ZTE ZXR10 T160G/T64G

ZXR10 T160G/T64G10-Gigabit Routing Switch

User Manual

Version 2.6

ZTE CORPORATION ZTE Plaza, Keji Road South, Hi-Tech Industrial Park, Nanshan District, Shenzhen, P. R. China 518057 Tel: (86) 755 26771900 800-9830-9830 Fax: (86) 755 26772236 URL: http://support.zte.com.cn E-mail: [email protected]

http://support.zte.com.cn/

mailto:[email protected]

LEGAL INFORMATION Copyright © 2005 ZTE CORPORATION. The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners. This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose, title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the information contained herein. ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject matter of this document. Except as expressly provided in any written license between ZTE CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter herein. The contents of this document and all policies of ZTE CORPORATION, including without limitation policies related to support or training are subject to change without notice.

Revision History

Date Revision No. Serial No. Description

20050511 R1.1 sjzl20052424

20070105 R1.2 sjzl20052424

ZTE CORPORATION Values Your Comments & Suggestions! Your opinion is of great value and will help us improve the quality of our product documentation and offer better services to our customers.

Please fax to: (86) 755-26772236; or mail to Publications R&D Department, ZTE CORPORATION, ZTE Plaza, A Wing, Keji Road South, Hi-Tech Industrial Park, Shenzhen, P. R. China 518057.

Thank you for your cooperation!

Document Name ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual

Product Version V2.6 Document

Revision Number R1.2

Equipment Installation Date

Presentation: (Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization, Appearance)

Good Fair Average Poor Bad N/A

Accessibility: (Contents, Index, Headings, Numbering, Glossary)


Your evaluation of this documentation

Intelligibility: (Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content)


Your suggestions for improvement of this documentation

Please check the suggestions which you feel can improve this documentation: Improve the overview/introduction Make it more concise/brief

Improve the Contents Add more step-by-step procedures/tutorials

Improve the organization Add more troubleshooting information

Include more figures Make it less technical

Add more examples Add more/better quick reference aids

Add more detail Improve the index

Other suggestions

__________________________________________________________________________

__________________________________________________________________________

__________________________________________________________________________

__________________________________________________________________________

__________________________________________________________________________

# Please feel free to write any comments on an attached sheet.

If you wish to be contacted regarding your comments, please complete the following:

Name Company

Postcode Address

Telephone E-mail

This page is intentionally blank.

Contents

About this User Manual...............................................................................i Purpose of this User Manual...................................................................................... i Introduction to this Manual....................................................................................... i Typographical Conventions......................................................................................iii Mouse Operation Conventions................................................................................. iv Safety Signs.......................................................................................................... iv How to Get in Touch ...............................................................................................v

Customer Support...................................................................................................................v Documentation Support...........................................................................................................v

Chapter 1........................................................................................ 1

Safety Instructions.....................................................................................1

Chapter 2........................................................................................ 3

Introduction to the System........................................................................3 Product Overview ...................................................................................................3 Functional Introduction............................................................................................4 Technical Features and Parameters ..........................................................................6

Chapter 3........................................................................................ 9

Structure and Principle ..............................................................................9 Working Principle....................................................................................................9 Hardware Structure ..............................................................................................10 Unit/Component Introduction ................................................................................14

Control Switching Board ........................................................................................................14 Line interface card.................................................................................................................16 Power Supply Module ............................................................................................................25 Fan Plug-in Box.....................................................................................................................27

Chapter 4...................................................................................... 29

Usage and Operation............................................................................... 29

Configuration Mode...............................................................................................29 Serial Interface Connection Configuration ...............................................................................30 Telnet Connection Configuration.............................................................................................32

SSH Connection Configuration ...............................................................................................35 SNMP Connection Configuration.............................................................................................40

Command Mode...................................................................................................41 Command Line Application ....................................................................................43

Online Help ...........................................................................................................................43 Command Abbreviation .........................................................................................................45 Command History .................................................................................................................45

Chapter 5...................................................................................... 47

System Management .............................................................................. 47 File System Management ......................................................................................47

Introduction to File System....................................................................................................47 File System Operation ...........................................................................................................48

Data Backup and Restoration.................................................................................51 Importing/Exporting Configuration .........................................................................52

Version Upgrade in the case of System Anomaly.....................................................................53 Version Upgrade when the System is Normal .........................................................................55

Setting System Parameters ...................................................................................56 Viewing System Information..................................................................................57

Chapter 6...................................................................................... 59

Port Configuration................................................................................... 59 Basic Port Configuration ........................................................................................59

Principle of Port Naming.........................................................................................................60 Configuring Basic Port Parameters..........................................................................................60 Show Port Information...........................................................................................................62 Line Diagnosis Analysis Test...................................................................................................64

Port Mirroring Configuration...................................................................................65 Port Mirroring Overview.........................................................................................................65 Port Mirroring Configuration ...................................................................................................65 Example of Configuring Port...................................................................................................66

Chapter 7...................................................................................... 69

VLAN Configuration................................................................................. 69 VLAN Overview ....................................................................................................69

VLAN Types ..........................................................................................................................70 VLAN Tab..............................................................................................................................70 VLAN Link Type.....................................................................................................................70 Default VLAN.........................................................................................................................71

VLAN Configuration...............................................................................................71 Example of VLAN Configuration..............................................................................74 PVLAN Configuration.............................................................................................75

QinQ Configuration ...............................................................................................76 SuperVLAN Configuration ......................................................................................78 VLAN Maintenance and Diagnosis...........................................................................80

Chapter 8...................................................................................... 83

MAC Table Operation............................................................................... 83 MAC Address Table Overview.................................................................................83

The Composition and Meaning of MAC Address Table..............................................................83 MAC Address Categories........................................................................................................84 MAC Address Table Creation and Deletion...............................................................................84 Setting MAC Address Aging Time ...........................................................................................86 Burning MAC Address............................................................................................................86 Binding MAC Address to Port..................................................................................................87 Enable Port MAC Address Learning.........................................................................................87 Limit Number of Port MAC Address.........................................................................................87 Port MAC Address Learning Protection....................................................................................88 MAC Address Filtering............................................................................................................88 View MAC Address Table........................................................................................................89

Examples of MAC Address Table Configuration ........................................................90

Chapter 9...................................................................................... 93

STP Configuration.................................................................................... 93

STP Overview.......................................................................................................93 SSTP Mode ...........................................................................................................................93 RSTP Mode ...........................................................................................................................94 MSTP Mode...........................................................................................................................94

Configuring STP....................................................................................................96 Enable/Disable STP ...............................................................................................................96 Configuring STP Mode............................................................................................................96 Configuring STP Protocol Parameters......................................................................................96 Creating Instances ................................................................................................................97 Update MST Configuration Name and Configuration Version....................................................98 Configuring Switch Priority and Port Priority ............................................................................98 Configuring Whether a Port in STP Protocol Participates in Spanning Tree Calculation ...............99

Instances of Configuring STP .................................................................................99 Instance 1.............................................................................................................................99 Instance 2...........................................................................................................................101

STP Maintenance and Diagnosis........................................................................... 101

Chapter 10..................................................................................103

Link Aggregation Configuration............................................................ 103

Overview of Link Aggregation .............................................................................. 103

Configuring Link Aggregation............................................................................... 104 Instances of Configuring Link Aggregation ............................................................ 105 Link Aggregation Maintenance and Diagnosis ........................................................ 106

Chapter 11..................................................................................109

IGMP Snooping Configuration .............................................................. 109 Overview of IGMP Snooping ................................................................................ 109

Join a Multicast Group..........................................................................................................110 Leave a Multicast Group.......................................................................................................110 Fast Leave ..........................................................................................................................110

Configuring IGMP Snooping ................................................................................. 110 Basic Configuration..............................................................................................................110 Configure Proxy Querier.......................................................................................................111 Limit Multicast Group...........................................................................................................112 Static Configuration.............................................................................................................112 Modify Default Time.............................................................................................................112

Instances of IGMP Snooping Configuration............................................................ 113 IGMP Snooping Maintenance and Diagnosis .......................................................... 113

Chapter 12..................................................................................115

Network Protocol Configuration........................................................... 115 IP Address ......................................................................................................... 115

Introduction to IP Address ...................................................................................................115 Basic Configuration of IP Address .........................................................................................116 Instances of IP Address Configuration ..................................................................................117

ARP Configuration............................................................................................... 117 Overview of ARP..................................................................................................................117 Basic Configuration of ARP...................................................................................................117 Instances of configuring ARP................................................................................................118

Chapter 13..................................................................................119

Static Route Configuration.................................................................... 119 Basic Configuration of Static Route....................................................................... 119 Instance of Static Route Configuration.................................................................. 120

Configuring Static Route ......................................................................................................120 Summarizing Static Routes..................................................................................................121 Default Route Configuration.................................................................................................121

Maintenance and Diagnosis of Static Route ........................................................... 123

Chapter 14..................................................................................125

RIP Configuration.................................................................................. 125

Overview of RIP.................................................................................................. 125

RIP Fundamentals ...............................................................................................................125 Metric and Administrative Distance.......................................................................................125 Timer..................................................................................................................................126 Route Update......................................................................................................................126

Configuring RIP .................................................................................................. 126 Basic Configuration..............................................................................................................127 Enhanced Configuration.......................................................................................................127 Version:..............................................................................................................................128

Instances of configuring RIP ................................................................................ 128 RIP Maintenance and Diagnosis ........................................................................... 129

Chapter 15..................................................................................131

OSPF Configuration............................................................................... 131 OSPF overview ................................................................................................... 131

OSPF Fundamental..............................................................................................................131 OSPF Algorithm...................................................................................................................132 OSPF Network Types...........................................................................................................132 Hello Packet and Timer........................................................................................................133 OSPF Neighbor....................................................................................................................133 Adjacency and Designated Router........................................................................................133 Router Priority and DR Election ............................................................................................134 OSPF Area ..........................................................................................................................134 LSA Types and Diffusion ......................................................................................................135 Stub Area and Totally Stubby Area.......................................................................................135 Not-So-Stubby Area............................................................................................................136 OSPF Authentication............................................................................................................136

Configuring OSPF................................................................................................ 136 Basic Configuration..............................................................................................................136 Configure Basic Attributes of Interface..................................................................................137 Configure Neighbor Router...................................................................................................138 Set OSPF Area ....................................................................................................................138 Configure Inter-area Route Convergence..............................................................................138 Generate Default Route .......................................................................................................139 Configure Virtual Link ..........................................................................................................139 Redistribute Other Routing Protocols ....................................................................................139 Configure Route Convergence of Route Redistribution...........................................................140 Configure OSPF Authentication.............................................................................................140 Configure Routes Supporting Opaque LSA............................................................................140 Modify OSPF Administrative Distance....................................................................................141

Instances of Configuring OSPF............................................................................. 141 Basic OSPF Configuration.....................................................................................................141 Configure Multiple-area OSPF...............................................................................................142

Configure OSPF Virtual Link .................................................................................................144 Configure OSPF Authentication.............................................................................................145

OSPF Maintenance and Diagnosis......................................................................... 146

Chapter 16..................................................................................149

IS-IS Configuration............................................................................... 149 IS-IS Overview................................................................................................... 149

IS-IS Fundamental..............................................................................................................149 IS-IS Area...........................................................................................................................150 IS-IS Network Types ...........................................................................................................151 DIS and Router Priority........................................................................................................151

Configuring IS-IS................................................................................................ 151 Configuring Basic IS-IS........................................................................................................151 Set IS-IS Global Parameters ................................................................................................152 Set IS-IS Interface Parameters ............................................................................................153 Configuring IS-IS Authentication..........................................................................................155

Instances of Configuring IS-IS ............................................................................. 156 Single-Area IS-IS Configuration ...........................................................................................156 Multiple-Area IS-IS Configuration.........................................................................................157

IS-IS Maintenance and Diagnosis......................................................................... 160

Chapter 17..................................................................................163

BGP Configuration................................................................................. 163

BGP Overview .................................................................................................... 163 Configuring BGP ................................................................................................. 164

Basic BGP Configuration ......................................................................................................164 Advertising BGP Routes .......................................................................................................165 Advertising BGP Aggregation ...............................................................................................167 Configuring EBGP Multihop...................................................................................................168 Filtering Routes via the Route Map .......................................................................................169 Filtering Routes via NLRI......................................................................................................170 Filtering Routes via AS_PATH...............................................................................................170 LOCAL_PREF Attribute.........................................................................................................171 MED Attribute .....................................................................................................................173 Community String Attribute .................................................................................................175 BGP Synchronization ...........................................................................................................175 BGP Route Reflector ............................................................................................................177 BGP Confederation ..............................................................................................................178 BGP Route Dampening ........................................................................................................180

Example of Configuring BGP ................................................................................ 180 BGP Maintenance and Diagnosis .......................................................................... 182

Chapter 18..................................................................................185

Multicasting Route Configuration......................................................... 185

Multicast Overview.............................................................................................. 185 Multicast Address ................................................................................................................186 IGMP ..................................................................................................................................186 Multicast Tree......................................................................................................................186 PIM-SM...............................................................................................................................187 MSDP .................................................................................................................................188

Configuring Public Multicast ................................................................................. 189 Configuring IGMP................................................................................................ 189

