CEServicesSoftwareProductSpecificationww1.microchip.com/downloads/en/DeviceDoc/VPPD-04309_VSC681… ·...

.VSC6818-4.7

User GuideCEServices Software Product Specification

Released

January 2019

Contents

1 Revision History...........................................................................................................................8

2 Product Overview......................................................................................................................112.1 Supported Switch Platforms.......................................................................................................................112.2 Software Architecture.................................................................................................................................13

3 Supported Features....................................................................................................................143.1 BSP and API.................................................................................................................................................143.2 Port Control................................................................................................................................................143.3 Quality of Service (QoS)..............................................................................................................................153.4 L2 Switching................................................................................................................................................163.5 Protection...................................................................................................................................................183.6 L3 Switching................................................................................................................................................193.7 Security.......................................................................................................................................................203.8 Timing and Synchronization........................................................................................................................213.9 Carrier Ethernet (OAM and Testing)...........................................................................................................223.10 Robustness and Power Savings.................................................................................................................243.11 Customization Framework........................................................................................................................263.12 Management............................................................................................................................................263.13 SNMP MIBs...............................................................................................................................................28

4 Features and Platform Capacity.................................................................................................30

5 System Requirements................................................................................................................34

6 Port and System Capabilities......................................................................................................366.1 Port Capability............................................................................................................................................366.2 System Capability........................................................................................................................................36

7 Firmware Upgrade.....................................................................................................................37

8 Port Control................................................................................................................................388.1 NPI Port.......................................................................................................................................................388.2 PCIe.............................................................................................................................................................388.3 Dual CPU (Application Variant with JSON)..................................................................................................388.4 SFP Detection..............................................................................................................................................388.5 VeriPHY Support..........................................................................................................................................388.6 PoE/PoE+ Support.......................................................................................................................................388.7 POE/POE+ with LLDP...................................................................................................................................388.8 Unidirectional Link Detection (UDLD).........................................................................................................38

9 Quality of Service (QoS).............................................................................................................409.1 Port Policers................................................................................................................................................409.2 Scheduling and Shaping..............................................................................................................................409.3 QCL Configuration.......................................................................................................................................409.4 Weighted Random Early Detection (WRED)...............................................................................................409.5 Tag Remarking.............................................................................................................................................40

2VSC6818-4.7 User Guide Revision 1.7

9.6 Ingress Port Classification...........................................................................................................................419.7 Queue Policers............................................................................................................................................419.8 HQoS...........................................................................................................................................................419.9 DiffServ (RFC2474) Remarking....................................................................................................................419.10 Global Storm Control................................................................................................................................42

10 L2 Switching.............................................................................................................................4310.1 Virtual LAN................................................................................................................................................43

10.1.1 Voice VLAN.................................................................................................................................4310.1.2 Private VLAN, Port Isolation........................................................................................................4410.1.3 MAC-Based, Protocol-Based, and IP Subnet-Based VLAN..........................................................4410.1.4 Auto MAC Address Learning/Aging............................................................................................4410.1.5 MAC Addresses–Static................................................................................................................44

10.2 Industrial Private VLANs............................................................................................................................4410.3 Generic VLAN Registration Protocol (GVRP).............................................................................................4510.4 VLAN Translation.......................................................................................................................................4510.5 Multiple Registration Protocol (MRP).......................................................................................................4510.6 Multiple VLAN Registration Protocol (MVRP)...........................................................................................4510.7 IEEE 802.3ad Link Aggregation..................................................................................................................45

10.7.1 Static...........................................................................................................................................4610.7.2 Link Aggregation Control Protocol (LACP)..................................................................................46

10.8 Bridge Protocol Data Unit (BPDU) Guard, Restricted Role, and Error Disable Recovery...........................4610.9 DHCP Snooping.........................................................................................................................................4610.10 MAC Table Configuration........................................................................................................................4610.11 Mirroring (SPAN/VSPAN and RSPAN)......................................................................................................4710.12 RMirror...................................................................................................................................................4710.13 Flow Mirroring for AC.............................................................................................................................4710.14 Spanning Tree.........................................................................................................................................4710.15 Loop Guard.............................................................................................................................................4710.16 L2 Multicast............................................................................................................................................48

10.16.1 IP Multicast (IPMC) Profile Configuration.................................................................................4810.16.2 IGMP Snooping and MLD Snooping..........................................................................................4810.16.3 Multicast VLAN Registration (MVR)..........................................................................................4810.16.4 Filtering (IGMP Snooping and MLD Snooping).........................................................................48

11 Protection................................................................................................................................4911.1 Ethernet Ring Protection (ERP).................................................................................................................49

11.1.1 G.8032 Ring Protection v.1 and v.2.............................................................................................4911.2 Linear Protection using Ethernet Protection Switching (EPS)...................................................................49

11.2.1 1:1 Port Protection.....................................................................................................................4911.2.2 1:N Port Protection.....................................................................................................................50

12 L3 Switching.............................................................................................................................5112.1 Universal Plug and Play (UPnP).................................................................................................................5112.2 DHCP Relay...............................................................................................................................................5112.3 L3 Routing.................................................................................................................................................51

13 Security....................................................................................................................................5213.1 802.1X and MAC-Based Authentication....................................................................................................5213.2 Port Security.............................................................................................................................................5313.3 Authentication, Authorization, and Accounting (AAA).............................................................................5313.4 Secure Access............................................................................................................................................5413.5 Users and Privilege Levels.........................................................................................................................5413.6 Authentication and Authorization Methods.............................................................................................54


13.6.1 Authentication Method..............................................................................................................5413.6.2 Command Authorization Method Configuration........................................................................5513.6.3 Accounting Method Configuration.............................................................................................5513.6.4 Management Access Filtering.....................................................................................................55

13.7 Access Control List (ACLs).........................................................................................................................5513.8 ARP Inspection/IP and IPv6 Source Guard................................................................................................56

13.8.1 Guest VLAN.................................................................................................................................56

14 Timing and Synchronization.....................................................................................................5714.1 SyncE.........................................................................................................................................................5714.2 Precision Time Protocol (PTP)...................................................................................................................5814.3 14.3 G.8265.1 BMCA.................................................................................................................................5814.4 PTP Profile.................................................................................................................................................5914.5 Clock Quality.............................................................................................................................................5914.6 G.8275 Compliant Filter............................................................................................................................5914.7 PTP Time Interface....................................................................................................................................5914.8 Network Time Protocol (NTP)...................................................................................................................5914.9 Microsemi One-step TC PHY Solution.......................................................................................................59

14.9.1 Peer-to-Peer Transparent Clock..................................................................................................5914.9.2 End-to-End Transparent Clock....................................................................................................5914.9.3 Boundary Clock...........................................................................................................................5914.9.4 PTP over IPv4..............................................................................................................................5914.9.5 Unicast/Multicast.......................................................................................................................59

15 Carrier Ethernet (OAM and Testing).........................................................................................6015.1 Ethernet Services......................................................................................................................................60

15.1.1 MEF.............................................................................................................................................6015.1.2 Provider Bridging........................................................................................................................6115.1.3 Proprietary Features...................................................................................................................6115.1.4 L2CP Tunneling...........................................................................................................................61

15.2 OAM..........................................................................................................................................................6215.2.1 Link OAM (802.3ah)....................................................................................................................6215.2.2 Dying Gasp..................................................................................................................................6315.2.3 Flow OAM...................................................................................................................................63

15.3 IEEE 802.1ag Support................................................................................................................................6315.4 ITU-T Support............................................................................................................................................6315.5 Syslog Support..........................................................................................................................................64

15.5.1 AIS Syslogs..................................................................................................................................6415.5.2 MIB Alarm Syslogs......................................................................................................................64

15.6 RFC2544 Support......................................................................................................................................6415.7 Performance Monitoring (PM)..................................................................................................................6415.8 Traffic Test Loop........................................................................................................................................6515.9 Y.1564 (SAM) Support...............................................................................................................................6515.10 Multiprotocol Label Switching-Transport Profile (MPLS- TP) Support....................................................66

15.10.1 MEF CE 2.0 E-LINE Delivery over MPLS-TP Pseudowire............................................................6615.10.2 MEF CE 2.0 E-LAN Delivery over H-VPLS...................................................................................6615.10.3 Pseudowire Label Edge Router (LER) Features.........................................................................6615.10.4 Label-Switched Path (LSP) Support...........................................................................................6615.10.5 MPLS-TP OAM..........................................................................................................................6715.10.6 MPLS-TP (1:1 Linear) Protection...............................................................................................6715.10.7 QoS...........................................................................................................................................67

16 Robustness and Power Savings................................................................................................6916.1 Robustness................................................................................................................................................69


16.1.1 Cold and Cool Restart.................................................................................................................6916.2 Power Savings...........................................................................................................................................69

16.2.1 Energy-Efficient Ethernet (EEE) Support.....................................................................................6916.2.2 LED Power Reduction Support....................................................................................................6916.2.3 Adaptive Fan Control..................................................................................................................69

16.3 ActiPHY.....................................................................................................................................................6916.3.1 Thermal Protection.....................................................................................................................70

16.4 PerfectReach.............................................................................................................................................70

17 Management............................................................................................................................7117.1 JSON-RPC..................................................................................................................................................71

17.1.1 JSON-RPC Notifications...............................................................................................................7117.2 Management Services..............................................................................................................................71

17.2.1 Industry Standard CLI Model......................................................................................................7217.2.1.1 User EXEC Mode...........................................................................................................7217.2.1.2 Privileged EXEC Mode..................................................................................................73

17.2.2 Industry Standard Configuration Support...................................................................................7317.2.3 Web............................................................................................................................................74

17.3 Simple Network Management Protocol (SNMP)......................................................................................7417.4 RMON Statistics........................................................................................................................................7417.5 Internet Control Message Protocol...........................................................................................................7517.6 SysLog.......................................................................................................................................................7517.7 LLDP-MED.................................................................................................................................................7517.8 802.1AB LLDP and CDP Aware..................................................................................................................77

17.8.1 CDP Awareness...........................................................................................................................7717.9 IP Management, DNS, and DHCPv4/v6.....................................................................................................7817.10 IPv6 Ready Logo Phase2.........................................................................................................................7817.11 DHCP Server............................................................................................................................................7917.12 Console...................................................................................................................................................7917.13 System Management..............................................................................................................................7917.14 Crash File Support...................................................................................................................................7917.15 Management Access Filtering.................................................................................................................7917.16 sFlow.......................................................................................................................................................7917.17 Default Configuration.............................................................................................................................7917.18 Configuration Upload/Download............................................................................................................8017.19 Loop Detection Restore toDefault..........................................................................................................8017.20 Daylight Saving........................................................................................................................................8017.21 Symbolic Register Access........................................................................................................................8017.22 SD/MMC Card Slot..................................................................................................................................80

18 SNMPMIBs...............................................................................................................................8118.1 Private MIBs..............................................................................................................................................81


Figures

Figure 1 • Application Architecture..............................................................................................................................13


Tables

Table 1 • Supported Switches .................................................................................................................................11Table 2 • Supported 1G PHYs ..................................................................................................................................11Table 3 • Supported 10G PHYs ................................................................................................................................12Table 4 • BSP and API: Supported Features ............................................................................................................14Table 5 • Port Control: Supported Features ............................................................................................................14Table 6 • QoS: Supported Features .........................................................................................................................15Table 7 • L2 Switching: Supported Features ............................................................................................................16Table 8 • Protection: Supported Features ...............................................................................................................19Table 9 • L3 Switching: Supported Features ............................................................................................................19Table 10 • Security: Supported Features .................................................................................................................20Table 11 • Timing and Synchronization: Supported Features .................................................................................21Table 12 • Carrier Ethernet (OAM and Testing): Supported Features .....................................................................22Table 13 • Robustness and Power Savings: Supported Features ............................................................................25Table 14 • Customization Framework: Supported Features ....................................................................................26Table 15 • Management: Supported Features ........................................................................................................26Table 16 • SNMP MIBs: Supported Features ...........................................................................................................28Table 17 • Features and Platform Capacity .............................................................................................................30Table 18 • Port System Requirements .....................................................................................................................34Table 19 • Hardware System Requirements ............................................................................................................34Table 20 • DHCP Relay Configuration Parameters ...................................................................................................51Table 21 • Secure Access Options ...........................................................................................................................54Table 22 • ifIndex Descriptions ...............................................................................................................................81


1 Revision History

Details of ChangeRevision DateRevision

Revision 1.7 was published in January 2019 to align with the Linux application software release 4.7. Thefollowing is a summary of changes in revision 1.7 of this document.

January 20191.7

• The BSP and API: Supported Features table was updated. For more information, see Table4 • BSP and API: Supported Features.

• The QoS: Supported Features table was updated. For more information, see Table 6 • QoS:Supported Features.

• The L3 Switching: Supported Features table was updated. For more information, see Table9 • L3 Switching: Supported Features.

• The Security: Supported Features table was updated. For more information, see Table 10 •Security: Supported Features.

• The Timing and Synchronization: Supported Features table was updated. For moreinformation, see Table 11 • Timing and Synchronization: Supported Features.

• The Customization Framework: Supported Features tablewas updated. Formore information,see Table 14 • Customization Framework: Supported Features.

• The SNMP MIBs: Supported Features table was updated. For more information, see Table16 • SNMP MIBs: Supported Features.

• The L3 Routing section was updated. For more information, see L3 Routing on page 51.

Revision 1.6 was published in October 2018 to align with the Linux application software release 4.6. Thefollowing is a summary of changes in revision 1.6 of this document.

October 20181.6

• The Port Control: Supported Features table was updated. For more information, see Table5 • Port Control: Supported Features.


• The Protection: Supported Features table was updated. For more information, see Table 8• Protection: Supported Features.


• The Security: Supported Features table was updated. For more information, see Table 10 •Security: Supported Features.

• The Timing and Synchronization: Supported Features table was updated. For moreinformation, see Table 11 • Timing and Synchronization: Supported Features.

• The Carrier Ethernet (OAM and Testing): Supported Features table was updated. For moreinformation, see Table 12 • Carrier Ethernet (OAM and Testing): Supported Features.

• The Robustness and Power Savings: Supported Features table was updated. For moreinformation, see Table 13 • Robustness and Power Savings: Supported Features.

• The Customization Framework: Supported Features tablewas updated. Formore information,see Table 14 • Customization Framework: Supported Features.

• The Management: Supported Features table was updated. For more information, see Table15 • Management: Supported Features.

• The SNMP MIBs: Supported Features table was updated. For more information, see Table16 • SNMP MIBs: Supported Features.

• The Cold and Cool Restart section was updated. For more information, see Cold and CoolRestart on page 69.

• The JSON-RPC section was updated. For more information, see JSON-RPC on page 71.• Removed the Software Functions Supported by JSON RPC section from the Managementchapter.

• Removed the Standard MIB section from the SNMP MIBs chapter.

Revision 1.5 was published in July 2018 to align with the Linux application software release 4.5. Thefollowing is a summary of changes in revision 1.5 of this document.

July 20181.5


Revision History


• The Port Control: Supported Features table was updated by adding one more feature. Formore information, see Port Control on page 14.

• The Security: Supported Features table was updated by adding one more feature. For moreinformation, see Security on page 20.

• TheManagement: Supported Features table was updated by adding twomore features. Formore information, see Management on page 26.

• The Feature and Platform Capacity table was updated. For more information, see Table 17• Features and Platform Capacity.

• The L3 Routing section was updated. For more information, see L3 Routing on page 51.• The ARP Inspection/IP and IPv6 Source Guard section was updated. For more information,see ARP Inspection/IP and IPv6 Source Guard on page 56.

• The MEF section was updated. For more information, see MEF on page 60.• The Proprietary Features sectionwas updated. Formore information, see Proprietary Featureson page 61.

• The Dying gasp section was updated. For more information, see Dying Gasp on page 63.• The DHCP Server section was updated. For more information, see DHCP Server on page 79.• The IP Management, DNS, and DHCPv4/v6 section was updated. For more information, seeIP Management, DNS, and DHCPv4/v6 on page 78.

Revision 1.4 was published in April 2018 to align with the Linux application software release 4.4. Thefollowing is a summary of changes in revision 1.4 of this document.

April 20181.4

• The list of features in the L3 Switching: Supported Features table was updated. For moreinformation, see L3 Switching on page 19.

• The Features and Platform Capacity table was updated. For more information, see Table17 • Features and Platform Capacity.

• The Internet Control Message Protocol section was updated. For more information, seeInternet Control Message Protocol on page 75.

• The Industrial Private VLAN section was updated. For more information, see IndustrialPrivate VLANs on page 44.

• The L3 Routing section was added in the Synchronization chapter. For more information,see L3 Routing on page 51.

• The Timing and Synchronization section was updated. For more information, see Timingand Synchronization on page 57.

Revision 1.3 was published in January 2018 to align with the Linux application software release 4.3. Thefollowing is a summary of changes in revision 1.3 of this document.

January 20181.3

• The Supported Switches table was updated with details regarding VSC7435 and VSC74357.For more information, see Supported Switch Platforms on page 11.

• The Port Control: Supported Features table was updated by adding four more features. Formore information, see Port Control on page 14.

• The L2 Switching: Supported Features table was updated by adding four more features. Formore information, see L2 Switching on page 16.

• The Carrier Ethernet (OAM and Testing): Supported Features table was updated by addingfour more features. For more information, see Carrier Ethernet (OAM and Testing) on page22.

• The bullet item related to loss measurement in the ITU-T Support section was updated. Formore information, see ITU-T Support on page 63.

• The last paragraph in the Traffic Test Loop section was updated. For more information, seeTraffic Test Loop on page 65.

