip-tos 184
session s02 local-udp-port 57343
session s02 target-udp-port 57343
Note
0xb8 (= decimal 184) is the highest priority value for ToS.
0x0 (= decimal 0) is the lowest priority value for ToS, and is the default
value.
For SL mapping details, refer to Chapter 13: Quality of Service
(QoS).
Upgrading/Downloading
Requirements
− Connection of the OS910-M to an external FTP server having the EM9-CES image
(operative firmware)
− Connection of a craft terminal62 or TELNET station to the OS910-M.
(The baud rate of the craft terminal/TELNET station must be 9600 baud.)
Procedure
The procedure for upgrading/downloading an EM9-CES image is as follows:
1. From configure terminal mode enter tdm mode by invoking the command:
tdm SLOT-NUM
where,
SLOT-NUM: Number of the slot hosting the EM9-CES.
2. Copy the EM9-CES image from the FTP server to the OS910-M by invoking the
command:
copy tdm-ver ftp FTP-SERVER REMOTE-DIR REMOTE-FILENAME
[USERNAME] [PASSWORD]
where,
FTP-SERVER: Host name or IP address of the FTP server containing the
image to be downloaded.
REMOTE-DIR: Full path to the directory containing the image on the FTP
server.
REMOTE-FILENAME: Name of the image file in the directory
USERNAME: Name of user authorized to access the FTP server.
PASSWORD: Password for accessing the FTP server.
Example
OS910-M# configure terminal
OS910-M(config)# tdm 2
OS910-M(config-tdm2)# copy tdm-ver ftp 192.32.32.32 versions CMX1624-v18.bin Tarzan
MyPassword
62
Asynchronous ASCII terminal, e.g., VT100 terminal capable of operating with the Serial/RS-232 protocol
Example
OS910-M(config-tdm2)# show module firmware-download-info
OS910-M(config-tdm2)#
At the end of the download process the EM9-CES is automatically reset and run with the
new image.
4. Clear the EM9-CES image from the OS910-M by invoking the command:
remove firmware-download-file
Example
OS910-M(config-tdm2)#remove firmware-download-file
OS910-M(config-tdm2)#
Product Specification
E1 Port
Purpose Connection to E1 voice lines
Data Rate 2.048 Mbps
Line Code HDB3, AMI
Receive Level 0 to –43 dB, 0 to –12 dB
Connector RJ45 female 8-pin shielded connector
T1 Port
Purpose Connection to T1 voice lines
Data Rate 1.544 Mbps
Line Code B8ZS, AMI
Receive Level 0 to –36 dB, 0 to –15 dB
Connector RJ45 female 8-pin shielded connector
1000Base-X
External Clock
Cable Impedance 50 Ω
Protocols
Circuit Emulation SAToP, CESoPSN, CESoETH MEF-8/3
Clocking Adaptive
Standards
E1 ITU-T Rec. G.703, G.704, G.823
Framing
E1 CRC4 MF, CAS MF
T1 D4 (SF), ESF
Terminology
General Query: Message sent by an OS900 to learn which groups have members on an
attached network.
Group-specific Query: Message sent by an OS900 to learn if a particular group has members
on an attached network.
Membership Report: Message sent by a client (e.g., switch):
Requesting to join a multicast group, or
In response to a query (general or group-specific).
Leave: Message sent when a client attempts to terminate the service provided.
Querier Port State: The capability of an OS900 port to assume either of the following values:
Querier Port – Sends queries.
Non-Querier Port – Does not send queries.
A value of a querier port state can be changed in dynamic mode (default
mode) or static mode.
In dynamic mode, the value is assigned to the querier port state
according to the rules stated in RFC 2236. In this mode, the default value
of querier port state is Querier Port.
In static mode, the value is assigned to the querier port state by the user
with the aid of a CLI command.
Server Port State: The capability of an OS900 port to assume either of the following values:
Server Port – Sends membership reports.
Non-Server Port – Does not send membership reports.
A value of a server port state can be changed in dynamic mode (default
mode) or static mode.
In dynamic mode, the value assigned to the Server Port state depends
on the:
1) Result of the comparison between the OS900’s IP address and
its neighbor.
2) Value of the querier port state (Querier Port or Non-Querier Port)
of the OS900 port.
In this mode, the default value of server port state is Non-Server Port.
In static mode, the value is assigned to the server port state by the user
with the aid of a CLI command.
Definition
IGMP IP Multicast is the direction of selective IP multicast traffic (data, video, voice, etc.) to ports
belonging to a particular IP Multicast group.
Compliance
IGMP IP Multicast implementation in the OS900 complies IGMPv2 (IETC RFC 2236).
Purpose
IGMP IP Multicast has the following purposes:
• Selective Homing: Direction of selective IP traffic to intended clients only!
This has the following two advantages over the broadcast mode:
− IP traffic does not reach unintended clients. This is useful in respect to discretion,
billing, security, etc.
− It does not load ports that are not required to receive the IP traffic.
• Minimal Loading: Forwarding of only a single copy of the IP traffic over the network!
This has the following advantage over unicast mode: It does not send multiple copies of
the IP traffic over the network to multiple clients belonging to the same multicast group;
just one copy. This considerably reduces traffic load on the network. Thus a network could
continue to function properly even for a large number of such groups.
Applications
IP Multicast provides the most network bandwidth efficient means of source-to-destination
trafficking in one-to-many and many-to-many applications, such as for example Multimedia
(streaming media, remote education, audio/video conferencing, etc.)
Figure 48 is an example of an application of IP Multicast.
Functions
The OS900 uses the IGMP Snooping and Proxy functions for IP multicast. IGMPv2 is superior to
IGMPv1 because it allows termination of group membership to be immediately reported by the
IGMP protocol. This capability is important for large-bandwidth multicast groups and subnets with
highly volatile group membership.
IGMP Snooping: The OS900 uses the IGMP Snooping function to examine IGMP packets
(e.g., query and report) to learn dynamically about multicast group
membership and to make forwarding decisions accordingly. The OS900
features a new level of efficient IP Multicast support by examining all IGMP
traffic in hardware at wire speed, and eliminating unwanted data streams so
that they cannot impact network or endstation performance.
IGMP Proxy: The IGMP proxy function is used by the OS900 to identify members of a
multicast group on a per-port basis, send ‘query’ messages, and sense
‘report’ (join) and ‘leave’ messages by which clients can join and leave
multicast groups. IGMP Proxy has the functionality of IGMP querier
interfaces (ports) as well as client interfaces. IGMP Proxy performs the
router part of the IGMP protocol on its client interfaces, and the client part of
the IGMP protocol on its querier interface. On receiving IP multicast data on
a querier or client interface, the OS900 forwards the data only to client
interfaces that are members of the specific multicast group. The OS900
forwards IGMP ‘report’ and ‘leave’ messages received from client interfaces
to the querier interfaces.
Principle of Operation
Port States
The setting of states to OS900 ports by IGMP (when all the ports of OS900 A and OS900 B are
set in dynamic mode) is described with the aid of the sample network in Figure 49, below. This
network was chosen for its simplicity in order to facilitate explanation of the state setting principle.
Query
When IGMP is enabled, all the ports of the OS900 are initially set as querier ports. When a
neighbor OS900 receives a query from any of these ports, the neighbor compares the IP address
in the query with its own. If its own IP address is lower, the port at which it received the query
remains as a querier port. If its own IP address is higher, the port at which it received the query
becomes a non-querier port, i.e., it will not send query packets. According to Figure 49, Port 4
remains a querier port because the Multicast Server does not send queries and therefore IP
addresses are not compared. When Port 2 receives a query from Port 4 it remains as a querier
port because the IP address of OS900 A is lower than the IP address of OS900 B. When Port 4
receives a query from Port 2 it changes its state from a querier port into a non-querier port
because the IP address of OS900 B is higher than the IP address of OS900 A. Since ports 1, 2,
and 3 are connected to clients, they will not receive queries and, therefore, will continue to remain
as querier ports.
Server
When IGMP is enabled, all the ports of the OS900 are initially set as Non-Server Ports.
In dynamic mode, when a port whose ‘server port state’ is:
− Non-Server Port changes its ‘querier port state’ from Querier Port to
Non-Querier Port, the port will change its ‘server port state’ from Non-
Server Port to Server Port.
− Server Port changes its ‘querier port state’ from Non-Querier Port to
Querier Port, the port will change its ‘server port state’ from Server Port
to Non-Server Port.
According to Figure 49, when Port 4 (after it has changed to Non-Querier Port) receives a query
from Port 2, it changes its ‘server port state’ to Server Port.
Summary:
Ports that transmit queries in the direction of multicast clients will become querier ports. Ports that
respond to a query with a report message sent in the direction of multicast servers will become
server ports.
For Figure 49, Ports 1, 2, 3, 2, and 4 become querier ports; Port 4 becomes a server port.
Leave Modes
The OS900 can be configured to respond to a client requesting to leave a multicast group in either
of the following modes:
− Regular (per the standard)
− Fast
Regular
In regular leave mode, when an OS900 receives a ‘leave’ message from a client, it sends a
‘’group-specific query’ to the client and waits until the end of the standard response time. If no
‘report’ is received from this client during this wait, the specific client is removed from the multicast
group. If a ‘report’ is received from this client during this wait, the client is retained in the multicast
group.
This mode may delay a client by a few seconds from joining another multicast group.
Fast
In fast leave mode, unlike in regular leave mode, a client can switch to another multicast group
immediately. The OS900 sends the ‘group-specific query afterward. Fast leave mode is the default
mode.
Rules
1. If dynamic mode (i.e., IGMP mode of registration) is selected for ‘querier port
state’ and ‘server port state’, mediation devices (e.g., OS900s) in any path from a
multicast server to a multicast client must have progressively higher IP addresses.
2. In static mode:
− Ports that are to direct traffic to multicast clients must be
configured as query and non-server ports.
− Ports that are to direct reports to servers must be configured as
server and non-querier ports.
IGMP does this automatically in dynamic mode (default mode) of the OS900.
3. For each port, either both ‘querier port state’ and ‘server port state’ must be set to
dynamic mode or both must be set to static state.
4. ‘no aging’ of a port of a Multicast group can be selected only for ‘fast-leave’ mode
(and not for ‘regular’).
5. If IGMP is disabled (using the command no enable in igmp mode), static
multicast entries can be viewed using the command write terminal or show
running-config in enable mode.
6. The multicast group IP address must be in the range 224.0.0.0 to
239.255.255.255.
7. To distinguish between two multicast groups, their two IP addresses must differ
from each other in their 23 LSBs.
8. A static multicast group can be created (using the command mc-group
address) if all of the following conditions are met:
− An interface with a tag matching the tag of the multicast group
(to be created) exists.
− An IP address is assigned to this interface.
− IGMP is enabled on this interface.
9. A single or a range of multicast groups is automatically deleted if any of the
following occurs:
− An interface with a tag matching the tag of the multicast group
created (using the command mc-group address) is deleted.
− The IP address of the interface is deleted.
− IGMP is disabled on the interface
10. Multicast groups must not overlap.
11. For a client to be able to receive traffic addressed to a multicast group, the client
needs to use an IP multicast support application that implements IGMP on
networks that support IGMP. (Such networks effectively eliminate multicast traffic
on segments that are not destined to receive this traffic.)
12. For a client to receive traffic addressed to a multicast group, it must be a member
of the group.
13. Traffic is sent to clients that joined the multicast group so long as there is at least
one member that has not requested to leave the group.
Usage
Entering IGMP Mode
To enter the mode in which the OS900 can be configured for IGMP multicast operation:
1. Enter configure terminal mode.
2. Invoke the command:
igmp.
Example
MRV OptiSwitch 910 version d0733-08-01-06
OS900 login: admin
Password: ******
OS900> enable
OS900# configure terminal
OS900(config)# igmp
OS900(config-igmp)#
Note
The command igmp-enable can enable IGMP Multicast for a VLAN
interface provided IGMP is globally enabled as described the section
IGMP Multicast, page 466.
Preventing Aging
To prevent aging:
1. Enter igmp mode.
2. Invoke the command:
no aging.
Example
OS900# configure terminal
OS900(config)# igmp
OS900(config-igmp)# no aging
OS900(config-igmp)#
Example
OS900(config)# igmp
OS900(config-igmp)# fast-leave
OS900(config-igmp)#
Single
To create a single static multicast group:
1. Enter igmp mode.
2. Invoke the command:
mc-group address GROUP-IP tag TAG ports PORTS-GROUP.
where,
GROUP-IP = IP address of multicast group. Valid IP addresses are in the range
224.0.0.0 to 239.255.255.255. (The range 224.0.0.0 to 224.0.0.255 is reserved
by IANA for use by network protocols on a local network segment. Packets with
an IP address in this range are local in scope and are not forwarded by IP
routers. As a result, the packets will not leave the local network.)
TAG = Tag of the interface containing the ports to be members of the multicast
group.
PORTS-GROUP = Group of ports to be members of the multicast group.
Example
OS900(config)# igmp
OS900(config-igmp)# mc-group address 224.1.1.5 tag 300 ports 1,2
Number of multicast groups is 1.
OS900(config-igmp)#
Multiple
To create multiple static multicast groups:
1. Enter igmp mode.
2. Invoke the command:
mc-group address FIRST-GROUP-IP last-address
LAST-GROUP-IP tag TAG ports PORTS-GROUP
where,
FIRST-GROUP-IP = Lowest IP address in the sequence of IP addresses to be
assigned to the multicast groups. Valid IP addresses are in the range 224.0.0.0
to 239.255.255.255.
LAST-GROUP-IP = Highest IP address in the sequence of IP addresses to be
assigned to the multicast groups.
TAG = Tag of the interface containing the ports to be members of the multicast
groups.
PORTS-GROUP = Group of ports to be members of the multicast groups.
Example
OS900(config)# igmp
OS900(config-igmp)# mc-group address 225.1.2.1 last-address 225.1.3.15 tag 10 ports 4
Number of multicast groups is 271.
OS900(config-igmp)#
Single
To delete a single static multicast group:
1. Enter igmp mode.
2. Invoke the command:
no mc-group address GROUP-IP tag TAG ports PORTS-GROUP.
where,
GROUP-IP = IP address of multicast group.
TAG = Tag of the interface containing the ports that are members of the
multicast group.
PORTS-GROUP = Group of ports that are members of the multicast group.
Example
OS900(config)# igmp
OS900(config-igmp)# no mc-group address 224.1.1.5 tag 300 ports 1,2
OS900(config-igmp)#
Multiple
To delete multiple static multicast groups:
1. Enter igmp mode.
2. Invoke the command:
no mc-group address FIRST-GROUP-IP last-address
LAST-GROUP-IP tag TAG ports PORTS-GROUP
where,
FIRST-GROUP-IP = Lowest IP address in the sequence of IP addresses
assigned to the multicast groups.