Configuring IGMP Versions...................................................................................................190 Configuring IGMP Groups on Interfaces ................................................................................190 Configuring IGMP Timers .....................................................................................................191

Configuring PIM-SM............................................................................................ 192 PIM-SM Basic Configurations................................................................................................192 Enhanced PIM-SM Configurations.........................................................................................193

Configuring MSDP............................................................................................... 195 Basic MSDP Configuration....................................................................................................195 Enhanced MSDP Configurations............................................................................................196

Example of Configuring Multicasting ..................................................................... 197 Multicasting Maintenance and Diagnosis ............................................................... 199

Common Show Commands .................................................................................................199 IGMP ..................................................................................................................................200 PIM-SM...............................................................................................................................201 MSDP .................................................................................................................................203

Chapter 19..................................................................................205

ACL Configuration ................................................................................. 205 ACL Overview..................................................................................................... 205 Configuring ACLs ................................................................................................ 206

Configure a Time Range ......................................................................................................206 Defining ACLs......................................................................................................................206 Applying ACLs to Physical Ports............................................................................................211

Examples of Configuring ACL............................................................................... 211 ACL Maintenance and Diagnosis........................................................................... 213

Chapter 20..................................................................................215

QoS Configuration ................................................................................. 215 QoS Overview .................................................................................................... 215

Traffic Classification .............................................................................................................216 Traffic Monitoring and Control ..............................................................................................216 Traffic Shaping....................................................................................................................216 Queue Scheduling and Default 802.1p Priority ......................................................................217

Redirection and Policy Routing .............................................................................................217 Priority Tagging...................................................................................................................218 Traffic Mapping....................................................................................................................218 Traffic Statistics...................................................................................................................218

Configuring QoS ................................................................................................. 218 Traffic Monitoring and Control ..............................................................................................218 Traffic Shaping....................................................................................................................219 Queue Scheduling and Default 802.1p Priority ......................................................................220 Redirection and Policy Routing .............................................................................................220 Priority Tagging...................................................................................................................221 Traffic Mapping....................................................................................................................221 Traffic Statistics...................................................................................................................222

Example of Configuring QoS ................................................................................ 222 Example of a Typical QoS Configuration................................................................................222 Example of Configuring Policy Routing..................................................................................224

QoS Maintenance and Diagnosis .......................................................................... 225

Chapter 21..................................................................................227

DHCP Configuration............................................................................... 227

DHCP Overview.................................................................................................. 227 Configuring DHCP............................................................................................... 228 Examples of Configuring DHCP ............................................................................ 230

Example of Configuring a DHCP Server.................................................................................230 Example of Configuring DHCP Relay.....................................................................................230

DHCP Maintenance and Diagnosis ........................................................................ 231

Chapter 22..................................................................................233

VRRP Configuration............................................................................... 233 VRRP Overview .................................................................................................. 233 Configuring VRRP ............................................................................................... 234 Examples of Configuring VRRP............................................................................. 235

Basic VRRP Configuration.....................................................................................................235 Symmetric VRRP Configuration ............................................................................................236

VRRP Maintenance and Diagnosis......................................................................... 237

Chapter 23..................................................................................239

Load Balance Configuration.................................................................. 239 Load Balance Overview ....................................................................................... 239 Configuring Load Balance .................................................................................... 240 Examples of Configuring Load Balance.................................................................. 240

Static Route ........................................................................................................................241 OSPF ..................................................................................................................................242

Load Balance Maintenance and Diagnosis ............................................................. 243

Chapter 24..................................................................................245

Network Management Configuration ................................................... 245 NTP................................................................................................................... 245

NTP Overview .....................................................................................................................245 Configuring NTP ..................................................................................................................245 Examples of Configuring NTP ...............................................................................................246

RADIUS Authentication ....................................................................................... 247 RADIUS Overview ...............................................................................................................247 Configuring RADIUS ............................................................................................................247 Example of Configuring RADIUS...........................................................................................247 SNMP Overview...................................................................................................................248 Configuring SNMP................................................................................................................248 Example of Configuring SNMP..............................................................................................250

Remote Monitoring ............................................................................................. 250 Remote Monitoring Overview...............................................................................................250 Configuring RMON...............................................................................................................250 Examples of Configuring RMON............................................................................................251

System Log........................................................................................................ 253 SysLog Overview.................................................................................................................253 Configuring SysLog..............................................................................................................253 Example of Configuring SysLog............................................................................................254

Acronyms and Abbreviations.....................................................255

Figures........................................................................................259

Tables .........................................................................................261


Confidential and Proprietary Information of ZTE CORPORATION i

About this User Manual

Purpose of this User Manual ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual is applicable to ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch (ZXR10 T160G/T64G for short, and in the general part, it is also called switch). The accessory manuals of ZXR10 T160G/T64G include:

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Installation Manual

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Command Manual (Functional Architecture Volume)

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Command Manual (Protocol Suites Volume)

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Command Manual (System Management Volume)

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Information Manual

Introduction to this Manual This manual introduces various functional configurations of ZXR10 T160G/T64G 10-Gigabit Routing Switch.

This manual consists of 24 chapters and one appendix.

Chapter 1 consists of Safety Instructions: introduces the safety instructions and safety signs.

Chapter 2 consists of Introduction to the System of ZXR10 T160G/T64G system.

Chapter 3 consists of Structure and Principle: introduces ZXR10 T160G/T64G structure and principle.

Chapter 4 consists of Usage and Operation: in this chapter, you will learn about the configuration mode, command mode, and command line usage of ZXR10 T160G/T64G.


ii Confidential and Proprietary Information of ZTE CORPORATION

Chapter 5 consists of System Management: introduces the ZXR10 T160G/T64G system management.

Chapter 6 consists of Port Configuration: introduces the configuration of port parameter and port mirror.

Chapter 7 consists of VLAN Configuration: introduces basic configuration and extended configuration of VLAN.

Chapter 8 consists of MAC Table Operation: introduces MAC table and MAC-address-related configuration.

Chapter 9 consists of STP Configuration: introduces the configuration of STP.

Chapter 10 consists of Link Aggregation Configuration: introduces LACP and static trunk configuration.

Chapter 11 consists of IGMP Snooping Configuration: introduces the configuration of IGMP Snooping.

Chapter 12 consists of Network Protocol Configuration: introduces IP address and ARP configuration.

Chapter 13 consists of Static Route Configuration: introduces the configuration of static route.

Chapter 14 consists of RIP Configuration: introduces the configuration of RIP.

Chapter 15 consists of OSPF Configuration: introduces the configuration of OSPF.

Chapter 16 consists of IS-IS Configuration: introduces the configuration of IS-IS protocol.

Chapter 17 consists of BGP Configuration: introduces the configuration of BGP.

Chapter 18 consists of Multicast Route Configuration: introduces the configuration of multicast routing protocol.

Chapter 19 consists of ACL Configuration: introduces the configuration of ACL.

Chapter 20 consists of QoS Configuration: introduces the configuration of QoS.

Chapter 21 consists of DHCP Configuration: introduces the configuration of DHCP.

Chapter 22 consists of VRRP Configuration: introduces the configuration of VRRP.

Chapter 23 consists of Load Balance Configuration: introduces the configuration of load sharing function.


Confidential and Proprietary Information of ZTE CORPORATION iii

Chapter 24 consists of Network Management Configuration: introduces frequently used functions in the network management including NTP, RADIUS authentication, SNMP, RMON and system log configuration.

Appendix A consists of Acronyms and Abbreviations.

Typographical Conventions ZTE documents employ with the following typographical conventions.

T AB L E 1 TY P O G R AP H I C AL C O N V E N T I O N S

Typeface Meaning

Italics References to other guides and documents.

“Quotes” Links on screens.

Bold Menus, menu options, function names, input fields, radio button names, check boxes, drop-down lists, dialog box names, window names.

CAPS Keys on the keyboard and buttons on screens and company name.

Constant width Text that you type, program code, files and directory names, and function names.

[ ] Optional parameters

{ } Mandatory parameters

| Select one of the parameters that are delimited by it

Note: Provides additional information about a certain topic.

Checkpoint: Indicates that a particular step needs to be checked before proceeding further.

Tip: Indicates a suggestion or hint to make things easier or more productive for the reader.


iv Confidential and Proprietary Information of ZTE CORPORATION

Mouse Operation Conventions T AB L E 2 M O U S E OP E R AT I O N C O N V E N T I O N S

Safety Signs T AB L E 3 S AF E T Y S I G N S

Safety Signs Meaning

Danger: Indicates an imminently hazardous situation, which if not avoided, will result in death or serious injury. This signal word should be limited to only extreme situations.

Warning: Indicates a potentially hazardous situation, which if not avoided, could result in death or serious injury.

Caution: Indicates a potentially hazardous situation, which if not avoided, could result in minor or moderate injury. It may also be used to alert against unsafe practices.

Erosion: Beware of erosion.

Electric shock: There is a risk of electric shock.

Electrostatic: The device may be sensitive to static electricity.

Microwave: Beware of strong electromagnetic field.

Laser: Beware of strong laser beam.

No flammables: No flammables can be stored.

Typeface Meaning

Click Refers to clicking the primary mouse button (usually the left mouse button) once.

Double-click Refers to quickly clicking the primary mouse button (usually the left mouse button) twice.

Right-click Refers to clicking the secondary mouse button (usually the right mouse button) once.

Drag Refers to pressing and holding a mouse button and moving the mouse.


Confidential and Proprietary Information of ZTE CORPORATION v

Safety Signs Meaning

No touching: Do not touch.

No smoking: Smoking is forbidden.

How to Get in Touch The following sections provide information on how to obtain support for the documentation and the software.

Customer Support If you have problems, questions, comments, or suggestions regarding your product, contact us by e-mail at [email protected]. You can also call our customer support center at (86) 755 26771900 and (86) 800-9830-9830.

Documentation Support ZTE welcomes your comments and suggestions on the quality and usefulness of this document. For further questions, comments, or suggestions on the documentation, you can contact us by e-mail at [email protected]; or you can fax your comments and suggestions to (86) 755 26772236. You can also explore our website at http://support.zte.com.cn, which contains various interesting subjects like documentation, knowledge base, forum and service request.



http://support.zte.com.cn/


vi Confidential and Proprietary Information of ZTE CORPORATION

This page is intentionally blank

Confidential and Proprietary Information of ZTE CORPORATION 1

C h a p t e r 1

Safety Instructions

In this chapter, you will learn about safety instructions and signs.

Only qualified professionals can perform installation, operation and maintenance owing to the high temperature and high voltage in the equipment.

Please observe the local safety codes and relevant operation procedures in equipment installation, operation and maintenance; otherwise personal injury or equipment damage could be caused. The safety precautions introduced in this Manual are only supplementary to the local safety codes.

ZTE shall not bear any liabilities incurred by violation of the universal safety operation requirements or violation of the safety standards for designing, manufacturing and using the equipment.


2 Confidential and Proprietary Information of ZTE CORPORATION



C h a p t e r 2

Introduction to the System

This chapter introduces ZXR10 T160G/T64G, at the same time, it describes

the diversified functions of software and hardware provided by ZXR10

T160G/T64G in detail.

Product Overview

Function introduction

Technical Features and Parameters

Product Overview ZXR10 T160G/T64G is an Ethernet routing switch developed by ZTE

Corporation which can be applicable to the backbone layer or convergence

layer of MAN and can also server as backbone/convergence layer switch in

corporate network and campus network.

ZXR10 T160G/T64G provides the interfaces including fast Ethernet, gigabit

Ethernet and 10-gigabit and supports L2/L3 wire-speed forwarding of all

ports. Therefore, it can satisfy the increasing requirements for bandwidth.

ZXR10 T160G/T64G also supports multiple unicast and multicasting

protocols.

The service categories carried by data network increase rapidly with the

development of network, which requires higher QoS and better security for

network equipment. ZXR10 T160G/T64G provides abundant policies and

resources regarding QoS and ACL, assuring QoS and system security.

As the important switching node of backbone/convergence layer, ZXR10

T160G/T64G provides the hot-backup function of power module and control



& switching module, therefore, it is applicable to large-capacity network with

high reliability.

It has the following characteristics:

Carrier-class reliability

Full-wire-speed forwarding and filtering capability

Supports abundant network protocols

Open architecture, supporting high upgrading performance

Functional Introduction ZXR10 T160G/T64G adopts the structure of standard 19-inch plug-in box.

ZXR10 T160G has 10 plug-in slots, two of which are slots for control and

switching board, and the other eight ones are slots for line interface card.

ZXR10 T64G has 6 plug-in slots, one of which is slot for control and switching

board, four of which are for line interface card, and the left one can serve as

the slot for control and switching board or line interface card.

Control and switching board is the core of the system implementing the

functions including switching, protocol processing, system configuration

management and network management interface; it can perform 1+1

redundancy configuration.

Line interface card performs the operations of message processing including

forwarding, discarding, and reporting to implement wire-speed forwarding of

service flow. ZXR10 T160G/T64G supports line interface cards of multiple

categories and port density.

One port 10-gigabit Ethernet optical interface board

Two-port 10-gigabit Ethernet optical interface board

Twelve-port gigabit Ethernet optical interface board

Twenty-four-port gigabit Ethernet optical interface board

Twelve-port gigabit Ethernet electrical interface board

Twenty-four-port gigabit Ethernet electrical interface board

44+4 fast Ethernet electrical interface board

ZXR10 T160G/T64G implements full-wire-speed Layer2/3 switching function

and supports multiple protocols.