Revision 1.2 was published in September 2017 to align with the Linux application software release 4.2. Inrevision 1.2 of the of this document, the section related to MPLS-TP was added. For more information,see Multiprotocol Label Switching-Transport Profile (MPLS- TP) Support on page 66.

September2017

1.2

Revision 1.1 was published in June 2017 to align with the Linux application software release 4.1. Thefollowing is a summary of changes in revision 1.1 of this document.

June 20171.1


Revision History


• The tables listing the supported features were updated to reflect the features related to theServal-T device. For more information, see Supported Switch Platforms on page 11.

• The Features and Platform Capacity table was updated to reflect the features related to theServal-T device. For more information, see Features and Platform Capacity on page 30.

• The Port System Requirements table was updated to reflect the features related to theServal-T device. For more information, see System Requirements on page 34.

Revision 1.0 was published in November 2016 to align with the Linux application software release 4.0. Itwas the first publication of this document.

November2016

1.0


Revision History

2 Product Overview

The CEServices turnkey software package targets Carrier Ethernet (CE) services. This software packagecan be customized to support different port configurations. It is built on Linux to ensure cost optimizationwithout compromising efficiency. CEServices supports the following major capabilities.

• RedBoot bootloader• Web or XMODEM update

2.1 Supported Switch PlatformsThis software is supported on a series of Microsemi switches with 12, 26, or 52 ports with Power overEthernet (PoE) and non-PoE capabilities. It is also supported onMicrosemi PHYswith SyncE andVeriTime™(IEEE 1588v2) capabilities. The following table shows the supported switches.

Table 1 • Supported Switches

DescriptionSwitch

6-port Carrier Ethernet Switch Engine with ViSAA™, VeriTime™, and MPLS/MPLS-TPVSC7416

11-port Carrier Ethernet Switch Engine with ViSAA™, VeriTime™, and MPLS/MPLS-TPVSC7418

6-port Carrier Ethernet Switch with ViSAA™, VeriTime™, and Gigabit Ethernet PHYsVSC7430

6-Port Carrier Ethernet Switch with ViSAA™, VeriTime™, and Integrated DPLL and Gigabit Eth-ernet PHYs

VSC7435

10-port Carrier Ethernet Switch with ViSAA™, VeriTime™, and Integrated Gigabit Ethernet PHYsVSC7436

8-Port Carrier Ethernet Switch with ViSAA™, VeriTime™, and Integrated DPLL and GbE PHYsVCS7437

14-port Carrier Ethernet Switch with ViSAA™, VeriTime™, MPLS-TP, and L3 RoutingVSC7438

26-port Carrier Ethernet Switch with ViSAA™, VeriTime™, MPLS/MPLS-TP, and layer 3 RoutingVSC7464

52-port Carrier Ethernet Switch with ViSAA™, VeriTime™, MPLS/MPLS-TP, and layer 3 RoutingVSC7468

The following table lists the supported 1G PHYs.

Table 2 • Supported 1G PHYs

DescriptionPHY

Single-port 10/100/1000BASE-T PHY and 1000BASE-X PHYwith SGMII, SerDes, GMII,MII, TBI, RGMII/RTBI MAC Interfaces

VSC8211

Single-port 10/100/1000BASE-T PHY with 1.25 Gbps SerDes/SGMII for SFPs/GBICsVSC8221

Single-port GbE Copper PHY with Synchronous Ethernet and RGMII/GMII InterfaceVSC8501

Dual-port GbE Copper PHY with Synchronous Ethernet and RGMII/GMII InterfaceVSC8502

Quad-port 10/100/1000BASE-T PHY with Synchronous Ethernet and QSGMII/SGMII MACVSC8504

12-port 10/100/1000BASE-T PHY with SGMII and QSGMII MAC InterfaceVSC8512

Quad-port Gigabit Copper EEE PHY with QSGMII MAC-to-PHY InterfaceVSC8514


Product Overview

DescriptionPHY

12-port 10/100/1000BASE-T PHY with QSGMII MAC InterfaceVSC8522

Dual-port RGMII/SGMII/QSGMII Dual Media PHY with EEE SupportVSC8552

Dual-port 10/100/1000BASE-T PHYwith Synchronous Ethernet, Intellisec™, and QSGMII/SGMIIMACVSC8562

Dual-port 10/100/1000BASE-T PHY with Synchronous Ethernet, MACsec, and QSGMII/SGMII MACVSC8564

Dual-port 10/100/1000BASE-T PHY with VeriTime™, Synchronous Ethernet, and RGMII/SGMII MACVSC8572

Quad-port Dual Media QSGMII/SGMII GbE PHY with VeriTime™VSC8574

Quad-port 10/100/1000BASE-T PHYwith Synchronous Ethernet, VeriTime™, andQSGMII/SGMIIMACVSC8575

Dual-port Dual Media QSGMII/SGMII GbE PHY with Intellisec™ and VeriTime™VSC8582

Quad-port Dual Media QSGMII/SGMII GbE PHY with Intellisec™ and VeriTime™VSC8584

The following table lists the supported 10G PHYs.

Table 3 • Supported 10G PHYs

DescriptionPHY

Dual Channel 1G/10GBASE-KR to SFI Ethernet LAN/WAN PHY with VeriTime™ and Intellisec™VSC8254

Quad Channel 1G/10GBASE-KR to SFI Ethernet RepeaterVSC8256

Quad Channel 1G/10GBASE-KR to SFI Ethernet WIS PHY with VeriTime™ and Intellisec™VSC8257

Quad Channel 1G/10GBASE-KR to SFI Ethernet WIS PHY with VeriTime™ and Intellisec™VSC8258

Dual-port WAN/LAN/Backplane RXAUI/XAUI to SFP+/KR 10 GbE PHYVSC8489

Dual-port WAN/LAN/Backplane RXAUI/XAUI to SFP+/KR 10 GbE PHY with Intellisec™ and VeriTime™VSC8490

WAN/LAN/Backplane RXAUI/XAUI to SFP+/KR 10 GbE PHY with Intellisec™ and VeriTime™VSC8491


Product Overview

2.2 Software ArchitectureThe CEServices software provides support for standalone switches. It consists of the followingcomponents.

• Operating system (Linux) for access to the hardware.• Application programming interface (API) for a function library to control switches and PHYs.• Control modules, such as port control, MSTP, and Virtual LAN (VLAN)—to implement product

features and protocols. These modules may include threads and provide a management API forconfiguration and monitoring.

• Management modules, such as CLI, web, JSON-RPC, and Simple Network Management Protocol(SNMP)—for interfaces to the system based on the management API of the control modules.

The following illustration shows the architecture of the Microsemi managed application software anda few control and management modules.

Figure 1 • Application Architecture


Product Overview

3 Supported Features

The following sections describe the features of each module of the CEServices software.

3.1 BSP and APIThe following table lists the features supported by the API module.

Table 4 • BSP and API: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Internal CPU

•••API and application split

•••MESA layer

•••MEBA layer

3.2 Port ControlThe following table lists the features supported by the port control module. For more information, seePort Control on page 38.

Table 5 • Port Control: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Port speed/duplex mode/flow control

•••802.1Qbb per priority flow control

•••Aquantia 2.5G PHY Gen2

•••Aquantia 2.5G PHY Gen3

•Aquantia 5G PHY Gen3

••Aquantia 10G PHY Gen2

•••Port frame size (jumbo frames)

•••Port state (administrative status)

•••Port status (link monitoring)

•••Port statistics (MIB counters)


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Port VeriPHY (cable diagnostics)

•••PoE/PoE+ with PD69208 support

•••PoE/PoE+with Link Layer Discovery Proto-col (LLDP)

•••NPI port

•••PCIe

•••On-the-fly SFP detection

•••DDMI

•••Unidirectional Link Detection (UDLD)

3.3 Quality of Service (QoS)The following table lists the features supported by the QoS module. For more information, see Qualityof Service (QoS) on page 40.

Table 6 • QoS: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Traffic classes (8 active priorities)

•••Port default priority

•••User priority

•••Input priority mapping

•••QoS control list (QCL mode)

•••Global storm control for UC, MC, and BC

•••Random early discard (WRED)

•••Port policers

•••Service policing (including BW profile)

•••Queue policers

•••Global/VCAP (ACL) policers


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Port egress shaper

•••Queue egress shapers

•••DiffServ (RFC2474) remarking

•••Tag remarking

•••Scheduler mode

•••H-QoS scheduling

3.4 L2 SwitchingThe following table lists the features supported by the L2 switching module. For more information, seeL2 Switching on page 43.

Table 7 • L2 Switching: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

IEEE 802.1D Bridge

•••Auto MAC address learning/aging

•••MAC addresses—static

IEEE 802.1Q

•••Virtual LAN

•••Bidirectional VLAN translation

•••Unidirectional VLAN translation (ingress/egress)

•••Private VLAN—static

•••Port isolation—static

•••MAC-based VLAN

•••Protocol-based VLAN

•••IP subnet-based VLAN

•••VLAN trunking


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••iPVLAN trunking

•••GARP VLAN Registration Protocol (GVRP)

•••Multiple Registration Protocol (MRP)

•••Multiple VLAN Registration Protocol (MVRP)

•••IEEE 802.1ad provider bridge (native or translated VLAN)

•••EVC classification of L4 flows (SIP, SIP, IP Prot, SPort, DPort)—CE

••7-tuple EVC rules

••Multiple COS per EVC

••MEP CLM resource improvements

••EVC service class configurable

••Decouple use of VSI and CL-VID for services

••Per port parameter (UNI and NNI)

•••E-ACCESS (EPL, EVPL)

•••E-LINE (EPL, EVPL)

•••E-LAN (EP-LAN, EVP-LAN)

•••E-TREE (EP-TREE, EVP-TREE)

•EoMPLS LER (PWE)

•LSR

•LSP/PW AIS/LCK

•MPLS-TP: E-LINE (EPL, EVPL)

•MPLS-TP: E-LAN (H-VPLS, EP-LAN, EVP-LAN)

•MPLS-TP: LSR E-LINE (EPL, EVPL)

•••L2CP tunneling

••L2CP profiles (ingress/egress QoS mapping)

•••Multiple Spanning Tree Protocol (MSTP)

•••Rapid Spanning Tree Protocol (RSTP), STP

•••Loop guard


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Link aggregation static

•••Link aggregation LACP

•••BPDU guard and restricted role

•••AGGR/LACP user interface alignment with Industry standard

•••UNI LAG (LACP) 1:1 active/standby

•••LACP revertive/non-revertive

•••LACP loop free operation

•••Error disable recovery

•••IGMPv2 snooping

•••MLDv1 snooping

•••IGMP filtering profile

•••IPMC throttling, filtering, leave proxy

•••Multicast VLAN Registration (MVR)

•••MVR profile

•••Voice VLAN

•••DHCP snooping

•••ARP inspection

•••Port mirroring

•••Flow mirroring

•••Rmirror

3.5 ProtectionThe following table lists the features supported by the protection module. For more information, seeProtection on page 49.


Supported Features

Table 8 • Protection: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••1:1 port protection—G.8031

•••Port protection with services

•MPLS EVC 1:1 E-LINE protection

•MPLS-TP 1:1 LSP protection

•MPLS-TP fast re-route protection

•••G.8032 ring protection

•••G.8032 ring protection v.2

3.6 L3 SwitchingThe following table lists the features supported by the L3 switching module. For more information, seeL3 Switching on page 51.

Table 9 • L3 Switching: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••DHCP option 82 relay

•••UPNP

•Software-based IPv4 L3 static routing withLinux Kernel integration

••Hardware-based IPv4 L3 static routing withLinux Kernel integration

••RFC2992 (ECMP) support for HW based L3static routing

•Software-based IPv6 L3 static routing

••Hardware-based IPv6 L3 static routing

•••RFC-1812 L3 checking (version, IHL, check-sum, and so on)


Supported Features

3.7 SecurityThe following table lists the features supported by the security module. For more information, seeSecurity on page 52.

Table 10 • Security: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Port-based 802.1X

•••Single 802.1X

•••Multiple 802.1X

•••MAC-based authentication

•••VLAN assignment

•••QoS assignment

•••Guest VLAN

•••Remote Authentication Dial In User Service (RADIUS) authenti-cation and authorization

•••RADIUS accounting

•••MAC address limit

•••IP MAC binding

•••IP/MAC binding dynamic to static

•••TACACS+ authentication and authorization

•••TACACS+ command authorization

•••TACACS+ accounting

•••Web and CLI authentication

•••Authorization (15 user levels)

•••ACLs for filtering/policing/port copy

•••IP source guard

•••Secure FTP client


Supported Features

3.8 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module. For moreinformation, see Timing and Synchronization on page 57.

Table 11 • Timing and Synchronization: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••SyncE with SSM

•••SyncE nomination for 2 interfaces

•1 ns accuracy timing support

•••Microsemi one-step TC PHY solution

•••IEEE 1588v2 PTP with two-step clock

•••IEEE 1588v2 PTP with one-step clock

•••Peer-to-peer transparent clock over Ethernet/IPv4

•••End-to-end transparent clock over Ethernet/IPv4

•••End-to-end transparent clock over Ethernet/IPv6

•••Boundary clock

•••Redundant masters and multiple timing domains

•••PTP over IPv4

•••Unicast/multicast

•••TC internal master/slave with PDV filtering and no modulationor latency feedback from modems

•••TC internal master/slavewith reduced PDV filtering andmodemprovides feedback on modulation or latency—only ZLS30384and ZLS30380

•••Combined SyncE and 1588

•••MSCC timing BU servo algorithm integration (MSCC ZLS30387)

•••MSCC timing BU DPLL API integration

•Serval-TE Intermediate Servo

•••G.8265.1 BMCA (MSCC ZLS30384 and MSCC ZLS30380 only)

•••ITU G.8263 filtering (MSCC ZLS30380 only)

•••PTP profile (MSCC ZLS30384 and MSCC ZLS30380 only)


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Clock Quality (MSCC ZLS30384 and MSCC ZLS30380 only)

•••G.781 compliant clock selection algorithm for the platform as aPTP slave (MSCC ZLS30384 and MSCC ZLS30380 only)

•••G.8275.1 BMCA—only ZLS30384 and ZLS30380

•••G.8275 compliant filter—only ZLS30384 and ZLS30380

•••PTP time interface

•••NTPv4 client

•••IEEE802.1AS-2011/IEEE802.1AS rev D4.2

3.9 Carrier Ethernet (OAM and Testing)The following table lists the features supported by the Carrier Ethernet (OAM and Testing) module. Formore information, see Carrier Ethernet (OAM and Testing) on page 60.

Table 12 • Carrier Ethernet (OAM and Testing): Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••802.3ah: Variable, request, and response

•••802.3ah: Discovery process, information event notification, andloopback

•••802.3ah: Dying gasp

•••802.3ah: Dying gasp enhanced

•••802.3ah: Dying gasp SNMP trap

•••Flow OAM: Ingress/egress

•••FM: Continuity check and remote defect indication (ETH-CC +ETH-RDI)

•••FM: Loopback (ETH-LB)

•••FM: Link trace (ETH-LT)

•••FM: CFM dynamic TLV


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••FM: Alarm indication signal (ETH-AIS)

•••FM: Locked signal (ETH-LCK)

•••FM: Test signal (ETH-Test)

•••FM: Automatic protection switching (ETH-APS + ETH-RAPS)

•••PM: Dual ended frame loss measurement—CCM-based (ETH-LM)

•••PM: Single ended frame loss measurement LMM/LMR-based(ETH-LM)

•••PM: Frame delay and delay variation measurement (ETH-DM)

•PM: Synthetic loss measurement (SLM/SLR)—software-based

••PM: Synthetic loss measurement (SLM/SLR)—hardware-based

•••PM: Organization-specific TLV support for LMM/DMM

•••EPS/ERPS using ETH-CCM

•••OAM inject engine support

•••OAM inject engine support 2

•••Nested MEPs

•••Link state tracking

•••FM: Link trace PDU (LTM) respond

•••FM: Loopback PDU (LBM) respond

••Subscriber MIP

•Multipoint OAM—software-based

••Multipoint OAM—hardware-based

•••Microsemi OAM Y.1731 PHY solution

•••Syslog for congestion fault management

•••RFC2544

•••RFC2544 LBM/LMR support

•••Advanced service activation measurements (SAM) Y.1564

•••Single-ended measurement


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••SAM Y.1564 reflector support

•ETH OAM for LSP and service protection

•Y.1731 ETH OAM over LSP/PW

•PW OAM (RFC 5085 VCCV, RFC 5885 BFD using PW ACH)

•MPLS-TP OAM (using GAL and ACH - RFC 5586 and 6423)

•G.8113.2 IETF OAM protocol suite

•••SMAC/DMAC swap

•••Facility (NNI) TT data responder (loopback) in port domain

•••MEF 46 latching loopback NMS interface support

•••Facility (NNI) TT data and TT OAM responder (loopback) in EVCdomain

••Terminal (UNI) TT OAM responder (loopback) in subscriber do-main

••Terminal (UNI) TT OAM responder (loopback) in EVC domain

•Pop/Push operation including SWAP of MPLS-label stack andlink layer Ethernet

•••OAM HW engine

•••MEF 35 phase 1 (performance monitoring)



3.10 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module. For moreinformation, see Robustness and Power Savings on page 69.


Supported Features

Table 13 • Robustness and Power Savings: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Cold start

•••Cool start

•••ActiPHY

•••PerfectReach

•••EEE power management

••LED power management

•••Thermal protection

•••Adaptive fan control


Supported Features

3.11 Customization FrameworkThe following table lists the features supported by the customization framework module.

Table 14 • Customization Framework: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••Separate BSP and application

•••Allow customers to append or change a binary image

•••IPC JSON-RPC socket (with notification support)

•••Overwrite default startup configuration

•••Boot and initialization of third-party daemons

•••Configuration to disable certain built-in features

•••Microsemi Ethernet board API (MEBA)

3.12 ManagementThe following table lists the features supported by themanagement module. For more information, seeManagement on page 71.