Querier Port
To set static ‘Querier Port’ to a port:
Non-Querier Port
To set static ‘Non-Querier Port’ to a port:
1. Enter igmp mode.
2. Invoke the command:
port not-querier static PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set to static Non-Querier Port.
all = All ports to be set to static Non-Querier Port.
Example
OS900(config)# igmp
OS900(config-igmp)# port not-querier static 1,2
OS900(config-igmp)#
Server Port
To set static ‘Server Port’ to a port:
1. Enter igmp mode.
2. Invoke the command port server static PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set to static Server Port.
all = All ports to be set to static Server Port.
Example
OS900(config)# igmp
OS900(config-igmp)# port server static 3,4
OS900(config-igmp)#
Non-Server Port
To set static Non-Server Port to a port:
1. Enter igmp mode.
2. Invoke the command:
port not-server static PORTS-GROUP|all
where,
PORTS-GROUP = Group of ports to be set to static Non-Server Port.
all = All ports to be set to static Non-Server Port.
Example
OS900(config)# igmp
OS900(config-igmp)# port not-server static 2-4
OS900(config-igmp)#
OS900(config-igmp)#
All Ports
To view the current modes and states of all the ports:
1. Enter igmp mode.
2. Invoke the command:
show igmp-port
Example
OS900(config)# igmp
OS900(config-igmp)# show igmp-port
OS900(config-igmp)#
Example
OS900(config)# igmp
OS900(config-igmp)# show mc-ip entry 225.1.1.1
Codes of the Flags: I - IGMP registration, S - Static registration.
Group-IP num-IFs Flags Tag Vidx Flags num-Ports PORTs
-----------------------------------------------------------------
225.1.1.1 2 SI
10 4097 S 4 1-3
20 4098 I 1 4
OS900(config-igmp)#
All Entries
To view settings of all current IP multicast groups:
1. Enter igmp mode.
2. Make sure that IGMP is enabled (using the command enable).
3. Invoke the command show mc-ip table.
Example
OS900(config-igmp)# show mc-ip table
Codes of the Flags: I - IGMP registration, S - Static registration.
Group-IP num-IFs Flags Tag Vidx Flags num-Ports PORTs
--------------------------------------------------------------------
225.1.1.1 3 I
50 4567 I 1 3
25 4844 I 1 1
16 4841 I 1 2
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
225.1.1.2 2 I
50 4568 I 1 3
25 4845 I 1 1
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
225.1.1.3 2 I
50 4569 I 1 3
25 4846 I 1 1
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
225.1.1.4 2 I
50 4570 I 1 3
25 4847 I 1 1
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
225.1.1.5 2 I
50 4571 I 1 3
25 4848 I 1 1
OS900(config-igmp)#
‘Group-IP‘ designates multicast group.
‘Tag‘ designates multicast interface ID.
Configuration
General
Setting of states to ports can be done in dynamic or static mode. In dynamic mode, IGMP sets the
states automatically. In static mode, the user sets the states. The state set to a port in static mode
can be changed or freed to change only by the user.
Dynamic mode has two advantages over static mode:
− It relieves the user of the burden of configuring each OS900 port individually in a network
that could possibly have hundreds of ports.
− It automatically (and within a few seconds) accomplishes network convergence (recovery)
when mediation devices (e.g., switches or routers) are added or removed from the
network.
Dynamic mode is the default mode.
Procedure
The detailed configuration procedure for an OS900 to operate in the IGMP multicast protocol is as
follows:
1. Create a VLAN interface that has:
a. Ports that are to be made members of a multicast group.
b. A VLAN tag.
c. An IP address.
For details, refer to Chapter 7: Interfaces, page 171.
2. Enable IGMP on the VLAN interface as described in the section Enabling IGMP
Multicast for a VLAN Interface, page 466.
3. Enable IGMP multicast as described in the section Enabling IGMP Multicast, page
466.
4. If required, create a static multicast group containing ports to be members as
described in the section Creating Static Multicast Group(s), page 468.
5. For each path from a server to a client, if an OS900 has an IP address lower than
any upstream OS900 in the path, the following must be done:
a. The port of its immediate upstream neighbor (to which it is
connected) must be set to static ‘Query Port’ (as described in the
section Querier Port, page 470).
b. Its own port must be set to static ‘Server Port’ (as described in the
section Server Port, page 471).
6. (Optional) Change the query interval as described in the section Changing Query
Interval, 467.
7. (Optional) Change the aging time as described in the section Changing Aging
Time, page 467.
8. (Optional) Change the ‘leave’ mode as described in the section Leave Modes,
464.
Example
Referring to Figure 49, page 463, ‘server port state’ and ‘querier port state’ of the OS900 ports will
be correctly set in dynamic mode by IGMP since the OS900s in any path from the multicast server
to a multicast client have progressively higher IP addresses.
If, however, in a path from a multicast server to a multicast client there is an OS900 with an IP
address lower than an upstream OS900 in the path, the setting by IGMP would be incorrect.
Figure 50, below, shows OS900s with IP addresses that do not get progressively higher in all the
paths from the multicast server to the multicast clients. For e.g., in the path to C4, C5, or C6, the IP
address gets higher in going from OS900 A to OS900 B (which complies with IGMP) but gets
lower in going from OS900 B to OS900 C (which conflicts with IGMP). Accordingly, IGMP will
succeed in correctly configuring the ports for the paths from the multicast server to C1, C2, and
C3. However, IGMP will fail to correctly configure the ports for the paths to C4, C5, and C6.
Specifically, Port 3 will set to Non-Query Port (although it is required to set to Query Port) because
the IP address of OS900 B is higher than that of OS900 C. Port 1 will set to Query Port and Non-
Server Port (although it is required to set to Server Port).
To resolve this problem, Port 3 and Port 1 have to be set statically. Port 3 must be set using the
procedure described in the section Querier Port, page 470. Port 1 must be set using the procedure
described in the section Server Port, page 471.
OS900 A Configuration
1. Create a VLAN interface (e.g., vif10) that includes:
a. Ports 1, 2, 3, and 4
(These ports are to be members of a multicast group. Other ports
as well may be included in the VLAN interface.)
b. A VLAN tag (e.g., 30)
c. An IP address (e.g., 195.1.1.5/24).
2. Enable IGMP on the interface, as described in the section Enabling IGMP
Multicast for a VLAN Interface, page 466.
3. Enable IGMP multicast, as described in the section Enabling IGMP Multicast,
page 466.
4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and ports 2
and 4, as described in the section Creating Static Multicast Group(s), page 468.
OS900 B Configuration
1. Create a VLAN interface (e.g., vif20) that includes:
a. Ports 2, 3, and 4
(These ports are to be members of a multicast group. Other ports
as well may be included in the VLAN interface.)
b. A VLAN tag (e.g., 30)
c. An IP address (e.g., 195.3.1.7/24).
2. Enable IGMP on the interface, as described in the section Enabling IGMP
Multicast for a VLAN Interface, page 466.
3. Enable IGMP multicast, as described in the section Enabling IGMP Multicast,
page 466.
4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and port 4,
as described in the section Creating Static Multicast Group(s), page 468.
5. Set Port 3 to Query Port, as described in the section Querier Port, page 470.
6. Set Port 3 to static Non-Server Port, as described in the section Non-Server Port,
page 471.
OS900 C Configuration
1. Create a VLAN interface (e.g., vif30) that includes:
a. Ports 1, 3, 4, and 2
(These ports are to be members of a multicast group. Other ports
as well may be included in the VLAN interface.)
b. A VLAN tag (e.g., 30)
c. An IP address (e.g., 195.2.1.6/24).
2. Enable IGMP on the interface, as described in the section Enabling IGMP
Multicast for a VLAN Interface, page 466.
3. Enable IGMP multicast as described in the section Enabling IGMP Multicast, page
466.
4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and ports 3,
4, and2, as described in the section Creating Static Multicast Group(s), page 468.
5. Set port 1 to static Server Port, as described in the section Server Port, page 471.
Execution of the procedure using the OS900 CLI is as follows:
OS900-A
MRV OptiSwitch 910-M version d0733-08-01-06
OS900-A login: admin
Password:
OS900-A> enable
OS900-A# configure terminal
OS900-A(config)# igmp
OS900-A(config-igmp)# enable
OS900-A(config-igmp)# exit
OS900-A(config)#
OS900-B
MRV OptiSwitch 910-M version d0733-08-01-06
OS900-B login: admin
Password:
OS900-B> enable
OS900-B# configure terminal
OS900-B(config)# igmp
OS900-B(config-igmp)# enable
OS900-B(config-igmp)# exit
OS900-B(config)#
OS900-C
MRV OptiSwitch 910-M version d0733-08-01-06
OS900-C login: admin
Password:
OS900-C> enable
OS900-C# configure terminal
OS900-C(config)# igmp
OS900-C(config-igmp)# enable
Static Routes
A static route is a permanent transmission path for sending data packets to another network. The
route remains in IP routing tables until either of the following occurs:
Dynamic Routes
A dynamic route is a temporary transmission path to another network. The route remains in IP
routing tables until the routing protocol decides on a better route.
Configuration
RIP is used for managing routing information within a self-contained network, such as a corporate
LAN or an interconnected group of LANs. Using RIP, the router maintains a routing table and
sends it periodically to the closest neighboring routers, so that all the routers running RIP will have
the same routing information.
RIP, a distance-vector routing protocol, measures the shortest path between two points on a
network, using the hop count as a way to determine such a distance. Each host can then use the
routing information to determine where to send the packet next. The OS900 supports both RIP-I
and RIP-II, the latter includes subnet masking.
To configure an OS900 to operate with RIP protocol:
1. Enter configure terminal mode.
Example
OS900> enable
OS900# configure terminal
OS900(config)#
2. Select RIP as the routing protocol by entering router rip mode.
Example
OS900(config)# router rip
OS900(config-rip-router)#
3. Enable RIP on the network by invoking the command:
network A.B.C.D/M
where,
A.B.C.D/M: IP prefix (network/mask), e.g., 35.0.0.0/8
Example
OS900(config-rip-router)# network 33.3.3.3/16
OS900(config-rip-router)#
4. Set the RIP version by invoking the command:
version <1-2>
where,
<1-2>: RIP versions. (Default is 2.)
Example
OS900(config-rip-router)# version 1
OS900(config-rip-router)#
5. Set a metric for redistributing routes by invoking the command:
default-metric <1-16>
where,
<1-16> Default metric
Example
OS910(config-router)# default-metric 7
OS910(config-router)#
6. Advertise the default gateway route by invoking the command:
default-information originate
Example
OS900(config-router)# default-information originate
OS900(config-router)#
7. To set the distance for a specific route, invoke the command:
distance <1-255>
where,
<1-255>: Distance
Example
OS910(config-router)# distance 5
OS910(config-router)#
8. To specify the networks to be excluded from routing updates, invoke the command:
distribute-list (prefix WORD|WORD) in|out WORD
where,
prefix WORD: Name of ACL matching a list of IP prefixes to be excluded
from routing updates
WORD: (first appearance) Name of an ACL (access list, e.g., ACL1) specifying
networks to be excluded from routing updates
in: Filter (prevent) incoming routing updates
out: Filter (prevent) outgoing routing updates
Below is an example showing how an OS900 can be configured to operate with RIP.
OS900# configure terminal
OS900(config)# router ?
rip Routing Information Protocol (RIP)
OS900(config)# router rip
OS900(config-router)# network ?
A.B.C.D/M IP prefix <network>/<length>, e.g., 35.0.0.0/8
WORD Interface name
OS900(config-router)# network 25.3.4.7/18
OS900(config-router)# version ?
<1-2> version
OS900(config-router)# version 1
OS900(config-router)# redistribute connected
OS900(config-router)# redistribute static
OS900(config-router)#
Authentication Customization
The OS900 provides per interface authentication for RIP messages sent and received by the
router. The router reads the RIP message and, if the correct authentication string or password is
included, authenticates it. Otherwise, it drops the message. In this way, unauthorized packets are
prevented from being processed.
To activate RIP authentication for an OS900:
1. Enter configure terminal mode.
Example
OS900> enable
OS900# configure terminal
2. Enter the mode of a configured VLAN interface by invoking the command:
interface IFNAME
where,
IFNAME: Interface ID
Example
OS900(config)# interface vif3
OS900(config-vif3)#
3. Invoke the command:
ip rip authentication key-chain|mode|string LINE
where,
key-chain: Key-chain method for authentication of RIP messages to the
router
mode: Mode method for authentication of RIP messages to the router
string: String method for authentication of RIP messages to the router
LINE: Name of key-chain
Example
OS900(config-if)# ip rip authentication key-chain Key_Chain_1
OS900(config-if)#
Below is an example showing how RIP authentication can be activated for an OS900.
OS900> enable
OS900# configure terminal
OS900(config)# interface
OS900(config)# interface vif1
OS900(config-if)# ip rip authentication key-chain 22
OS900(config-if)# ip rip authentication mode Main_Floor
OS900(config-if)# ip rip authentication string 12345
OS900(config-if)#
Basic OSPF
OSPF is a link-state routing protocol. Link-state protocols use the shortest path first (SPF)
algorithm to populate the routing table. OSPF shares information with every router in the network.
OSPF is considered a difficult protocol to configure and requires a thorough understanding of
terms that are commonly used. Table 19, below, describes OSPF terminology used in this section.
Table 19: OSPF Terminology
Term Meaning
Link state Information is shared between directly connected routers. This
information propagates throughout the network unchanged and is
also used to create a shortest path first (SPF) tree.
Area A group of routers that share the same area ID. All OSPF routers
require area assignments.
Autonomous system (AS) A network under a common network administration.
Cost The routing metric used by OSPF. Lower costs are always preferred.
You can manually configure the cost with the ip ospf cost
command.
Router ID Each OSPF router requires a unique router ID. It is recommended to
manually assign the router ID.
Adjacency When two OSPF routers have exchanged information between each
other and have the same topology table. An adjacency can have the
following different states or exchange states:
1. Init state – When Hello packets have been sent and
are awaiting a reply to establish 2-way communication.
2. Establish bi-directional (2-way) communication –
Accomplished by the discovery of the Hello protocol
routers and the election of a DR.
3. Exstart – Two neighbor routers form a master/slave
relationship and agree upon a starting sequence to be
incremented to ensure LSAs are acknowledged.
4. Exchange state – Database Description (DD) packets
continue to flow as the slave router acknowledges the
master's packets. OSPF is operational because the
routers can send and receive LSAs between each
other. DD packets contain information, such as the
router ID, area ID, checksum, if authentication is used,
link-state type, and the advertising router. LSA packets
contain information, such as router ID also but in
addition include MTU sizes, DD sequence numbering,
and any options.
5. Loading state – Link-state requests are sent to
neighbors asking for recent advertisements that have
not yet been discovered.
6. Full state – Neighbor routers are fully adjacent
because their link-state databases are fully
synchronized. Routing tables begin to be populated.