Chapter 2 Introduction to the System


ZXR10 T160G/T64G provides the following functions which are given below:

Physical interface

Supports the configuration of port rate, duplex mode, and

self-adaptive

Supports port mirroring

Supports broadcast storm suppression

Supports line diagnosis analysis test

VLAN

Supports the VLAN based on port

Supports IEEE 802.1Q, the maximum of VLAN is 4094

Supports PVLAN

Supports VLAN double layer tab

Supports SuperVLAN

Layer 2 protocol

Supports STP, RSTP and MSTP

Supports static Trunk and LACP

Supports IGMP Snooping

Routing Protocol

Supports the unicast protocols including static routing, RIP v1/v2,

OSPF, IS-IS, and BGP

Supports multicasting protocols including IGMP v1/v2, PIM-SM, and

MSDP

ACL

Supports standard ACL, extended ACL, Layer 2 ACL and mixed ACL

Supports ACL time segment restriction

QoS

Supports 802.1p priority

Supports SP and WRR queue dispatching mode

Supports traffic monitoring and management

Supports flow-based redirection

Supports flow mirroring and traffic statistic



Access authentication

Supports Radius Client

Supports DHCP Relay and DHCP Server

Reliability

Supports VRRP

Supports routing load sharing

Network Management

Supports CLI configuration mode

Supports configuring via Console, Telnet, and SSH

Supports SNMP and RMON

Supports ZXNM01 universal network management system

Technical Features and Parameters Technical features and parameters of ZXR10 T160G/T64G are listed in Table

4.

T AB L E 4 ZXR10 T160G/T64G TE C H N I C AL FE AT U R E S AN D P AR AM E T E R S

Item Description

Dimensions ZXR10 T160G: 577mm (H)× 442mm (W) ×450mm (D) ZXR10 T64G:

443.7mm(H)× 442mm(W)× 450mm(D)

Weight ZXR10 T160G: 49kg

ZXR10 T64G: 46kg

Power Supply DC: 100V~240V, 50Hz ~60Hz AC: -57V~-40V

Power

Consumption

ZXR10 T160G the total power consumption fully configured is 1200W

ZXR10 T64G total power consumption of full configuration is 720W

Reliability

MTBF>200000 Hours

MTTR< 30 minutes

All boards support hot swap, control switching board, and power

redundancy backup

Chapter 2 Introduction to the System


Item Description

Lightening

Protection 4KV

Ambient

Temperature

Working ambient temperature: -5ºC~+45ºC

Storing ambient temperature: -40ºC~+70ºC

Ambient

Humidity Relative humidity 20%~90%, non-condensing

Memory

Capacity

ZXR10 T160G: 512M

ZXR10 T64G: 256M

Backplane

Bandwidth

ZXR10 T160G: 1.44Tbps

ZXR10 T64G: 810Gbps

Switching

Capacity

ZXR10 T160G: 1152Gbps

ZXR10 T64G: 576Gbps

Packet

Forwarding

Rate

ZXR10 T160G: 576M

ZXR10 T64G: 360M

Routing table

entries 500K

MAC address

table depth 64K





C h a p t e r 3

Structure and Principle

This chapter describes ZXR10 T160G/T64G including:

Overall Structure and Working Principles

Control switching board

Line interface card

Power supply module

Fan plug-in box

Working Principle ZXR10 T160G/T64G is a large-capacity rack mountable Ethernet switch,

which implements wire-speed Layer2/3 switching via two-level hardware

switching. Level 1 switching is between ports of line interface cards; level 2

switching between line interface cards is implemented via control switching

board.

ZXR10 T160G/T64G hardware design complies with the principle of system

modulization, which, according to function system, includes the following

four modules:

Control module: is composed of main processor and some external

functional chips, which implements processing to applications of the

system. It provides various operational interfaces including serial

interface and Ethernet interface to perform data operation and

maintenance.



Switching module: It provides multiplex high-speed bi-directional serial

interface to implement wire-speed data switch between line interface

cards.

Packet processing and interface module: Interface module is the external

interface of ZXR10 T160G/T64G, providing one or multiple physical ports.

Different line interface cards can implement access of different rates and

types.

Power supply module: It adopts 220V AC power supply or –48V DC power

supply, providing power for other parts of the system.

Abridged General View of ZXR10 T160G/T64G system principle is shown in

Figure 1.

F I G U R E 1 ZXR10 T160G/T64G S K E T C H M AP O F S Y S T E M P R I N C I P L E

High-speed XAUIInterface


Line InterfaceCard 5

High-speedXAUI Interface








SwitchingNetwork

Control ModulePower Supply

.... ....


Hardware Structure ZXR10 T160G/T64G system is composed of chassis, power supply plug-in

box, board, fan plug-in box and backplane. The system adopts international

standard 19-inch plug-in box, which can lay-out solely or fix in standard

chassis.

Chapter 3 Structure and Principle


ZXR10 T160G and ZXR10 T64G adopt same hardware structure with

control/switching board and various line interface cards shared, only the

number of line interface cards supported are different. In ZXR10 T160G, 8

line interface cards can be plugged in; while in ZXR10 T64G, when

master/slave control is not needed, 5 line interface cards can be plugged in,

and when master/slave control is needed, 4 line interface cards can be

plugged in.

The location of ZXR10 T160G components is shown in Figure 2, and the

corresponding front panel is as shown in Figure 3.

F I G U R E 2 AB R I D G E D GE N E R A L V I E W O F ZXR10 T160G C O M P O N E N T S P O S I T I O N

19"

AC/DCModule

AC/DCModule

AC/DCModule

Line Interface Card

Line Interface Card

Line Interface Card

Line Interface Card

Line Interface Card

Line Interface Card

Line Interface Card

Line Interface Card

Controlled Switching Card

Controlled Switching CardFan



F I G U R E 3 ZXR10 T160G FR O N T P AN E L

The position of ZXR10 T64G components is shown in Figure 4, and the

corresponding front panel is as shown in Figure 5.



F I G U R E 4 AB R I D G E D GE N E R A L V I E W O F ZXR10 T64G C O M P O N E N T S P O S I T I O N

19"

AC/DCModule

AC/DCModule

AC/DCModule

Line Interface Card

Controlled Switching Card

Controlled Switching Card/Line Interface Card

Line Interface Card

Line Interface Card

Line Interface Card

Fan

F I G U R E 5 ZXR10 T64G FR O N T P AN E L



Unit/Component Introduction Control Switching Board Control switching board (MCS) is the core of ZXR10 T160G/T64G,

implementing the functions of control module and switching module. The

control switching board provides the function of master/slave switchover; it

can also perform 1+1 redundancy configuration.

The front panel of ZXR10 T160G MCS is shown in Figure 6; the front panel of

ZXR10 T64G MCS is shown in Figure 7.

F I G U R E 6 TH E F R O N T P AN E L O F ZXR10 T160G MCS

F I G U R E 7 TH E F R O N T P AN E L O F ZXR10 T64G MCS

Interface

Console Interface

Console interface is used to connect background management terminal, on

which it performs operation and maintenance to ZXR10 T160G/T64G via

tools such as Super Terminal. Console interface is a RJ45 socket, connected

to COM port of background management terminal via serial cable. One end

of serial cable connecting ZXR10 T160G/T64G is RJ45 connector, the other

end connecting background management terminal is DB9 female connector.

10/100Base-TX Ethernet interface

10/100Base-TX Ethernet interface (MGT) on the control switching board is

the management interface connecting background, which can be used as the

switch outband NM interface.



The characteristics of 10/100Base-TX Ethernet interface are shown in Table

5.

T AB L E 5 FE A T U R E S O F F AS T E T H E R N E T MAN AG E M E N T IN T E R F AC E

Port Type Characteristics

10/100Base-TX In compliance with IEEE 802.3/802.3u standard, RJ45 connector

Using UTP5, the maximum transmission distance is 100m

LEDs

The functions of the twenty-eight LEDs in the front panel of control switching

board are described in Table 6.

T AB L E 6 FU N C T I O N AL D E S C R I P T I O N O F F R O N T P AN E L LED S I N T H E C O N T R O L S W I T C H I N G

B O AR D

LEDs Description

RUN

Off, the interface board of corresponding line is faulty or off

position

Blinking, the interface board of corresponding line is working

normally 1~8

ALM

Off, the interface board of corresponding line alarm cleared or

is off position

On, corresponding line interface card alarms

RUN Off, corresponding power module is faulty or off position

On, the corresponding power module is working normally

PWR1~3

ALM

Off, corresponding power module alarm cleared or is off

position

On, the corresponding power module alarms

RUN Off, the control switching board is faulty

Blinking, the control switching board is working normally MST

ALM Off, the control switching board alarm cleared

On, the control switching board alarms

RES RUN On, the board is in standby status

Off, the board is in active status



ALM On, active/standby status anomaly

Off, active/standby status is normal

ACT Blinking, data transmission and reception in the interface

LINK On, the interface link created

Off, the interface is disconnected from others

Buttons

The functions of the two buttons in the front panel of control switching board

are described in Table 7.

T AB L E 7 FU N C T I O N AL D E S C R I P T I O N O F B U T T O N S I N T H E C O N T R O L S W I T C H I N G B O AR D

Buttons Function

RST Board reset button, for resetting the whole board

EXCH

Board switchover button, switch the control switching board as

standby, If press the button in the standby board, the system will not

perform any operation

Line interface card ZXR10 T160G/T64G line interface card includes: Fast Ethernet interface

board, gigabit Ethernet interface board and 10gigabit Ethernet interface

board. The optical interface of line interface card adopts pluggable optical

module, supporting various transmission media and transmission distance.

44+4 Fast Ethernet Electrical Interface Board

44+4 fast Ethernet electrical interface board provides 44 fast Ethernet

electrical interfaces and 4 gigabit Ethernet electrical interfaces, totally 48

Ethernet electrical interfaces, in which, fast Ethernet electrical interface

supports 10/100M self-adaptive, gigabit Ethernet electrical interface

supports 10/100/1000M self-adaptive.

Powerful NP (Network Processor) can be added to the board based on actual

demands to process packet from L2 to L7, to meet the complex application in

practical networking.

The front panel is shown in Figure 8.



F I G U R E 8 FR O N T P AN E L O F 44+4 F AS T E T H E R N E T E L E C T R I C AL I N T E R F AC E B O AR D

The characteristics of 44 +4 fast Ethernet electrical interface board are

shown in Table 8.

T AB L E 8 C H A R AC T E R I S T I C S O F 44+4 F AS T E T H E R N E T EL E C T R I C AL I N T E R F AC E B O A R D


10/100Base-TX

In compliance with IEEE 802.3/802.3u standard RJ45 connector


MDI/MDIX

1000Base-T

In compliance with IEEE 802.3/802.3z standard, RJ45 connector


MDI/MDIX

The functions of forty-eight ports corresponding to the 48 LEDs in the front

panel of 44+4 fast Ethernet interface board are described in Table 9:

T AB L E 9 FU N C T I O N AL D E S C R I P T I O N O F F R O N T P AN E L LED S I N 44+4 F AS T E T H E R N E T

I N T E R F AC E B O AR D


LINK/ACT

On, the port link is created

Off, the port is disconnected from others

Blinking, data transmission and reception in the port

Twelve-port Gigabit Ethernet Optical Interface Board

Twelve-port gigabit Ethernet optical interface board provides 12 gigabit

Ethernet optical interfaces, 4 of which support Optoelectronic self-adaptive.







F I G U R E 9 FR O N T P AN E L V I E W O F T W E L V E-P O R T G I G AB I T E T H E R N E T O P T I C AL I N T E R F AC E

The optical module used by gigabit Ethernet optical interface is pluggable

SFP optical module. Every port supports four kinds of common distances

used by gigabit Ethernet, as shown in Table 10.

T AB L E 10 C H AR AC T E R I S T I C S O F T W E L V E -P O R T G I G AB I T E T H E R N E T O P T I C AL I N T E R F AC E

B O AR D


SX(SFP-M500)

LC connector, multi-mode optical fiber, with the wavelength of

850nm, maximum transmission distance is 500m

Transmission power range: -9.5dBm~-4dBm, receiving

sensitivity<-18dBm

LX(SFP-S10K)

LC connector, single-mode optical fiber, with the wavelength of

1310nm, maximum transmission distance is 10km


sensitivity<-20dBm

LH(SFP-S40K)

LC connector, singlemode optical fiber, with the wavelength of


Transmission power range: -4dBm~0dBm, receiving

sensitivity<-22dBm

LH(SFP-S80K)

LC connector, singlemode optical fiber, with the wavelength of


Transmission power range: 0dBm~5dBm, receiving

sensitivity<-22dBm

1000Base-T RJ45 connector, using UTP5

There are 32 LEDs in front panel of 12-port gigabit Ethernet optical interface

board, with each has two LEDs. The functions are described in Table 11.