Table 15 • Management: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••JSON-RPC

•••JSON-RPC notifications

•••Dual CPU (application variant with JSON)

•••Double VLAN tag management

•••RFC 2131 DHCP client

•••DHCP Server support for DHCP relay packets

•••RFC 3315 DHCPv6 client

•••RFC 3315 DHCPv6 relay agent

•••RFC 7610 DHCPv6-shield protecting against rogue DHCPv6servers


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••RFC 2131 DHCP server

•••RFC 1035 DNS client, relay

•••IPv4/IPv6 Ping

•••IPv4/IPv6 Traceroute

•••HTTP server

•••CLI—console port

•••CLI—Telnet

•••Industrial standard CLI

•••Industrial standard configuration

•••Industrial standard CLI debug commands

•••Port description CLI

•••UI EVC naming

•••Management access filtering

•••HTTPS

•••SSHv2

•••IPv6 management

•••IPv6 ready logo PHASE2 (host only)

•••RFC4884 (ICMPv6)

•••System syslog

•••Software upload through web

•••SNMP v1/v2c/v3 agent (1)

•••RMON (group 1, 2, 3, and 9)

•••RMON alarm and event (CLI and web)

•••Alarm module

•••IEEE 802.1AB-2005 link layer discovery—LLDP

•••TIA 1057 LLDP—MED

•••Industry standard discovery protocol—ISDP


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••sFlow

•••FTP client

•••Configuration download/upload— industrial standard

•••Loop detection restore to default

•••Symbolic register access

•••Daylight saving

•SD/MMC card slot support

Note:

1. No SNMPv1 trap support.

3.13 SNMPMIBsThe following table lists the features supported by the SNMP MIBs module. For more information, seeSNMPMIBs on page 81.

Table 16 • SNMPMIBs: Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••RFC 2674 VLAN MIB

•••IEEE 802.1Q bridge MIB 2008

•••RFC 2819 RMON (group 1, 2, 3, and 9)

•••RFC 1213 MIB II

•••RFC 1215 TRAPS MIB

•••RFC 4188 bridge MIB

•••RFC 4292 IP forwarding table MIB

•••RFC 4293management information base for the internet proto-col (IP)

•••RFC 5519 multicast group membership discovery MIB


Supported Features

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

•••RFC 4668 RADIUS authentication client MIB

•••RFC 4670 RADIUS accounting MIB

•••RFC 3635 Ethernet-like MIB

•••RFC 2863 interface group MIB using SMI v2

•••RFC 3636 802.3 MAU MIB

•••RFC 4133 entity MIB version 3

•••RFC 4878 Link OAMMIB

•••RFC 3411 SNMP management frameworks

•••RFC 3414 user-based security model for SNMPv3

•••RFC 3415 view-based access control model for SNMP

•••RFC 2613 SMON—PortCopy

•••IEEE 802.1 MSTP MIB

•••IEEE 802.1AB LLDP-MIB (LLDP MIB included in a clause of theSTD)

•••IEEE 802.3ad (LACP MIB included in a clause of the STD)

•••IEEE 802.1X (PAE MIB included in a clause of the STD)

•••TIA 1057 LLDP-MED (MIB is part of the STD)

•••RFC 3621 LLDP-MEDpower (PoE) (no specificMIB for PoE+ exists)

•••Private MIB framework


Supported Features

4 Features and Platform Capacity

The following table lists the features and platform capacity supported by the CE Services software. Thecapacity mentioned can be either software or hardware constrained.

Table 17 • Features and Platform Capacity

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

Resilience andAvailabil-ity

888IEEE 802.1s MSTP in-stances

3 LAGs in VSC74307 LAGs in VSC74385 LAGs in VSC7418IEEE 802.3ad LACP: MaxLAGs 5 LAGs in VSC743626 LAGs in VSC7468

13 LAGs in VSC7464

3 LAGs in VSC7416

Traffic Control

409540954095Port-based VLAN

111Guest-VLAN

6 in VSC743014 in VSC743811 in VSC7414/18Private VLAN

10 in VSC743652 in VSC7468

26 in VSC7464

7 in VSC7416

111Voice VLAN

8K in VSC743032K8KMAC table size 8K

16K in VSC7436

100kbps–1000000kbps [per portfor Unicast (known/learned),

100 kbps–1000000kbps [per port for Uni-

1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1000, 2000, 4000,

Storm control

Broadcast, and Unknown (flood-ed unicast and multicast)]

cast (known/learned),Broadcast, and Un-known (flooded unicastand multicast)]

8000, 16000, 32000, 64000, 128000, 256000, 512000or 1024000 kpps (globalsetting for Unicast, Multi-cast, and Broadcast)

Up to 10240Up to 10240Up to 10240Jumbo frames supported

Security

10 to 10000000s10 to 10000000s10 to 10000000sPort security aging

102410241024MAC address limit

646464Static MAC entries sup-ported


Features and Platform Capacity

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

555RADIUS authenticationservers

555TACACS+ authenticationservers

555RADIUS accountingservers

444Telnet/SSH v2

1K per system1K per systemMax ARP inspection

Up to 512 per systemUp to 512 per systemUp to 512 per systemIPSG entries

512512512Policy-based security fil-tering

323232Password length

151515Authorization user levels

512512512ACE

202020Number of logged inusers

333Authenticationmethods

4/44/44/4Telnet/SSH

QoS

802.1p

888Priority queues per port

256512256QCE

100 kbps–13200000 kbps100 kbps–13200000kbps

100 kbps–3300000 kbpsRate limiting, portbased(ingress/ egress)

1 pps–131071 pps1 pps–131071 pps1 pps–131071 ppsPolicy-based bandwidthcontrol granularity

Per port on queues 0–7Per port on queues 0–7Per port on queues 0–7Queue policers

Layer 2 Multicast

1K1K1KMulticast MAC groups(shared across IGMPandMLD)



Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

MVR groups (sharedacross IGMP and MLD)

Manageability

111Syslog servers supported

100100100Max log messages(1)

444Max trap destinations

Maintenance

SupportedSupportedSupportedHTTP/HTTPS support

161616Management access fil-tering

111DHCP relay

646464DHCP server pool config-uration

111DNS proxy, client

555NTPv4 servers

EVCs

1261022256/1024Max EVC rules

3783066256/1024Max ECE rules

40964096256/1022Max BW profiles

Routing

1281288VLAN routing interfaces

3212832Static routes

10004000No HW routing tableMax HW routing tableentries

Y.1564

161616Traffic profiles

101010Test reports



Note:

1. Themaximum number of buffered logs is based on log message length and is limited to a totalstored size (10K).



5 System Requirements

The following tables lists the port system requirements supported by the CEServices software.

Table 18 • Port System Requirements

Serval-T

VSC7430

VSC7435

VSC7436

VSC7437

Jaguar-2

VSC7438

VSC7464

VSC7468

Serval-1

VSC7416

VSC7418

Feature

111LEDs per port

SFP auto-detectionSFP auto-detectionSFP auto-detectionSFP+/SFP

SupportedSupportedSupportedSpeed capability per 10/100M and Gigabit port

Half/fullHalf/fullHalf/fullDuplex capability per 10/100M

SupportedSupportedSupportedAuto MDI/MDIX

14880000 pps (10Gbps) 1488000 pps

14880000 pps (10Gbps) 1488000 pps

1488000 pps (1000Mbps with 64 bytes)

Port packet forwarding rate

(1000 Mbps with 6(1000 Mbps with 64148800 pps (1004 bytes) 148800bytes) 148800 pps (1Mbps) 14880 pps (10

Mbps) pps (100 Mbps) 14880 pps (10 Mbps)

00 Mbps) 14880 pps(10 Mbps)

SupportedSupportedSupportedRJ45 connectors

SupportedSupportedSupportedFiber slots

The following tables lists the hardware system requirements supported by the CEServices software.

Table 19 • Hardware System Requirements

SupportRequirement

Supported by hardwarePower LED

Supported by hardwareSystem LED

Supported by hardwareAlarm LED

Supported by hardwareSwitch fabric capacity

Supported by hardwareForwarding architecture

Supported by hardwareMAC address entries

Supported by hardwareMAC address aging

Supported by hardwareMAC buffer memory type and size

Supported by hardwareCPU flash size


System Requirements

SupportRequirement

Supported by hardwareCPU memory type and size

Supported by hardwareSystem DDR SDRAM

Supported by hardwareReset button

Supported by hardwareRouting capability

Supported by hardwareEMC/safety requirement

Supported by hardwarePerformance requirement


System Requirements

6 Port and System Capabilities

The following sections describe the port and system capabilities supported by the CEServices software.

6.1 Port CapabilityThe ports are equipped with the following capabilities.

• All copper ports can be configured as full-duplex or half-duplex.• Copper ports operating at 10/100 Mbps support auto-sensing and auto-negotiation.• Full-duplex, auto-sensing, and auto-negotiation are supported on 1000 Mbps ports.• Full-duplex flow control is supported according to the IEEE 802.3x standard.• Half-duplex flow control is supported using collision-based backpressure.• LEDs for all the ports are driven by the SGPIO and Shift registers.• Different port-based configurations are supported on all available ports. For more information, see

Supported Features on page 14.

6.2 System CapabilityThe 6- to 52-port turnkey switch platformmodel switches can be supported using the CEServices softwarewith wire speed layer 2 Gigabit/Fast Ethernet switches, with an option to additionally support the PoEcapability with partner vendors.

The turnkey switch software runs on Linux. The following system-wide operations are supported.

• Store-and-forward forwarding architecture.• Configurable MAC address aging support (300 seconds default timeout value).• Port packet-forwarding rates of 1488095 pps (1000Mbps), 148810 pps (100Mbps), and 14880 pps

(10 Mbps).• 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switch.• 16-MB flash size is recommended for a typical 24- to 48-port switch.


Port and System Capabilities

7 Firmware Upgrade

The CEServices firmware,which controls the switch, can be updated using one of the followingmethods.

• Web, using the HTTP protocol• CLI, using the TFTP client on the switch

The software image selection information includes the following:

• Image—the file name of the firmware image• Version—the version of the firmware image• Date—the date when the firmware was produced

After the software image is uploaded from the web interface, a web page announces that the firmwareupdate is initiated. After about a minute, the firmware is updated and the switch restarts.

While the firmware is being updated, web access appears to be defunct. The front LED flashes green/offwith a frequency of 10 Hz while the firmware update is in progress.

Note:Do not restart or power off the device at this time or the switch may fail to function.


Firmware Upgrade

8 Port Control

The following sections describe the port control features supported by the CEServices software.

8.1 NPI PortThe CEServices software supports the NPI port to manage the switch core. Any front port can beconfigured as an NPI port through which frames can be injected from and extracted to an external CPU.

8.2 PCIeThe PCIe interface allows a back-to-back connection with an external CPU. The external CPU hasread/write access to device registers and can burst frame-data in (injection) and out (extraction) throughmemory-mapped injection/extraction registers.

8.3 Dual CPU (Application Variant with JSON)The CEServices software supports a dual system where both the internal and external CPU are activeat the same time.

8.4 SFP DetectionThe CEServices software detects SFP at run time.

8.5 VeriPHY SupportThe CEServices software provides VeriPHY support to run cable diagnostics to find cable shorts/opensand to determine cable length.

8.6 PoE/PoE+ SupportThe CEServices software provides PoE/PoE+ support to comply with the IEEE 802.3at and IEEE 802.3afstandards of enabling the supply of up to 30 W per port and up to the total power budget.

8.7 POE/POE+ with LLDPThe CEServices software allows automatic power configuration if the link partner supports PoE. WhenLLDP is enabled, the information about the power usage of the PD is available, and then the switch cancomply with or ignore this information.

8.8 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link.

A UDLD packet is sent to the port it links to for each device and for each port. The packet containsidentity information of the sender (device and port) and expected receiver identity information (deviceand port). Each port checks that the UDLD packets it receives contain the identifiers of its own deviceand port.

The UDLD implementation conforms to the RFC5171 standard.

Note:RFC5171 is unclear about timers aswell asmessaging sequences. It is assumed that probemessageswill initially be exchanged every second, and once link status is detected, probe messages will beexchanged depending on message time interval (by default 7 seconds).

Time Interval Type Length Value (TLV), message interval TLV, and sequence interval TLV are not fullysupported due to insufficient information in this RFC.


Port Control

Detection starts once the UDLD enabled port gets new device ID and port ID pair. If a port is detectedas unidirectional or loopback link, the port is shut down if mode is Aggressive. In Normal mode, the portwill not be shut down.

Port is reopened once UDLD is disabled/enabled on that port.


Port Control

9 Quality of Service (QoS)

The following sections describe the rich QoS features supported by the CEServices software.

9.1 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default. The software allowsdisable/enable flow control on the port policer. Flow control is disabled by default. If flow control isenabled and the port is in flow control mode, then pause frames are sent instead of discarding frames.

9.2 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues, one queue (priority) per QoS class.The scheduler mode can be set to strict priority or weighted (modified-DWRR). Strict priority is selectedby default. It is possible to specify the weight for each of the queues (0–5).

Each egress port also implements a port shaper and a shaper per queue. The software allowsdisabling/enabling the port and queue shaper as part of egress shaping. The port shaper and queueshaper are disabled by default.

It is possible to specify the maximum bit rate in kbps or mbps. The use of excess bandwidth for a queueis configurable and is disabled by default.

The software also has the QoS leaky bucket egress shapers support per queue (0–7) as well as per port.

9.3 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoSControl List (QCL).

The QCL consists of QCE entries where each entry is configured with keys and actions. The keys specifywhich part of the framesmust bematched and the actions specify the applied classification parameters.

When a frame is received on a port, the list of QCEs is searched for a match. If the frame matches theconfigured keys, the actions are applied and the search is terminated.

The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoSclass on specific traffic objects. A QoS class can be associated with a particular QCE ID.

9.4 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0–5, WRED is configurableto either disable/enable, and is disabled by default.

The minimum and maximum percentage of the queue fill level or drop probability can be configuredbefore WRED starts discarding frames.

By specifying a different RED configuration for the queues (QoS classes), it is possible to obtain theWRED operation between queues.

9.5 Tag RemarkingTag remarking determines howan egress frame is edited before transmission. This includes the remarkingof PCP and DEI values in tagged frames.

When adding a VLAN tag, the software allows specifying amodewhere the PCP and DEI values are takenfrom Classified, Mapped, or Default. Classified is the default.

The QoS class DEI, DP Level to PCP, can also be mapped for QoS egress tag remarking per port whenthe classification is set to Mapped.


Quality of Service (QoS)

9.6 Ingress Port ClassificationClassification is the first step for implementing QoS. There is a one-to-one mapping between QoS class,queue, and priority. The QoS class is represented by numbers; higher numbers correspond to higherpriority.

The features supported are as follows:

• Port default priority (QoS class)• Port default priority (DP level)• Port default PCP• Port default DEI• DSCP mapping to QoS class and DP level• DSCP classification (DiffServ)• Advanced QoS classification

9.7 Queue PolicersThe queue policers are configurable per queue and are disabled by default.

9.8 HQoSHierarchical quality of service scheduling (HQoS) is a mechanism for providing egress QoS control ofEthernet services (EVCs). Hardware supports HQoS with three layers of scheduling and four layers ofshaping. HQoS is defined to provide guaranteed scheduling bandwidth for each EVC and QoS class ofan EVC, both towards the network to network Interface (NNI) and the user network interface (UNI).

The port scheduler can be configured in three different modes for HQoS.

• Normal• Basic• Hierarchical

It is possible to disable/enable and configure the minimum bandwidth for each EVC on a port inHierarchical mode. Default HQoS scheduling hierarchy is as follows.

• Scheduling among classes of service within EVC• Scheduling among EVCs on the same path/tunnel• Scheduling among paths/tunnels on the same port

9.9 DiffServ (RFC2474) RemarkingThe CEServices software allows disabling/enabling port DSCP remarking, which is disabled by default.Port DSCP remarking is possible for both IPv4 and IPv6.

In addition to the ingress DSCP remarking done by the analyzer, the rewriter supports egress DSCPremarking of IP (IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame.

The remarking can be configured as enable/disable per egress port. It is also possible to enable/disableDSCP remapping on the egress port and to use the translated DSCP value for DSCP remarking.

DSCP remapping is disabled by default. If DSCP remarking is enabled, the newDSCP value in a transmittedframe is either from the analyzer (basic classification or advanced classification based on TCAM), orfrom theDSCP remappedon egress. The following configuration options are available if DSCP remappingis enabled.

• Get the DSCP value from the analyzer (ingress classification) and always remap based on globalremap table. This is done independently of the value of the drop precedence level.

• Get DSCP value from the analyzer and remap based on drop precedence level and remap table.



DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are alsogenerated. It is automatically disabled in such cases. It is possible to configure per DSCP (0–63) valuefor eachQoS class and set theDPL. The per DSCP value parameters are configurable for DSCP translation.The software allows mapping QoS class and DPL to DSCP value on the CEServices software.

9.10 Global Storm ControlGlobal Storm Control on the CEServices software is done per system globally on SparX-III and SparX-IV-based switches. Global storm rate control configuration for unicast frames, broadcast frames, andmulticast frames is supported and can be configured in pps on SparX-III switches.

On the E-StaX-III switch models, storm control is configured per port. Storm rate control configurationfor unicast frames, broadcast frames, and a storm rate control configuration for unknown (flooded)frames can be configured in kbps, Mbps, fps, and kfps on the E-StaX-III-based switches.