Term Meaning
Topology table Also called the link-state table. This table contains every link in the
whole network.
Designated router (DR) This router is responsible for ensuring adjacencies between all
neighbors on a multi-access network (such as Ethernet). This
ensures all routers do not need to maintain full adjacencies with
each other.
The DR is selected based on the router priority. In a tie, the router
with the highest router ID is selected.
Backup DR A backup router designed to perform the same functions in case the
DR fails.
Link-state advertisement (LSA) A packet that contains all relevant information regarding a router's
links and the state of those links.
Priority Sets the router's priority so a DR or BDR can be correctly elected.
Router links Describe the state and cost of the router's interfaces to the area.
Router links use LSA type 1.
Summary links Originated by area border routers (ABRs) and describe networks in
the AS. Summary links use LSA types 3 and 4.
Network links Originated by DRs. Network links use LSA type 2.
External links Originated by autonomous system boundary routers (ASBRs) and
describe external or default routes to the outside (that is, non-
OSPF) devices for use with redistribution. External Links use the
LSA type 5.
Area border router (ABR) Router located on the border of one or more OSPF areas that
connects those areas to the backbone network.
Autonomous system boundary ABR located between an OSPF autonomous system and a
router (ASBR) non-OSPF network.
Before covering various OSPF scenarios, this section covers how OSPF is configured in single
and multiple OSPF areas.
A.B.C.D/M: A.B.C.D/M OSPF network prefix. (You can use the mask to use a
single command to define one or more multiple interfaces to be associated with a
specific OSPF area. The area ID can be a decimal value or an IP address.)
The example below shows how to configure an OSPF routing process and assign it a process
number.
Example
router ospf 1
ospf router-id 0.0.0.1
network 192.168.1.0/30 area 1
Monitoring OSPF
You can display specific statistics such as the contents of IP routing tables, caches, and
databases.
Command Purpose
show ip ospf <0-65535> Display general information about OSPF
where, routing processes.
<0-65535>: OSPF process ID
show ip ospf [<0-65535>] Display lists of information related to the
database [router] [A.B.C.D] OSPF database.
where,
<0-65535>: OSPF process ID
A.B.C.D: Link State ID (as an IP
address)
show ip ospf [<0-65535>]
database [router] [self-
originate]
where,
<0-65535>: OSPF process ID
show ip ospf [<0-65535>]
database [router] [adv-router
[A.B.C.D]]
where,
<0-65535>: OSPF process ID
A.B.C.D: Advertising router IP
address
show ip ospf [<0-65535>]
database [network] [A.B.C.D]
where,
<0-65535>: OSPF process ID
A.B.C.D: Link State ID (as an IP
address)
show ip ospf [<0-65535>]
database [summary] [A.B.C.D]
where,
<0-65535>: OSPF process ID
A.B.C.D: Link State ID (as an IP
address)
show ip ospf [<0-65535>]
database [asbr-summary]
[A.B.C.D]
where,
<0-65535>: OSPF process ID
A.B.C.D: Link State ID (as an IP
address)
show ip ospf [<0-65535>]
database [external] [A.B.C.D]
where,
<0-65535>: OSPF process ID
Note
OSPF does have some disadvantages, including the level of difficulty
and understanding required to configure, monitor, and troubleshoot it.
You can configure more than one OSPF process, but you must be
mindful that the SPF calculations associated with multiple OSPF
processes can consume a considerable amount of CPU and memory.
Scenarios
The following scenarios are designed to draw together and further explore the content described
earlier in this section and some of the content you have seen in your own networks or practice
labs. There is not always one right way to accomplish the tasks presented, and using good
practice and defining your end goal are important in any real-life design or solution.
Scenario 1: Configuring OSPF in a Single Area
In this scenario, you configure two OS900s for OSPF routing using a variable Class network.
Figure 51, below, shows the IP addressing and area assignments for Routers R1 and R2.
Note
Routers R1 and R2 reside in one area; so, in fact, you could apply the
one Master OS™ command to enable all interfaces configured with an
IP address in the range 131.108.0.0 through 131.108.255.255 with the
command network 131.108.0.0 0.0.255.255 area 1.
Note
R1 has a process ID of 1 and R2 has a process ID of 2. The process ID
is locally significant only and doesn't need to match between routers.
The process ID can be any number between 1–65535.
Example 4 displays the remote networks reachable through OSPF with a cost metric of for all. The
next hop address is 192.168.1.x through Interface vif2
Example 4, which displays the IP routing table on R1.
Example: 4 R1's IP Routing Table
R1# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info
Now, apply the OSPF principles to a larger, more complex network in Scenario 2.
Scenario 2: Configuring OSPF in Multiple Areas
Turn your attention to a far more complex OSPF scenario and apply some of the advanced
features in OSPF.
This scenario uses four routers: R1 and R2 from scenario 1 and two new routers named R4 and
R3. Figure 52, below, displays the routers in this scenario.
In Figure 52, above, R1 is an internal router; R2 is an ABR; R4 is a backbone router and ABR, and
R3 is a backbone router.
Router R1 requires no configuration change, but you need to modify R2 and enable OSPF on R3
and R4. Example 9 displays the modifications required on R2.
Remember that you have a link to R4, so you need to set IP addressing.
The following example shows configuration of R2 as ABR.
Example 9: Enable OSPF on R4 with Process ID 6
R2(config)# router ospf 2
R2(config-router)# network 141.108.10.0/30 area 2
Now, enable OSPF on R3 and R4. Notice the IP addressing in Figure 52, above, has a mixture of
the Class B networks 131.108.0.0 and 141.108.0.0 with different subnets.
Hence, this scenario uses VLSM extensively to illustrate the capability of OSPF to handle VLSM.
To enable OSPF on R4, start the OSPF process with the process ID 4 and enable the interfaces to
advertise the networks as displayed by Example 10.
Example 10: Enable OSPF on R4 with Process ID 4
router ospf 4
ospf router-id 0.0.0.4
network 4.4.4.1/32 area 0
network 130.108.9.0/25 area 0
network 130.108.9.128/25 area 0
network 130.108.12.0/24 area 0
network 141.108.10.0/30 area 2
network 192.168.2.0/30 area 0
Now that OSPF is configured on all four routers, examine the routing table on the backbone
network to ensure that all networks are routable. Example 12 displays the IP routing table on R4.
Example 12: IP Routing Table on R4
R4# show ip route
multipath equal cost limit: 1
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info
Once more, Example 13 doesn't display the networks in area 1 on Routers R1 and R2. Example
14 displays R2's IP routing table.
Example 14: R2's IP Routing Table
R2#show ip route
multipath equal cost limit: 1
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info
Note
Note that R2 has access to the remote networks in area 0 or on the
backbone, but not vice versa, because Router R2 is connected to area 2.
Area 2 is not partitioned from the backbone. In fact, area 2 is directly connected to the backbone
through Router R4.
Area 1 is not directly connected to the backbone. Therefore, Router R1 is missing IP networks.
The golden rule in any OSPF network is that all areas must be contiguous or all areas must be
connected to the backbone. Scenario 2 includes three areas. If an area cannot be assigned to the
backbone or is partitioned from the backbone, a virtual link is required. When designing a network,
you use a virtual link to attach areas that do not have a physical connection to the backbone or in
cases in which the backbone is partitioned, as in the example shown in Figure 52, page 499.
Figure 53, below, displays the areas and the requirement for a virtual link.
As can be seen, this command has several options. The following is a simplification:
area area-id virtual-link router-id
The area-id is the transit network between the two partitioned areas, in this case area 2. You can
find the router-id by using the show ip ospf database command, which displays the complete
OSPF database. Example 15 shows you how to discover the router IDs on R2 and R4.
Note that the extensive amount of information typically supplied by the show ip ospf
database command is not all displayed in Example 15.
Example 15: Show ip ospf database Command on R2 and R4
R2>show ip ospf database
OSPF Router with ID (131.108.6.2) (Process ID 2)
R4>show ip ospf database
OSPF Router with ID (141.108.12.1) (Process ID 6)
You now have the information required to configure a virtual link between R3 and R4. Examples 17
and 18 display the configuration performed on Routers R2 and R4.
Example 16: Configuring a Virtual Link on R2
R2(config)#router ospf 2
R2(config-router)#area 2 virtual-link 0.0.0.2
Example 18 displays an active link to the remote OSPF router with the ID 141.108.12.1. Now, view
the routing tables on R3 to determine whether the area 1 networks have been inserted into the IP
routing table, as demonstrated in Example 19.
Example 19: Show ip route on R3
R3# show ip route
multipath equal cost limit: 1
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info
Router R3 discovers the remote networks from the partitioned area 1 through the virtual link
between the routers R2 and R4 as demonstrated by the IP routing table in Example 19.
Examples 20, 21, and 22 show the three configurations of routers R2, R3, and R4, respectively.
R1's configuration is unchanged from scenario 1.
Example 20: Full Configuration on R2
hostname R2
!
interface vlan vif2
description *** Connection to R1 **
tag 2
ip 192.168.1.2/30
ports 7
!
interface vlan vif8
description *** Connection To R4 **
tag 8
ip 141.108.10.1/30
ports 8
!
interface vlan vif10
description *** Client Lan Connection **
tag 10
ip 130.1.1.1/25
ports 1
!
interface vlan vif20
description *** Client Lan Connection **
tag 20
ip 130.1.1.129/25
ports 3
!
interface vlan vif30
description *** Client Lan Connection **
tag 30
ip 130.1.2.1/27
ports 5
ip ospf network point-to-point
ip ospf cost 1000
!
interface dummy dummy1
ip 2.2.2.1/32
!
router ospf 2
ospf router-id 0.0.0.2
network 2.2.2.1/32 area 1
network 130.1.1.0/25 area 1
network 130.1.1.128/25 area 1
network 130.1.2.0/27 area 1
network 141.108.10.0/30 area 2
network 192.168.1.0/30 area 1
area 2 virtual-link 0.0.0.4
!
Example 21 displays R3's full configuration.
Example 21: Full Configuration on R3
hostname R3
!
interface vlan vif2
description *** Connection to Router R4 **
tag 2
ip 192.168.2.2/30
ports 24
!
interface vlan vif10
tag 10
ip 141.1.1.1/25
ports 1
!
interface vlan vif20
tag 20
ip 141.1.1.129/25
ports 3
!
interface vlan vif30
tag 30
ip 141.1.2.1/27
ports 5
!
interface dummy dummy1
ip 3.3.3.1/32
!
router ospf 3
ospf router-id 0.0.0.3
network 3.3.3.1/32 area 0
network 141.1.1.0/25 area 0
network 141.1.1.128/25 area 0
network 141.1.2.0/27 area 0
network 192.168.2.0/30 area 0
!
R3#
Current configuration:
! version 2_0_10
!
hostname R4
!
interface vlan vif2
description *** Connection To R3 **
tag 2
ip 192.168.2.1/30
ports 8
!
interface vlan vif8
description *** Connection to Router R2 **
tag 8
ip 141.108.10.2/30
ports 7
!
interface vlan vif10
description *** Client Lan Connection **
tag 10
ip 130.108.9.1/25
ports 1
!
Example 23 shows the output of the command show ip ospf taken from the backbone Router R3
in Figure 52, page 499. Table 22, page 507, explains how to read the most important information
contained within the output.
Scenario 2, and thus this scenario, has four routers with the following router IDs:
• R1— 0.0.0.1
• R2— 0.0.0.2
• R3— 0.0.0.3
• R4— 0.0.0.4
This information is shown in the examples that follow.
Table 22: Explanation of the show ip ospf Command Output Taken from R3
Field Explanation
OSPF process Id Displays the process ID..
OSPF router Id Displays the router id in this process
Minimum LSA The amount of time that the Master OS™ waits before the SPF
interval 5
secs Minimum LSA calculation is completed after receiving an update. The minimum
arrival 1 sec LSA interval is five seconds and the minimum LSA arrival is one
second on R3.
Number of areas in Displays the number of areas configured on the local router. In
this router is 1 this example, R3 has all interfaces in the backbone, or area 0. So
only one area is displayed by this command.
Area BACKBONE(0) Displays the area the router is configured for. R3 is a backbone
router, so this output advises the area in backbone 0.
Number of interfaces Displays the number of interfaces in area 0. R3 has five
in this area is 5 interfaces in area 0 (including the dummy interface).
Area has no Displays the fact that no authentication is used on R3.
authentication
Example 24 shows the output of the command show ip ospf database taken from the backbone R3
in Figure 52, page 499. Table 23, page 508 explains how to read the most important information
contained within the output.
Example 24: Show ip ospf database Output
R3# show ip ospf database
Field Explanation
OSPF Router with ID The router ID and process ID on the router
(0.0.0.3) (Process ID 3) configured by the network administrator.
Router Link States (Area 0) Displays the link-state advertisements from
connected neighbors discovered by the Hello
protocol.
Summary Net Link States (Area 0) Information displayed by ABRs.
To show you some different output, look at two more examples from Scenario 2: one from R2 and
one from R4. Example 25 displays the show ip ospf neighbor command from R2.
Example 25: Show ip ospf neighbor from R2
R2# show ip ospf neighbor
OSPF process 2:
Neighbor ID Pri State Dead Time Address Interface RXmtL
RqstL DBsmL
0.0.0.4 1 Full/Backup 00:00:36 141.108.10.2 vif8:141.108.10.1 0
0 0
0.0.0.1 1 Full/DR 00:00:30 192.168.1.1 vif2:192.168.1.2 0
0 0
0.0.0.4 1 Full/ - 00:00:39 141.108.10.2 VLINK 0 0
0 0
R2#
Router R2 has two neighbors: one across the Ethernet segment and another through the virtual
link to R4. The show ip ospf neighbor command displays the neighbor router ID and the
priority of the neighbor (both 1 in this example) as well as the DR. Notice that the DR is R1 as
seen by R2. The state of the adjacency (Full) and the dead time are displayed. The dead time is
the amount of time before the adjacency is declared dead or inactive if a Hello packet is not
received. The dead time must be the same of the adjacent router. It is advised that you
configure the dead time to be four times the hello interval. The address field displays the
remote router's IP address. In this case, the IP address assigned to R1 is The interface field
describes the outbound interface from which the neighbor was discovered. Example 26 displays
the neighbors on R4 in more detail by adding the detail parameter to the show ip ospf
neighbor command.