T AB L E 11 FU N C T I O N AL D E S C R I P T I O N O F F R O N T P AN E L LED S I N 12 -P O R T G I G AB I T

E T H E R N E T O P T I C AL I N T E R F AC E B O AR D




LINK On, the port link is created


ACT Off, no data transmission or reception in the port


Twenty-four-port Gigabit Ethernet Optical Interface Board

Twenty-four-port gigabit Ethernet optical interface board provides 24 gigabit

Ethernet optical interfaces, 4 of which support Optoelectronic self-adaptive.


F I G U R E 10 FR O N T P AN E L V I E W O F T W E N T Y-F O U R -P O R T G I G AB I T E T H E R N E T O P T I C AL


Optical module used by gigabit Ethernet optical interface is pluggable SFP

optical module. Every port supports four kinds of common distances used by

gigabit Ethernet, as shown in Table 12.

T AB L E 12 C H AR AC T E R I S T I C S O F T W E N T Y -F O U R -P O R T G I G AB I T E T H E R N E T O P T I C AL



SX(SFP-M500)

LC connector, multiple-mode optical fiber, with the wavelength of



sensitivity<-18dBm

LX(SFP-S10K)




sensitivity<-20dBm

LH(SFP-S40K)




sensitivity<-22dBm



LH(SFP-S80K)




sensitivity<-22dBm


There are 56 LEDs in the front panel of 24-port gigabit Ethernet optical

interface board, with each has two LEDs. The functions are described in

Table 13.








Twelve-port Gigabit Ethernet Electrical Interface Board

Twelve-port gigabit Ethernet electrical interface board provides 12 gigabit

Ethernet electrical interfaces, 4 of which support Optoelectronic self-adaptive.





F I G U R E 11 FR O N T P AN E L V I E W O F T W E L V E-P O R T G I G AB I T E T H E R N E T E L E C T R I C AL


The optical interface part of the four ports supporting optoelectronic

self-adaptive adopts pluggable SFP optical module, supporting four kinds of

common distances used by gigabit Ethernet. The characteristics are shown

in Table 14.



T AB L E 14 C H A R AC T E R I S T I C S O F T W E L V E -P O R T G I G AB I T E T H E R N E T E L E C T R I C AL I N T E R F AC E

B O AR D



SX(SFP-M500)




sensitivity<-18dBm

LX(SFP-S10K)




sensitivity<-20dBm

LH(SFP-S40K)




sensitivity<-22dBm

LH(SFP-S80K)




sensitivity<-22dBm

There are 32 LEDs in the front panel of 12-port gigabit Ethernet electrical


Table 15.


E T H E R N E T E L E C T R I C AL I N T E R F AC E B O AR D








Twenty-four-port Gigabit Ethernet Electrical Interface

Board

Twelve-port gigabit Ethernet electrical interface board provides 24 gigabit

Ethernet electrical interfaces, 4 of which support Optoelectronic self-adaptive.


F I G U R E 12 FR O N T P AN E L V I E W O F T W E N T Y-F O U R -P O R T G I G AB I T E T H E R N E T E L E C T R I C AL


Optical interface part of the four ports supporting optoelectronic

self-adaptive adopts pluggable SFP optical module, supporting four kinds of

common distances used by gigabit Ethernet. The characteristics are shown

in Table 16.

T AB L E 16 C H AR AC T E R I S T I C S O F T W E N T Y -F O U R -P O R T G I G AB I T E T H E R N E T E L E C T R I C AL




SX(SFP-M500)




sensitivity<-18dBm

LX(SFP-S10K)




sensitivity<-20dBm

LH(SFP-S40K)




sensitivity<-22dBm

LH(SFP-S80K) LC connector, single-mode optical fiber, with the wavelength of





sensitivity<-22dBm

There are 56 LEDs in the front panel of 24-port gigabit Ethernet electrical


Table 17.


E T H E R N E T E L E C T R I C AL I N T E R F AC E B O AR D






One port 10-gigabit Ethernet Optical Interface Board

One port 10-gigabit Ethernet optical interface board provides

one-XENPAK-interface 10-gigabit Ethernet interface.





F I G U R E 13 FR O N T P AN E L V I E W O F O N E-P O R T 10 -G I G AB I T E T H E R N E T O P T I C AL I N T E R F AC E

B O AR D

One-port 10-gigabit Ethernet optical interface board adopts hot-swappable

XENPAK optical module, supporting multiple transmission distance

requirements; the characteristics are shown in Table 18.



T AB L E 18 C H AR AC T E R I S T I C S O F O N E -P O R T 10 -G I G AB I T E T H E R N E T O P T I C AL I N T E R F AC E

B O AR D


LR(XENPAK-S10

K)

SC connector, single-mode optical fiber, with the wavelength of


LH(XENPAK-S40

K)



There are two LEDs in the front panel of one-port 10-gigabit Ethernet optical

interface board, the functions of which are shown in Table 19.

T AB L E 19 FU N C T I O N AL D E S C R I P T I O N O F F R O N T P AN E L LED S I N O N E -P O R T 10 -G I G AB I T







Two-port 10-gigabit Ethernet Optical Interface Board

Two-port 10-gigabit Ethernet optical interface board provides

two-XENPAK-interface 10-gigabit Ethernet interface.


F I G U R E 14 FR O N T P AN E L V I E W O F T W O -P O R T 10 -G I G AB I T E T H E R N E T O P T I C AL I N T E R F AC E

B O AR D

Two-port 10-gigabit Ethernet optical interface board adopts hot-swappable

XENPAK optical module, supporting multiple transmission distance

requirements; the characteristics are shown in Table 20.



T AB L E 20 C H AR AC T E R I S T I C S O F T W O -P O R T 10 -G I G AB I T E T H E R N E T O P T I C AL I N T E R F AC E

B O AR D


LR(XENPAK-S10

K)



LH(XENPAK-S40

K)



There are 4 LEDs in the front panel of 2-port 10-gigabit Ethernet optical


Table 21.

T AB L E 21 FU N C T I O N AL D E S C R I P T I O N O F F R O N T P AN E L LED S I N T W O -P O R T 10 -G I G AB I T



LINK On, the interface link created

Off, the interface is disconnected from others

ACT Off, no data transmission or reception in the interface

Blinking, data transmission and reception in the interface

Power Supply Module Considering the practical requirements of core switch, ZXR10 T160G/T64G

employs hot-backup design in power supply part, at the same time, it

provides –48V DC power supply and 220V AC power supply. DC power

supply adopts 1+1 backup mode, the power is supplied by two group of –48V

DC simultaneously; while AC power supply adopts 2+1 backup mode, thus,

the reliability of power supply system is enhanced.

The power supply system adopts modularization design, in which power

supply types and number of modules can be selected in accordance with

requirements. The front panel view of power supply module is as shown in

Figure 15.



F I G U R E 15 FR O N T P AN E L V I E W O F P O W E R S U P P L Y M O D U L E

The rear panel view of DC power supply board is shown in Figure 16.

F I G U R E 16 R E AR P AN E L V I E W O F DC P O W E R S U P P L Y B O A R D

DC power supply adopts 1+1 backup mode. Each system is configured with

two DC modules, the technical parameters of which are as follows:

Rated voltage: -48V

Allowed voltage range: -57V~-40V

Input electrical current: 25A

Maximum power consumption: 1200 W

The rear panel view of AC power supply board is shown in Figure 17.

F I G U R E 17 R E AR P AN E L V I E W O F AC P O W E R S U P P L Y B O A R D



AC power supply adopts 2+1 backup mode. Each system is configured with

1~3 AC modules, the technical parameters of which are as follows:

Input voltage: Single phase 220VAC±10%

Input electrical current: 4A

Frequency: 50±5%

Maximum power consumption: 900 W

Line voltage waveform distortion rate<5%

Fan Plug-in Box ZXR10 T160G/T64G adopts left side indraft heat dissipation mode, at the left

side (front view) of the chassis, multiple fans are drafting air from the

internal; the left side of the chassis lies air inlet due to of which flue is formed

from right to left. The cool airflow the fan sucked in exchanges with the hot

airflow of the single board and power board. Major heating chips adopts

aluminium radiator. Air-filter is set at the inlet, which can be disassembled

from back of the chassis, facilitating maintenance and cleaning.

The front panel view of fan plug-in box is shown in Figure 18.



F I G U R E 18 FR O N T P AN E L V I E W O F F AN P L U G - I N B O X

Fan Plug-in Box of ZXR10 T160G Fan Plug-in Box of ZXR10 T64G

There are 6 LEDs in the front panel of fan plug-in box, each indicating the fan

operating status. On for normal working status while Off for faulty.


C h a p t e r 4

Usage and Operation

In this chapter, you will learn about the configuration mode of ZXR10

T160G/T64G in common use. It covers:

Configuration mode

Command mode

Command line application

Configuration Mode ZXR10 T160G/T64G provides multiple configuration modes, as shown in

Figure 19, the user can select appropriate configuration mode according to

the connected network.

Serial interface connection configuration

Telnet connection configuration

SSH (Secure Shell) connection configuration

FTP/TFTP connection configuration

SNMP connection configuration



F I G U R E 19 ZXR10 T160G/T64G C O N F I G U R AT I O N M O D E

Telnet HostSNMP Network

Management

Hyperterminal

Serial Interface

ZXR10

FTP/TFTPServer

Serial Interface Connection Configuration Serial interface connection configuration is the principle configuration mode

of ZXR10 series switch.

Serial configuration line is delivered with ZXR10 T160G/T64G, one end is

DB9 serial interface (Connected to computer serial interface), the other is

RJ45 interface (Connected to Console interface in MP board of ZXR10

T160G/T64G) The serial connection configuration adopts VT100 terminal

mode, using the HyperTerminal tool provided by Windows OS.

The operation procedure is as follows:

1. Connect the computer serial port to ZXR10 T160G/T64G Console port

using serial configuration line.

2. Open the HyperTerminal, as shown in Figure 20. Input the connection

name, such as ZXR10, and select an icon.

Chapter 4 Usage and Operation


F I G U R E 20 H Y P E R T E R M I N AL C O N F I G U R AT I O N 1

3. Click Ok, the window as shown in Figure 21 appears. Select using COM

port such as COM1 when connecting.


4. Click Ok, the COM port attribute setup window appears, as shown in

Figure 22.




The settings of the COM port of the HyperTerminal are: “115200” for data

rate, “8” for data bit, “None” for parity check, “1” for stop bit, and “None”

for flow control.

5. Click Ok to complete setting, the ZXR10 T160G/T64G configuration

window appears, and start command operation.

Telnet Connection Configuration Configure ZXR10 T160G/T64G via Telnet locally or remotely. Telnet

configuration is the principal mode configuring ZXR10 T160G/T64G

remotely.

Username and password must be set in the switch to prevent illegal users

from accessing the switch via Telnet.Only the users with valid username and

password could login to the switch. Use the following commands to configure

username and password.



Command format Command

mode

Command function:

username <username> password

<password> Global

Configure username and

password of Telnet login

Connect ion through Management Port

Configure the switch through management Ethernet port (10/100Base-TX)

in the MP board.

1. Configure IP address of management port via Console port.

2. Configure username and password of Telnet login via Console port.

3. Use straight-through Ethernet cable to connect host network interface

and switch management Ethernet interface.

4. Set the IP address of the host, which should be in the same network

segment with the switch management Ethernet port.

5. Run Telnet command in the host, input the IP address of the switch

management Ethernet port, as shown in Figure 23.

F I G U R E 23 R U N N I N G TE L N E T

6. Click Ok, the window as shown in Figure 24 appears.



F I G U R E 24 T E L N E T L O G I N S C H E M A T I C D I A G R A M

7. Input valid username and password as prompted to access the switch

configuration mode.

Note: ZXR10 T160G/T64G allows up to four Telnet users logging in simultaneously. If

“**” appears after inputting username and password, it indicates that the number of

users reach the limit, please retry later or relogin after logging out other users.

When performing Telnet configuration via management port connecting to the

switch, the IP address of management port cannot be modified or deleted, otherwise,

Telnet will be disconnected.

Connection through VLAN Port

Two modes exist for Telnet connection through VLAN port.

Connects to switch via host by Telnet

i. Configure IP address of VLAN and VLAN interface via Console port.

ii. Configure username and password of Telnet login via Console port.

iii. Connect the host network interface to the Ethernet port of switch.

iv. Set the IP address of host, enabling the host to ping the IP address of

VLAN interface in the switch successfully.



v. Run Telnet command in the host, input the IP address of VLAN

interface, login to the switch. For the detailed procedures, please

refer to Connection through Management Port

Connect to switch via other devices (such as switch and router) by Telnet

i. Configure IP address of VLAN and VLAN interface via Console port.

ii. Configure username and password of Telnet login via Console port.

iii. Take a router connected to a switch as an example, from which, the

IP address of VLAN interface can be pinged successfully.

iv. Run Telnet command in the router, input the IP address of VLAN

interface, login to the switch. For the detailed procedures, please

refer to Connection through Management Port

Note: When performing Telnet configuration via VLAN interface connecting to the switch,

the IP address of VLAN and VLAN interface cannot be modified or deleted, otherwise,

Telnet will be disconnected.

SSH Connection Configuration Traditional Telnet and FTP connection are somewhat insecure, for the clear

text transfer password and data used in the network is apt to be captured by

attackers. There are some weaknesses with Telnet and FTP security

certificate, so it is apt to be attacked by the means of Man-in-the-middle,

which imitates the server to receive the data transmitted by the client

terminal and then imitates the client terminal to transmit data to the real

server.