Storm control is disabled by default.



10 L2 Switching

The following sections describe the L2 switching features supported by the CEServices software.

10.1 Virtual LANThe CEServices software supports the IEEE 802.1Q standard virtual LAN (VLAN). The default configurationis as follows.

• All ports are VLAN aware.• All ports are members of VLAN 1.• The switch management interface is on VLAN 1.• All ports have a Port VLAN ID (PVID) of 1.• A port can be configured to one of the following three modes.

• Access• Trunk• Hybrid

• By default, all ports are in Access mode and are normally used to connect to end stations. Accessports have the following characteristics.• Member of exactly one VLAN, the Port VLAN (Access VLAN), which by default is 1.• Accepts untagged and C-tagged frames.• Discards all frames that are not classified to the Access VLAN.• Onegress all frames classified to theAccess VLANare transmitted untagged.Others (dynamically

added VLANs) are transmitted tagged.

• The PVID is set to 1 by default.• Ingress filtering is always enabled.

Trunk ports can carry traffic on multiple VLANs simultaneously, and are normally used to connect toother switches. Trunk ports have the following characteristics.

• By default, a trunk port is amember of all VLANs (1–4095). Thismay be limited by the use of allowedVLANs.

• If frames are classified to a VLAN that the port is not a member of, they are discarded.• By default, all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress.

Frames classified to the Port VLAN do not get C-tagged on egress.• Egress tagging can be changed to tag all frames, in which case only tagged frames are accepted on

ingress.

Hybrid ports resemble trunk ports inmanyways, but provide the following additional port configurationfeatures.

• Can be configured to be VLAN tag unaware, C-tag aware, S-tag aware, or S-custom-tag aware.• Ingress filtering can be controlled.• Ingress acceptance of frames and configuration of egress tagging can be configured independently.

10.1.1 Voice VLANVoice VLAN is configured specially for voice traffic. Adding the ports with voice devices attached to VLANto perform QoS-related configuration for voice data ensures the transmission priority of voice trafficand voice quality. Individual options allow the port to participate in a Voice VLAN using the port securityfeature. A configurable port discovery protocol will also be available to detect voice devices attachedto port using the Port Discovery Protocol. This discovery can be done either based on anOrganizationallyUnique Identifier (OUI) or Link Layer Discovery Protocol (LLDP) or both.


L2 Switching

10.1.2 Private VLAN, Port IsolationIn a private VLAN, communication between isolated ports in that private VLAN is not permitted.

Private VLANs are based on the source port mask, and there are no connections to VLANs. This meansthat VLAN IDs and private VLAN IDs can be identical.

10.1.3 MAC-Based, Protocol-Based, and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN.

A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following.

• Ethernet—valid values for etype ranges from 0x0600-0xffff.• SNAP—valid value in this case also is comprised of two sub-values.• Organizationally unique Identifier (OUI).• Protocol ID (PID)—if the OUI is hexadecimal 000000, the PID is the Ethernet type (EtherType) field

value for the protocol running on top of SNAP. If the OUI is an OUI for a particular organization,the PID is a value assigned by that organization to the protocol running on top of SNAP.

• LLC—valid value in this case is comprised of two sub-values:• DSAP—1-byte long string (0x00-0xff)• SSAP—1-byte long string (0x00-0xff)

The precedence of these VLANs is that theMAC-based VLAN is preferred over the protocol-based VLAN,and protocol-based VLAN is preferred over port-based VLAN.

10.1.4 Auto MAC Address Learning/AgingLearning is done automatically as soon as a frame with unknown SMAC is received. Dynamic entries areremoved from the MAC table after a configured aging time (in seconds), if frames with learned MACaddress are not received within aging period.

10.1.5 MAC Addresses–StaticStatically-added MAC entries are not subjected to aging.

10.2 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN). VLANs limit broadcasts to specified users. PVLANssplits the broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANsinside a primary VLAN.

PVLANs restrict traffic flows through their member switch ports (private ports) so that these portscommunicate only with a specified uplink trunk port or with specified ports within the same VLAN. Theuplink trunk port is usually connected to a router, firewall, server, or provider network. Each PVLANtypically contains many private ports that communicate only with a single uplink, thereby preventingthe ports from communicating with each other.

The following terms are used to describe the Private VLAN feature.

• PVLAN domain—a VLAN domain partitioned into a number of sub-domains. Inside the domain, anumber of primary and secondary VLANs are used. Only the primary VLANs are known outside thePVLAN domain.

• Primary VLAN—a VLAN used inside and outside a PVLAN domain. A primary VLAN carries trafficfrom promiscuous ports to isolated ports, and from community ports to other promiscuous ports.

• Secondary VLAN—a VLAN used inside a PVLAN domain only.• Isolated VLAN—a secondary VLAN that carries traffic from isolated ports to promiscuous ports.• Community VLAN—a secondary VLAN that carries traffic from community ports to promiscuous

ports and other community ports.• Isolated port—a port that receives untagged frames and classifies these to an isolated VLAN.


L2 Switching

• Community port—a port that receives untagged frames and classifies these to a community VLAN.• Promiscuous port—a port that receives frames in the primary VLAN.• Standard trunk port—a port that carries primary and secondary VLANs using tags.• Promiscuous PVLAN trunk port—a port that receives frames tagged with the primary VLAN ID. The

port sends frames from secondary VLANs, but translates these to the primary VLAN ID and pushesthis into the tag.

• Isolated PVLAN trunk port—a port, which receives frames tagged with the isolated VLAN ID. Theport sends frames from the isolated VLAN. The port also sends frames from the primary VLAN, buttranslates this into the isolated VLAN ID and pushes it into the tag.

10.3 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs. Though this has been superseded by MVRP as described in IEEE802.1Q-2011, it is still of interest due to legacy systems that can interoperate.

GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN onthat port. A host can announce (register) that it wants to be part of a particular VLAN. It can de-registerwhen it does not want to be part of a certain VLAN anymore. It then becomes the responsibility of GVRPto propagate this information in the network, so that a given VLAN gets proper connectivity.

10.4 VLAN TranslationVLAN translation replaces an incoming C-VLAN tag with an S-VLAN tag, if user has added a VLANTranslation entry that matches to the VID present in incoming frame. If an incoming packet has hadQ-in- Q tunneling applied in advance, VLAN translation replaces the outer tag and the inner tag is retainedwhen the packet leaves the S-VLAN at the other end of the link. VLAN translationworks in both directions;at ingress and egress. For example, suppose user/administrator has added a VLAN Translation entry totranslation VID 5 to 10 on interface 1/1. Then, at ingress all frames on interface 1/1 VID 5will be classifiedto VID 10 and all egressing frames on the same interface VID 10 will be translated to VID 5.

10.5 Multiple Registration Protocol (MRP)TheMRP, that replacedGeneric Attribute Registration Protocol (GARP), is a generic registration frameworkdefined by the IEEE 802.1ak amendment to the IEEE 802.1Q standard. MRP allows bridges, switches orother similar devices to be able to register and unregister attribute values, such as VLAN identifiers andmulti-cast group membership across a large LAN.

10.6 Multiple VLAN Registration Protocol (MVRP)TheMVRP, that replacedGVRP, is a standards-based layer 2 network protocol, for automatic configurationof VLAN information on switches. It was defined in the 802.1ak amendment to 802.1Q- 2005.

10.7 IEEE 802.3ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links. These links whencombined together form a Link Aggregation Group (LAG), such that the networking device can treat itas if it were a single link. The traffic distribution is based on a hash calculation of fields in the frame:

• Source MAC address—can be used to calculate the destination port for the frame. By default, thesource MAC address is enabled.

• Destination MAC address—can be used to calculate the destination port for the frame. By default,the destination MAC address is disabled.

• IP address—can be used to calculate the destination port for the frame. By default, the IP addressis enabled.

• TCP/UDP port number—can be used to calculate the destination port for the frame. By default,the TCP/UDP port number is enabled.


L2 Switching

An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol(LACP).

10.7.1 StaticStatic aggregations can be configured through the CLI or the web interface. A static LAG interface doesnot require a partner system to be able to aggregate its member ports. In Static mode, the memberports do not transmit LACPDUs.

10.7.2 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically. The LACPcan be enabled or disabled on the switch port. The LACP will form an aggregation when two or moreports are connected to the same partner.

The key value can be configured to a user-defined value or set to auto to calculate based on the linkspeed in accordance with IEEE 802.3ad standard.

The role for the LACP port configuration can be selected as either Active to transmit LACP packets eachsecond, or Passive to wait for an LACP packet from a partner.

10.8 Bridge Protocol DataUnit (BPDU)Guard, RestrictedRole, and ErrorDisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings. The BPDU guard isa control that specifies whether a port explicitly configured as edge will disable itself upon reception ofa BPDU. The port will enter the error-disabled state, and will be removed from active topology.

The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edgestatus dependency. For restricted role, CIST port setting may also be seen as a security measure.

10.9 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries tointervene by injecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between theDHCP (IPv4) client and server.

DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure.When DHCP servers allocate IP addresses to clients on the LAN, DHCP snooping can be configured onLAN switches to harden the security on the LAN to allow only clients with specific IP/MAC addresses tohave access to the network.

DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IPaddresses to access the network. The white-list is configured at the switch port level, and the DHCPserver manages access control.

Only specific IP addresses with specific MAC addresses on specific ports may access the IP network.

DHCP snooping also stops attackers from adding their own DHCP servers to the network. An attacker-controlled DHCP server could cause malfunction of the network or even control it. The port role can beset as Trusted or Untrusted in order to protect it.

10.10 MAC Table ConfigurationMAC learning configuration can be configured per port.

• Auto—learning is done automatically as soon as a frame with unknown Static MAC (SMAC) isreceived.

• Disable—no learning is done.• Secure—only SMAC entries are learned, all other frames are dropped.


L2 Switching

The static entries can be configured in the MAC table for forwarding. The user can enable/disable MAClearning per VLAN. VLAN learning is enabled by default.

MAC aging is configurable to age out the learned entries.

MAC learning cannot be administered on each individual aggregation group.

10.11 Mirroring (SPAN/VSPAN and RSPAN)The CEServices software allows selected traffic to be copied, ormirrored, to amirror port where a frameanalyzer can be attached to analyze the frame flow. By default, mirror monitors all traffic, includingmulticast and bridge PDUs.

The software will support many-to-1 port mirroring. The destination port is located on the local switchin the case of Mirror. The switch can support VLAN-based mirroring.

Note:The mirroring session will have either ports or VLANs as sources, but not both.

10.12 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port onanother switch. The RMirror is more flexible thanMirror. When a host wants to send traffic to a remoteHost connected to a different switch, the first switch will copy the traffic to a dedicated RMirror VLAN,which will cause the traffic to be flooded to ports that are members of that VLAN. The administratorcan use a sniffer to analyze network traffic on remote switches.

The RMirror does not support BPDU monitoring, but rather supports IGMP packet monitoring whenIGMP snooping is disabled on the RMirror VLAN.

All hardware error packets are discarded at the source port, so they are not copied to the destinationport.

10.13 Flow Mirroring for ACManagement can set and get ACE mirror function. When the function is enabled, the frame is mirroredif the ACE is hit. The default value is disabled.

10.14 Spanning TreeThe CEServices software supports the Spanning Tree versions IEEE 802.1 Spanning Tree Protocol (STP),802.1s MSTP. The desired version is configurable and the MSTP is selected by default.

The Rapid Spanning Tree Protocol (RSTP) portion of the module conforms to IEEE 802.1D-2004 and theMSTP portion of the module conforms to IEEE 802.1Q-2005.

IEEE 802.1s supports 16 instances.

The STPMSTI and CIST port configurations are allowed per physical port or aggregated port, as also STPMSTI bridge instance mapping and priority configurations.

Port Error Recovery is supported to control whether a port in the error-disabled state automatically willbe enabled after a certain time.

10.15 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance.Detecting loops manually can become cumbersome and tasking. Loop protection can be enabled ordisabled on a port, or system-wide.

If loop protection is enabled, it sends packets to a reserved layer 2 multicast destination address on allthe ports on which the feature is enabled. Transmission of the packet can be disabled on selected ports,


L2 Switching

evenwhen loop protection is on. If a packet is received by the switchwithmatchingmulticast destinationaddress, the source MAC in the packet is compared with its own MAC. If the MAC does not match, thepacket is forwarded to all ports that are member of the same VLAN, except to the port from which itcame in, treating it similar to a data packet. If the feature is enabled and source MAC matches its ownMAC, the port onwhich the packet is receivedwill be shut down, logged, or both actions taken dependingupon the action configured.

If the feature is disabled, the packet will be dropped silently. The following matching criteria are used.

• DA= determined on customer requirement, AND• SA= first 5 bytes of switch SA, AND• Ether Type= 9003, AND

Loop protection is disabled by default, with an option to either enable globally on all the ports orindividually on each port of the switch including the trunks (static only). Loop protection will coexistwith the (M)STP protocol being enabled on the same physical ports. Loop protection will not affect theports that (M)STP has put in non-forwarding state.

10.16 L2 MulticastThe CEServices software provides support for the following rich L2 multicast features.

10.16.1 IP Multicast (IPMC) Profile ConfigurationThe IPMC profile configuration parameters can be used for creating up to 64 different profiles to deploythe access control on IP multicast streams.

An address entry can be created by specifying a name, and a start and end valid IPv4/IPv6 multicastaddress. Up to 128 address entries can be created.

10.16.2 IGMP Snooping and MLD SnoopingInternet group management protocol (IGMP) snooping or multicast listener discovery (MLD) snoopingmode can be configured system-wide including unregistered IPMC flooding, Source-Specific Multicast(SSM) range, proxy, and leave proxy.

Per VLAN configuration is also supported for configuring IGMP snooping or MLD snooping. Up to 32IGMP or MLD VLAN interfaces can be created.

10.16.3 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR. Up to four MVR VLANs canbe created, each of which manages the channel by using an IPMC profile.

The immediate leave configuration is configurable and viewable per port.

10.16.4 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address canbe created and viewed per port.


L2 Switching

11 Protection

The following sections describe the rich protection features supported by the CEServices software.

11.1 Ethernet Ring Protection (ERP)Ethernet rings can provide wide-area multipoint connectivity more economically with their reducednumber of links. Using a high capacity link such as SONET or SDH as an underlying server layer, localLANs can communicate with remote networks in the Enterprise network in real time over the largerring topology. However, Ring Protection Mechanisms (RPMs) are required to prevent path failures inthe topology while ensuring that no loops are created.

11.1.1 G.8032 Ring Protection v.1 and v.2The ERP is implemented as per the requirements specified in ITU-T.G.8032. It uses the Continuity CheckMessage (CCM) and other OAM frame formats as defined in ITU-T.Y.1731 (specification for EthernetOperation, Administration, and Maintenance-OAM). It is capable of recovering multipoint connectivityin the event of a single ring-link or node failure.

To achieve the objectives of ring protection, the Ethernet layer connectivity of ring links is periodicallymonitored using CCM. Further the RPM communicates with the Ethernet and server layer for signalfailure notifications to establish link state.

The implementation does not restrict the number of nodes that may form the Ethernet ring. However,from an operational perspective, the maximum number of groups is limited to 64.

From management, ERPS V1 or ERPS V2 can be selected. Upon selecting ERPS V1, all administrativecommands will not be handed over to ERPS Finite State Machine.

By default, ERPS implementation assumed to be compatible with ITUT G.8032/Y.1344 (03/2010)specification. ERPS implementation should expose management configuration in order to choose theERPS version.

11.2 Linear Protection using Ethernet Protection Switching (EPS)Linear protection is implemented formaintaining connectivity using an alternate path in case the currentdata path fails. Two of the paths are configured into an Ethernet Protection Switching (EPS) group as apair of working-protecting instances. By default, the designated working instance is used for datacommunication. In case of a failure of the working instance, a protection switch is executed and theprotecting instance then bears the traffic.

The implementation uses mechanisms defined in ITU-T.Y.1731 for checking path health. OAMMEPs areconfigured on instances configured in the protection set up between peer units.

Protection groups can be configured to support a revertive or non-revertive mode; that is, when theworking instance has been restored, whether there should be a protection switch to use the workinginstance again, or should the use of the protecting instance be continued.

Time to react to instance faults and also to hold for some time between switches can also be configuredto increase the efficiency of protection switching and to avoid intermittent or unstable instanceconditions.

Different schemes of protection can be configured as detailed in the following sections.

11.2.1 1:1 Port ProtectionTwoports on a unit are pairedwith two ports on a peer-unit to create aworking-protecting pair betweenthe units. After the initialization of the protection group, only the working flow is active and both endpoints of the protecting flow are blocked for data transmission.


Protection

When a link failure is detected on the working link, a protection switch is initiated and the protectinglink is used for active data exchange.

11.2.2 1:N Port ProtectionThis protection schemeallows up toNworking lines to be protected by 1 protection line.Whenprotectionline is not used for protection purposes, it can either be left idle or can be used to carry low priorityextra traffic. In case the protection line is carrying extra traffic, this traffic is ignored when one of theworking line goes down and protection line has to protect that working line.


Protection

12 L3 Switching

The following sections describe the rich L3 switching features supported by the CEServices software.

12.1 Universal Plug and Play (UPnP)The addressing, discovery, and description parts of UPnP-client protocol are implemented in the device.It is used to help the network administrator inmanaging the network. The purpose of UPnP in the deviceis similar to LLDP. However, UPnP is a layer 4 protocol that allows UPnP-clients to be located on adifferent subnet with UPnP-control points.