Example 26: Show ip ospf neighbor detail from R4
R4# show ip ospf neighbor detail
Neighbor 0.0.0.2, interface address 141.108.10.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Neighbor Count is 0, Adjacent neighbor count is 0
Crypt Sequence Number is 0
vif10 is up, line protocol is up
Internet Address 130.108.9.1/25, Area 0.0.0.0
Router ID 0.0.0.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.4, Interface Address 130.108.9.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Neighbor Count is 0, Adjacent neighbor count is 0
Crypt Sequence Number is 0
vif20 is up, line protocol is up
Internet Address 130.108.9.129/25, Area 0.0.0.0
Router ID 0.0.0.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.4, Interface Address 130.108.9.129
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Neighbor Count is 0, Adjacent neighbor count is 0
Crypt Sequence Number is 0
vif30 is down, line protocol is down
OSPF not enabled on this interface
vif8 is up, line protocol is up
Internet Address 141.108.10.2/30, Area 0.0.0.2
Router ID 0.0.0.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State Backup, Priority 1
Designated Router (ID) 0.0.0.2, Interface Address 141.108.10.1
Backup Designated Router (ID) 0.0.0.4, Interface Address 141.108.10.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 0
R4#
Router R4 has six interfaces configured with OSPF, so you should expect details about those
interfaces. Example 27 displays all interface network types as BROADCAST. Note that because
R4 has no neighbors over the Ethernet network, no DR/BDR is elected, because there is no need.
The dead interval is four times the hello interval on all interfaces.
Now use some interface commands on the Figure 52, page 499, network to modify the behavior of
the DR/BDR election process. Start by changing the designated router in area 1 and ensure that
Router R2 becomes the DR. Example 28 displays the current DR and the configuration change on
R2 to make the priority higher than R1 by setting the priority to 255.
Example 28: Changing the IP OSPF Priority on R2
R2# show ip ospf neighbor
OSPF process 2:
Neighbor ID Pri State Dead Time Address Interface
RXmtL RqstL DBsmL
0.0.0.4 1 Full/Backup 00:00:36 141.108.10.2 vif8:141.108.1 0.1 0
0 0
0.0.0.1 1 Full/DR 00:00:30 192.168.1.1 vif2:192.168.1.2 0
0 0
0.0.0.4 1 Full/ - 00:00:39 141.108.10.2 VLINK0 0
0 0
OSPF process 2:
Neighbor ID Pri State Dead Time Address Interface
RXmtL RqstL DBsmL
0.0.0.4 1 Full/Backup 00:00:30 141.108.10.2 vif8:141.108.10.1 0
0 0
0.0.0.1 1 Full/DR 00:00:34 192.168.1.1 vif2:192.168.1.2 0
0 0
0.0.0.4 1 Full/ - 00:00:33 141.108.10.2 VLINK0 0
0 0
Note
You can also use the command auto-cost reference-bandwidth
referencebandwidth during the OSPF process to change the bandwidth
portion of the cost calculation. You should set this command equally
across all your routers if you choose to use it. The reference-bandwidth
is set to 108 by default.
Command Purpose
show ip route ospf Displays IP routing tables.
router ospf <0-65535> Enables OSPF routing. The process ID is local to
where, the router. You can have more than one OSPF
<0-65535>: OSPF process ID. The running.
process ID is an internally used
identification parameter that is locally
assigned and can be any positive
integer. Each OSPF routing process has
a unique value.
network A.B.C.D/M area <0- Enables network advertisements out of a particular
4294967295> interface and also the routing of the same interface
where, through OSPF.
A.B.C.D/M: A.B.C.D/M OSPF network
prefix. (You can use the mask to use a
single command to define one or more
multiple interfaces to be associated with
a specific OSPF area. The area ID can
be a decimal value or an IP address.)
show ip ospf Displays the OSPF process and details, such as
OSPF process ID and router ID.
show ip ospf database Displays router's topological database.
show ip ospf neighbor Displays OSPF neighbors.
show ip ospf neighbor detail Displays OSPF neighbors in detail, providing such
parameters as neighbor address, hello interval,
and dead interval.
show ip ospf interface Displays information on how OSPF has been
configured for a given interface.
interface vlan IFNAME In configuration mode, enables you modify an
where, interface number,
IFNAME: Interface ID having the format
vifX, where X is a decimal number in
the range 1-4095.
ip ospf cost <1-65535> Interface command that changes the cost of an
where, OSPF interface.
<1-65535>: Cost
ip ospf priority <0-255> Interface command that changes the DR/BDR
where, election process.
<0-255>: IP OSPF priority. Default: 1.
ip ospf network (broadcast|non- Interface command that changes the network type.
broadcast|point-to-
multipoint|point-to-point)
show ip protocols Displays all routing protocols in use on a OS900.
hostname WORD Configures a name on a router.
where,
WORD: OS900’s network name.
Configuration
To configure an OS900 to operate with BGP:
1. Enter configure terminal mode.
2. Configure VLAN interfaces with IP addresses to enable router-to-router
and router-to-networks communication.
(The procedure for configuring VLAN interfaces is given in Chapter 7:
Interfaces, page 175.)
3. Assign a BGP ID to the OS900 by invoking the command:
router bgp <1-65535>
where,
63
An Autonomous System is a set of routers under a single technical administration, using an interior gateway protocol
and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs.
Since this definition, it has become common for a single AS to use several interior gateway protocols and sometimes
several sets of metrics within an AS. The use of the term Autonomous System here stresses the fact that, even when
multiple IBGPs and metrics are used, the administration of an AS appears to other ASs to have a single coherent interior
routing plan and presents a consistent picture of what destinations are reachable through it.
<1-65535>: Range of BGP Router IDs for the OS900 from which one is to be
selected.
4. Assign a BGP ID to each neighbor router by invoking the command:
neighbor A.B.C.D remote-as <1-65535>
where,
A.B.C.D: Neighbor address
<1-65535>: Range of BGP Router IDs of the neighbor from which one is to
be selected.
5. Assign a BGP ID to each neighbor router by invoking the command:
neighbor A.B.C.D remote-as <1-65535>
where,
A.B.C.D: Neighbor address
<1-65535>: Range of BGP Router IDs of the neighbor from which one is to
be selected.
6. To configure an OS900 as the next hop for a BGP-speaking neighbor or
peer group, disable the next hop calculation by invoking the command:
neighbor A.B.C.D next-hop-self
where,
A.B.C.D: Neighbor address
The above command is useful in non-mesh networks where BGP neighbors might not
have direct access to other neighbors on the same IP subnet.
7. Specify the IP addresses of the OS900 interfaces connected to networks
by repeatedly invoking the command:
network A.B.C.D/M
where,
A.B.C.D/M: Interface IP address
Example
Following is an example in which the primary function of BGP is designated, namely, reachability
between and within Autonomous systems.
Note
The “router bgp” ID between two routers in the same Autonomous
System (AS) must be the same. This example shows the router bgp ID
as 100 between the two routers in the same AS.
Router 3
OS900> enable
OS900# configure terminal
Note
The OS900 sends syslog messages on BGP state machine transitions
to "Established" or "Idle" states.
Example
2003/05/19 07:27:15 BGP : 172.28.2.2 [FSM] Hold_Timer_expired
(Established->Idle)
2003/05/19 07:29:20 BGP : 172.28.2.2 [FSM]
Receive_KEEPALIVE_message
(OpenConfirm->Established)
Principle of Operation
VRRP dynamically assigns responsibility to one router (Master Router) in a network to route
packets sent from the hosts in the network. The other routers in the network serve as Backup
Routers and have differing takeover priorities. VRRP routers periodically send VRRP
advertisement messages using IP multicast datagrams. A Backup Router preempts (takes over the
routing responsibility from) the Master Router only if it currently has a higher priority or if the
Master Router does not advertise within a pre-defined time interval.
A router may be set as Master Router for one network subnet and Backup Router for another as
shown in the section Example, page 517.
Configuration
To configure VRRP on an OS900:
1. For convenience, change the host name of the OS900 to a unique name by invoking the
command:
hostname WORD
where,
WORD: OS900’s host name
2. Create a VLAN interface via which the OS900 is to run VRRP, and assign an IP address to it.
(The procedure for creating VLAN interfaces is described in Chapter 7: Interfaces, page
171.)
3. In the VLAN interface mode, enter VRRP mode by invoking the command:
vrrp
Example
Network
64
Setting up as many virtual routers as the number of physical routers enables the VRRP to share the traffic load between
the physical routers.
Both Router-A (an OS900) and Router-B (an OS900) are attached to the same LAN (subnet), so
that they can be configured to backup each other and also run in load-sharing mode when both
routers are UP.
If Router-A fails, the VRRP makes Router-B take over and announce Router-A's IP address as its
own. Traffic meant to go via Router-A will now go via Router-B and traffic meant to go via Router-B
will continue to go through Router-B.
Two virtual routers are configured to enable the VRRP to share the traffic load between the two
physical routers (Router-A and Router-B).
Virtual Router 1 is the default gateway for W1 and W2 because its IP address is the same as the
default gateway address of W1 and W2.
Virtual Router 2 is the default gateway for W3 and W4 because its IP address is the same as the
default gateway address of W3 and W4.
Router-A is the Master Router for Virtual Router 1 because their IP address is the same.
Router-B is the Master Router for Virtual Router 2 because their IP address is the same.
As required, identical virtual routers (i.e., having the same virtual router IDs – see command in
step 5.1, page 517 – and same virtual IP addresses – see command in step 5.2, page 517) are
configured on the two physical routers.
The ID for the VLAN interfaces on both physical routers is set to vif2. Instead, different IDs could
as well have been set.
On Router-A or Router-B, the IP address for a Virtual Router is set to the same IP address as that
of the VLAN interface. This was done in order to save on an IP address. Different IP addresses
can be set provided they belong to the same subnet.
The same tag is assigned to the VLAN interface on Router-A and on Router-B. Under this
condition member ports of the VLAN interface on the routers can be all tagged, all untagged, or
some tagged and others untagged. If different tags are assigned to the two interfaces, all ports
must be untagged!
Configuration
Following are the CLI commands for implementing the required VRRP configuration on Router-A
and Router-B in the network shown in Figure 55, above.
Router-A
Router-A(config-vif2)# ip 192.168.0.253/24
Router-A(config-vif2)# vrrp
Created VRRP interface on device vif2
Router-A(config-if-vrrp)# enable
VRRP on vif2 is enabled.
Router-A(config-if-vrrp)# virtual-router 1
Created virtual router 1 on device vif2
Router-A(config-if-vrrp-vr)# enable
Virtual router 1 on vif2 is enabled.
Router-A(config-if-vrrp-vr)# exit
Router-A(config-if-vrrp)# virtual-router 2
Created virtual router 2 on device vif2
Router-A(config-if-vrrp-vr)# enable
Virtual router 2 on vif2 is enabled.
Router-A(config-if-vrrp-vr)# exit
Router-A(config-if-vrrp)# exit
Router-A(config-vif2)# exit
Router-A(config)#
Router-B
Router-B(config-vif2)# ip 192.168.0.254/24
Router-B(config-vif2)# vrrp
Created VRRP interface on device vif2
Router-B(config-if-vrrp)# enable
VRRP on vif2 is enabled.
Router-B(config-if-vrrp)# virtual-router 1
Created virtual router 1 on device vif2
Router-B(config-if-vrrp-vr)# enable
Virtual router 1 on vif2 is enabled.
Router-B(config-if-vrrp-vr)# exit
Router-B(config-if-vrrp)# virtual-router 2
Created virtual router 2 on device vif2
Router-B(config-if-vrrp-vr)# enable
Virtual router 2 on vif2 is enabled.
Router-B(config-if-vrrp-vr)# exit
Router-B(config-if-vrrp)# exit
Router-B(config-vif2)# exit
Router-B(config)#
65
FEC (Forwarding Equivalence Class) is a group of IP packets which are forwarded in the same manner and over
the same path. A FEC may be associated with any class of traffic that the LER considers significant. An example of a
FEC is all traffic having a specific value of IP precedence.
Usage
A minimal LDP configuration requires the following:
• Enabling OSPF protocol that updates the routing table.
• Enabling Router LDP.
• Enabling Label switching and LDP for each interface on which LDP is to
be run.
Following is an example of how to set up an OS900 to run LDP.
To configure LDP on interface vif2:
interface vlan vif2
tag 3
ip 10.1.7.1/24
ports 26
label-switching
ldp
!
interface dummy dummy1
ip 3.3.3.3/32
!
router ospf
ospf router-id 3.3.3.3
passive-interface dummy1
network 3.3.3.3/32 area 0
network 10.1.7.0/24 area 0
!
router ldp
router-id 3.3.3.3
transport-address 3.3.3.3 0
!
CR-LDP
Constrained-Routing LDP (CR-LDP) is LDP extended to meet Traffic Engineering requirements in
setting up routing paths. For example, an LSP can be set up based on explicit route constraints,
QoS constraints, etc.
Following is an example of a trunk configuration using CR-LDP:
The trunk allocates 10 Mbps and is destined to LER with transport address 3.3.3.3 and passes
through interior LSRs with transport addresses 1.1.1.1 and 2.2.2.2.
ldp-trunk MyTrunk
primary MyPath
bandwidth 10m
to 3.3.3.3
enable
!
ldp-path MyPath
1.1.1.1 loose
2.2.2.2 loose
!
RSVP-TE
The RSVP-TE protocol is an extension of RSVP for establishing LSPs in MPLS networks while
meeting traffic engineering requirements. RSVP allows the use of source routing where the ingress
router determines the complete path through the network. The ingress router can use CSPF
computation to determine a path to the destination, ensuring that any QoS and TE requirements
are met. The resulting path is then used to establish the LSP.
The OS900 RSVP-TE implementation provides smooth rerouting of LSPs, preemption, and loop
detection. It can be used for QoS and load balancing across the network core.
RSVP is enabled as shown below:
interface vlan vif2
tag 3
ip 10.1.5.3/24
ports 2
label-switching
66
Also called tunnels.
ldp
rsvp
!
router rsvp
!
router ospf
ospf router-id 3.3.3.3
passive-interface dummy1
network 3.3.3.3/32 area 0
network 10.1.5.0/24 area 0
network 10.1.7.0/24 area 0
te
cspf
Following is an example of a trunk configuration using RSVP-TE:
The trunk allocates 10 Mbps and is destined to LER with transport address 2.2.2.2 and passes
through interior LSRs with transport addresses 3.3.3.3.
rsvp-trunk t1
primary path p1
primary bandwidth 10m
to 2.2.2.2
!
rsvp-path p1
3.3.3.3 loose
!
Virtual Circuits
Definition
A Virtual Circuit (VC) is a point-to-point bi-directional pseudo-wire interconnection for transporting
OSI Layer-2 frames of a customer transparently. Several VCs can coexist along a single LSP trunk
like wires in a cable as shown in Figure 58.