SSH (Secure Shell) can solve the problem. SSH establishes a secure channel

for remote login and other network services in the insecure network. It

encrypts and compresses the transmitted data to prevent anybody captured

the data from getting useful information.

Two incompatible versions of SSH protocol are available: SSH v1.x and SSH

v2.x. ZXR10 T160G/T64G supports SSH v2.0, provides secure remote login

function.

SSH falls into two parts including server and client terminal. ZXR10

T160G/T64G serves as the server of SSH; the host logs in to the switch by

running SSH client terminal.



Use the following commands to enable SSH server function in the ZXR10

T160G/T64G. The SSH server function is disabled by default.


mode

Command function:

ssh server enable Global Enable SSH server function

Connect the host network interface to the Ethernet port of the switch,

enable the host to ping the IP address of VLAN interface in the switch by

configuring.

Run SSH client terminal software (Frequently used software is putty) in

the host.

Set the IP address and port No of SSH server, as shown in Figure 25.

F I G U R E 25 S E T T I N G T H E IP A D D R E S S A N D P O R T N O O F SSH S E R V E R

Set SSH version, as shown in Figure 26.



F I G U R E 26 S E T T I N G SSH V E R S I O N

Click Open to login to the switch, input valid username and password as

prompted.

FTP/TFTP Connection Configuration ZXR10 T160G/T64G can serve as the client terminal of FTP/TFTP. We can

back up and restore the files in the ZXR10 T160G/T64G by FTP/TFTP, in

addition, we can import and export configuration.

Switch Serving as FTP Client Terminal

Enable FTP server software in the background host and switch

communicates as client terminal. The configuration of background FTP

server is illustrated taking WFTPD as an example, shown as follows:

1. Run WFTPD software in the background host, the window as shown in

Figure 27 appears.



F I G U R E 27 WFTPD W I N D O W

2. Click Security, select User/Rights…, perform the following operations

in the popup dialog box:

Click New User… to create a new user, such as target, with

password enabled

Select user name target in the drop-down list of User Name

Input the directory saving version files or configuration files in the

Home Directory box, such as D: \IMG

After configuration, the dialog box is shown in Figure 28.

F I G U R E 28 U S E R /R I G H T S S E C U R I T Y D I AL O G B O X



3. Click Done to complete setting.

After enabling FTP server, execute copy command in the switch to

backup/restore file and import/export configuration.

Switch Serving as TFTP Client Terminal

Enable TFTP server software in the background host and switch

communicates as client terminal. The configuration of background TFTP

server is illustrated taking TFTPD as an example, shown as follows:

1. Run TFTPD software in the background host, the window as shown in

Figure 29 appears.

F I G U R E 29 TFTPD W I N D O W

2. Click TFTPD>Configure, a dialog box appears, click Browse, select the

file saving version files or configuration files, such as D:\IMG.

After configuration, the dialog box is shown in Figure 30.



F I G U R E 30 C O N F I G U R AT I O N D I AL O G B O X

3. Click Ok to complete setting.

After enabling TFTP server, execute copy command in the switch to

backup/restore file and import/export configuration.

SNMP Connection Configuration Simple Network Management Protocol (SNMP) is the most popular NM

protocol, through which, one NM server can manage all devices in the

network.

SNMP adopts management based on server and client terminal. The

background NM server serves as the SNMP server, and the foreground

network equipment ZXR10 T160G/T64G serves as SNMP client terminal. The

foreground and background share the same MIB management database,

performing communication via SNMP protocol.

The background NM server needs installing NM software supporting SNMP

protocol; It performs management configuration over ZXR10 T160G/T64G

via NM software. For the SNMP configuration in ZXR10 T160G/T64G, please

refer to SNMP



Command Mode ZXR10 T160G/T64G assigns commands to different modes according to

function and authority to facilitate switch configuration and management.

One command can only be executed under specific mode. Input question

mark (?) under any command mode to query the applicable commands

under the mode. Major command modes of ZXR10 T160G/T64G are listed in

Table 22.

T AB L E 22 C O M M A N D M O D E

Mode Prompt Accessing Command Functions

User Mode ZXR10> Access directly after login View simple

information

Privileged

Mode ZXR10# Enable (User mode)

Configuring

system

parameters

Global

configuration

mode

ZXR10(config)# Configure terminal

(Privileged mode)

Configuring

global service

parameters

Port

configuration

mode

ZXR10(config-if)#

interface

{<interface-name>|byna

me <by-name>} (Global

configuration mode)

Configuring port

parameters

VLAN

database

configuration

mode

ZXR10(vlan-db)# vlan database

(Privileged mode)

Creating or

deleting VLAN in

batch

VLAN

configuration

mode

ZXR10(config-vlan)#

vlan

{<vlan-id>|<vlan-name>

} (Global configuration

mode)

Configuring

VLAN

parameters

VLAN

interface

configuration

mode

ZXR10(config-if)#

interface {vlan

<vlan-id>|<vlan-if>}

(Global configuration

mode)

Configuring IP

address of VLAN

interface

MSTP

configuration ZXR10 (config-mstp)#

spanning-tree mst

configuration (Global

Configuring

MSTP




mode configuration mode) parameters

Basic ACL

configuration

mode

ZXR10 (config-basic-acl)#

acl basic {number

<acl-number>| name

<acl-name>} (Global

configuration mode)

Defining basic

ACL regulations

Extended ACL

configuration

mode

ZXR10(config-ext-acl)#

acl extend {number

<acl-number>| name

<acl-name>} (Global

configuration mode)

Defining

extended ACL

regulations

Layer2 ACL

configuration

mode

ZXR10(config-link-acl)#

acl link {number

<acl-number>| name

<acl-name>} (Global

configuration mode)

Defining layer2

ACL regulations

Mixed ACL

configuration

mode

ZXR10(config-hybd-acl)#

acl hybrid {number

<acl-number>| name

<acl-name>} (Global

configuration mode)

Defining mixed

ACL regulations

VRF

configuration

mode

ZXR10(config-vrf)# ip vrf <vrf-name> (Global

configuration mode)

Configuring VRF

protocol

parameters

Router RIP

configuration

mode

ZXR10(config-router)# router rip (Global

configuration mode)

Configuring RIP

protocol

parameters

Router RIP

address

configuration

mode

ZXR10(config-router-af)#

address-family ipv4 vrf

<vrf-name>(Router RIP

configuration mode)

Configuring RIP

VRF protocol

parameters

Router OSPF

configuration

mode

ZXR10(config-router)#

router ospf <process-id>

[vrf <vrf-name>] (Global

configuration mode)

Configuring

OSPF protocol

parameters

Router IS-IS

configuration

mode


router isis [vrf

<vrf-name>] (Global

configuration mode)

Configuring IS-IS

protocol

parameters

Router BGP

configuration

mode


router bgp <as-number>


mode)

Configuring BGP

protocol

parameters




Router BGIP

address

configuration

mode

ZXR10(config-router-af)#

address-family vpnv4

(Router BGP configuration

mode)

address-family ipv4 vrf

<vrf-name>(Router BGP

configuration mode)

Configuring BGP

VPN and VRF

protocol

parameters

Router

PIM-SM

configuration

mode

ZXR10(config-router)# router pimsm (Global

configuration mode)

Configuring

PIM-SM protocol

parameters

Route-map

configuration

mode

ZXR10(config-route-map)

#

route-map <map-tag>

[permit|deny]

[<sequence-number>]


mode)

Configuring

route-map

matched items

and operations

Diagnosis test

mode ZXR10(diag)#

diagnose (Privileged

mode)

Test the usage of

CPU and Memory

The ways to quit various command modes:

In privileged mode, use disable command to return to user mode.

In user mode and privileged mode, use exit command to quit the switch;

in other mode, use exit command to return to the previous mode.

In the modes other than user mode and privileged mode, use end

command or press Ctrl+z to return to the privileged mode.

Command Line Application Online Help In any command mode, the available commands list will be displayed if

inputting a question mark (?) following the system prompt. The list of

command key words and parameters can also be obtained via online help.

1. Input question mark (?) in any command mode prompt, all commands

and brief command descriptions of the mode will be displayed. For

example:



ZXR10>?

Exec commands:

enable Turn on privileged commands

exit Exit from the EXEC

login Login as a particular user

logout Exit from the EXEC

ping Send echo messages

quit Quit from the EXEC

show Show running system information

telnet Open a telnet connection

trace Trace route to destination

who List users who is logining on

ZXR10>

2. Input a question mark (?) following character or character string, the list

of commands or key words with the character or character string as the

prefix will be displayed. Note that there is no space between character

(Character string) and the question mark (?). For example:

ZXR10#co?

configure copy

ZXR10#co

3. Press Tab after the character, if the command or key word with the

character string as the prefix is unique, make it aligned and add a space

after it. Note that there is no space between character string and Tab.

For example:

ZXR10#con<Tab>

ZXR10#configure (There is a space between configure

and cursor)

4. Input a question mark (?) after commands, key words and parameters,

you can list the key words or parameters to be input next and provide

brief description. Note that space should be input before the question

mark (?). For example:

ZXR10#configure ?

terminal Enter configuration mode

ZXR10#configure

5. If inputting incorrect command, key words or parameters, the subscriber

interface will provide error isolation with “^” after carriage return. “^”

will appear below the first character of the input incorrect command, key

work or parameter. For example:

ZXR10#von ter



^

% Invalid input detected at '^' marker.

ZXR10#

In the instances below, make use of the online help to set system clock.

ZXR10#cl?

clear clock

ZXR10#clock ?

set Set the time and date

ZXR10#clock set ?

hh:mm:ss Current Time

ZXR10#clock set 13:32:00

% Incomplete command.

ZXR10#

At the end of the above example, it is concluded that the system prompts

that command is incomplete. This command indicates inputting of other key

words or parameters are required.

Note: All commands in the command line operation are case-insensitive

Command Abbreviation ZXR10 T160G/T64G allows abbreviating commands and key word to

character or character string identifying the command or key word uniquely,

for example, abbreviate show command to sh or sho

Command History The user interface provides a record of commands up to 10 you have entered.

This feature is particularly useful to recall long or complex commands.

Reinvoke commands from the record buffer, execute one of the following

operations.

Command Function

Press Ctrl+P or < >↑ Recalls commands in the history buffer in a forward

sequence

Press Ctrl+N or < >↓ Recalls commands in the history buffer in a backward



sequence

In the privileged mode, use show history command to list the most recent

commands.


C h a p t e r 5

System Management

This chapter introduces ZXR10 T160G/T64G system management. It

illustrates file system and operation of switches, presents the procedure for

updating software version. This chapter covers the following topics:

File system management

Data backup and restoration

Importing/exporting configuration

Software version upgrade

Setting system parameters

Viewing system information

File System Management Introduction to File System In ZXR10 T160G/T64G, the major storage device that we usually see is the

FLASH in MP board, which is for storing ZXR10 T160G/T64G version files and

configuration files. Operation over FLASH is needed when upgrading

software version and saving configuration.

FLASH contains three default directories including IMG, CFG and DATA.

1. IMG: The directory is for storing software version files. The software

version file of ZXR10 T160G/T64G has the extension name of .zar, which

is dedicated compression file. Version upgrade is to change the software

version file in the directory.



Note: The default name of ZXR10 T160G/T64G software version file is zxr10.zar. If it uses

other names, Boot Path must be modified in Boot status. Otherwise, the version

cannot be loaded when starting the system. It is recommended using default file

name.

2. CFG: The directory is for saving configuration files, whose name is

startrun.dat. The information is saved in the Memory when using

command to modify the switch configuration. To prevent the

configuration information loss at the time of restarting the switch, use

write command to write the information in the Memory into FLASH, and

save the information in the startrun.dat file. When needing to clear the

old configuration in the switch to reconfigure data, use delete command

to delete startrun.dat file, then restart the switch.

3. DATA: The directory is for saving log.dat file which records alarm

information.

Note: If IMG, CFG or DATA is unavailable in FLASH, create them manually using mkdir

command.

File System Operation ZXR10 T160G/T64G provides many commands for file operation, whose

formats are similar to that of DOS operating system. The frequently used file

operation commands are as follows:

1. Copy files between FLASH devices and FTP/TFTP servers.


Mode

Command function:

copy <source-device> <source-file>

<destination-device> <destination-file> Privileged Copying files.

2. View the current directory path


Mode

Command function:

Chapter 5 System Management


pwd Privileged View the current directory path

3. View the file and subdirectory information in the specified devices or

directories.


Mode

Command function:

dir [<directory>] Privileged

View the file and subdirectory

information in the specified

devices or directories.