In the implementation, the switch sends SSDP messages periodically at the interval one-half of theadvertising duration minus 30 seconds.

When the UPnP mode is enabled, two ACEs are added automatically to trap UPnP related packets toCPU. The ACEs are automatically removed when the mode is disabled.

12.2 DHCP RelayThe following table lists the parameters available for configuring the DHCP relay.

Table 20 • DHCP Relay Configuration Parameters

DefaultAllowed RangeParameter

DisabledEnabled/disabledRelay mode

NoneIP addressRelay server address

DisabledEnabled/disabledRelay information mode

KeepReplace/Keep/DropRelay information policy

The relay information mode enables or disables the DHCP option 82 operation. When DHCP relayinformation mode operation is enabled, the agent inserts specific information (option 82) into a DHCPmessage when forwarding to DHCP server and removes it from a DHCP message when transferring toDHCP client. The first four characters represent the VLAN ID, the fifth and sixth characters are themoduleID (in standalone device it always equals 0, in stackable device it means switch ID), and the last twocharacters are the port number.

12.3 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table. L3 routingincludes hardware routing and software routing. Software routing is supported by the CEServicessoftware and hardware routing is supported by the VCAP LPM table. If the switch has no LPM table thenit only uses software routing.

Only manually configured routing entries are supported, that is, static routes.


L3 Switching

13 Security

The following sections describe the security features supported by the CEServices software.

13.1 802.1X and MAC-Based AuthenticationThe IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorizedaccess to a network by requiring users to first submit credentials for authentication. One ormore centralservers, the backend servers, determine whether the user is allowed access the network.

Unlike port-based 802.1X, MAC-based authentication is not a standard, but merely a best-practicesmethod adopted by the industry. In aMAC-based authentication, users are called clients, and the switchacts as a supplicant on behalf of clients. The initial frame (any kind of frame) sent by a client is snoopedby the switch, which in turn uses the client's MAC address as both username and password in thesubsequent Extensible Authentication Protocol (EAP) exchange with the Remote Authentication Dial InUser Service (RADIUS) server.

The 6-byte MAC address is converted to a string in the following form: xx-xx-xx-xx-xx-xx. That is, a dash(-) is used as separator between the lower-case hexadecimal digits. The switch only supports the MD5-Challenge authentication method, so the RADIUS server must be configured accordingly. Whenauthentication is complete, the RADIUS server sends a success or failure indication, which in turn causesthe switch to open up or block traffic for that particular client, using the port security module. Theframes from the client are then forwarded to the switch. There are no EAP over LAN (EAPOL) framesinvolved in this authentication, and therefore, MAC-based authentication has nothing to do with the802.1X standard.

The advantage of MAC-based authentication over 802.1 X-based authentication is that the clients donot need special supplicant software to authenticate. The disadvantage is that MAC addresses can bespoofed by equipment whose MAC address is a valid RADIUS user that can be used by anyone. Themaximum number of clients that can be attached to a port can be limited using the Port Security LimitControl functionality.

In a port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, thewhole port is opened for network traffic. This allows other clients connected to the port (for instancethrough a hub) to piggyback on the successfully authenticated client and get network access even thoughthey really are not authenticated. To overcome this security breach, use the Single 802.1X variant.

Single 802.1X is not an IEEE standard, but features many of the same characteristics as port-based802.1X. In Single 802.1X, a maximum of one supplicant can get authenticated on the port at a time.Normal EAPOL frames are used in the communication between the supplicant and the switch. If morethan one supplicant is connected to a port, the one that comes first when the port's link comes up willbe the first one considered. If that supplicant does not provide valid credentials within a certain amountof time, another supplicant will get a chance. Once a supplicant is successfully authenticated, only thatsupplicant will be allowed access. This is the most secure of all the supported modes. In this mode, thePort Security module is used to secure a supplicant's MAC address once successfully authenticated.

Multi 802.1X, like Single 802.1X, is not an IEEE standard, but a variant that features many of the samecharacteristics. In Multi 802.1X, one or more supplicants can get authenticated on the same port at thesame time. Each supplicant is authenticated individually and secured in the MAC table using the portsecuritymodule. InMulti 802.1X, it is not possible to use themulticast BPDUMACaddress as destinationMAC address for EAPOL frames sent from the switch toward the supplicant because that causes allsupplicants attached to the port to reply to requests sent from the switch. Instead, the switch uses thesupplicant's MAC address, which is obtained from the first EAPOL Start or EAPOL Response Identityframe sent by the supplicant. An exception to this is when no supplicants are attached. In this case, theswitch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination towake up any supplicants that might be on the port.


Security

Themaximumnumber of supplicants that can be attached to a port can be limited using the Port SecurityLimit Control functionality.

When RADIUS-assigned QoS/VLANs are enabled globally and on a given port, the switch reacts to theQoS Class/VLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUSserver when a supplicant is successfully authenticated. If QoS information is present and valid, trafficreceived on the supplicant's port will be classified to the given QoS class in the case of RADIUS- assignedQoS. Conversely, if VLAN ID is present and valid, the port's Port VLAN ID will be changed to this VLANID, the port will be set to be a member of that VLAN ID, and the port will be forced into VLAN Unawaremode.Once assigned, all traffic arriving on the portwill be classified and switched on the RADIUS-assignedVLAN ID.

RADIUS-assigned VLANs based on a VLAN name are also supported.

If (re-)authentication fails, or the RADIUS Access-Accept packet no longer carries a QoS class/VLAN ID,or it's invalid, or the supplicant is otherwise no longer present on the port, the port's QoS class in thecase of RADIUS-assignedQoS, and VLAN in the case of RADIUS-assignedVLAN, are immediately revertedto the original values (which may be changed by the administrator in the meanwhile without affectingthe RADIUS-assigned).

This RADIUS-assigned QoS or VLAN option is only available for single-client modes.

• Port-based 802.1X• Single 802.1X

13.2 Port SecurityPort security enables configuration of the port security limit control system and port settings. It ispossible to configure the port security limit aging per system.

Limit control enables limiting the number of users on a given port. If limit control is enabled on a port,the limit specifies themaximumnumber of users on the port. If this number is exceeded, an appropriateaction can be taken.

The switch is configured with a total number of MAC addresses from which all ports draw when a newMAC address is seen on a Port Security-enabled port. Because all ports draw from the same pool, it mayhappen that a configured maximum cannot be granted, if the remaining ports have already used allavailable MAC addresses.

13.3 Authentication, Authorization, and Accounting (AAA)The AAA allows the common server configuration including the Timeout, Retransmit, Secret Key, NASIP Address, NAS IPv6 Address, NAS Identifier, and Dead Time parameters. The CEServices softwaresupports the configuration of the RADIUS and TACACS+ servers.

The RADIUS servers use the UDP protocol, which is unreliable by design. In order to cope with lostframes, the timeout interval is divided into three sub-intervals of equal length. If a reply is not receivedwithin the sub-interval, the request is transmitted again. This algorithm causes the RADIUS server to bequeried up to three times before it is considered dead.

The dead time, which can be set to a number between 0–3600 seconds, is the period during which theswitch does not send new requests to a server that has failed to respond to a previous request. Thisstops the switch from continually trying to contact a server that it has already determined as dead.

Setting the dead time to a value greater than zero enables this feature, but only if more than one serverhas been configured.

Authorization is for authorizing users to access the management interfaces of the switch.

The RADIUS authentication servers are used both by the NAS module and to authorize access to theswitch's management interface. The RADIUS accounting servers are only used by the NAS module.


Security

TACACS+ is an access control network protocol for routers, network access servers, and other networkedcomputing devices. TACACS+ authentication, authorization, and accounting are supported by CEServicessoftware. The CLI interface is only supported in the initial version for the configuration of TACACS+authorization, and accounting mechanisms.

13.4 Secure AccessThe following table lists the options available for Secure Access.

Table 21 • Secure Access Options

DescriptionMethod

Enable or disable option provided, supports v2 only.SSH

Enable or disable.SSL/HTTPS

A redirect web browser to HTTPS option available whenHTTPS mode is enabled.

HTTPS auto redirect

Note:SSL and HTTPS are not supported in the non-crypto version of the software.

13.5 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level.

The privilege level of the user allowed range is 1 to 15. A privilege level 15 enables access to all groupsand grants full control of the device. User privilege level should be the same or greater than groupprivilege level. By default, privilege level 5 provides read-only access and privilege level 10 providesread-write access for most groups. Privilege level 15 is needed for system maintenance tasks such assoftware upload and factory default restore. Generally, privilege level 15 is used for an administratoraccount, privilege level 10 for a standard user account, and privilege level 5 for a guest account.

The name identifying the privilege group is called the Group name. Inmost cases, a privilege level groupconsists of a single module (for example, LACP, RSTP, or QoS), but a few of them contain more thanone.

Each group has an authorization privilege level configurable between 1 to 15 for the following sub-groups.

• Configuration read-only• Configuration/execute read-write• Status/statistics read-only• Status/statistics read-write (for example, statistics clearing)

Group privilege levels are used only in theweb interface. The CLI privilege level works on each individualcommand. User privilege should be same or greater than the privilege level for the group.

13.6 Authentication and Authorization MethodsThe following authentication and authorization methods are available.

13.6.1 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch fromone of the management client interfaces. The following configuration is allowed on all the fourmanagement client types.

• Console


Security

• Telnet• SSH• Web

Methods that involve remote servers are timed out if the remote servers are offline. In this case, thenext method is tried. Each method is tried from left to right (when entered in the CLI) and continuesuntil a method either approves or rejects a user. If a remote server is used for primary authentication,it is recommended to configure secondary authentication as local. This will enable the managementclient to log in using the local user database if none of the configured authentication servers are alive.

13.6.2 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from thedifferent management clients, Console, Telnet, and SSH. It is possible to set the privilege level andauthorize configuration commands. An authorization method can be configured either to TACACS+ ordisable.

13.6.3 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of theuser from the different management clients, Console, Telnet, and SSH. It is possible to set the privilegelevel and enable exec (login) accounting. The accounting method can be configured either to TACACS+or disable.

13.6.4 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN. The HTTP/HTTPs,SNMP, and Telnet/ SSH interfaces can be restricted with this feature.

Themaximummanagement access filter entries allowed is 16. If the application's typematches any oneof the access management entries, it allows access to the switch. The access management statistics canalso be viewed.

13.7 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users orgroups permitted access to specific traffic objects such as a process or a program. The ACE parametersvary according to the frame type selected.

Each accessible traffic object contains an identifier to its ACL. The privileges determine whether thereare specific traffic object access rights.

ACL implementations can be quite complex, for example, when the ACEs are prioritized for the varioussituations. In networking, ACL refers to a list of service ports or network services that are available ona host or server, each with a list of hosts or servers permitted to use the service. ACLs can generally beconfigured to control inbound traffic, and in this context, they are similar to firewalls.

There are three rich configurable sections associated with the manual ACL configuration.

The ACL configuration shows the ACEs in a prioritized way, highest (top) to lowest (bottom). An ingressframe will only get a hit on one ACE even though there are more matching ACEs. The first matching ACEwill take action (permit/deny) on that frame and a counter associated with that ACE is incremented. AnACE can be associated with any combination of ingress port(s) and policy (value/mask pair). If an ACEpolicy is created then that policy can be associated with a group of ports as part of the ACL portconfiguration. There are a number of parameters that can be configured with an ACE.

The ACL ports configuration is used to assign a policy ID to an ingress port. This is useful to group portsto obey the same traffic rules. Traffic policy is created under the ACL configuration. The following trafficproperties can be set for each ingress port.

• Action• Rate limiter


Security

• Port redirect• Mirror• Logging• Shutdown

The management interface allows the port action that is used to determine whether forwarding ispermitted (Permit) or denied (Deny) on the port. The default action is Permit.

The ACE will only apply if the frame gets past the ACE matching without getting matched. In that casea counter associated with that port is incremented. There can be 16 different ACL rate limiters. A ratelimiter ID may be assigned to the ACE(s) or ingress port(s).

An ACE consists of several parameters. These parameters vary according to the frame type selected.The ingress port needs to be selected for the ACE, and then the frame type. Different parameter optionsare displayed depending on the frame type selected. The supported frame types include the following:

• Any• Configurable Ethernet type• ARP• IPv4• IPv6

MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on theselection of appropriate frame types.

13.8 ARP Inspection/IP and IPv6 Source GuardARP Inspection is a security feature. Several types of attacks can be launched against a host or devicesconnected to layer 2 networks by poisoning the ARP caches. This feature is used to block such attacks.Only valid ARP requests and responses can go through the switch device.

IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports byfiltering traffic based on the DHCP snooping table or manually configured IP source bindings. It helpsprevent IP spoofing attacks when a host tries to spoof and use the IP address of another host.

It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARPinspection.

It is also possible to add a newentry to the static ARP inspection table and/or IP source guard by specifyingthe Port, VLAN ID, MAC address, and IP address for the new entry.

IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based onthe binding database of the DHCPv6 shield protection or on manually configured IPv6 source bindings.IPv6 source guard can prevent traffic attacks caused when a host tries to use a bogus IPv6 address. Anentry in the binding table has an IPv6 address, binding port number, its associated MAC address, andits associated VLAN number. When IPv6 source guard is enabled, the IPv6 traffic is filtered based on thesource IPv6 address, port number, VLAN number, and MAC address. The switch forwards traffic onlywhen the source IPv6 address, VLAN, port number, and MAC address match an entry in the IPv6 sourcebinding table. All other packets are dropped as they do not match any entries in the binding table.

13.8.1 Guest VLANA guest VLAN is a special VLAN, typically with limited network access, on which 802.1X-unaware clientsare placed after a network administrator-defined timeout.

When a guest VLAN is enabled globally and on a given port, the switch considers moving the port intothe guest VLAN.

This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-basedmodessuch as Port-based 802.1X, Single 802.1X, and Multi 802.1X.


Security

14 Timing and Synchronization

Timing in the CEServices software can be derived using Synchronous Ethernet line timing or recoveredpacket timing using IEEE 1588v2. A hierarchy of backup timing sources is supported, where any sourcecan be primary and any other source secondary. For example, Synchronous Ethernet can be used as theprimary timing source with IEEE 1588v2 providing backup timing.

Microsemi devices can support 1588 time stamping in hardware with better than 10 ns accuracy. Whenthe switch ports are directly attached to opticalmodules, the switch performs the required time stamping.The 1588 software, including PTP, can run on the integrated CPU of the switch and supports the followingfeatures.

• Long-term phase accuracy with ns accurate hardware-based time stamping• Compensation for delay asymmetry• Decoupling of SyncE and 1588 to avoid low frequency wander• Y.1731 time stamping

Time of day and clock outputs are also provided for timing delivery to an attached network elementsuch as a cellular base station.

Synchronous Ethernet (SyncE - ITU-T Rec. G.8261) and 1588 (IEEE 1588-2008 or version 2) technologiesare used for distribution of frequency and time of day (ToD).

SyncE and PTP are supported in the CEServices software. It is possible to set IEEE 1588v2 TOD based onSystem TOD. This is used to set the 1588 TOD in networks without 1588. This will also be needed inY.1731 delay measurement configurations.

Microsemi devices can provide sub-nano second accuracy, that is, accuracy less than or equal to 1 ns.This is achieved by performing the following calibration procedures.

• Automatic adjustment of timestamp plane reference• Port-to-port calibration• Calibration to external reference using 1PPS• Calibration of 1PPS skew• 1PPS input calibration

These calibration results are saved to flash so that they are persistent even if the device is power-cycledor rebooted. The CEServices software provides support for the following timing requirements.

14.1 SyncESyncE, defined by ITU-T standards such as G.8261, G.8262, G.8264, and G.781, leverages the physicallayer of Ethernet to transmit frequency to remote sites. SyncE over Ethernet provides a cost-effectivealternative for networks. For SyncE to work, each network element along the synchronization pathmustsupport SyncE.

The architecture and features of SyncE are very similar to those found in SDH/SONET networks. SyncEuses the physical layer (Ethernet interfaces) to distribute frequency from the primary reference clock(PRC) to the slaves.Means for redundancy are provided. The equipment sync controller selects betweenreceived clocks frommultiple inputs, filters the selected reference, and uses that as the transmit directionclock.

SyncE is supported on all the switch interfaces.

Network elements use Synchronization Status Messages (SSM) to inform the neighboring elementsabout the Quality Level (QL) of the clock.


Timing and Synchronization

To maintain a logical communication channel in synchronous network connections, Ethernet relies ona channel called Ethernet SynchronizationMessaging Channel (ESMC) based on IEEE 802.3 organizationspecific slow protocol standards. ESMC relays the SSM code that represents the quality level of theEthernet Equipment Clock (EEC) in a physical layer.

PIC firmware is used to apply the default setting to this SyncE IC in the booting stage. When the CPU iscoming up, it will take over to control the SyncE IC.

The clock selection algorithm selects the best available synchronization source from the nominatedsources. The clock selection algorithm has a non-revertive behavior among clock sources with same QLvalue and priority, and always selects the signal with the best QL value.

SyncE also supports the following:

• The nominated port can be selected as an Ethernet port.• Clock source configuration, including the clock recovery and redundancy, is supported.• Clock sectors can be selected for different modes.• Two timers are available—WTR and Hold off timer.• Auto negotiation (ANEG) mode configuration is supported on 1000BaseT ports.• Clock Selection Mode (CSM) configuration is available for the single nominated clock source.• Station clock input and output frequencies are configurable.• The SyncE SSM mode can be enabled per each SyncE Enabled port on the switch. The SSM mode

is disabled on all the ports by default.

14.2 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer, which may be used to distribute frequency and/or ToD(phase).

NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timingholdover capability. Timing failover operation can be revertive or non-revertive. The following featuresare implemented as part of PTP.

• Ordinary clock and boundary clock using basic delay mechanism• Ordinary clock and boundary clock using peer-to-peer delay mechanism• Peer-to-peer transparent clock• End-to-end transparent clock• Local clock and servo• Best master clock algorithm

The protocol supported is Ethernet PTP over Ethernet multicast by default. It is possible to configurePTP over IPv4 multicast or unicast.

Boundary clocks support bothmulticast and unicast configuration. The slave only clock can be configuredfor up to five master IP addresses. When operating in IPv4 unicast mode, the slave is configured for upto fivemaster IP addresses. The slave then requests Announcemessages fromall the configuredmasters.The slave uses the BMC algorithm to select one as master clock, and then requests Sync messages fromthe selected master.

14.3 14.3 G.8265.1 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clockbased on the following clock properties.

• Identifier• Quality• Priority• Variance



14.4 PTP ProfileProfiles were introduced in IEEE 1588-2008, to allow other standards bodies to tailor PTP to particularapplications. PTP Profile supports frequency synchronization over telecom networks.

14.5 Clock QualityThe clock quality is determined by the system, and holds three parts: Clock Class, Clock Accuracy, andOffset Scaled Log Variance as defined in IEEE 1588. The Clock Accuracy values are defined in IEEE 1588table 6.

14.6 G.8275 Compliant FilterThe CEServices software supports filtering that can be either the basic filter or an advanced filter thatcan be configured to use only a fraction of the packets received (the packets that have experienced theleast latency).

The default delay filter is a low pass filter, with a time constant of 2**DelayFilter*DelayRequestRate.

If the delay filter parameter is set to 0 or the Dist parameter is 0, the delay filter uses the same algorithmas the offset filter.

14.7 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution.

14.8 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients.NTP is disabled by default. The implemented NTP version is 4.

The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported. Daylightsaving time can also be supported to automatically adjust the Time offset.

14.9 Microsemi One-step TC PHY SolutionThe PTP application also supports the PHY API.

14.9.1 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism.

14.9.2 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism.

14.9.3 Boundary ClockThe boundary clock (master/slave) delay measurement mechanism is configurable or port.

14.9.4 PTP over IPv4The PTP packets are encapsulated in IPv4

14.9.5 Unicast/MulticastPTP packets encapsulated in IPv4 can be configured to eithermulticast or unicastmode. In unicastmode,the slave is configured with the IP addresses of the accepted masters.



15 Carrier Ethernet (OAM and Testing)

The following sections describe the rich Carrier Ethernet features supported by the CEServices software.

15.1 Ethernet ServicesThe CEServices software provides support for MEF, provider bridging, and proprietary features throughthe following interfaces.

• CLI• SNMP• Web• JSON

Up to 4K bridge domains are supported through full VLAN support. Each EVC reserves one VLAN as itsbridge domain.

Up to 64 EVCs with 8 service classes are supported on Serval-1. Any port number of the switch may beconfigured as an NNI port as part of the EVC configuration.

15.1.1 MEFThe software provides support for MEF EVC attributes, UNI, and (UNI, EVC) attributes.

MEF standards describe services provided to customers at UserNetwork Interfaces (UNIs). Inside providernetworks, nodes are connected using Internal Network-to-Network Interfaces (I-NNIs).

Connections between service providers are done using External Network-to-Network Interfaces (E-NNIs).

An Ethernet Virtual Connection (EVC) is an association of two ormoreUNIs. Three EVC types are defined,as follows:

• E-Line—point-to-point connection of two UNIs• E-LAN—multipoint-to-multipoint connection of two or more UNIs• E-Tree—rooted-multipoint connection between leaf and root UNIs. Frames are not forwarded

between leaf UNIs.

MEF defines a number of attributes associated with UNIs and EVCs. These attributes include mappingsof customer VLAN IDs to EVCs, ingress bandwidth profiles, and processing of L2 control protocols (L2CP).

Frames received on a UNI are normally mapped to an EVC based on UNI and C-VID. Mapping to Classof Service (CoS) may be done based on UNI, EVC, PCP, and DSCP. Ingress bandwidth profiles are usedfor policing incoming frames.

DSCPmatching using EVC/ECE configuration is supported. Serval-1DSCP remarking features are supportedby API/APPL.

Flexible EVC mapping is supported with 1K TCAM-classified Service Points (SP) each with policers andstatistics. Each EVC has an arrival SP and a departure SP on each interface of the EVC.

An ingress policer can be configured as single leaky bucket and also a dual leaky bucket as defined byMEF. Both color blind and color aware modes are supported.

EVC rewrite functions support Push/Pop/Translate up to two customer frame VLAN tags.

Color-blind configuration per policer is not supported. It is possible, however, to set up drop precedencelevel per EVC config entry and force Green color.

L2CPs (identified by destination MAC address) may require special processing (discard/tunnel/peer) bythe provider network.


Carrier Ethernet (OAM and Testing)

Service class allows EVC to configure with combination of UNI, EVC, and COS ID. This allows user tocreate service with UNI, EVC, and COS ID. Policer actions can be defined as per COS ID at UNI. Maximumof eight service classes can be defined per service.

15.1.2 Provider BridgingIn provider bridging networks (IEEE 802.1ad), service frames are encapsulated using an S-Tag. The serviceis identified based on the S-VID. Three different services are provided, as follows:

• Port-based service—all frames received on the customer network port are classified to the sameservice.

• C-tagged service—frames received on the customer network port are classified to a service basedon the C-VID.

• S-tagged service—frames received on the customer network port are classified to a service basedon the S-VID.

Port can be configured as unaware, customer port (C-port), service port (S-port), or a custom serviceport (S-custom-port). The S-port is set to 0x88A8 by default.

Ports connected to subscribers are VLAN unaware, members of one VLAN, and set up with this uniquePort VLAN ID. Ports connected to the service provider are VLAN aware members of multiple VLANs, andset up to tag all frames.

Untagged frames received on a subscriber port are forwarded to the provider port with a single VLANtag. Tagged frames received on a subscriber port are forwarded to the provider port with a double VLANtag.

15.1.3 Proprietary FeaturesThe CEServices software supports the following proprietary features.

• Basic VLAN parameters for the custom S-tag TPID and different VLAN port types• Service classification in any combination to classify received frames on a port to an EVC• Service actions• Service statistics per service, class, and UNI/NNI ports

The EVC control entry configurations allow different tag types including the inner and outer tags.

Different actions canbe specifiedonUNI-NNI,NNI-UNI andboth directionswith filters specifieddependingon the frame type chosen (any/IPv4/IPv6).

• VLAN• SMAC/DMAC• SIP/DIP• Protocol• Source/Destination Port• DSCP

15.1.4 L2CP TunnelingThe L2CP tunneling feature is supported on the port and EVC control entry configuration. Using thisapproach, it is possible to specify encapsulation, CoS, and policer mapping in the same way as is usedfor normal service frame forwarding.

Peering is supported for the following protocols as part of the configuration.

• Pause (flow control)• STP/RSTP/MSTP• LACP• Link OAM



• Port Authentication (802.1X)• LLDP• GVRP• CDP (Cisco protocol)

It is also possible to configure the following scenarios.

• Discarding of L2CP• Forwarding L2CP over an EVC• Tunneling of L2CP

15.2 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN)topologies has emphasized the necessity for integrated management of large deployments. To addressthe end-to-endOperations, Administration, andMaintenance (OAM) capabilities for Ethernet networks,various standard bodies proposed various OAM capabilities for Ethernet OAM. These OAM capabilitiesallow the administrator to install, monitor, and troubleshoot the Ethernet MAN and WANs.

The CEServices software supports the OAM functionality in both point-to-point link monitoring asdescribed in IEEE 802.3ah and also Flow OAM. Flow OAM implements requirements from IEEE 802.1agas well as the IEEE standards, ITU-T.1731, and ITU-T.G.8021.

All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns.

15.2.1 Link OAM (802.3ah)Point-to-point link level OAM tomonitor the link operations as specified in IEEE 802.3ah is implementedto support both active and passive modes.

Mechanisms to support the following are also implemented.

• OAM capability discovery• Link monitoring to link event notifications with diagnostic information• Software-based remote failure indication to indicate to a peer that receive path of the local DTE is

non-operational.• Remote loopback control for a data link layer frame-level loopback mode.

Administrator enables or disables the OAM functionality depending upon the topology requirements.The following port-based configurations are supported.

• Mode selection (active/passive).• OAM client configuration for Capability Discovery Protocol (CDP) and related timers.• Enable/Disable link monitoring capability. Once the link monitor capability is enabled, OAM entity

sends out a PDU with the link monitoring capability flag set.• Enable/Disable the linkmonitoring operation. Linkmonitoring notifications are sent out to the peer

OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 802.3ah.• Enable/Disable the remote loopback control capability. Once the remote loopback control capability

is enabled, OAM entity sends out a PDU with the remote loopback capability flag.• Enable/Disable remote loopback operation. The passive OAM entity obeys the remote loopback

request from the peer OAM entity only when the state of discovery protocol is send-any as definedby the IEEE 802.3ah.

IEEE 802.3ah does not specify the configuration support for most of these features; they are providedas administrator capabilities.

By default, link OAM capability is enabled.

Link event configuration can be made on a per-port basis for different events.



15.2.2 Dying GaspThe CEServices software supports Link OAM dying gasp PDU and dying gasp SNMP trap. The dying gaspmessage will be sent out from the device.

The SNMP trap is sent only on power failure or removal of power supply cable.

Dying gasp occurs in case of reload, removal of power supply cable, or power failure. In case of anysituation coming true, the switch will immediately send out a dying gasp trap to an SNMP trap receiver.In case of a dying gasp PDU, the information is immediately passed on to the peer Link OAM enableddevice.

The dying gasp event PDU is sent if one of the following four events occur.

• Device power loss.• Switch reloads—this includes cold reload and firmware upgrade.• The port where Link OAM is enabled is shut down.• Link OAM is disabled on a port where it was previously enabled.

15.2.3 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 802.1ag and ITU-T.Y1731/G.8021.Nodes can be configured asMaintenance End Point (MEP) orMaintenance IntermediatePoint (MIP) in an OAM domain to participate in the Flow OAM functionality.

Features such as Link Trace, Continuity Check, and Alarm Indication Signal (AIS) are provided in theimplementation.

15.3 IEEE 802.1ag SupportThe IEEE 802.1 ag support is implemented with features such as Link Trace, Loopback, and ContinuityCheck.

The Link Trace Message (LTM) PDU is initiated by MEP. The MEP establishes the path by collating all theLTR PDUs.

MIPs receive and handle the PDU in a manner that allows the MEP to trace the path to the target MACaddress. All intermediateMIPs forward the packet to the egress port for which the targetMAC is learned,and, at the same time, reply to the MEP with a Link Trace Reply (LTR). This continues until the PDU isreceived by the management point with the target MAC. This entity does not forward the packet butreplies to the originator MEP. CCM TLV is unsupported.

Support for static port status TLV and interface status TLV for CCM PDU has been added.

Inserting dynamic content and reflecting status related to port status and interface TLV is also supported.

15.4 ITU-T SupportThe following features are supported by ITU-T.

• Continuity check: this is used for detecting loss of continuity between an MEP and its peer MEP(s).It can also detect unintended connection to other Maintenance Groups (MEGs), unintendedconnection to peer MEPs, unexpected period, and more.

• Loopback: this is initiated by MEPs to check loop-back path with all peer MEPs in the group.• Link trace.• Alarm Indication Signal (AIS): this is transmitted by MEPs during Signal Fail conditions. It can be

used for suppression of alarm on client layer or for protection on client layer.• Locked Signal (LS): this is transmitted by MEPs when demanded by the management. It is used to

administratively lock a server layer or a subsection of a flow.• LossMeasurement (LM): this is a flowpoint-to-point functionality, which ismeasured only between

MEPs. There can only be two MEPs in the group. Both the near-end and the far-end losses can be



calculated based on the information exchanged between the MEPs. LM is implemented on bothCCM-based and LMM/LMR-based. LMcan also be based on synthetic frames SLM/SLR or 1SL.Whenrunning a synthetic LM, it supports LM in a multipoint MEG.

• Delay Measurement (DM): this is a flow point-to-multipoint functionality, which is measured onlybetween twoMEPs. There can be manyMEPs in the group, but DM is measured only between twoMEPs. Both the one-way and the two-way delay + delay variation can be calculated based on theinformation exchanged between the MEPs.

• One-way and two-way delay measurement.

A maximum of five peer MEPs can be added to an instance by configuring the Peer MEP ID and unicastpeer MAC. Functional configuration can be made by configuring Fault Management per instance.

15.5 Syslog SupportThe CEServices software supports CFM events and CFM syslog messages. CFM events trigger the CFMsyslog messages. Two types of syslog messages are supported.

15.5.1 AIS SyslogsThese messages can be enabled using the ethernet cfm logging command.

15.5.2 MIB Alarm SyslogsMIB alarm syslog messages can be enabled using the ethernet cfm logging command with thealarm keywords. These details can be viewed through the CLI commands.

The syslog generation can be enabled/disabled from the MEP MIB.

15.6 RFC2544 SupportRFC2544 defines a number of tests that may be used to describe the performance characteristics of anetwork interconnecting device.

The CEServices software supports the following benchmarking tests.

• Throughput• Latency• Frame Loss Rate• Back-to-Back

In addition, the CEServices software includes a test suite tool that enables creating, saving, executingtest profiles, and capturing and reporting results.

Not all features are implemented exactly as prescribed in RFC2544. For example, in many test typesRFC2544 mandates a specific number of frames be transmitted. The Microsemi solution will insteadallow for provisioning a period of time to transmit frames.

The software allows for storing up to 16 profiles. Profiles can be renamed and deleted. Execution of aprofile results in a report that can be downloaded through web or TFTP. The last ten reports are storedto non-volatile memory.

15.7 Performance Monitoring (PM)PM is collection of performance information in Measurement Intervals. The information can be storedin non-volatile memory and can be transferred to a server.

PM can be configured on the CEServices software for the following:

• Loss Measurement• Delay Measurement• Delay Measurement Binning



• EVC statistics

The gathered PMdata set for aMeasurement Interval is stored locally in nonvolatilememory. The storedPM data sets can be transferred to remote server through the network.

15.8 Traffic Test LoopTT-Loop provides a method to perform tests that are defined in the RFC2544 and the Y.1564. Two typesof loops that can be applied on a particular residence port are as follows:

• MAC loop—all frames are looped with swapped MAC.• OAM loop—OAM aware and do LBM > LBR and DMM > DMR looping as described in Y.1731.

All forwarding (sourcing) of subscriber service frames into this flow is blocked. Customer simulatedtraffic must be looped with swapped MAC. The TT-Loop can be configured to support MEF-46.

15.9 Y.1564 (SAM) SupportY.1564 is an Ethernet Service Activation test Methodology (SAM), which is an ITU-T standard for turningup, installing, and troubleshooting Ethernet-based services. Y.1564 is only supported on Serval-1.

It is the only standard test methodology that allows for complete validation of Ethernet Service-LevelAgreements (SLAs) in a single test.

Three key objectives of ITU-T Y.1564 are as follows:

• To serve as a network SLA validation tool, ensuring that a servicemeets its guaranteed performancesettings in a controlled test time.

• To ensure that all services carried by the network meet their SLA objectives at their maximumcommitted rate, proving that under maximum load network devices and paths can support all thetraffic as designed.

• To performmedium and long-term service testing, confirming that network elements can properlycarry all services while under stress during a soaking period.

ITU-T Y.1564 defines an out-of-service test methodology to assess the proper configuration andperformance of an Ethernet service prior to customer notification and delivery.

The purpose of Y.1564 is to test Ethernet Virtual Connections (EVCs). An EVC is a collection of one ormore ordered set of rules, known as ECEs. Each ECE describes thematching criteria for the traffic arrivingat UNI. The matching criteria configuration is very flexible, and can either be made almost arbitrarilycomplex, or very simple.

In order to execute a Y.1564 test, a set of Y.1564-specific configuration along with information aboutwhich EVC/ECE to test is needed. The Y.1564-specific configuration is independent of the EVC/ECE totest, and is called a 'profile'.

The profile can be persisted to flash and used over and over again as input configuration to test EVCs/ECEsas they are created. The result of executing a profile is called a 'report'.

An EVC/ECE test can be initiated through the CLI or web (and through SNMP or JSON interface in thefuture). While executing, the switch takes the EVC under test out of service and generates frames onbehalf of the customer at rates defined by the selected Y.1564 subtests and the individual ECEs' policerconfigurations. The frames will undergo the same mechanisms as the frames that arrived on the UNI,and therefore be subject to policing and switching towards the NNI.

In the current release, the switch will generate Y.1731 OAM frames as background traffic, and it expectsthese frames to be looped in the remote end (DST; destination). The near-endwill need to knowwhetherthe remote end is Y.1731 OAM aware, and if so, it will generate Y.1731 LBM frames. The near-endexpects the remote-end to reply with Y.1731 LBR frames. If the remote-end is not Y.1731 OAM aware,the near-end transmits Y.1731 TST frames and expects these frames to be looped back with DMAC andSMAC addresses swapped using the MAC loop mentioned in Traffic Test Loop.



The current release also supports generation of simulated customer traffic based on the matchingcriteria used in the ECEs. For delay measurements, the switch will transmit Y.1731 DMM if the remoteend is OAM aware, and if not, it transmits the Y.1731 1DM frame.

Upon subtest completion, the switch will assess the measured performance against the policerconfiguration (SLA), while observing the Service Acceptance Criteria (SAC) embedded in the profile. Theresult of a subtest is either PASS or FAIL. If a subtest fails, the execution stops and the whole test isconsidered to have failed.