Configuration
At each of the two VC ends (target LERs), perform the following steps:
1. Enter configure terminal mode.
2. Set the:
a. VC name.
b. VC ID.
c. IP address on the primary target LER at which the VC terminates.
d. (Optional) Primary RSVP trunk name. (If not specified, the OS900 selects between
LDP and RSVP-TE.)
e. (Optional) IPv4 address of the secondary target LER for dual-homing.
f. (Optional) Secondary RSVP trunk name. (If not specified, the OS900 selects
between LDP and RSVP-TE.)
g. (Optional) Group ID.
h. (Optional) Protection mode.
by invoking the following command:
mpls l2-circuit NAME <1-1000000> A.B.C.D [trunk_name TRUNKNAME]
[secondary A.B.C.D] [trunk_name TRUNKNAME] [group_id GROUP_ID]
[protected]
where,
mpls: Set MPLS VC attributes
l2-circuit: Specify an MPLS Layer-2 VC
NAME: Identifying string for MPLS Layer-2 VC. (It has local significance only.)
<1-1000000>: MPLS Layer-2 VC ID. This value is used by LDP to assign a
VC label to a packet.
A.B.C.D: IPv4 address on the target LER at which the VC terminates (LDP
transport address of target router)
trunk_name: (First appearance) Specify Primary RSVP Trunk Name
TRUNKNAME: (First appearance) Identifying string for Primary Trunk Name
secondary: Secondary peer configured for dual homed VC
A.B.C.D: IPv4 Address used for the dual-homed
trunk_name: (Second appearance) Specify Secondary Trunk Name
TRUNKNAME: (Second appearance) Identifying string for Secondary Trunk
Name
group_id: Specify group ID
GROUPID: Group identifier (arbitrary 32-bit value)
protected: Protect this VC against link failure
Note
If a VC is to go through a CR-LDP or RSVP-TE trunk, it should be
destined to the same IP destination as the trunk.
3. Select raw mode (ethernet) or tagged mode (vlan) for traffic on the VC by invoking the
following commands:
action-list NAME
where,
NAME: Action list identification up to 20 characters
mpls-action
l2-circuit NAME ethernet|vlan
where,
NAME: Identifying string for MPLS Layer-2 VC
ethernet: Raw mode (without VLAN tag)
vlan: Tagged mode (with VLAN tag)
4. Create an ACL enabling packet forwarding and specifying the VC source port by invoking
the following commands:
access-list extended WORD
where,
WORD: Access-list name
ip A.B.C.D/M
where,
A.B.C.D/M: IPv4 address and mask (a.b.c.d/mask)
9. Activate OSPF, and specify the router ID and network IP addresses for receiving and
transmiting VC traffic by invoking the following commands:
router ospf [<0-65535>]
where,
<0-65535>: OSPF process ID
ospf router-id A.B.C.D
where,
A.B.C.D: OSPF router ID in IP address format
router-id A.B.C.D
where,
A.B.C.D: OSPF router ID in IP address format
network A.B.C.D/M area A.B.C.D
where,
A.B.C.D/M: IP address of local interface
area: Set the OSPF area ID
A.B.C.D: OSPF area ID in IP address format
The above command must be repeated for each local interface whose attached
network is to participate in the VC – see Example, page 528.
10. Activate LDP, and specify the router ID and transport IP address at the remote end of the
VC by invoking the following commands:
router ldp
router-id A.B.C.D
where,
A.B.C.D: LDP router ID in IP address format
transport-address A.B.C.D
where,
A.B.C.D: IP Address to be used
Example
The following example demonstrates configuration of a VC between two OS900s.
At each OS900, one access and two network interfaces ( one VLAN and one dummy) are
configured. A dummy (loopback) interface is specified for each of the two ends of the VC to enable
VC traffic flow through the OS900 even if just one VLAN interface having a link to the network
exists!
Network
Configuration
OS900_A
MRV OptiSwitch 910 version os900-3-0-0-d0736-03-01-08
OS910 login: admin
Password:
OS910> enable
OS910# configure terminal
-------------------------------Setting VC name and ID, and specifying the IP of its remote end-------------------------------
-----------------------Selecting raw mode (ethernet) or tagged mode (vlan) for traffic on the VC-----------------------
action-list ACL
mpls-action
l2-circuit vc1 ethernet
!
---------------------------------------------------------------Creating an ACL---------------------------------------------------------------
src-phy-port eq 1
!
---------------Specifying the VLAN Interface at the non-MPLS network that includes the VC source port---------------
access-group acl1
!
-----------------Specifying the interface at which traffic will be received from the remote end of the VC-----------------
-------Activating OSPF, and specifying the router ID and network IPs for receiving and transmiting VC traffic-------
router ospf
ospf router-id 1.1.1.1
network 1.1.1.1/32 area 0
network 10.1.1.0/24 area 0
!
--------------Activating LDP, and specifying the router ID and transport IP at the remote end of the VC--------------
router ldp
router-id 1.1.1.1
transport-address 1.1.1.1
OS900_B
MRV OptiSwitch 910 version os900-3-0-0-d0736-03-01-08
OS910 login: admin
Password:
OS910> enable
OS910# configure terminal
-------------------------------Setting VC name and ID, and specifying the IP of its remote end-------------------------------
-----------------------Selecting raw mode (ethernet) or tagged mode (vlan) for traffic on the VC-----------------------
action-list ACL
mpls-action
l2-circuit vc1 ethernet
!
---------------------------------------------------------------Creating an ACL---------------------------------------------------------------
src-phy-port eq 1
!
---------------Specifying the VLAN Interface at the non-MPLS network that includes the VC source port---------------
access-group acl1
!
-----------------Specifying the interface at which traffic will be received from the remote end of the VC-----------------
-------Activating OSPF, and specifying the router ID and network IPs for receiving and transmiting VC traffic-------
router ospf
ospf router-id 2.2.2.2
network 2.2.2.2/32 area 0
network 10.1.1.0/24 area 0
!
--------------Activating LDP, and specifying the router ID and transport IP at the remote end of the VC--------------
router ldp
router-id 2.2.2.2
transport-address 2.2.2.2
MPLS DiffServ
MPLS DiffServ provides the following:
1. Bandwidth reservation for CR-LDP and RSVP-TE trunks.
2. Policing MPLS VPN bandwidth reservation.
3. Support for E-LSPs67.
4. Option to map DSCP bits to MPLS EXP bits.
5. Option to map VPT bits to MPLS EXP bits.
6. EXP bits are marked on both Trunk and VC labels (important for PHP).
7. VC ingress/egress accounting.
An important feature of the OS900 is its ability to provide differentiated service levels to specific
flows that use the same Virtual Circuit (VC).
By default, the VPT bits of an ingress frame at an OS900 LER are mapped to MPLS EXP bits of
the MPLS header.
To enable marking of the EXP bits of a frame according to the DSCP value for the group of ports
by invoking the command port qos-trust PORTS-GROUP|all l2|l2l3|l3|port
(described in the section Selecting an SL Criterion, page 237).
Viewing Commands
MPLS information can be viewed by invoking the following commands:
67
An E-LSP is an LSP on which routers (LER or LSR) provide QoS handling of MPLS packets according to the EXP field
3
in the MPLS header. Since the EXP field is 3 bits long, up to 2 (eight) classes of traffic can be defined. This allows for up
to 8 classes of traffic using the same label to be concurrently carried over a single LSP.
Cross-connect Table
To view the MPLS Cross-connect table:
1. Enter enable mode.
2. Invoke the command:
show mpls cross-connect-table
where,
mpls Configure MPLS specific attributes
cross-connect-table MPLS Cross-connect table
R2# show mpls cross-connect-table
Cross connect ix: 1, in intf: -, in label: 0, out-segment ix: 1
Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1, owner: RSVP, out intf: vif4011, out label: 640
Nexthop addr: 192.170.1.3, cross connect ix: 1, op code: Push
Forwarding Table
To view the MPLS Forwarding table:
1. Enter enable mode.
2. Invoke the command:
show mpls forwarding-table
where,
mpls Configure MPLS specific attributes
forwarding-table MPLS Forwarding table
R2# show mpls forwarding-table
Codes: > - selected FTN, B - BGP FTN, C - CR-LDP FTN, K - CLI FTN,
L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, U - unknown FTN
FTN Table
To view the MPLS FTN table:
1. Enter enable mode.
2. Invoke the command:
show mpls ftn-table
where,
mpls Configure MPLS specific attributes
ftn-table MPLS FEC-To-NHLFE table. The table (stored in LERs)
contains maps of Destination IP addresses to MPLS labels for ingress packets.
R2# show mpls ftn-table
Primary FTN entry with FEC: 1.1.1.1/32, ix 3, row status: Active
Owner: RSVP, Action-type: Redirect to Tunnel, Exp-bits: 0x0
Resource_id: 30
Description: T1
Cross connect ix: 1, in intf: -, in label: 0, out-segment ix: 1
Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1, owner: RSVP, out intf: vif4011, out label: 640
Nexthop addr: 192.170.1.3, cross connect ix: 1, op code: Push
ILM Table
To view the MPLS ILM table:
1. Enter enable mode.
2. Invoke the command:
show mpls ilm-table
where,
mpls Configure MPLS specific attributes
ilm-table MPLS Incoming Label Map table. The table (stored in LSRs)
contains maps of ingress packet MPLS labels to egress packet MPLS labels for
LSPs.
R2# show mpls ilm-table
In-Label Out-Label In-Intf Out-Intf Nexthop FEC
640 0 vif4010 vif640 0.0.0.0 0.0.2.128/32
641 0 vif4010 vif641 0.0.0.0 0.0.2.129/32
642 0 vif4010 vif642 0.0.0.0 0.0.2.130/32
643 0 vif4010 vif643 0.0.0.0 0.0.2.131/32
644 0 vif4010 vif644 0.0.0.0 0.0.2.132/32
645 0 vif4010 vif645 0.0.0.0 0.0.2.133/32
646 0 vif4010 vif646 0.0.0.0 0.0.2.134/32
647 0 vif4010 vif647 0.0.0.0 0.0.2.135/32
648 0 vif4010 vif648 0.0.0.0 0.0.2.136/32
In-segment Table
To view the MPLS In-segment table:
1. Enter enable mode.
In-segment entry with in label: 641, in intf: vif4010, row status: Active
Owner: LDP VC, # of pops: 1, fec: 0.0.2.129/32
Cross connect ix: 642, in intf: vif4010, in label: 641, out-segment ix: 642
Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 642, owner: LDP VC, out intf: vif641, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 642, op code: Pop for VC
In-segment entry with in label: 642, in intf: vif4010, row status: Active
Owner: LDP VC, # of pops: 1, fec: 0.0.2.130/32
Cross connect ix: 643, in intf: vif4010, in label: 642, out-segment ix: 643
Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 643, owner: LDP VC, out intf: vif642, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 643, op code: Pop for VC
Out-segment Table
To view the MPLS Out-segment table:
1. Enter enable mode.
2. Invoke the command:
show mpls out-segment-table
where,
mpls Configure MPLS specific attributes
out-segment-table MPLS Out-segment table.
R2# show mpls out-segment-table
Out-segment with ix: 2, owner: LDP VC, out intf: vif2, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 2, op code: Pop for VC
Out-segment with ix: 3, owner: LDP VC, out intf: vif3, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 3, op code: Pop for VC
Out-segment with ix: 4, owner: LDP VC, out intf: vif4, out label: 0
Nexthop addr: 0.0.0.0, cross connect ix: 4, op code: Pop for VC
L2 Circuits
To view the MPLS Layer 2 Circuit:
1. Enter enable mode.
2. Invoke the command:
show mpls l2-circuit
where,
mpls Configure MPLS specific attributes
l2-circuit MPLS Layer-2 Virtual Circuit data.
R2# show mpls l2-circuit
MPLS Layer-2 Virtual Circuit: VC2, id: 2
Endpoint: 1.1.1.1
Control Word: 0
MPLS Layer-2 Virtual Circuit Group: none
Bound to interface: vif2, Port 1
Virtual Circuit Type: Ethernet VLAN
MPLS Layer-2 Virtual Circuit: VC3, id: 3
Endpoint: 1.1.1.1
Control Word: 0
MPLS Layer-2 Virtual Circuit Group: none
Bound to interface: vif3, Port 1
Virtual Circuit Type: Ethernet VLAN
MPLS Layer-2 Virtual Circuit: VC4, id: 4
Endpoint: 1.1.1.1
Control Word: 0
MPLS Layer-2 Virtual Circuit Group: none
Bound to interface: vif4, Port 1
Virtual Circuit Type: Ethernet VLAN
L2 Circuit Groups
To view the MPLS Layer 2 Circuit Group:
1. Enter enable mode.
2. Invoke the command:
show mpls l2-circuit-group
where,
mpls Configure MPLS specific attributes
l2-circuit-group MPLS Layer-2 Virtual Circuit group data.
R2# show mpls l2-circuit-group
MPLS Layer-2 Virtual Circuit Group: 1, id: 1
Virtual Circuits configured:
1. VC1000
LDP Parameters
To view the MPLS LDP information:
1. Enter enable mode.
2. Invoke the command:
show mpls ldp
where,
mpls Configure MPLS specific attributes
ldp Label Distribution Protocol (LDP).
R2# show mpls ldp parameter
Router ID : 2.2.2.2
LDP Version : 1
Global Merge Capability : N/A
Label Advertisement Mode : Downstream Unsolicited
Label Retention Mode : Liberal
Label Control Mode : Independent
Loop Detection : Off
Loop Detection Count : 0
Request Retry : Off
Propagate Release : Disabled
Hello Interval : 5
Targeted Hello Interval : 15
Hold time : 15
Targeted Hold time : 45
Keepalive Interval : 10
Keepalive Timeout : 30
Request retry Timeout : 5
Targeted Hello Receipt : Disabled
VC Table
To view the MPLS VC table:
1. Enter enable mode.
2. Invoke the command:
show mpls vc-table
where,
mpls Configure MPLS specific attributes
vc-table MPLS Virtual Circuit table.
R2# show mpls vc-table
VC-ID In Intf Out Intf Out Label Nexthop Status
2 vif2 vif4010 1280 1.1.1.1 Active
3 vif3 vif4010 1281 1.1.1.1 Active
4 vif4 vif4010 1282 1.1.1.1 Active
5 vif5 vif4010 1283 1.1.1.1 Active
6 vif6 vif4010 1284 1.1.1.1 Active
7 vif7 vif4010 1285 1.1.1.1 Active
8 vif8 vif4010 1286 1.1.1.1 Active
9 vif9 vif4010 1287 1.1.1.1 Active
10 vif10 vif4010 1288 1.1.1.1 Active
Administrative Groups
To view the MPLS Administrative Groups:
1. Enter enable mode.
2. Invoke the command:
show mpls admin-groups
where,
mpls Configure MPLS specific attributes
admin-groups Administrative Groups. Each administrative group is
designated (at the local router) by an ID in the range 0-31. The ID represents
one or more interfaces. The ID is distributed to all the other routers in the MPLS
network if TE is activated (by selecting CR-LDP or RSVP-TE).
R2# show mpls admin-groups
Admin group detail:
Value of 1 associated with admin group 'G1'
Mapped Routes
To view the MPLS Mapped Routes:
1. Enter enable mode.
2. Invoke the command:
show mpls mapped-routes
where,
mpls Configure MPLS specific attributes
mapped-routes Mapped MPLS routes. Shows subnets assigned to each
MPLS label. The command can be used to save on MPLS labels.