4. Delete the file in the specified directory of the current device


Mode

Command function:

delete <filename> PrivilegedDelete the file in the specified

directory of the current device

5. Access the specified file device or the file directory of the current device


Mode

Command function:

cd <directory> Privileged

Access the specified file device or

the file directory of the current

device

6. Back to the upper-level directory


Mode

Command function:

cd .. Privileged Back to the upper-level directory

7. Create new subdirectory in the current directory


Mode

Command function:

mkdir <directory> PrivilegedCreate new subdirectory in the

current directory

8. Delete the specified file directories


Mode

Command function:



rmdir <directory> PrivilegedDelete the specified file

directories

9. Modify the name of specified file or directory


Mode

Command function:

rename <old-filename>

<new-filename>

Privileged

Modify the name of file or

directory

The application of file operation command will be illustrated by instances as

follows:

1. View the current file information in FLASH

ZXR10#dir

Directory of flash:/

attribute size date time name

1 drwx 512 MAY-17-2004 14:22:10 IMG

2 drwx 512 MAY-17-2004 14:38:22 CFG

3 drwx 512 MAY-17-2004 14:38:22 DATA

65007616 bytes total (48863232 bytes free)

ZXR10#cd img (Access version directory IMG)

ZXR10#dir (Show the current directory information)

Directory of flash:/img


1 drwx 512 MAY-17-2004 14:22:10 .

2 drwx 512 MAY-17-2004 14:22:10 ..

3 -rwx 15922273 MAY-17-2004 14:29:18

ZXR10.ZAR


ZXR10#

2. Create directory ABC in FLASH, then delete it.

ZXR10#mkdir ABC (Add a subdirectory ABC in the current

directory)

ZXR10#dir (View the current directory information,

finding that subdirectory ABC has been added successfully)



1 drwx 512 MAY-17-2004 14:22:10 IMG

2 drwx 512 MAY-17-2004 14:38:22 CFG

3 drwx 512 MAY-17-2004 14:38:22 DATA

4 drwx 512 MAY-17-2004 15:40:24 ABC




ZXR10#rmdir ABC (Delete subdirectory ABC)

ZXR10#dir (View the current directory information,

finding that subdirectory ABC has been deleted

successfully)



1 drwx 512 MAY-17-2004 14:22:10 IMG

2 drwx 512 MAY-17-2004 14:38:22 CFG

3 drwx 512 MAY-17-2004 14:38:22 DATA


ZXR10#

Data Backup and Restoration Using FTP/TFTP, we can back up the software version files, configuration files,

and log files in ZXR10 T160G/T64G to background server or restore the

backup files from background server. As for the configuration of background

FTP/TFTP server, please refer to section FTP/TFTP Connection Configuration

The backup and restoration of files can be implemented via command copy.

1. Configuration file backup

After saving the configuration information to startrun.dat using

command write, back it up to the background FTP/TFTP server to

prevent restoration failure owing to file corruption.

Execute the following command to back up the configuration files in

FLASH to background TFTP server:

ZXR10#copy flash: /cfg/startrun.dat tftp:

//168.1.1.1/startrun.dat

2. Configuration files restoration

Execute the following command to restore backup configuration files

from background TFTP server:

ZXR10#copy tftp: //168.1.1.1/startrun.dat flash:

/cfg/startrun.dat

3. Version file backup

Back the running version files up to background server before upgrading

software version. If failed to load new version, you can restore the old



version from the background server. Software version file backup is

similar to configuration file backup.

Execute the following command to back up the software version file in

FLASH to directory IMG in root directory of background TFTP server:

ZXR10#copy flash: /img/zxr10.zar tftp:

//168.1.1.1/img/zxr10.zar

4. Version Restoration

The purpose of version restoration is to retransmit the backup software

version file in background server via FTP/TFTP to FLASH in foreground

switch. It is important to perform restoration operation when version

upgrade failed.

The procedures of version restoration and version upgrade are almost

the same, please refer to section Software Version Upgrade.

Importing/Exporting Configuration ZXR10 T160G/T64G supports the function of importing/exporting

configuration files. Copy configuration file startrun.dat to background host

via FTP/TFTP, in the background host, edit the file startrun.dat using text

editing tool, and then copy the modified configuration file via FTP/TFTP to the

directory CFG in FLASH device of foreground switch. The file will take effect

after restart.

Note: When editing startrun.dat using text editing tool, note that the format should comply

with the requirements of command.

Software Version Upgrade Upgrade the software version only when the old version does not support

some functions or the device cannot run normally owing to some specific

causes. Improper operation may cause upgrade failure, which leads to boot

failure. Therefore, the maintenance personnel must be familiar with the

principles and operations of ZXR10 T160G/T64G and learn the upgrade

procedures carefully before software version upgrade.



Version Upgrade in the case of System Anomaly The upgrade procedures when the ZXR10 T160G/T64G cannot be started

normally are presented as follows:

1. Connect the configuration port (Console port of MP board) of ZXR10

T160G/T64G to the serial interface of background host by configuration

line delivered with the product; connect administrative Ethernet

interface of the switch (10/100M Ethernet interface) to network interface

of background host by straight-through Ethernet line. Make sure that

both are properly connected.

2. The IP address of background host for upgrade and that of the switch

administrative Ethernet port should be set to the same network

segment.

3. Start the background FTP server according to the methods in FTP/TFTP

Connection Configuration

4. Start ZXR10 T160G/T64G, in HyperTerminal, press any key as prompted

to enter Boot status The following content will appear:

ZXR10 System Boot Version: 1.0

Creation date: Dec 31 2002, 14:01:52

(Omitted)

Press any key to stop for change parameters...

2

[ZXR10 Boot]:

Input “c” in Boot status, enter parameter modification status after

carriage return. Change the boot mode to boot from background FTP;

change the FTP server address to the corresponding background host

address; change the client terminal address and gateway address to

switch administrative Ethernet interface address, set corresponding

subnet mask and FTP username and password. The [ZXR10 Boot]

prompt appears after completing parameter modification.

[ZXR10 Boot]:c

'.' = clear field; '-' = go to previous field; ^D = quit

Boot Location [0:Net,1:Flash] : 0 (0 means booting from

background FTP; 1 means booting from FLASH)

Client IP [0:bootp]: 168.4.168.168 Corresponds to

administrative Ethernet port address

Netmask: 255.255.0.0



Server IP [0:bootp]: 168.4.168.89 (Corresponds to

background FTP server address)

Gateway IP: 168.4.168.168 (Corresponds to

administrative Ethernet port address)

FTP User: target (Corresponds to FTP username

target)

FTP Password: (Corresponds to target user

password)

FTP Password Confirm:

Boot Path: zxr10.zar (Use default)

Enable Password: (Use default)

Enable Password Confirm: (Use default)

[ZXR10 Boot]:

5. Input “@”, the system boots the version from background FTP server

automatically after carriage return.

[ZXR10 Boot]:@

Loading... get file zxr10.zar[15922273] successfully!

file size 15922273.

(Omitted)

******************************************************

Welcome to ZXR10 10G Routing switch of ZTE Corporation

******************************************************

ZXR10>

6. If booted normally, use command show version to check whether the

new version is running in the Memory, if it is the old version that is

running, it indicates that booting from background server failed, you

have to repeat the operations from step 1.

7. Delete the old version file zxr10.zar in the directory IMG in FLASH using

command delete, Old version file can be renamed for backup due to of

space in FLASH is sufficient.

8. Copy the new version file in background FTP server to IMG directory in

FLASH. The version file name is zxr10.zar.

ZXR10#copy ftp: mng

//168.4.168.89/zxr10.zar@target:target flash:

/img/zxr10.zar

Starting copying file

.......................................................



..........

.......................................................

..........

......................................

file copying successful.

ZXR10#

Note:

If copying version files from the management Ethernet of MP board, in the command

copy, ftp: must be followed with mng.

9. Check whether new version file is available in FLASH. If the new version

file is unavailable, it indicates the copy failure, please execute step 8 to

recopy the version.

10. Restart ZXR10 T160G/T64G, follow the methods in step 4, and make

boot from FLASH enabled, at this time, “Boot path ”will change

into“ /flash/img/zxr10.zar automatically.

Note:

The boot mode can be changed to boot from FLASH by using command nvram

imgfile-location local in global configuration mode.

11. Input “@” in [ZXR10 Boot]:, the system will boot new version from

FLASH after carriage return.

12. After booting normally, check the running version to confirm that the

upgrade is successful.

Version Upgrade when the System is Normal There are a variety of ways to upgrade software version if the switch is

running normally before upgrade, for example, take the switch as FTP or

TFTP client terminal to copy versions; remote upgrade can be performed

making use of FTP. The procedures of taking the switch as the FTP client

terminal to upgrade locally are described below.

1. Connect the configuration port (Console port of MP board) of ZXR10

T160G/T64G to the serial interface of background host by configuration

line delivered with the product; connect management Ethernet interface



of the switch (10/100M Ethernet interface) to network interface of

background host by straight-through Ethernet line. Make sure that both

are properly connected.

2. The IP address of background host for upgrade and that of the switch

management Ethernet port should be set to the same network segment

to ensure that the background host could ping the management Ethernet

address successfully.

3. Start the background FTP server according to the methods in FTP/TFTP

Connection Configuration

4. View the information of the running version.

5. Delete the old version file in the directory IMG in FLASH using command

delete You can remain the old version file having it renamed, if the space

in FLASH is not sufficient.

6. Copy the new version file in background FTP server to IMG directory in

FLASH. The version file name is zxr10.zar.

7. Check whether new version file is available in directory IMG in FLASH. If

the new version file is unavailable, it indicates the copy failure, please

execute step 5 to recopy the version.

8. After booting the switch normally, check the running version to confirm

that the upgrade is successful.

Setting System Parameters The system parameters of ZXR10 T160G/T64G contains host name,

password of privileged mode etc.

1. Set the name of system host

The default host name of the system is ZXR10, which can be modified in

global configuration mode using command hostname.


Mode

Command function:

hostname <network-name> Global Modify host name of the switch

Relogin to the switch after modifying the host name, new host name will

be used in the prompt.

2. Set the greeting words for system startup



Greeting words can be set using command banner. It starts and ends

with custom-defined character, for example:

ZXR10(config)#banner incoming #

Enter TEXT message. End with the character '#'.

***********************************

Welcome to ZXR10 Switch World

***********************************

#

ZXR10(config)#

3. Set the password of privileged mode

In privileged mode, you can set operational parameters, and access

configuration mode. The password of accessing privileged mode must be

set to prevent unauthorized user from modifying the configuration.


Mode

Command function:

enable secret {0 <password>|5

<password>|<password>} Global

Set the password of privileged

mode

4. Set Telnet user and password


Mode

Command function:

username <username> password

<password> Global Set Telnet user and password

5. Setting system clock


Mode

Command function:

clock set <current-time> <month>

<day> <year> Privileged Setting system clock

Viewing System Information In ZXR10 T160G/T64G, we usually use show command to view information.

What described below is about viewing version information and configuration

information.

1. Show version information of system software and hardware




Mode

Command function:

show version User/ PrivilegedView version information of

system software and hardware

Execute command show version to display the information similar to the

follows.

ZXR10#show version

ZXR10 Router Operating System Software, ZTE Corporation

ZXR10 ROS Version V4.6

ZXR10 T160G Software, Version V2.6.01, RELEASE SOFTWARE

Copyright (c) 2000-2003 by ZTE Corporation

Compiled Dec 2 2004, 14:52:13

System image files from net <ftp://168.1.70.155/zxr10.zar>

System uptime is 0 days, 0 hours, 19 minutes

ZXR10#

2. Show the running configuration information


Mode

Command function:

show running-config PrivilegedView the running configuration

information


C h a p t e r 6

Port Configuration

This chapter introduces the configuration of ZXR10 T160G/T64G port parameters and port mirroring function. It covers:

Basic port configuration

Introduces basic port parameter configuration, port traffic statistics, and port line diagnosis analysis test

Port mirroring

Introduces the concept, basic configuration and configuration instances of port mirroring

Basic Port Configuration ZXR10 T160G/T64G provides fast Ethernet port, gigabit Ethernet port and 10-giagabit Ethernet port.

Fast Ethernet electrical interface supports full-duplex/half-duplex, 10/100M and MDI/MDIX self-adaptive function. The default working mode is auto-negotiation. It negotiates working mode and rate with the opposite end devices.

Gigabit Ethernet electrical interface supports full-duplex/half-duplex, 10/100/1000M and MDI/MDIX self-adaptive function. The default working mode is auto-negotiation. It negotiates working mode and rate with the opposite end devices.

Gigabit Ethernet electrical interface works in gigabit full-duplex mode. The duplex mode and rate of the port cannot be configured, instead, auto-negotiation can.

10-Gigabit Ethernet optical interface works in 10-gigabit full-duplex mode. The auto-negotiation, duplex mode and rate of the port cannot be configured.

The system adopts the mode of adding ports automatically: the user plug in interface board to the corresponding slot, when the interface board starts



normally, we can see that the port of the interface board has been added to the system port list automatically.

Principle of Port Naming ZXR10 T160G/T64G names the ports as follows:

Port type_Slot No/Port No

Port type covers:

FEI Fast Ethernet Interface

GEI Gigabit Ethernet Interface

XGEI 10-Gigabit Ethernet Interface

Slot No.

ZXR10 T160G provides 10 plug-in slots, numbering from top to down, where No 5 and No 6 are MP plug-in slots, the rest are interface board module plug-in slots.

ZXR10 T64G provides 6 plug-in slots, numbering from top to down, where No 3 slot is MP board plug-in slot, No 1, 2 ,5, and 6 are interface board module plug-in slots; No 4 slot can serve as MP board plug-in slot or interface board module plug-in slot.

Port No.

The interface board ports are numbered from 1.