15.10 Multiprotocol Label Switching-Transport Profile (MPLS- TP) SupportThe MPLS-TP extends to the MPLS being designed by the IETF based on the requirements provided bythe service providers.

It is designed as a network layer technology in transport networks and provides service providers witha reliable packet-based technology based upon circuit-based transport networking. It is expected toalign with current organizational processes and large-scale work procedures similar to other packettransport technologies. MPLS-TP is expected to be a low cost L2 technology (if the Transport Profile isimplemented in isolation) that provides QoS, end-to-end OAM, and protection switching. The currentrelease supports the following features.

15.10.1 MEF CE 2.0 E-LINE Delivery over MPLS-TP PseudowireThe following features are supported.

• MEF UNI Ethernet and OAM features• VPWS PWmodel with PW endpoint on the UNI (UNI PW)• VPLS PW model with PW endpoint on the NNI (NNI PW)• Up to eight EVC COS mapped to eight or fewer PW COS• Ethernet COS determined from subscriber L2 and L3 fields• EVC MEG Up MEP, subscriber MEG MIP• PW up MEP on UNI-N (UNI PW) or down MEP on NNI (NNI PW)

15.10.2 MEF CE 2.0 E-LAN Delivery over H-VPLSThe following features are supported.

• MEF UNI Ethernet and OAM features• H-VPLS MTU-s role (as per RFC4762)• Up to eight EVC COS mapped to eight or fewer PW COS• Ethernet COS determined from subscriber L2 and L3 fields• EVC MEG Up MEP, subscriber MEG MIP on UNI-N• PW down MEP on NNI• One UNI-port up MEP is supported per E-LAN EVC

15.10.3 Pseudowire Label Edge Router (LER) FeaturesThe following pseudowire LER features are supported.

• Raw and tagged modes (as per RFC4448)• Attachment individual and group identifier (as per RFC4446)• Optional control word (in addition to other labels)• No support for fragmentation or sequence number• MPLS PW OAM using VCCV types 1–3 or G-ACH/GAL (VCCV Type 4)• MPLS PW switching/stitching for SS and MS architecture (as per RFC6073)

15.10.4 Label-Switched Path (LSP) SupportThe following LSP features are supported.



• LSR switching• Up to three labels supported per flow

• LSP or PW can exist directly on the Ethernet port, inside one terminated LSP, or inside twoterminated LSPs.

• MPLS LSP OAM using GAL/G-ACH• SPME support• L-LSP and E-LSP support• Pipe, short Pipe, and uniform model support

• MPLS link layer Ethernet• Including VLAN tag and QoS settings• Ethernet OAM for physical link• MPLS-TP OAM for MPLS segment (GAL as top MPLS label)

• Label stack processing• iTTL checks• CW checks• Error and Exception handling• Reserved Label handling• Upstream-assigned and downstream-assigned

15.10.5 MPLS-TP OAMThe following MPLS-TO OAM features are supported.

• PTN OAM, complete protocol suite. MPLS-TP OAM is implemented in software without hardwareassistance.

• MPLS OAM support for BFD CC/CV/RDI only. MPLS-TP OAM is implemented in software withouthardware assistance.

• G.8113.2 Route trace support for LSP ping with non-IP-based on-demand CV, using ACH as perRFC6426.

• Y.1731/802.1ag Ethernet OAM available simultaneous with MPLS-TP features. Ethernet OAM isimplemented in software but with significant hardware assistance.• Ethernet client layer (inside MPLS)• MPLS link layer

15.10.6 MPLS-TP (1:1 Linear) ProtectionThe following MPLS-TP protection features are supported.

• (NNI PW only) 1:1 EVC protection over MPLS using pseudowire monitoring• (NNI PW only) 1:1 EVC protection over MPLS using LSP monitoring• 1:1 UNI PW or switched LSP protection using LSP monitoring

• UNI PW monitoring uses SPME• 1:1 LSP group protection (active/standby)• 1:1 LSP group protection (active/active)• 1:N LSP group protection (active/standby)• Linear protection switching is implemented in software without hardware assistance

15.10.7 QoSThe following QoS protection features are supported.



• Static COS/Color markings of TC bits• Dynamic COS mappings between EVC/PW/LSP layers due to classification• Dynamic color mappings between EVC/PW/LSP layers and remarking due to policing• Support for both CBQ and H-QoS queuing models, configurable per-port



16 Robustness and Power Savings

The following sections describe the robustness and power saving (Green Ethernet) features supportedby the CEServices software.

16.1 RobustnessThe following section introduces a robustness feature.

16.1.1 Cold and Cool RestartThe software defines and supports the following restart types.

• Cold—power cycle induced reset of the switch.• Cool—software initiated reset of the switch (with traffic disruption).

16.2 Power SavingsThe following sections introduce the power savings features.

16.2.1 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (orno traffic). EEE support allows the user to inspect and configure the current EEE port settings.

EEE works by powering down circuits when there is no traffic. When a port gets data to be transmittedall circuits are powered up. The time it takes to power up the circuits is namedwakeup time. The defaultwakeup time is 17 ms for 1 Gbit links and 30 ms for other link speeds. EEE devices must agree upon thevalue of the wakeup time to make sure that both the receiving and transmitting devices have all circuitspowered up when traffic is transmitted. The devices can exchange information about device wakeuptimes using the LLDP protocol.

EEEworks for ports in auto-negotiationmode,where the port is negotiated to either 1G or 100megabitsfull duplex mode.

16.2.2 LED Power Reduction SupportThe CEServices software supports the LED power reduction feature.

The LED power consumption can be reduced by lowering the intensity of LEDs. LEDs can be dimmed orturned off. LED intensity can be set for 24 one-hour periods in a day and can be configured from 0percent to 100 percent in 10 percent increments for each period.

A network administrator may want to have full LED intensity during themaintenance period. Therefore,it is possible to specify that the LEDs will use full intensity for a specific period of time.

Maintenance time is the number of seconds (10 to 65535, 10 being default) the LEDs will have fullintensity after either a port has changed link state or the LED button has been pressed.

16.2.3 Adaptive Fan ControlThe CEServices software supports the following fan controls.

• Maximum temperature—temperature at which the fan runs at full speed.• Turn on temperature—temperature at which the fan runs at the lowest possible speed.

16.3 ActiPHYActiPHY works by lowering the power for a port when there is no link. The port is power up for shortmoment in order to determine if cable is inserted.


Robustness and Power Savings

16.3.1 Thermal ProtectionPowering down ports if temperature becomes high.

16.4 PerfectReachPerfectReach determines the cable length and lowers the power consumption at portswith short cables.


Robustness and Power Savings

17 Management

The following sections describe the management features supported by the CEServices software.

17.1 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls. The messages exchanged in JSON-RPC are JSON encoded data structures. The JSON-RPC protocol has two roles - that of a server and aclient. The client initiates the communication by sending a request to the server, and the server processesthe request and sends back a response.

The CEServices software includes a JSON-RPC server, and in order to use it, a JSON-RPC client. JSON-RPCprovides a high-level interface that is the functional equivalent of CLI or SNMP with the followingadditional properties.

• Machine, and human friendly interface.• Reliable connections orientated communication provided by the TCP and HTTP message

encapsulation.• RPC orientated protocol, which fits into most programming languages.• Can be implemented in practically any language and needs only a very limited foot-print in terms

of program memory and data memory.

For more information about the JSON-RPC specification, seehttp://json-rpc.org/. For information aboutthe general JSON specification, see http://json.org.

Note:JSON-RPC is not an end user interface intended for human interaction; it is a high level machinefriendly interface. Because of this, the intended audience of this document is developers who arealready familiar with the JSON-RPC technology. It is recommended that users not already familiarwith JSON or JSON- RPC to read the official standards.

17.1.1 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications, that is, asynchronous events generated on theserver and sent to the client. This allows the client to react on events when they happen, without theneed for polling. When an event occurs, the JSON-RPC notification service takes the initiative to senda request to the configured notification receiver. In network terminology, this makes the notificationreceiver the server and the device that implements the notification service the client.

This means that when supporting both normal JSON-RPC service and notifications, the target acts asboth a server and a client. Likewise for the user of the service, a client is used to access the normalJSON-RPC service, and a server is needed to receive the notification events.

As the current implementation uses http as the message exchange protocol, the client needs an httpclient to post the requests and an http server to receive the notifications. Only http (and not https) iscurrently supported for JSON-RPC notifications.

17.2 Management ServicesThe CEServices software provides the network administrator with a set of comprehensive managementfunctions. The network administrator has a choice of the following easy-to-use management methods.

• CLI Interface• Web-based• Simple Network Management Protocol (SNMP)• JSON-RPC


Management

http://json-rpc.org/

http://json.org

Management interfaces of the turnkey switch solutions are branded to comply with platform changesand the customer recommended standards as desired.

17.2.1 Industry Standard CLI ModelThe CLI interface of the CEServices software is an Industry Standard CLI model and consists of differentconfiguration commands structure with an ability to configure and view the configuration using theSerial Console, Telnet (on port 23), or SSH access.

The Industry Standard CLI model includes the following features.

• Command history (by pressing the up arrow, the history of commands is available to the user).• Command-line editing.• VT100 compatible CLI terminal.• Command groups based on command types.• Configuration commands for configuring features and available options of the device.• Show commands for displaying switch configuration, statistics, and other information.• Copy commands for transferring or saving the software images for upgrade/downgrade,

configuration files to and from the switch.• Help for groups and specific commands.• Shortcut key options. For example, the full command syntax support can be viewed for each possible

command using the Ctrl+Q shortcut.

(config-if-vlan)# ip^Qip address{{ <ipv4_addr> <ipv4_netmask> } | { dhcp [ fallback <ipv4_addr> < ipv4_netmask>[ timeout <uint> ] ] } }ip igmp snoopingip igmp snooping compatibility { auto | v1 | v2 | v3 } ip igmp snooping lastmember-query-interval <0-31744> ip igmp snooping priority <0-7>ip igmp snooping querier { election | address <ipv4_ucast> } ip igmp snoopingquery-interval <1-31744>ip igmp snooping query-max-response-time <0-31744> ip igmp snoopingrobustness-variable <1-255>ip igmp snooping unsolicited-report-interval <0-31744>

• Context-sensitive help. Click '?' button for a list of valid possible parameters, with descriptions.• Auto completion. Press <tab> key by partially typing the keyword. The rest of the keyword will be

entered automatically.• Ctrl+C option to break the display

• Modes for commands. Each command can belong to one or more modes. The commands in aparticularmode can bemade invisible in any othermode. The interface also allowswildcard support.

(config)# interface * (config-if)#

If multiple sessions are concurrently in the same sub mode with same parameters, then 'no' formof commands will not work and will display a warning message.

• Privilege. A set of privilege attributes may be assigned to each command based on the levelconfigured. A command cannot be accessed or executed if the logged in user does not have sufficientprivilege.

17.2.1.1 User EXEC ModeThe User EXECmode is the initial mode available for the users with insufficient privileges. The User EXECmode contains a limited set of commands. The commandprompt shownat this level is:CEServices>.


Management

17.2.1.2 Privileged EXEC ModeThe administrator/usermust enter the privileged EXECmode in order to have access to the full commandsuite. The privileged EXEC mode requires password authentication using an enable command, if set.The command prompt shown at this level is: CEServices#

It is also possible to have runtime configurable privilege levels per command.

• Keyword abbreviations—any keyword can be accepted just by typing an unambiguous prefix (forexample, “sh” for “show”).

SMBStaX# sh ip route0.0.0.0/0 via VLAN1:10.9.61.1 <UP GATEWAY HW_RT>10.9.61.0/24 via VLAN1 <UP HW_RT>127.0.0.1/32 via OS:lo:127.0.0.1 <UP HOST>224.0.0.0/4 via OS:lo:127.0.0.1 <UP>

• Error checking—before executing a command, the CLI checks whether the current mode is stillvalid, user has sufficient privileges, and valid range of parameter(s) among others. The user isalerted to the error by displaying a caret under the offending word along with an error message.

SMBStaX(config)# clock summer-time PDT date 14^% Invalid word detected at '^' marker

Every configuration command has a no form to negate or set its default. In general, the no form isused to reverse the action of a command or reset a value back to the default. For example, the noip routing configuration command reverses the ip routing of an interface.

SMBStaX(config)# clock summer-time PDT date 14^% Invalid word detected at '^' marker

• do command support—this will allow the users to execute the commands from the configurationmode.

(config)# do show vlanVLAN Name Interface---- ---- ---------1 default Gi 1/1-9 2.5G 1/1-2

• Platformdebug command support—thiswill allow the users to obtain technical support by enteringand running a debug command in this field.

17.2.2 Industry Standard Configuration SupportThe CEServices software supports an industry standard configuration (ICFG)where commands are storedin a text format.

The switch stores its configuration in a number of text files in CLI format. The files are either virtual(RAM-based), or stored in flash on the switch.

There are three system files:

• running-config—avirtual file that represents the currently active configuration on the switch.This file is volatile.

• startup-config—the startup configuration for the switch, read at boot time.• default-config—a read-only file with vendor-specific configuration. This file is readwhen the

system is restored to default settings. This is a per-build customizable file that does not require Csource code changes.

It is also possible to store up to four files and apply them to running-config, thereby switchingconfiguration. The maximum number of files in the configuration file is limited to a compressed size notexceeding 1MB. The configuration can be dynamically viewed by issuing theshow running-configcommand.


Management

This current running configurationmay be copied to the startup configuration using the copy command.ICFG may be edited and populated on multiple other switches using any standard text editor offline.

It is possible to upload a file from the web browser to all the files on the switch, except default-config, which is read-only. If the destination is running-config, the file will be applied to theswitch configuration. This can be done in two ways:

• Replace mode—the current configuration is fully replaced with the configuration in the uploadedfile.

• Merge mode—the uploaded file is merged with running-config.

If the file system is full, (that is, contains the three system files mentioned previously along with otherfiles), it is not possible to create new files. An existing file must be overwritten or another deleted first.

It is possible to activate any of the configuration files present on the switch, exceptrunning-config,which represents the currently active configuration. This will initiate the process of completely replacingthe existing configuration with that of the selected file.

It is possible to delete any of the writable files stored in flash, including startup-config. If this isdone and the switch is rebootedwithout a prior Save operation, it effectively resets the switch to defaultconfiguration.

17.2.3 WebThe web-based softwaremanagementmethod allows the network administrator to configure, manage,view, and control the switches remotely. The web-basedmanagement method also provides help pagesfor assisting the switch administrator in understanding the usage.

The supported web browsers are as follows:

• Internet Explorer 8.0 and above• Firefox 30 and above• Google Chrome 30 and above• Safari S5• Opera 11

The CEServices software also supports a Copy-all feature for selecting all the available ports. The webconfiguration is divided into different trees for the following tasks.

• Configuration of the features• Monitoring of the configured features using the Auto-Refresh option• Running supported diagnostics Maintenance of the related features

17.3 Simple Network Management Protocol (SNMP)The CEServices software provides rich SNMP system configuration features with support for SNMPv1,SNMPv2c, and SNMPv3. SNMPv3 configuration facilitates creation of users without authentication andprivacy.

SNMPv3 User, Group, View, and Access configuration is also supported including authentication andprivacy protocols/passwords. The SNMPv3 configuration allows creation of users without authenticationand privacy.

SNMP configuration is supported with an option to specify the allowed network addresses restrictedfor read-only and read-write privileges.

17.4 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available.

• History


Management

• RMON• Event

17.5 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches. By default, fiveICMP packets are transmitted to the configured IP address, and the sequence numbers and round triptimes are displayed upon the receipt of a reply. The payload size is set to 56 and is configurable from2–1452. The number of ICMP packets sent is also configurable in a range from 1–60. The ping intervalof the ICMP packet can be set from 0 seconds to 30 seconds.

• Ping—is a tool that checks the connectivity to a remote Internet Protocol (IP) host. It can alsocalculate the round-trip delay time for the complete route to the host. Both IpPv4 and IPv6 aresupported.

• Traceroute—is a tool that can determine the route an Internet Protocol (IP) packet takes from thesource host to the remote destination host and also calculate the round-trip delay time for eachhop of the route. Both IPv4 and IPv6 are supported. The timeout value can be configured from1–86400 seconds while the default value is three seconds. Source address can be mentioned byusing saddr option. The number of probes (range is 1–60) can be specified per hop with 3 as thedefault value. The number of hops (starting TTL) can be specified from 1–30 with 1 as the defaultvalue. The maximum number of hops can be configured from 1–255 with 30 as the default value.It can also be specified whether to use ICMP instead of UDP for IPv4 option.

17.6 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon. Logging to acentral Syslog server helps in aggregation of logs and alerts. The CEServices software can send the logmessages to a configured Syslog server running on UDP port 512.

Some of the supported Syslog events are as follows.

• Port link up and down• Port security limit control reach but the action is none• IP source guard table is full• IP source guard table reaches the port limitation• IP source guard port limitation changes, should delete entry• Switch boot up• SNMP authentication failure

The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries.

17.7 LLDP-MEDIt is possible to configure CEServices software either as a Link Layer Discovery Protocol (LLDP) end- pointdevice or connectivity device.

The default is to act as an end-point device.

LLDP-MED is an extension of IEEE 802.1ab and supports the following:

• Fast repeat count• Video Signaling (conditional)—Used in network topologies that require a separate policy for the

video signaling than for the videomedia. This application type should not be advertised if the samenetwork policies apply as those advertised in the video conferencing application policy.