R2# show mpls mapped-routes
Mapped-route IPv4 FEC
192.170.1.3/32 3.3.3.3/32
Configuration Commands
MPLS Route Map
To set an IP4 Route Map:
1. Enter configure terminal mode.
2. Invoke the command:
mpls map-route A.B.C.D A.B.C.D A.B.C.D
where,
mpls Configure MPLS specific attributes
map-route Map an IPv4 route
A.B.C.D IPv4 prefix to be mapped
A.B.C.D Mask for IPv4 address to be mapped
A.B.C.D IPv4 Forwarding Equivalence Class to which route is to be mapped
R2(config)# mpls map-route 192.170.1.3 192.170.1.0 192.169.1.254 192.169.1.0
R2(config)#
Activating MPLS
To activate MPLS, select a routing protocol as follows:
1. Enter configure terminal mode.
2. Invoke the command:
router ldp|rsvp
R2(config)# router ldp
R2(config-router)#
Purpose
H-VPLS is proposed to overcome the drawbacks of regular VPLS that arise in expanding and large
scale deployments. Among these drawbacks are:
1. The need to configure all the PEs for each new device to be added in the network.
2. Bandwidth consumption by signaling packets between each pair of PEs in the
VPLS domain
3. Packet replication requirement
4. Recovery/convergence time in case of failure of a VC.
Advantages
The H-VPLS model has the following advantages over regular VPLS:
1. Only one VC is required to connect an OS900 to a PE-rs in the VPLS domain as
opposed to a mesh of VCs as would be required if the network was totally VPLS.
2. As the need arises, new CEs can be connected to the VPLS network by simply
connecting each OS900 (to which the CEs are attached) to a PE-rs in the VPLS
domain with a VC.
Principle of Operation
All traffic going from/to CEs to/from one of the PE-rs devices in the VPLS domain will go through a
VC. An OS900 needs only to be aware of the specific PE-rs (in the VPLS domain) to which it is
connected although it is participating in the VPLS service that spans multiple devices.
Application
The H-VPLS model enables the service provider to extend the VPLS domains by placing cost-
effective OS900s in multi-tenant buildings and aggregating them to a PE-rs in a large central office
(CO) facility – see Figure 61, page 541. Using dual VCs instead of one provides connectivity-
redundancy protection.
68
Pseudo wires
69
A full mesh is direct connection of each and every device to each and every of the other devices.
Configuration
The procedure for configuring an OS900 to operate in single-homing mode or dual-homing mode
is as follows:
1. Enter configure terminal mode.
2. Invoke the command:
mpls l2-circuit NAME ID A.B.C.D secondary A.B.C.D
where,
NAME Name for VC. (It applies only locally.)
ID ID of primary VC. The ID may be set as any number in the range 1-
1000000. (It must be identical to the VPLS ID to which this VC is to connect.)
A.B.C.D (first appearance) IP address of PE-rs to which the primary VC is to
connect.
A.B.C.D (second appearance) It applies only for dual-homing mode. IP
address of a different PE-rs to which the secondary VC is to connect. (The
secondary VC becomes active only when the primary VC fails.)
Example
OS900> enable
OS900# configure terminal
OS900(config)# mpls l2-circuit Sales_VC 500 2.2.2.2 secondary 3.3.3.3
OS900(config)#
Viewing
To view the configuration:
1. Enter enable mode.
2. Invoke the command:
show mpls l2-circuit
where,
NAME Name for VC. (It applies only locally.)
Example
OS900(config)# exit
OS900# show mpls l2-circuit Sales_VC
LSP PING
General
MPLS LSP PING is a tool that enables the user to detect synchronization problems between the
MPLS control plane and its associated data plane. Specifically, it can be used to determine if an
LSP is set at the control plane level and, more importantly, if the LSP can actually deliver user
traffic.
This tool emulates the behavior of the regular ICMP-based PING function by sending MPLS Echo
Request packets to a specific FEC. The packets are sent along the same data path as other
packets in the FEC. An MPLS Echo Request also carries MRV implementation of LSP PING and is
compatible with RFC 4379 entitled Detecting MPLS Data Plane Failures.
Stopping
To stop an LSP PING process:
1. Enter enable mode.
2. Invoke the command:
ping mpls stop
Replies
Possible LSP PING/Traceroute replies and their significances are as follows:
LSP Traceroute
General
LSP Traceroute functions like MPLS LSP PING. Like MPLS LSP PING, it enables the user to
determine if an LSP can actually deliver user traffic.
The MPLS traceroute is designed to perform fault isolation, i.e., to detect the specific node in
which the problem of synchronization between the control and data planes occurred. For this
purpose, the MPLS echo packet is sent to the control plane of each transit LSR which then
performs various checks to verify that it is indeed a transit LSR in the examined LSP.
Unlike the case of MPLS PING mentioned above, here, parameters in the MPLS echo packet IP
header cannot be a trigger to send the packet to the control plane. This is of-course true since
transit LSRs do not examine the packets' IP headers but only their MPLS headers. In order to
trigger a transit OS900 to send the MPLS echo request packet to the control plane, the MPLS
Traceroute command generates the MPLS echo packet with an increasing value of MPLS TTL
(exactly like in regular IP-based traceroute). Each time an MPLS packet reaches an LSR with
MPLS TTL 1, it causes the OS900 to send the packet to the control plane for further examination.
When MPLS PING has failed to verify end-to-end connectivity, it is advised to invoke the MPLS
Traceroute command to pin-point the problematic LSR.
Again, the user cannot send traceroute packets over an RSVP LSP or LDP LSP that end at the
same FEC at the same time. Moreover, the OS900 will not send echo packets over LDP LSP if for
the same FEC an RSVP LSP exists.
Stopping
To stop an LSP Traceroute process:
1. Enter enable mode.
2. Invoke the command:
traceroute mpls stop
Replies
Refer to the section Replies, page 544.
Appendix A: Utilities
General
This chapter describes and shows how to use the various network utilities of the OS900, which
are:
− Domain Name System/Server (DNS)
− Traceroute
− TCP dump (built-in LAN analyzer)
− TELNET
− Secure Shell (SSH)
− Address Resolution Protocol (ARP)
− Configuration File Management
− Memory Management
− Multicast Destination MAC Addresses
− Frame Generator
− Debug Information
− Linux Tasks
− UniDirectional Link Detection Protocol
Configuration
To configure the OS900 to operate with a DNS:
1. To define a domain name, invoke the command:
domain-name NAME
where,
NAME: Your company’s domain name. It identifies one or more hostnames. An
example of a domain name is mrv.com. An example of a hostname belonging
to this domain is torro.mrv.com. In URLs, domain names are used to identify
particular Web pages. For example, in the URL
http://www.faqs.org/rfcs/rfc1213.html, the domain name is faqs.org. Every
domain name has a suffix that indicates the Top-Level Domain (TLD) to which
it belongs. In the examples above, the domain name suffixes are com and org.
2. To define the IP address of the DNS (i.e., the server which is to translate the
domain name into the IP addresses), invoke the command:
nameserver A.B.C.D
where,
A.B.C.D: is the IP address of the DNS.
Current configuration:
! version 1_0_11
!
dns
domain-name mrv.com
nameserver 195.208.93.67
enable
Querying
To query the DNS regarding a hostname or IP address belonging to the name domain, invoke the
command
nslookup HOST-TO-FIND
where,
HOST-TO-FIND: is hostname or IP address belonging to the name domain.
Deleting
To delete the domain name, invoke the command
no domain-name
To disable DNS lookup services, invoke the command
no enable
To delete the domain nameserver, invoke the command
no nameserver A.B.C.D
where,
A.B.C.D: is the IP address of the DNS, i.e., the server which is to translate the
domain name into the IP addresses.
Traceroute
Definition
Traceroute is a utility that traces the path of a packet sent from the OS900 to a host on the
network, showing how many hops the packet requires in order to reach the host and how long
each hop takes.
Purpose
Traceroute can be used to determine, for example, where the longest delays occur. It can be used
with SA PING and VCD in isolating the source of a connectivity problem.
Range
The OS900 can be used to trace a destination that is up to 30 hops away.
Principle of Operation
The principle of Traceroute is as follows: Initially, it sends a packet with a very small Time-To-Live
(TTL) field value. A TTL value specifies how many hops the packet is allowed before it is returned.
When a packet cannot reach its destination due to the very small TTL value, the last host to
receive the packet returns the packet and identifies itself.
By sending a series of packets, each having a successively higher TTL value, all the intermediary
hosts can be identified.
Each traceroute packet is 40 bytes long. Three packets are sent to each of the hops on the way to
the destination and there return time is measured.
Usage
To perform traceroute:
1. Enter disable mode.
2. Invoke the command:
traceroute: WORD
where,
WORD: IP address or DNS name of the destination host.
Example
The following example shows the nine hops to the destination, the IP address of each hop, and the
three return times for each hop.
OS900> traceroute 212.143.162.198
traceroute to 212.143.162.198 (212.143.162.198), 30 hops max, 40 byte packets
1 Zorro.gallant.co.il (194.90.131.254) 3.896 ms 3.167 ms 6.423 ms
2 router.gallant.co.il (194.90.134.254) 2.34 ms 2.393 ms 2.349 ms
3 194.90.138.233 (194.90.134.233) 2.348 ms 2.315 ms 2.31 ms
4 194.90.138.225 (194.90.134.225) 2.573 ms 2.375 ms 2.424 ms
5 tunnel-optic.ser.netvision.net.il (207.232.58.134) 4.571 ms 4.658 ms 3.953 ms
6 gi10-0.core1.hfa.nv.net.il (212.143.8.69) 128.406 ms 190.186 ms 199.244 ms
7 ge1-2.core1.pt.nv.net.il (212.143.12.66) 7.425 ms 6.301 ms 6.397 ms
8 g1-2.agr02.pt.nv.net.il (212.143.10.78) 6.638 ms 6.909 ms 6.429 ms
9 akm-tlv-198.netvision.net.il (212.143.162.198) 9.901 ms 7.179 ms 6.203 ms
OS900>
TCP Dump
Definition
TCP dump is display of the current traffic to the CPU via a specific interface.
Purpose
TCP dump is used to troubleshoot network applications that communicate with the OS900.
Usage
To perform TCP dump:
1. Enter mode enable.
2. Invoke the command:
tcpdump INTERFACE
where,
INTERFACE: Interface via which traffic flows to the CPU. The interface must
have the format vifX, where X is any number in the range 0-4095.
Example
The example below shows:
Invocation of TCP dump using the command tcpdump vif90.
TCP dump (packet time, IP address, protocol port/number, captured packets, etc.)
Example
OS900# tcpdump vif90
39 packets captured
39 packets received by filter
0 packets dropped by kernel
OS900#
TELNET
Definition
TELNET is a TCP/IP protocol terminal emulation software program that is run on a host.
Purpose
TELNET is used to connect a host/client (e.g., PC) to a server (e.g., OS900) on a network (e.g.,
Ethernet).
Sessions
Limit
For security reasons, the number of concurrent TELNET sessions is limited to 10.
Timeout
Setting
The default timeout for sessions is 30 minutes.
To set a new timeout:
1. Enter configure terminal mode.
2. Enter line mode by invoking the command:
line vty
3. Invoke the command:
exec-timeout global|current-session <0-35791>
where,
global: For all sessions
current-session: For the current session
<0-35791>: Timeout value in minutes. If no value is entered for this
parameter, timeout is disabled.
4. To exit line mode (and to enter configure terminal mode), invoke the
command exit.
Example
OS910(config-line)# exec-timeout global 15
OS910(config-line)# ATTENTION: LOGOUT timeout is set to 15 min.
OS910(config-line)#
Disabling
To disable timeout for a session:
1. Enter configure terminal mode.
2. Enter line mode by invoking the command:
line vty
3. Invoke the command:
no exec-timeout global|current-session
where,
global: For all sessions
current-session: For the current session
4. To exit line mode (and to enter configure terminal mode), invoke the
command exit.
Example
OS910(config-line)# no exec-timeout global
OS910(config-line)# ATTENTION: LOGOUT timeout is disabled.
OS910(config-line)#
Default
To set the timeout value for a session to the default (30 minutes):
1. Enter configure terminal mode.
2. Enter line mode by invoking the command:
line vty
3. Invoke the command:
exec-timeout global|current-session default
global: For all sessions
current-session: For the current session
4. To exit line mode (and to enter configure terminal mode), invoke the
command exit.
Example
OS910(config-line)# exec-timeout global default
OS910(config-line)# ATTENTION: LOGOUT timeout is set to 30 min.
OS910(config-line)#
Connection
For TELNET to work, the appropriate installation must be performed as described in the section
TELNET/SSH Station or SNMP NMS, page 70.
To make a TELNET connection:
1. Enter mode enable.
2. Invoke the command:
telnet WORD PORT
where,
WORD: IP address or DNS hostname of a remote OS900.
PORT: TCP Port number.
In response, TELNET prompts you to enter a valid username and password before permitting
access.
Example
The example below shows how to invoke a TELNET connection.
OS900# telnet 192.23.76.158 44
OS900#
Principle of Operation
When an incoming packet destined for a host machine arrives at the OS900, the OS900 uses the
ARP program to search for the MAC address that matches the IP address. If it finds the MAC
address, it provides it adjusts the packet to the right length and format and sends it to the machine.
If it does not find the IP address, ARP broadcasts a request packet in a special format to all the
host machines on the LAN to try to find a host machine with the specific IP address. If a host
machine recognizes the IP address as its own, it responds positively. The OS900 then updates its
ARP table accordingly and sends the packet to the host with this MAC address.
Reverse ARP (RARP) is used by host machines to obtain their IP address from a gateway's ARP
cache.
perm: Permanent entry, i.e., stays in the ARP table so long as the OS900
keeps running.
temp: Temporary entry, i.e., subject to aging – see section Aging, page 99.
INTERFACE: (optional) VLAN Interface ID having the format vifX, where X is a
decimal number in the range 1-4095
The example below shows how to make an ARP entry.
OS900(config)# arp 192.200.137.108 00:11:22:33:44:55 perm vif65
OS900#
Example 2
OS900(config)# show arp res 192.88.136.102
Apollo.Hi-tech.com (194.90.136.15) at 00:01:02:AE:C5:A1 [ether] on vif38
OS900(config)#
/usr/local/etc/System.conf
Memory Management
Viewing Memory
The Linux OS memory usage is oriented to enhance performance and enable maximum use of
free memory in the OS900. By design, the Linux OS will use ALMOST ALL available memory for
internal use of buffers and cache, as can be seen for ‘buffer’ and ‘cache’ in the display obtained by
invoking the command show memory. This behavior enables the Linux OS to cache and buffer
disk I/O and keep most data resident in memory as long as possible. The purpose is to minimize
fetching of files and data from the disk.