For example:

fei_2/8 Means the 8th port in the No 2 slot fast Ethernet interface board.

gei_6/1 Means the first port in the No 6 slot gigabit Ethernet interface board.

xgei_7/2 Means the second port in the No 7 slot 10-gigabit Ethernet interface board.

Configuring Basic Port Parameters The configuration of port parameters is performed in port configuration mode, which covers:

1. Accessing port configuration mode

Command format Command Mode Command function:

interface {<port-name>|byname <by-name>} Global Accessing port configuration

mode

2. Close/open Ethernet port


shutdown Port Close Ethernet port

no shutdown Port Open Ethernet port

Chapter 6 Port Configuration


Note: Command shutdown makes the physical link status of the port change into down and the link LED of the port go dark. All ports are open by default.

3. Enable/close Ethernet port auto-negotiation


negotiation auto Port Enable port auto-negotiation

no negotiation auto Port Close port auto-negotiation

Note: 10-gigabit Ethernet optical interface does not support auto-negotiation. It is fixed to work in 10-gigabit full-duplex mode.

4. Set Ethernet port duplex mode


duplex {half|full} Port Set port duplex mode

5. Set Ethernet port rate


speed {10|100|1000} Port Set port rate

Note: Only the Ethernet electrical interface can be configured with duplex mode and rate, remember to disable port self-negotiation function.

6. Set Ethernet port flow control

The Ethernet port uses flow control to restrain the packets sent to the port in a period of time. When the receiving buffer is full, the port sends a “pause” packet notifying the remote port to suspend packet transmission for a period of time. The Ethernet port can also receive “pause” packet from other devices, and execute operations according to the regulation of the packet.


flowcontrol {enable|disable} Port Enable/disable port flow control

7. Allow jumbo-frame to pass the Ethernet port or prohibit it


Mode Command function:



jumbo-frame {enable|disable} Port Allow jumbo-frame to pass the Ethernet port or prohibit it

Note: By default, the maximum allowed length of the frame passing Ethernet port is 1560 bytes, and jumbo frame is prohibited from passing. When jumbo frame is allowed, the maximum allowed length is 9216 bytes.

8. Port byname

The purpose of setting port byname is to distinguish the ports for easier memorization. You can replace the port name with byname when performing operation over the port.


byname <by-name> Port Set Ethernet port byname

9. Set Ethernet port broadcast storm suppression

You can limit the volume of broadcast flow that is allowed to pass through the Ethernet port. The system will discard the broadcast flow exceeding the set value to lower the rate of broadcast flow to a reasonable range, so as to suppress broadcast storm and avoid network congestion, ensuring normal operation of network service. Broadcast storm suppression ratio takes the line speed percentage of maximum flow as the parameter; the lower the percentage is, the smaller the allowed broadcast flow is. 100% means that the broadcast storm passing through the port will not be suppressed


Mode Command function:

broadcast-limit <percent-value> Port Set port broadcast storm suppression ratio

Show Port Information ZXR10 T160G/T64G provides the following commands to view port information.

1. View status information of Ethernet port


show interface [<port-name>] All modes except user mode

show status information of Ethernet port

Example: View status and statistic information of port gei_2/1.

ZXR10#show interface gei_2/1

gei_4/1 is down, line protocol is down

Description is none



Keepalive set:10 sec

The port is electric

Duplex half

vlan mode is access, pvid 2 BW 1000000 Kbits

Last clearing of "show interface" counters never

120 seconds input rate 0 Bps, 0 pps

120 seconds output rate 0 Bps, 0 pps

Interface peak rate : input 0 Bps, output 0 Bps

Interface utilization: input 0%, output 0%

/* Statistic of input/output transmit message, including

statistic of error message */

Input:

Packets : 338 Bytes:

41572

Unicasts : 0 Multicasts: 328

Broadcasts: 10

Undersize: 0 Oversize : 0

CRC-ERROR : 0

Dropped : 0 Fragments : 0

Jabber : 0

MacRxErr : 0

Output:

Packets : 1017 Bytes:

125470

Unicasts : 0 Multicasts: 1017

Broadcasts: 0

Collision: 0

LateCollision: 0

Total:

64B : 20 65-127B : 975

128-255B : 360

256-511B : 0 512-1023B : 0

1024-1518B: 0

ZXR10#

Use the following commands to clear port statistical information


clear counter [<port-name>] Privileged Clear statistical information of specified ports

2. Show configuration information of Ethernet port




show running-config interface <port-name>

All modes except user mode

Show configuration information of Ethernet port

Example: Show configuration information of port fei_2/4.

ZXR10(config)#show running-config interface fei_2/4

Building configuration...

interface fei_2/4

negotiation auto

broadcast-limit 10

switchport access vlan 1

switchport qinq normal

ZXR10(config)#

Line Diagnosis Analysis Test ZXR10 T160G/T64G supports cable line diagnosis analysis test function, which could detect the anomaly of line or line connection and locate the exact position of cable fault, facilitating network management and locating fault.

Both fast Ethernet electrical interface and gigabit Ethernet electrical interface are connected to other devices by network wire. There are four pairs of twisted pair cables in the network wire, in which, fast Ethernet electrical interface uses 1-2 and 3-6 twisted pair cables, gigabit Ethernet electrical interface uses all the four pairs of twisted pair cables including 1-2, 3-6, 4-5 and 7-8. Line detection can detect the status of every twisted pair cable, which are listed below:

1. Open: Open circuit

2. Short: Short circuit

3. Mismatch: Circuit impedance mismatched

4. Good: The circuit is in good condition

5. Broken: the circuit is open or short

6. Unknown: The result is unknown or undetected

7. Fail: Detection failed

If the circuit is faulty, the test result will output the location of circuit fault; if the circuit is in good condition, the approximate length of the normal circuit will be presented.

Configuring line diagnosis analysis test is not required; run command show in privileged or global mode directly.


show vct interface <port-name> All modes Run specified line diagnosis



except user mode

analysis test

Example: Detect line of port gei_3/1

ZXR10(config)#show vct interface gei_3/1

CableStatus Fault

Pair 1-2 3-6 4-5 7-8

Status Open Open Good Good

Length 4m 4m <50m <50m

ZXR10(config)#

Note:The related ports will be restarted when using line diagnosis analysis test, the link will disconnect and then become normal. It is usually for testing faulty ports, please be cautious if the port is connected with users.

Port Mirroring Configuration Port Mirroring Overview The port mirroring function copies the data of one or more ports (mirrored ports) in the switch to a designated port (monitoring port). It can retrieve the data of mirrored port in the monitoring port via mirroring. Through which it can perform network flow analysis, and error diagnosis.

Using port mirroring function in the ZXR10 T160G/T64G should comply with the following rules:

Supports up to 8 groups of port mirroring, each can support up to 8 mirrored ports.

In one interface board, maximally one group of port mirroring can be configured.

Supports cross-interface-board port mirroring, i.e. the mirrored port and the monitoring port can be in different interface boards, here, the switch can be configured with one port mirroring at most.

Monitor the data transmitted or received by the mirrored port only.

Port Mirroring Configuration Port mirroring configuration covers:

Create a session

Command format Command Command function:



Mode

monitor session <session-number> Global Create a session

Set mirrored port


monitor session <session-number> source [direction {both|tx|rx}] Port Set mirrored port and data flow

direction

Set monitoring port


monitor session <session-number> destination Port Set monitoring port

Show configuration and status of port mirroring


show monitor session {all|<session-number>}


Show port mirroring configuration of all groups or specified group

Example of Configuring Port As shown in Figure 31, port gei_3/3 is connected with a computer, monitoring the data received by gei_1/1 and the data received and transmitted by gei_1/2.

F I G U R E 31 EXAMPLE OF PORT MIRRORING

gei_1/2gei_1/1

gei_3/3Switch

Switch configuration:

ZXR10(config)#interface gei_1/1

ZXR10(config-if)#monitor session 1 source direction rx


ZXR10(config-if)#monitor session 1 source


ZXR10(config-if)#monitor session 1 destination



Show configuration of port mirroring

ZXR10(config)#show monitor session 1

Session 1

-----------------------------------------------

Source Ports:

Port: gei_1/1 Monitor Direction: rx

Port: gei_1/2 Monitor Direction: both

Destination Port:

Port: gei_3/3

-----------------------------------------------

ZXR10(config)#





C h a p t e r 7

VLAN Configuration

This chapter introduces basic operation of VLAN configuration in ZXR10 T160G/T64G, and VLAN extended configuration including PVLAN, QinQ and SuperVLAN. It covers:

VLAN overview

VLAN Configuration

Example of VLAN configuration

PVLAN Configuration

QinQ configuration

SuperVLAN configuration

VLAN maintenance and diagnosis

VLAN Overview Virtual Local Area Network (VLAN) is a technology dividing physical network into multiple logical (virtual) LAN. Every VLAN has a VLAN identifier (VID).

Taking advantage of VLAN technology, network administrators can divide the users in the same physical LAN into different broadcast domain (one broadcast domain is one VLAN), ensuring that the users with the same demands belong to same broad domain and users with different demands belong to different broadcast domain. Every VLAN is like an independent LAN logically, having the same attribute with physical LAN. All broadcast and unicast traffic in the same VLAN are restricted to the VLAN instead of being forwarded to other VLAN. The communication between devices belonging to different VLAN must be forwarded by the layer3 routers

The features of VLAN are as follows:

Reduce broadcast traffic in the network

Enhance network security

Simplify network management and control



VLAN Types The type of VLAN is determined by the method dividing a received frame to a specific VLAN. ZXR10 T160G/T64G presently supports port-based VLAN, which is the most simple and effective method. It assigns ports of switching equipment to different VLAN; consequently, the traffic received from the port belongs to the VLAN connected to the port. For example, if port 1, port 2 and port 3 belong to the same VLAN, and other ports belong to other VLANs, the frame received by port 1 can be transmitted over port 2 and port 3 exclusively. If a user in VLAN move to a new place, it does not belong to the old VLAN unless VLAN is reconfigured.

VLAN Tab Multiple VLAN services can be transmitted in one link if the VLAN that the frame resides in can be presented in a certain method when frame is transmitting in the network. IEEE 802.1Q implements the function by inserting a VLAN tag into Ethernet frame structure.

The VLAN tag is 4-byte long, in Ethernet frame, its location is behind source MAC address, and before length/type segment. The format of VLAN tag is shown in Figure 32.

F I G U R E 32 TH E FO R M AT O F VL AN T AG

TPID (2 Bytes) TCI (2 Bytes)

VIDPriority CFI

7 5 4 0 7 0

VLAN tag is most frequently applied in the case of cross-switch creating VLAN, here the connection between switches is called Trunk. Cross-multiple-switch VLAN can be created via one or more trunks after applying tag. When the port connected to the switch receives a tagged frame, it can judge which VLAN the frame belongs to according to VLAN tag.

Every 802.1Q port is allocated with a default VLAN ID, which is called PVID. When the port receives untagged frame, the frame is considered to belong to port default VLAN, and forwarded in the VLAN.

ZXR10 T160G/T64G supports IEEE 802.1Q standard tag.

VLAN Link Type ZXR10 T160G/T64G port supports the following three kinds of connection modes

Access link

Chapter 7 VLAN Configuration


Access link is used to connect the devices (e.g. workstation) that cannot identify VLAN tag to VLAN switch port. It only transmits untagged VLAN frame and is associated with only one VLAN.

Trunk Link

Trunk link is for connecting two devices that can identify VLAN tag and transmits multiple VLAN services. It only transmits tagged VLAN frame and can bear multiple VLANs. The most popular trunk link is one connecting two VLAN switches.

Hybrid Link

Hybrid link can transmit tagged and untagged frames. However, for a specific VLAN, all frames transmitted by the hybrid link must be the same type.

Default VLAN ZXR10 T160G/T64G initially has a default VLAN with the following features:

The VLAN ID of default VLAN is 1.

The name of default VLAN is VLAN0001.

The default VLAN contains all ports.

All ports of default VLAN is untagged by default.

VLAN Configuration The basic configuration of VLAN covers:

Create Single VLAN


vlan {<vlan-id>|<vlan-name>} Global Create VLAN and access VLAN configuration mode

Create VLAN in batch


vlan <vlan-list> [name <vlan-name>]

VLAN database Create VLAN in batch

Set VLAN byname

VLAN byname is for distinguishing VLANs, which could be group name, department or region. By default, VLAN byname is VLAN + VLAN ID, in which VLAN ID is 4 digits, if it is less than 4 digits, zeros will be added to make it a digit length of 4, for example, the VLAN byname is VLAN0004 by default if the ID is 4.




name <vlan-name> VLAN Specify VLAN byname

Set VLAN link types of Ethernet port

VLAN link types of ZXR10 T160G/T64G Ethernet port include: Access mode, Trunk mode and Hybrid mode, the default is Access mode.

The port of access mode, which is untagged, can only belong to one VLAN, it usually serves as the port connecting computer.

Trunk mode port, which must be tagged, can belong to multiple VLANs; it can receive and transmit message of multiple VLANs; usually it serves as trunk port of connection between switches.

Hybrid mode port can belong to multiple VLANs, whether it should be tagged is determined by the user; it can receive and transmit message of multiple VLANs; it can be applied in connection between switches and can also be applied in connecting user computer.