Rapid startup and emergency call service location identification discovery of endpoints is a criticallyimportant aspect of VoIP systems in general. In addition, it is best to advertise only those pieces ofinformation that are specifically relevant to particular endpoint types. For example, advertise only the


Management

voice network policy to permitted voice-capable devices. This is advised in order to conserve the limitedLLDPDU space and also to reduce security and system integrity issues that can come with inappropriateknowledge of the network policy.

With this in mind, LLDP-MED defines an LLDP-MED fast start interaction between the protocol and theapplication layers on top of the protocol to achieve these related properties. Initially, a networkconnectivity device will only transmit LLDP TLVs in an LLDPDU. Only after an LLDP-MED endpoint deviceis detected, will an LLDP-MED capable network connectivity device start to advertise LLDP-MED TLVsin outgoing LLDPDUs on the associated port. The LLDP-MED application will temporarily speed up thetransmission of the LLDPDU to startwithin a second,when a new LLDP-MEDneighbor has been detectedin order to share LLDP-MED information as fast as possible with new neighbors.

Because there is a risk of an LLDP frame being lost during transmission between neighbors, it isrecommended to repeat the fast start transmission multiple times to increase the possibility of theneighbors receiving the LLDP frame. With fast start repeat count it is possible to specify the number oftimes the fast start transmission will be repeated. The recommended value is four times, given that fourLLDP frames with a 1 second interval will be transmitted, when an LLDP frame with new information isreceived.

It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run onlinks between LLDP-MEDnetwork connectivity devices and endpoint devices, and as such does not applyto links between LAN infrastructure elements, including network connectivity devices, or other typesof links.

• Coordinates location• Civic address location• Emergency call service• Network policies

Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with theVLAN configuration, along with the associated layer 2 and layer 3 attributes, which apply for a set ofspecific protocol applications on that port. Improper network policy configurations are a very significantissue in VoIP environments that frequently result in voice quality degradation or loss of service. Policiesare only intended for use with applications that have specific 'real-time' network policy requirements,such as interactive voice and/or video services. The network policy attributes advertised are as follows:

• Layer 2 VLAN ID (IEEE 802.1Q-2003)• Layer 2 priority value (IEEE 802.1D-2004)• Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)

This network policy is potentially advertised and associated with multiple sets of application typessupported on a given port. The application types specifically addressed are as follows:

• Voice• Guest voice• Softphone voice• Video conferencing• Streaming video• Control/Signaling (conditionally support a separate network policy for the preceding media types)

A large networkmay support multiple VoIP policies across the entire organization, and different policiesper application type. LLDP-MED allows multiple policies to be advertised per port, each correspondingto a different application type. Different ports on the same network connectivity device may advertisedifferent sets of policies, based on the authenticated user identity or port configuration.

It should be noted that LLDP-MED is not intended to run on links other than betweennetwork connectivitydevices and endpoints, and therefore does not need to advertise the multitude of network policies thatfrequently run on an aggregated link interior to the LAN.


Management

Intended uses of the application types are as follows:

• Voice—used by dedicated IP telephony handsets and other similar appliances supporting interactivevoice services. These devices are typically deployed on a separate VLAN for ease of deploymentand enhanced security by isolation from data applications.

• Voice Signaling (conditional)—used in network topologies that require a different policy for thevoice signaling than for the voice media. This application type should not be advertised if the samenetwork policies apply as those advertised in the Voice application policy.

• Guest Voice—supports a separate limited feature-set voice service for guest users and visitors withtheir own IP telephony handsets and other similar appliances supporting interactive voice services.

• Guest Voice Signaling (conditional)—used in network topologies that require a different policy forthe guest voice signaling than for the guest voice media. This application type should not beadvertised if the same network policies apply as those advertised in the Guest Voice applicationpolicy.

• Softphone Voice—used by softphone applications on typical data centric devices, such as PCs orlaptops. This class of endpoints frequently does not supportmultiple VLANs, if at all, and are typicallyconfigured to use an untagged VLAN or a single tagged data specific VLAN. When a network policyis defined for use with an untagged VLAN, the L2 priority field is ignored and only the DSCP valuehas relevance.

• Video Conferencing—used by dedicated video conferencing equipment and other similar appliancessupporting real-time interactive video/audio services.

• Streaming Video—used by broadcast ormulticast-based video content distribution and other similarapplications supporting streaming video services that require specific network policy treatment.Video applications relying on TCP with buffering would not be an intended use of this applicationtype.

17.8 802.1AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing thenetwork and maintaining an accurate network topology. LLDP capable devices discover each other byperiodically advertising their presence and configuration parameters through messages called TypeLength Value (TLV) fields to neighbor devices.

The LLDP can operate in one of the following three modes:

• Transmit-only mode—the device only transmits configuration parameters.• Receive-only mode—the device can only receive configuration parameters (from neighbor device).• Transmit and receive mode—the device can both transmit and receive configuration parameters.

It is possible to enable/disable the Rx and Tx parts separately.

The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs. The mandatory TLVs,optional basic TLVs are supported. None of the IEEE 802.1 Organizationally Specific TLVs are supported.

17.8.1 CDP AwarenessCDP awareness is disabled by default. The CDP operation is restricted to decoding incoming CDP frames.The switch does not transmit CDP frames. CDP frames are only decoded if LLDP is enabled on the port.

Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors' table are decoded.All other TLVs are discarded. Unrecognized CDP TLVs and discarded CDP frames are not shown in theLLDP statistics.

The CDP TLVs are mapped onto LLDP neighbors' table as follows:

• Device ID is mapped to the LLDP Chassis ID field.• Address is mapped to the LLDP Management Address field. The CDP address TLV can contain

multiple addresses, but only the first address is shown in the LLDP neighbors' table.


Management

• Port ID is mapped to the LLDP Port ID field.• Version and Platform is mapped to the LLDP System Description field.• Both the CDP and LLDP support system capabilities, but the CDP capabilities cover capabilities that

are not part of the LLDP. These capabilities are shown as others in the LLDP neighbor's table.

If all ports have CDP awareness disabled, the switch forwards CDP frames received from neighbordevices. If at least one port has CDP awareness enabled all CDP frames are terminated by the switch.

When CDP awareness on a port is disabled, the CDP information is not removed immediately, but getsremoved when the hold time is exceeded.

17.9 IP Management, DNS, and DHCPv4/v6The CEServices software IP stack can be configured to act either as a host or a router. In Host mode, IPtraffic between interfaces will not be routed. In Router mode, traffic is routed between all interfacesusing Unicast routing.

The system can be configured with zero or more IP interfaces. Each IP interface is associated with aVLAN, and the VLAN represents the IP broadcast domain. Each IP interface may be configured with anIPv4 and/or IPv6 address.

By default, all management interfaces are available on all configured IP interfaces. If this is not desirable,then management access filtering must be configured. For more information, see Management AccessFiltering on page 79.

The DHCP (IPv4 and/or IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address froma DHCP server.

A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time periodin seconds to obtain a DHCP address. After this lease expires, a configured IPv4 address will be used asthe IPv4 interface address.

The DHCP query process can be re-initiated on a VLAN.

The Rapid-Commit option is availablewhen aDHCPv6 client is used. If this option is enabled, theDHCPv6client terminates thewaiting process as soon as a Replymessagewith a Rapid Commit option is received.The IP (both v4 and v6) address of the DNS server can be provided as part of the IP configuration.

There is also an option to select the DNS proxy where the DUT relays DNS requests to the currentconfigured DNS server on DUT, and replies as a DNS resolver to the client device on the network whenenabled.

The software supports DHCPv6-shield defined in RFC 7610. DHCPv6-shield is amechanism for protectinghosts connected to a switched network against the rogue DHCPv6 servers. The basic concept behindDHCPv6-shield is that a layer 2 device filters DHCPv6messages intended for DHCPv6 clients (henceforth,"DHCPv6-server messages") based on a number of different criteria. The most basic filtering criteria isthat the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specificports of the layer 2 device, which are configured by the administrator. Another criteria is when DHCPpackets are received with unrecognized IPv6 Next Header values, administrator can configure to allowor deny these packets.

17.10 IPv6 Ready Logo Phase2The IPv6 Ready Logo Committee mission is to:

• define the test specifications for IPv6 conformance and interoperability testing.• provide access to self-test tools.• deliver the IPv6 Ready Logo.


Management

17.11 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCP/IP network and isbased on the Bootstrap protocol (BOOTP). It adds the capability of automatic allocation of reusablenetwork addresses and additional configuration options.

DHCP consists of two components: a protocol for delivering host-specific configuration parameters froma DHCP server to a host and a mechanism for allocation of network addresses to hosts. It is a client-server model where the DHCP client is the Internet host to obtain configuration parameters such asnetwork address. The DHCP server is the Internet host that allocates network address and returnsconfiguration parameters to the client. The DHCP server supports DHCP relay clients by processing theDHCP relay frames from a relay device.

17.12 ConsoleThe CEServices software uses the serial console to support the CLI for out of band management,debugging, and software upgrades.

17.13 System ManagementThe CEServices software can be supported in band through any of the front panel ports.

It is possible to create a separate dedicated configurable Management VLAN corresponding to a portfor managing the system. The system can be managed through Telnet, SSH, SNMP, RMON, and webinterfaces from this Management VLAN. However, there is no specific service port available on thedevice.

17.14 Crash File SupportThe CEServices software support has a provision to capture the crash file when the system has crashed.This is stored in the Flash and can bemanaged using the CLI interface to support the following operations.

• List the files on the Flash using the dir command• Read the file using the more command• Delete the file using the del command• Transfer the crash file to a remote server through TFTP using the copy command

17.15 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN. The HTTP/HTTPs,SNMP, and Telnet/ SSH interfaces can be restrictedwith this feature. Themaximummanagement accessfilter entries allowed is 16.

If the application's type matches any one of the access management entries, it will allow access to theswitch. The access management statistics can also be viewed.

17.16 sFlowsFlow is an industry standard technology for monitoring switched networks through random samplingof packets on switch ports and time-based sampling of port counters. The sampled packets and counters(referred to as flow samples and counter samples, respectively) are sent as sFlow UDP datagrams to acentral network trafficmonitoring server. This central server is called an sFlow receiver or sFlow collector.Additional information can be found at http://sflow.org.

17.17 Default ConfigurationThe user can also reset the configuration of the switch through web, CLI, or SNMP. Only the IPconfiguration is retained after resetting to factory defaults. The new configuration is availableimmediately, which means that no restart is necessary.


Management

17.18 Configuration Upload/DownloadThe switch software allows saving, viewing, or loading the switch configuration. XML configurationupload/download has been obsoleted by the industry standard configuration. For more information,see Industry Standard Configuration Support on page 73.

17.19 Loop Detection Restore toDefaultRestoring factory default can also be performed bymaking a physical loopback between port 1 and port2 within the first minute from switch reboot. In the first minute after boot, loopback packets will betransmitted at port 1.

If a loopback packet is received at port 2, the switch will restore to default.

17.20 Daylight SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations setfor a defined Daylight Saving Time duration. It is also called a summer time in several countries.

Typically clocks are adjusted forward one hour near the start of spring and are adjusted backward inautumn.

This feature is used to configure the settings to fit the daylight saving time.

17.21 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations.

17.22 SD/MMC Card SlotSD-MMC support has been added to the following:

• Serval1 reference (not redboot)• Serval1 Network Interface Device (NID) (not redboot)• Serval2 NID (both redboot and application)

SD-MMC can be used it for storing performance monitoring, EVC counter, MEP data for Persistingmeasurements (24H).

With the availability of SD/MMC and a new set of redboot commands, an SD card can be inserted inthe socket on a Serval1 REF or NID board. The SD card must be FAT-formatted.


Management

18 SNMPMIBs

The CEServices supports the following comprehensive set of private and standard MIBs.

The SNMPv3 is supported and is backward compatiblewith SNMPv2c and SNMP v1. TheMIB informationcan be viewed with the community name configured. For more information, see Simple NetworkManagement Protocol (SNMP) on page 74.

The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping.

# show snmp mib contextBRIDGE-MIB :- dot1dBase (.1.3.6.1.2.1.17.1)- dot1dTp (.1.3.6.1.2.1.17.4)Dot3-OAM-MIB :- dot3OamMIB (.1.3.6.1.2.1.158)ENTITY-MIB :- entityMIBObjects (.1.3.6.1.2.1.47.1)EtherLike-MIB :- transmission (.1.3.6.1.2.1.10)IEEE8021-BRIDGE-MIB:# show snmp mib ifmib ifIndex

Table 22 • ifIndex Descriptions

InterfaceifDescrifIndex

VLAN 1VLAN 11

GigabitEthernet 1/1Switch 1–port 11000001








2.5 GigabitEthernet 1/1Switch 1–port 91000009

2.5 GigabitEthernet 1/2Switch 1–port 1010000010


18.1 Private MIBsThe following private MIBs are supported.

• VTSS-1588-MIB• VTSS-ACCESS-MANAGEMENT-MIB• VTSS-ACL-MIB• VTSS-AGGR-MIB• VTSS-ARP-INSPECTON-MIB


SNMPMIBs

• VTSS-AUTH-MIB• VTSS-CDP-MIB• VTSS-DAY_LIGHT-SAVING-MIB• VTSS-DDMI-MIB• VTSS-DHCP-RELAY-MIB• VTSS-DHCP-SERVER-MIB• VTSS-DHCP-SNOOPING-MIB• VTSS-DHCPV6-CLIENT-MIB• VTSS-DNS-MIB• VTSS-EPS-MIB• VTSS-ERPS-MIB• VTSS-EVC-MIB• VTSS-FAN-MIB• VTSS-FIRMWARE-MIB• VTSS-GVRP-MIB• VTSS-HQOS-MIB• VTSS-HTTPS-MIB• VTSS-ICFG-MIB• VTSS-IPMC-MVR-MIB• VTSS-IPMC-PROFILE-MIB• VTSS-IPMC-SNOOPING-MIB• VTSS-IP-MIB• VTSS-LACP-MIB• VTSS-LLDP-MED-MIB• VTSS-LLDP-MIB• VTSS-LOOP-PROTECTION-MIB• VTSS-MAC-MIB• VTSS-MEP-MIB• VTSS-MPLS-TP-MIB• VTSS-MSTP-MIB• VTSS-MVR-MIB• VTSS-MVRP-MIB• VTSS-NTP-MIB• VTSS-NAS-MIB• VTSS-PORT-MIB• VTSS-PERFORMANCE-MONITOR-MIB• VTSS-POE-MIB• VTSS-PRIV-VLAN-MIB• VTSS-QOS-MIB• VTSS-RFC-4878-Link-OAM-MIB• VTSS-SFLOW-MIB5• VTSS-RFC2544-MIB• VTSS-RMIRROR-MIB• VTSS-SAM-Y1564-MIB• VTSS-SNTP-MIB• VTSS-SPROUT-MIB• VTSS-SSH-MIB• VTSS-SYNCE-MIB


SNMPMIBs

• VTSS-SYSLOG-MIB• VTSS-SYSUTIL-MIB• VTSS-THERMAL-MIB• VTSS-TTLOOP-MIB• VTSS-UDLD-MIB• VTSS-UPNP-MIB• VTSS-USERS-MIB• VTSS-VCL-MIB• VTSS-VLAN-MIB• VTSS-VLAN-TRANSLATION-MIB• VTSS-VOICE-VLAN-MIB


SNMPMIBs

Microsemi makes no warranty, representation, or guarantee regarding the information contained hereinor the suitability of its products and services for any particular purpose, nor does Microsemi assume anyliability whatsoever arising out of the application or use of any product or circuit. The products soldhereunder and any other products sold by Microsemi have been subject to limited testing and should notbe used in conjunction with mission-critical equipment or applications. Any performance specificationsare believed to be reliable but are not verified, and Buyer must conduct and complete all performanceand other testing of the products, alone and together with, or installed in, any end-products. Buyer shallnot rely on any data and performance specifications or parameters provided byMicrosemi. It is the Buyer'sresponsibility to independently determine suitability of any products and to test and verify the same. Theinformation provided by Microsemi hereunder is provided "as is, where is" and with all faults, and theentire risk associated with such information is entirely with the Buyer. Microsemi does not grant, explicitlyor implicitly, to any party any patent rights, licenses, or any other IP rights, whether with regard to suchinformation itself or anything described by such information. Information provided in this document isproprietary to Microsemi, and Microsemi reserves the right to make any changes to the information inthis document or to any products and services at any time without notice.

Microsemi HeadquartersOne Enterprise, Aliso Viejo,CA 92656 USA

Within the USA: +1 (800) 713-4113Outside the USA: +1 (949) 380-6100Fax: +1 (949) 215-4996Email: [email protected]

©2018Microsemi, awholly owned subsidiaryof Microchip Technology Inc. All rightsreserved. Microsemi and the Microsemi logoare trademarks of Microsemi Corporation. Allother trademarks and service marks are theproperty of their respective owners.

Microsemi, awholly owned subsidiary ofMicrochip Technology Inc. (Nasdaq:MCHP), offersa comprehensive portfolio of semiconductor and system solutions for aerospace&defense,communications, data center and industrial markets. Products include high-performanceand radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs;power management products; timing and synchronization devices and precise timesolutions, setting the world's standard for time; voice processing devices; RF solutions;discrete components; enterprise storage and communication solutions; securitytechnologies and scalable anti-tamper products; Ethernet solutions; Power-over-EthernetICs and midspans; as well as custom design capabilities and services. Learn more atwww.microsemi.com.

VPPD-04309

VSC6818-4.7 User Guide Revision 1.7

Date post:	08-Oct-2020
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

CEServicesSoftwareProductSpecificationww1.microchip.com/downloads/en/DeviceDoc/VPPD-04309_VSC681… ·...

Documents