As a result, regardless of the amount of OS900 resident RAM Memory, the usage pattern will be
the same. Free memory is regarded by the Linux OS as “a complete waste”, so for performance
reasons the "buffers" and "cached" figures should be as high as possible. It enables Linux OS to
make the best usage of memory and enhances system performance.
In case an OS900 process needs to use memory for whatever reason, the memory space that is
used for disk cache and buffers is freed immediately.
The following is a show memory dump collected on an OS900.
OS900(config)# show memory
total: used: free: shared: buffers: cached:
Mem: 30183424 28778496 1404928 0 4423680 14901248
Swap: 0 0 0
MemTotal: 29476 kB
MemFree: 1372 kB
MemShared: 0 kB
Buffers: 4320 kB
Cached: 14552 kB
SwapCached: 0 kB
Active: 5708 kB
Inactive: 18892 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 29476 kB
LowFree: 1372 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Committed_AS: 21848 kB
OS900(config)#
By taking those figures and recalculating as shown in Table 25, below, it is easy to see that the
“real free” memory value stabilized around 63% of the Total memory.
Table 25: Memory Space Usage
Total Cached Buffers Free Used Buffer + Real Real Free % Real
Cache Used Free
260636672 86450176 70217728 12722176 247914496 156667904 91246592 169390080 64.991%
260636672 75616256 90058752 5738496 254898176 165675008 89223168 171413504 65.767%
260636672 86441984 68837376 4513792 256122880 155279360 100843520 159793152 61.309%
260636672 85377024 70889472 4694016 255942656 156266496 99676160 160960512 61.757%
260636672 88330240 69058560 16805888 243830784 157388800 86441984 174194688 66.834%
where:
Real Free = Free + buf + cache
Real Used = Total – real free
% Real Free = Real free / Total x 100
Viewing Processes
Processes
To view memory processes, invoke the command show processes. The values in the RSS
column indicate the total amount of physical memory used by each process.
The example above shows such a destination MAC address (under the heading dmi_address)
common to the out-of-band interface eth0 and the inband interface vif90.
Frame Generator
Definition
Frame Generator is an application for creating and transmitting a Layer 2 type probe (frame).
Purpose
To perform connectivity and reliability tests.
Actions
Configuring the Probe
Ony one probe can exist at any time. To configure a probe:
1. Enter configure terminal mode.
2. Enter Frame Generator mode by invoking the command:
rtr fg
3. Set the source address of the probe by invoking the command:
source MAC_ADDRESS
where,
MAC_ADDRESS: MAC address. Format: xx:xx:xx:xx:xx:xx
where x is a hexadecimal number.
4. Set the destination address of the probe by invoking the command:
destination MAC_ADDRESS
where,
MAC_ADDRESS: MAC address. Format: xx:xx:xx:xx:xx:xx
where x is a hexadecimal number.
5. Set the number of times the probe is to be sent by invoking the command:
count <0-10000000>
where,
<0-10000000>: Range of numbers of probes to be sent. To send an unlimited
number, select 0.
6. Set the time interval between any two successive probes (echo requests) by
invoking the command:
frequency <50-10000000>
where,
<50-10000000>: Range of time intervals between any two successive probes (in
milliseconds).
7. Set the pattern of the data portion of a probe frame by invoking the command:
pattern HEXLINE
where,
HEXLINE: A pattern of integral octets in hexadecimal code. For example, the
pattern 0fbf0aea8c is a hexadecimal code of 10 digits or 5 octets. Although the
pattern abcde is a hexadecimal code it is not valid since it is not an integral
number of octets.
8. Set the size of the data portion that is to include the pattern to be transmitted by
invoking the command:
request-data-size <52-9192>
where,
<52-9192>: Range of numbers of data octets after a header.
Note
If the pattern is longer than the size of the data portion, the pattern will
be truncated. If the pattern is shorter than the size of the data field, the
pattern will be repeated until the data portion is completely filled.
9. Select the egress ports of the source of the probe by invoking the command:
ports PORTS-GROUP
where,
PORTS-GROUP: Group of ports.
10. (Optional) Select the DiffServ Level (SL) for the probe frame by invoking the
command:
sl <1-8>
where,
sl <1-8>: Range of SLs for the probe.
11. (Optional) Set a VLAN tag for the probe frame by invoking the command:
tag TAG
where,
TAG: Number in the range 1 to 4095.
12. (Optional) Set a VLAN Priority Tag (VPT) for the probe frame by invoking the
command:
vpt <0-7>
where,
<0-7>: Range of VPTs for the probe.
Debug Information
Purpose
The debug information utility is used to obtain debug information on System Events.
System Events
Examples of system events are: Link up, Link down, Interface up, Interface down.
Activating Display
To activate the display of system events on the CLI screen each time a system event occurs:
1. Enter enable mode.
2. Invoke the command debug event.
Deactivating Display
To deactivate the display of system events on the CLI screen:
1. Enter enable mode.
2. Invoke the command no debug event.
Linux Tasks
To view the Linux tasks being performed in real time:
1. Enter enable mode.
Fan Control
General
Fan control applies to all OS900 models except OS906, OS912 and OS930, in which the fan/s
is/are set to run constantly.
The user can cause the cooling fan/s in an OS900 to be turned on and off at specific ambient
temperatures. In an environment having a suitable temperature, this capability can be used to run
the OS900 silently as well as to save on power.
Fan Configuration:
------------------
Gnd 4, 5 5 Gnd
RxD 6 3 TxD
OS900
Figure 62: Null-Modem RS-232 Cable Wiring
Procedure
The procedure for cleaning connectors is as follows:
1. If no stains are present, using a new clean dry tissue, gently rub, in small circular
motions, the exposed fiber surface and surrounding area in the connector to
remove dust.
2. If stains are present, moisten a new clean dry tissue with isopropyl alcohol and
gently rub, in small circular motions, the exposed fiber surface and surrounding
area in the connector to remove the stains.
3. Using a new clean dry tissue, gently rub, in small circular motions, the exposed
fiber surface and surrounding area in the connector to remove the dissolved stains
and excess isopropyl alcohol.
4. If a connector is not to be coupled with another immediately, cover it with a dust
cap.
Appendix D: Troubleshooting
The troubleshooting procedure here is on the operative level and is given in Table 26, below. Read
the entries in the column Problem until you reach the problem that applies to the OS900. Then
perform the corrective action(s) appearing in the same row. If the problem persists, note the status
of all the LEDs and consult your MRV representative.
Table 26: Startup and Operation Troubleshooting
Egress
Ingress ACL 1 is for ACLs bound using access-group within a VLAN interface or to a port using
port access-group [PORT].
Policing 1 is for TC actions in ACLs from ‘Ingress ACL 1’.
Ingress ACL 2 is for ACLs bound to a port as a second ACL using port access-group extra
[PORT].
Policing 2 is for TC actions in ACLs from ‘Ingress ACL 2’.
Appendix F: Product
Specification
MEF Services and Certifications EPL, E-Line, EPL, E-Line, EPL, E-Line, EPL, E-Line,
E-LAN, E- E-LAN, E- E-LAN, E- E-LAN, E-
Tree, MEF 9, Tree, MEF 9, Tree, MEF 9, Tree, MEF 9,
14 14 14 14
Non-blocking architecture
Wire-speed forwarding
10/100/1000Base-T 8
10/100/1000Base-T or 100/1000Base- 2 6 12
X SFP
100/1000Base-X SFP 2 2
Hardware
Operation
MTBF:
Switching Services
Multicast Services IGMP v1 and v2, IGMP snooping (IPv4 and IPv6 MLD
snooping), Multicast join lists per port/VLAN (1k multicast
groups per system), Static multicast range set
QoS Marking/remarking Per Service Level according to L2 IEEE 802.1p VPT, MPLS L2+
EXP, L3 DSCP, or MPLS EXP
CoS 8 hardware queues per port & configurable CoS adaptive buffer
70
An MRV advanced patch-panel function technology
IP Services
Security
IEEE 802.1x*
Filtering rules for control protocols (e.g., BPDU, CDP, VTP, PVST+, etc.) without the need for
ACLs or STP operation for BPDUs blocking
OS910-M
Basic 27 W
4 x SFPs 2W
2 x EM9-CES-4E1C Modules 16 W
Ports
10/100/1000Base-T:
Interface Fixed
Number
OS904 2
OS906 6
OS910 8
OS910-M 8
OS912 12
OS930 –
Connector:
Cabling:
Type Category 5
10/100/1000Base-X:
Number (max)
OS904 4
OS906 6
OS912 12
OS930 –
Cabling:
10 Gbps Ethernet:
Number (max)
OS930 3
Cabling:
Number 1
Connector:
Cabling:
Length 15 m (~ 50 ft)
Number 1
Connector:
Cabling:
LEDs
Global Status PWR – System power; RST or PRP – Reset; TMP or TEMP
– Temperature, PS1 – Power Supply 1 power, PS2 –
Power Supply 2 power, FAN – Internal fans status
Pushbuttons
Environmental
71
Temperature :
Physical
Dimensions (W x H x D):
71
In even more extreme weather conditions (e.g., UV radiation, rain, dust, humidity, corrosion, etc.), OS900s can be
housed in MRV’s weather-proof Outdoor Cabinets.
Weight (max):
OS910-M:
OS930:
Without PS 2.61 kg
Mounting Desktop, wall, or 19-inch (482.6 mm) or 23-inch (584.2 mm) rack
per the ETSI 300-019 standard, class 3.1. No clearances
required between units.
Management
Accessories
Compliance
Safety Designed to comply with UL 1950; CSA 22.2 No. 950; FCC Part
15, Class B; 2004/108/EC, 2006/95/EC, RoHS
Operation
* Future implementation
Models Supported
OS900s with firmware version 3.1.2 have two image files.
The image file OS900-3_1_2.ver supports the following OS900 models:
OS904
OS906 (with single and dual AC or DC power supplies)
OS912 (with single and dual AC or DC power supplies)
The image file OS900P-3_1_2.ver supports the following OS900 models:
OS910 and the old OS912 devices (with single and dual AC or DC power supplies).
OS910-M – modular demarcation
OS930 – 10GE demarcation
Note: New OS906 and OS912 models are designated with a “dash”, i.e., OS912-.
Old OS906 and OS912 models are designated with a “slash”, i.e., OS912/.
OS900P-3.1.2.ver file
Global version: 3.1.2
Kernel version: 2.6.15
Driver version: v1.4 mvPp s7117
Protocols package (ZebOS) version: 5.2
Hardware Requirements
Minimum Requirements for OS904, OS906, and OS912:
CPU: FER05181, 400 MHz with 32 MB Flash and 128 MB DRAM memory.
Minimum Requirements for all other OS900 devices:
CPU: MPC8245, 266 MHz with 64 MB Flash and 256 MB DRAM memory.
Device hardware version: 1 or later for OS904, OS906, and OS912.
Device hardware version: 3 or later for OS910 and the old OS912.
Device hardware version: 1 or later for OS910-M and OS930.
Upgrade Procedure
Requirement
In order to upgrade an OS900 unit, its associated activation key is required.
To receive the activation key, email your request to [email protected].
Procedure
To upgrade/download the OS900 image from a version that is lower than 1.0.11 to version 3.1.2,
the OS900 image must first be upgraded to version 1.0.11. The image must then be run (by
rebooting) and only then the version 1.0.11 may be upgraded to version 3.1.2.
To upgrade the OS900 with a new firmware version use the following procedure:
1. Log into the OS900.
2. Enter enable mode.
3. Invoke the command:
upgrade ftp FTP-SERVER REMOTE-DIR REMOTE-FILENAME [USERNAME]
[PASSWORD]
4. In response to the prompt:
Enter activation key recieved from MRV:
Type in the activation key (12-characters long)
5. Wait until the completion of the upgrade process, which may last a few minutes.
6. In response to the prompt:
Would you like to reboot the system now ? (y|n)
If you want to run the new image now, type y.
If you want to run the new image at the next reboot and let the previous image keep running in
the meantime, type n.
Features Supported
Layer 1 Features
Virtual Cable Test
SFP Digital Diagnostics
Jumbo frames
Port mirroring
Port protection
Port reflection (LIN)
Port advertise capabilities for speed and duplexity
Routing Features
Wirespeed L3 forwarding
Routing Information Protocol (RIP I & RIP II)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP-4)
ISIS
Secondary addressing
Static routes
Black hole routes
Dummy Interfaces
Virtual Router Redundancy Protocol (VRRP)
Multicast
IGMP Snooping (v1, v2).
Static multicast forwarding.
Management Features
Out of band management
Command Line Interface (CLI) – through Serial, TELNET, or SSH (Protocol Versions 1 & 2).
Console disable
Simple Network Management Protocol (SNMP) versions 1, 2, and 3.
View-Based Access Control Model (VACM)
Remote Monitoring (RMON) - 4 groups
RADIUS authentication for management
TACACS+ authentication for management
Advanced management access control
Upload/Download/Append of configuration file with FTP & SCP
Copy Paste of configuration
Time of day + Calendar + Time zone
Internal Syslog + Remote Syslog
QoS Features
DiffServ – 8 Service levels
Trust Mode L2 / L3 / L2+L3 / Port
VPT & DSCP Marking
Traffic conditioners
Single Leaky-bucket policers
2 Conformance levels (green, red)
Service Assurance
Round Trip Reporter (RTR)
Frame generator
Supported MIBs
MIB RFC or Supports Description
Private
Dev-cfg Private NbDevRouterSaveConfig Device General Configuration
Objects in the Device’s Power Device’s Power Supplies
Supplies Group (NbsDevPS)
Ethernet RFC 1284 Ethernet-like statistics group Ethernet statistics including
multicast, collision, undersize,
and oversize.
Gswitch1 Private All objects (read-only) Contains information necessary
to configure/describe a port
configuration.
Nstack Private Objects in the Stack Information Contains information necessary
Group (nbsStackSlotCapacity, for device structure including port
nbsStackSlotsTableSize, (copper/SFP) VCT and port VCT
nbsStackPortsCapacity, test.
nbsStackSlotPortsCapacity)
Objects in the Slot Information
Group (nbsStackSlotTable)
Mib II RFC 1213 All objects Contains information necessary
for managing TCP/IP-based
internets.
RMON RFC 1757 Ethernet Statistics, History, Alarm, Contains information necessary
Event for the RMON groups Ethernet
Statistics, History, Alarm, Event
rt-cfg Private All objects except Objects in the Contains information about
Device Virtual Interface Table (old) Device Interface Table including
name and secondary interface,
and limits number of interfaces of
all types.
Switch1 Private All objects except nbSysSnmpCfg, Contains information about port
nbSysTrapEntry. tag outbound mode.
OaSwitch Private All objects Contains information on Device
Layer-2 Configuration and MAC
Address Table of the Device
Tcgroup Private All objects Contains information on traffic
conditioner counters. It is similar
to the information provided in the
tc-counters-group mode.
OaSlStat Private All objects Contains information about SL
and status
DOT1AG.MIB RFC 2863 All objects (read only). Contains information on the
Connectivity Fault Management
module for management per
IEEE 802.1ag, Draft 8.
NBETHOAM.MIB Private All objects. (Private extension of Supports groups of IEEE 802.1ag
the DOT1AG.MIB). and ITU-T Y.1731.
mpls-exp-untagged eq <0-7>
New profile:
To classify EXP bits, a new ACL mpls-exp profile must be configured:
access-list extended-profile (normal|double-tag|mpls-exp)
Legality:
o Change available profile when all the ACLs are unbound.
o The binding process fails when the rule does not match its profile ('mpls-exp-
tagged' with normal or double-tag profile).
o ACL with 'mpls-exp-tagged' or 'mpls-exp-untagged' cannot be bound to an egress
port.
o Classification of 'mpls-exp-tagged' or 'mpls-exp-untagged' fields cannot be
combined with L3 and L4 classification fields in the same rule.
• New action was added to ACL: ‘redirect to cpu port’. Use this action if a rate limit is needed for
traffic going to the cpu. Otherwise use 'trap-to-cpu' action.
action redirect port cpu
• Filtering rules for control protocols (CDP, VTP, PVST, BPDU)
do not impact ACLs or STP operation for BPDU blocking
port l2protocol-tunnel (all|cdp|pvst+|stp|vtp) PORTS-GROUP
[drop]
• Save mode for multiple configuration files (up to 5 files).
For saving a new configuration file use:
write file NAME
For a list of all configuration files use:
show file
For showing which file is in use use:
show boot-config-file
For deleting a configuration file use:
delete conf NAME
For switching between configuration files use:
boot-config-file FILE
A reboot is needed for the new file to be loaded.
• Link flap guard is now per port and not global.
The default state for this feature is disabled.
link-flap guard <5-10000> port (PORTS-GROUP|all)
• Extended statistics per port on a trunk
When the CLI command show port statistics is applied to a trunk port, statistics for
each member of the trunk can be viewed.
• Show version number of the backup partition (image)
show version backup
• BootP extensions (broadcast, timeout , ETH0, and Bridge interfaces option)
bootp eth0
bootp eth0 bridge BRNAME
bootp-option broadcast-always
bootp-option timeout TIMEOUT
bootp-option timeout unlimited
• CLI command to configure port's MTU size can also be applied to trunk ports.
port mtu-size (PORTS-GROUP|all) <64-16000>
• NTP time zone simplification
For full details and configuration examples refer to the OS900 User Manual.
Version 2.1.1
• Support for the new OS912 with 64MB flash and 256MB DRAM memory.The new OS912 also
has an FPGA to support new features in hardware.
Note: Ports 11 and 12 of the new OS912 do not have internal ports (Just like the old OS912)
so “extra ACL” and “ingress shaping” can’t be applied to those ports.
• Support for upgrade of the FPGA code to support new features in hardware (Only on OS912
and OS904).
Steps for upgrading:
1. copy the fpga file from an ftp server:
copy ftp fpga FTP-SERVER REMOTE-DIR REMOTE-FILENAME [USERNAME]
[PASSWORD]
2. copy the file to the fpga:
upgrade fpga
3. show the fpga version:
show fpga version
4. remove local copy of file:
remove fpga-file
• Multicast Features
• IGMP Snooping(v1, v2).
• Static multicast forwarding.
For full details and configuration examples read the OS900 User Manual.
• UniDirectional Link Detection (UDLD) protocol
port udld aggressive [PORTS-GROUP]
port udld enable [PORTS-GROUP]
port udld message-interval <7-90> [PORTS-GROUP]
port udld primary-vlan <1-4095> [PORTS-GROUP]
port udld reset [PORTS-GROUP]
port udld slow-message-interval <7-90> [PORTS-GROUP]
• Port Advertise. Advertise default auto-negotiation capabilities
port advertise speed (10|100|1000|all) duplex (half|full|all)
(PORTS-GROUP|all)
• Link flap guard
Isolate port changing link state with very high frequency (default 10 changes per
second). The CLI command configures link flap guard limit:
link-flap guard <5-500>
CLI commands restore default link flap guard limit:
link-flap guard default
no link-flap guard
• Port link flap dampening
Ability to isolate port changes its link status with the high frequency.
The CLI command enables link flap dampening for selected ports:
port errdisable detect cause link-flap PORTS-GROUP
The CLI command recovers ports are isolated by link flap dampening mehanism:
port errdisable recover cause link-flap PORTS-GROUP
The following CLI commands configure link flap dampening:
link-flap-dampening errdisable-threshold VALUE
link-flap-dampening recovery-threshold VALUE
link-flap-dampening flap-penalty VALUE
default = 2048.
• Statistics per port/sl including SNMP support (OaSlStat MIB).
For details, refer to the application notes.
• LACP can now be configures also on ports and not only trunk ports.
port lacp (PORTS-GROUP|all)
port lacp passive (PORTS-GROUP|all)
• LACP can now be configures to rapid mode to reduce the time to establish LACP session.
port rapid-lacp (PORTS-GROUP|all)
• Access-lists actions of mark vpt, mark dscp and mark sl now support 56 different profiles.
In previous versions each rule with mark actions allocated an entry from the QoS table even if
we used the same values.
• Spanning Tree blocks also loop on a single port.
The Spanning Tree protocol identify and block the port when a loop is created by connecting
the RX & TX on a single port.
• Configure fatal exception parameters. use it to create dump file for debugging in case the
device craches. Default is disabled.
exception behaviour (reboot|halt)
exception disable
exception enable
exception memory <1-200>
exception memory unlimited
• TACACS+ including accounting
For details, refer to the application notes.
• Radius accounting is supported.
accounting commands radius
accounting exec radius.
• Multiple IPs per interface
Secondary IP addresses can now be added to interfaces
The CLI command (in interface node) to add more IP addresses:
ip A.B.C.D/M
• Protocols mac addresses are enabled in the hardware only when the protocol is enabled in the
software.This saves entries in the learning table and the protocols can now be transparent in
the device when they are disabled.
• New Scheduler to run linux/CLI commands.Every command has a uniqe Schedule node to
simplify and expand configuration.
schedule extended <1-65535>
• Telnet and SSH sessions are limited to 5 (for security reasons).
• Default timeout of the device is 5 minutes.
We can change the timeout using:
exec-timeout current-session <1-35791>
exec-timeout global <1-35791>
Or disable the timeout using:
no exec-timeout current-session
no exec-timeout global
• Management rules are now limited to 20 per interface (were 10 in previous versions).
• Support copy current startup configuration to the backup partition.
value).
When setting a rate limiter you must configure the commited burst size (cbs) to a
larger value then the policer mtu.
• Spanning Tree forwarding decisions based on 802.1ag.
This will improve convergence time in some scenarios.
To enable the port forwarding decisions based on 802.1ag use:
port PORTS-GROUP oam-based-force-edge
We can also filter events from the 802.1ag
oam-filter
• New CLI Command in the spanning tree node to configure the Transmit Hold Count.
tx-hold-count <1-10>
tx-hold-count infinite
• Spanning Tree BPDUs HW Tunneling & Dropping.
For details, refer to the application notes.
• Support up-to 2 remote syslog servers.
rsyslog IPV4_ADDRESS [IPV4_ADDRESS]
• Flow Control Support. (Using Flow Control will Eliminate the QoS capabilities of the device)
port flow-control PORTS-GROUP
• Show Sfp Params and Show Sfp Diagnostics can now be used also for trunk ports.
• Reverse Link-Reflection.
The downlink port has reverse link state from the uplink.
When uplink has link on all the downlink ports are off and when uplinks link goes down all the
downlinks links go up.
link-reflection uplink PORT downlink PORTS-GROUP reverse-state
• Buffers Shared can now be disabled.
no buffers shared
• Bandwidth CLI command was added under interface node for L3 protocols.
• Telnet sessions are limited to 10 (for security) and the default timeout changed to 30 minutes.
• Default Ethertype for 802.1ag ccm packets is now 0x8902.
• Scheduler can now run without root password defined.
• Configure fan temperature in Fahrenheit.
fan temperature fahrenheit <34-149> <34-149>
• Show Port was improved for trunk ports. We can see the status of each port in trunk.
OS910(config)# show port
PORTS CONFIGURATION
===================
PORT MEDIA MEDIA_SEL LINK SPD_SEL LAN_SPD DUPL STATE SL
----------------------------------------------------------------------
1 TP COPPER OFF AUTO N/A N/A ENABLE 1
2 TP COPPER OFF AUTO N/A N/A ENABLE 1
3 TP COPPER OFF AUTO N/A N/A ENABLE 1
4 TP COPPER OFF AUTO N/A N/A ENABLE 1
5 TP COPPER OFF AUTO N/A N/A ENABLE 1
6 TP COPPER OFF AUTO N/A N/A ENABLE 1
7 TP COPPER OFF AUTO N/A N/A ENABLE 1
Version 2.0.10
• Support OS910M.
• Support new CES modules for OS910M.
For details, refer to the application notes.
• Support OS930.
• BPDU tunneling according to tag.
When receiving tagged BPDUs it is now possible to either drop them or flood them on their
vlan.
The CLI command (in spanning-tree node) to set the forwarding decision for tagged BPDU:
port PORTS-GROUP tagged-bpdu rx TAG-LIST (drop|flood)
• Transmit & Receive tagged BPDUs.
For interoperability reasons it is sometime necessary to accept and transmit tagged
BPDUs.
The CLI command (in spanning-tree node) to transmit BPDUs with specific tag:
port PORTS-GROUP tagged-bpdu tx TAG
Note that tagged BPDUs are received and treated now as untagged BPDUs by
default.
• VACM.
For details, refer to the application notes.
• Console disable.
Access through the serial interface can be disabled to prevent local access to the CLI.
Remote access using Telnet/SSH/SNMP still works assuming that the right
configuration is set.
The CLI command to disable the console immediately (should be executed from
remote session):
console-disable
The CLI command to disable the console in 1 minute:
console-disable delayed
• 802.1ag and ITU-Y1731 improvements.
more services and MEPs support.
• 802.1ag and ITU-Y1731 link trace.
mep 1 linktrace rmep 2
• Scheduler support for all 802.1ag and ITU-Y1731 CLI commands.
for example:
schedule start-time Oct 20 9:20 5 frequency 1 cli ethernet oam domain
1 service 1 mep 1 delay-measure rmep 2 5
• History of 802.1ag and ITU-Y1731 loopback, delay-measurement and link-trace tests results.
CLI to configure history size:
mep 1 loopback history-size 120
mep 1 delay-measure history-size 120
show history of results:
show loopback history
show delay-measure history
• Link Protection and Link Reflection based on 802.1ag.(Beta Version).
For details, refer to the application notes.
o - high/normal Temperature.
o - Fans on/off.
o - Power supply on/off (for OS900 dual AC or dual DC only).
• Support 802.1ag and ITU-Y1731 functions.
For full details and configuration examples refer to the ‘Ethernet Service OAM’ application
notes.
Version 2.0.8
• Support for classification of source and dest mac-address in ACL (for non-ip/arp packets only).
src-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
dst-mac-addr-for-non-ip eq MAC_ADDRESS [MASK]
• Ability to define redirect action to a trunk port.
action redirect port PORT
• Multiple actions in a single ACL rule.
• Support for BOOTP/TFTP: the switch can take an IP address automatically during boot (DHCP
client), and then take the configuration from a remote TFTP server.
bootp VLAN-TAG PORTS TAGGED-PORTS get-cfg-via-tftp CFG-FILENAME TFTP-
SERVER. (CLI to configure bootp which gets a dynamic ip from dhcp server and configuration
file from the tftp server).
bootp VLAN-TAG PORTS TAGGED-PORTS (CLI to configure bootp which gets a dynamic ip
from dhcp server).
show bootp (CLI to show BOOTP/DHCP/TFTP configuration).
• LACP (802.3ad) support – link aggregation control protocol.
port trunk NAME lacp. (CLI to configure active lacp trunk).
port trunk NAME lacp passive. (CLI to configure passive lacp trunk).
show port lacp. (CLI to show ports lacp status).
Version 2.0.4
• Routing Features
o Wirespeed L3 forwarding
o Routing information Protocol (RIP I & RIP II)
o Open Shortest Path First (OSPF)
o Border Gateway Protocol (BGP-4)
o ISIS
o Static routes
o Black hole routes
o Dummy Interfaces
o Virtual Router Redundency Protocol (VRRP)
o IP NAT (note that this is a software NAT with limitied performance)
• New Linux kernel 2.6.15
• Ingress scheduling configuration was added: port priority-queuing profile can be assigned to a
port in it’s ingress phase (previous versions had this feature on egress only). This features
enables applications like per access port ingress scheduling (e.g.using wrr to enable differnet
trafic shares per service-level, doing that on a per customer/access-port basis).
• A new port mode was added: ‘untagged-multi-vlans’. This new mode, in combination with the
‘tag swap’ action in the ACL, enables applications like protocol based VLANs, and the usage
of the out-of-band port for performing software-based routing and NAT.
Version 1.0.9
• Added support for the OS912 device.
• Improved support for fan and power-supply status reporting.
• Added two new combined ACL actions: action-list+mark+swap-vlan, mark+swap-vlan.
• Added classification of the source physical port in ACL rules (can be usefull in access-lists
binded to a vlan, having different treatment for different ingress ports within the same vlan).
• Protected-ports: for each source port define the allowed destination ports, overiding other
forwarding decisions in order to support port level security.
• Added option to configure priority queuing for a trunk port: the queuing itself is still on each
port but the queuing configuration is copied internaly for all ports of the trunk.
• Improved performance for link-protection when returning to the primary link uppon it’s
recovery.
• Flood limit: more accurate limit and an 'extra' flood limit option that enables definition of two
flood rates (with differnet traffic types) for the same ingress port.
• RADIUS support for direct login into enabled mode: such a login is enabled when a user is
configured on the RADIUS server with the attribute ‘Service-Type’ set to ‘Administrative-User’.
Version 1.0.6
• Support for two sets of egress counters (version 1.0.3 have only one), and two sets of ingress
counters.
• Classification of Ethertype field in ACL rules (matches the first non-vlan ethertype).
• Mirroring per ingress vlan.
• Improvements in the default configuration of memory buffers and descriptors budgets.
• Auto operation of the fan (can set the on and off temperatures).
• Dropping of Broadcast and Multicast packets for IPv6,IPv4 and non-IP packets per ingress
vlan.
• SA-MAC and DA-MAC actions (drop, fwd) per LT entry: ability to drop packets based on their
source or destination MAC address.
• Support for tc-group-mib (per flow accounting).
Version 1.0.3
• First software release.