The difference between hybrid port and trunk port lies in: Hybrid port can transmit tagged or untagged frame, while trunk port untagged when transmitting default VLAN message.


switchport mode {access|trunk|hybrid} Port Set VLAN link types of the port

Add Ethernet port to specified VLAN

Access port can only be added to one VLAN, while trunk port and hybrid port can be added to multiple VLANs.


switchport access vlan {<vlan-id>|<vlan-name>} Port Add Access port to specified

VLAN

switchport trunk vlan <vlan-list> Port Add Trunk port to specified VLAN

switchport hybrid vlan <vlan-list> [tag|untag] Port Add hybrid port to specified

VLAN

Set native VLAN(PVID) of Ethernet port

Access port belongs to only one VLAN, so its native VLAN is the VLAN it resides in, it is not necessary to set.

Trunk port and hybrid port belong to multiple VLANs, so it is necessary to set native VLAN. If the port native VLAN is set, when the port cannot receive frame without VLAN tag, forward the frame to the port belonging to the native VLAN. By default, the native VLAN of trunk port and hybrid port is VLAN 1.


switchport trunk native vlan {<vlan-id>|<vlan-name>} Port Set native VLAN of trunk port

switchport hybrid native vlan {<vlan-id>|<vlan-name>} Port Set native VLAN of hybrid port



Add VLAN member ports in batch

Command format Command Mode Command function

switchport {pvid|tag|untag} <port-list> VLAN Add VLAN member ports in batch

Switchport PVID is valid for all types of ports including Access, Trunk and Hybrid. All the PVIDs of selected ports become VLAN ID of specified VLAN after running the configuration.

Switchport tag is valid for Trunk and Hybrid ports.

Switchport untag is valid for Hybrid port.

Set port VLAN filtration

After enabling entrance filtration, if the entrance port is not included in the VLAN member set that the port-received frame belongs to, the frame will be discarded. By default, VLAN entrance filtration is enabled.


ingress filtering {enable|disable} Port Set port VLAN filtration mode

Port frame type filtration

Configuration port can accept all frames (including untagged and tagged frames) or only accept tagged frame. By default, it receives all frames.


acceptable frame types {all|tag} Port Set port-acceptable frame types

Create VLAN Layer3 interface

This VLAN must be created before creating VLAN layer3 interface.


interface {vlan <vlan-id>|<vlan-if>} Global Create VLAN layer3 interface

Open/Close VLAN Layer3 Interface

Open/Close VLAN Layer3 interface is to open/close VLAN Layer3 forwarding function, imposing no impact on the member ports of this VLAN. By default, when all Ethernet ports are in down status, the VLAN interface status is down; when one or more Ethernet ports are in up status, the VLAN interface status is up. The VLAN interface in up status can be shut forcibly.


shutdown VLAN interface Shut VLAN layer3 interface

no shutdown VLAN interface Open VLAN layer3 interface



Example of VLAN Configuration As shown in Figure 33, ports gei_3/1 and gei_3/2 of switch A and ports gei_7/1 and gei_7/2 of switch B belong to VLAN 10; ports gei_3/4 and gei_3/5 of switch A and gei_7/4 and gei_7/5 of switch B belong to VLAN 20, all are Access ports. The two switches are connected via ports gei_3/24 and gei_7/24 by trunk mode; the two ports are trunk ports.

F I G U R E 33 TY P I C AL N E T W O R K I N G O F VLAN

Vlan 10 Vlan 20

Trunkvlan 10,20

gei_3/24 gei_7/24

Vlan 10 Vlan 20

Switch BSwitch A

gei_3/1gei_3/2 gei_3/5

gei_3/4 gei_7/1gei_7/2 gei_7/5

gei_7/4

Switch A configuration:

ZXR10_A(config)#vlan 10

ZXR10_A(config-vlan)#switchport pvid gei_3/1-2


ZXR10_A(config-vlan)#switchport pvid gei_3/4-5

ZXR10_A(config)#interface gei_3/24

ZXR10_A(config-if)#switchport mode trunk

ZXR10_A(config-if)#switchport trunk vlan 10


Switch B configuration:

ZXR10_B(config)#vlan 10

ZXR10_B(config-vlan)#switchport pvid gei_7/1-2


ZXR10_B(config-vlan)#switchport pvid gei_7/4-5

ZXR10_B(config)#interface gei_7/24

ZXR10_B(config-if)#switchport mode trunk

ZXR10_B(config-if)#switchport trunk vlan 10




PVLAN Configuration To isolate messages of users for better network security, the traditional solution is to assign a VLAN to each user. The limitations of this method are as follows:

Presently, the maximum number of VLAN supported by IEEE 802.1Q standard is 4094, so the number of users is limited; consequently, it goes against network expansion.

Each VLAN is corresponding to one IP subnet, so a large quantity of subnets divided is a waste of IP addresses.

Planning and management of a large quantity of VLAN and IP subnets complicates network management.

The new technology PVLAN (Private VLAN) solves all the problems.

PVLAN classifies ports in VLAN into two categories: Isolate port connecting with users, and Promiscuous port uplinking router. Isolate port can communicate with promiscuous port only, the communication between them are disabled. So, ports in the same VLAN are isolated, users can only communicate with default gateway, as a result, the network security is ensured.

ZXR10 T160G/T64G supports 20 PVLAN groups, each group can select any port to isolate from each other. At most 8 ports can be selected to be uplink port.

Use the following commands to configure PVLAN:


vlan private-map session-id <id> [isolate <port-list>] [promis <port-list>]

Global Configure Isolate port and Promiscuous port

Use the following command to show PVLAN configuration:


show vlan private-map All modes except user mode

Show PVLAN configuration

Two Isolate groups are configured in the following configuration example:

Isolate group 1: gei_3/1, gei_3/2, fei_7/4 and fei_7/5 are isolate ports; gei_5/10 is promiscuous port.

Isolate group 2: gei_3/7, gei_3/8, fei_7/10 and fei_7/11 are isolate ports; gei_5/12 is promiscuous port.

The detailed configuration is as follows:

ZXR10(config)#vlan private-map session-id 1 isolate gei_3/1-2,fei_7/4-5 promis gei_5/10



ZXR10(config)#vlan private-map session-id 2 isolate gei_3/7-8,fei_7/10-11 promis gei_5/12

ZXR10(config)#show vlan private-map

Session_id Isolate_Ports Promis_Ports

---------- ------------------------ ------------------------

1 gei_3/1-2,fei_7/4-5, gei_5/10

2 gei_3/7-8, gei_5/12

ZXR10#

QinQ Configuration QinQ is a vivid name for the tunnel protocol based on IEEE 802.1Q encapsulation, which is also called VLAN stack. QinQ technology is to add a VLAN tag (outer tag) other than old VLAN tag (inner tag), the outer tag can shield the inner tag.

QinQ requires no support from protocol, by which L2VPN can be realized; it is particularly suitable for the small LAN with layer3 switch as the backbone.

The typical networking or QinQ technology is shown in Figure 34. The port connecting user network is called customer port; the port connecting SP network is called uplink port; the edge access device of SP network is called Provider Edge (PE).

F I G U R E 34 TY P I C AL Q I N Q N E T W O R K I N G

User Network 2CVLAN 1~100

SPVLAN 10customer port

SPVLAN 10uplink port

Switch APE PE

Switch B

User Network 1CVLAN 1~100

SPVLAN 10customer port

SPVLAN 10uplink port

SP Network

SPVLAN: Service Provider VLAN: CVLAN: Customer VLAN

The user network is usually accessed to PE via Trunk VLAN mode; Uplink ports in Service Provider (SP) network are symmetrically connected via Trunk VLAN mode.

When message reaches customer port of switch A from user network 1, no matter the message is tagged or untagged, switch A inserts outer tag (VLAN ID is 10) forcibly. In the SP network, the message transmits along VLAN 10 ports until it reaches switch B. Switch B finds that the port connecting user network 2 is customer port, so it peels off the outer tag according to



traditional 802.1Q, resumes the original message and transmits it to user network 2.

As a result, user network 1 and 2 can perform transparent transmission via SP network; user network can define its own private network VLAN ID, which will not cause conflict with SP network VLAN ID.

Use the following command to configure QinQ:


switchport <port-list> qinq {normal|uplink|customer|tpid <tpid>}

Global configure QinQ function of specified port

switchport qinq {normal|uplink|customer|tpid <tpid>}

Port Configure port QinQ function

Note:

When configuring QinQ, customer port of SPVLAN should be set to be untagged and uplink port should be set to be tagged.

Use the following command to view QinQ configuration information:


show qinq All modes except user mode

Show QinQ configuration information

As shown in Figure 34, assuming customer port of switch A is gei_3/1, uplink port is gei_3/24; if customer port of switch B is gei_7/1, uplink port is gei_7/24.




ZXR10_A(config-if)#switchport qinq customer

ZXR10_A(config-if)#switchport access vlan 10


ZXR10_A(config-if)#switchport qinq uplink






ZXR10_B(config-if)#switchport qinq customer



ZXR10_B(config-if)#switchport access vlan 10


ZXR10_B(config-if)#switchport qinq uplink



SuperVLAN Configuration Traditional ISP network assigns one IP subnet to each user. Three IP addresses are occupied when one subnet is assigned, which respectively serve as subnet number, broadcast address and default gateway. A large quantity of unassigned IP addresses in the user subnets cannot be assigned to other users. Obviously this method is a waste of IP address.

SuperVLAN solves the problem effectively. It converges multiple VLANs (called subvlan) into a SuperVLAN; all the subvlans use the same IP subnet and default gateway.

Taking advantage of SuperVLAN technology, what is needed for ISP is to assign one IP subnet for SuperVLAN and create one subvlan for each user; all subvlans can assign IP addresses in SuperVLAN subnet flexibly and use SuperVLAN default gateway. Every subvlan is an independent broadcast domain, ensuring isolation between different users; communication between subvlans is routed via SuperVLAN.

SuperVLAN configuration of ZXR10 T160G/T64G covers:

Create SuperVLAN


interface supervlan <supervlan-id> Global Create SuperVLAN and access SuperVLAN configuration mode

Add sub-VLAN

One SuperVLAN can be bound with up to 8 VLANs. The sub-VLAN cannot be bound if it is configured to be Layer 3 interface.


supervlan <supervlan-id> VLAN Bind VLAN with specified SuperVLAN

Open/close inter-subvlan routing function

Inter-sub-VLANs routing function is enabled by default. After using the command, the inter-subVLANs communication is disabled, but sub-VLAN remains communication with outside of SuperVLAN.


inter-subvlan-routing SuperVLAN Open/close inter-sub-VLANs



{enable|disable} routing function

View SuperVLAN configuration information


show supervlan [<supervlan-id>]


Show SuperVLAN configuration information

As shown in Figure 35, configure SuperVLAN in switch A, assigning subnet 10.1.1.0/24, gateway is 10.1.1.1. Configure two sub-VLANs in switch B, including VLAN 2 and VLAN 3, belonging to SuperVLAN. Switch A is connected to switch B via Trunk port.

F I G U R E 35 E X AM P L E O F S U P E R VLAN C O N F I G U R AT I O N

Switch A

…

VLAN 2

…

VLAN 3SubVLAN

SuperVLAN10.1.1.0/24

gei_3/1gei_3/10gei_5/1

gei_5/10

gei_7/10

gei_8/10Switch B


*Create superVLAN , assign subnet and specify gateway */

ZXR10_A(config)#interface supervlan 10

ZXR10_A(config-int)#ip address 10.1.1.1 255.255.255.0

/*Add SubVLAN to SuperVLAN*/


ZXR10_A(config-vlan)#supervlan 10


ZXR10_A(config-vlan)#supervlan 10

/*Set vlan trunk port*/


ZXR10_A(config-int)#switch mode trunk

ZXR10_A(config-int)#switch trunk vlan 2-3





ZXR10_B(config-int)#switch access vlan 2








ZXR10_B(config-int)#switch mode trunk

ZXR10_B(config-int)#switch trunk vlan 2-3

VLAN Maintenance and Diagnosis ZXR10 T160G/T64G provides related show commands for easier VLAN maintenance and diagnosis.


show vlan [brief|access|trunk|hybrid|id <vlan-id> [ifindex]|name <vlan-name> [ifindex]]


View VLAN configuration

Taking advantage of the command, you can view the information of all VLANs, VLAN with specified ID, and VLAN with specified name; you can also view the information of the VLAN with port mode of Access, Trunk and Hybrid. Two examples are presented:

View configuration information of all VLANs

ZXR10(config)#show vlan

VLAN Name Status Said MTU IfIndex PvidPorts UntagPorts TagPorts

------------------------------------------------------------------

1 VLAN0001 active 100001 1500 0 gei_7/5-12

10 VLAN0010 active 100010 1500 0 gei_7/1-3

100 VLAN0100 active 100100 1500 0 gei_7/3-4

130 VLAN0130 active 100130 1500 0 gei_7/4 gei_7/4

136 VLAN0136 active 100136 1500 0 gei_7/4

200 VLAN0200 active 100200 1500 0 gei_7/3

ZXR10(config)#

View information of all VLANs whose port mode is Trunk

ZXR10(config)#show vlan trunk

VLAN Name Status Said MTU IfIndex PvidPorts UntagPorts TagPorts

------------------------------------------------------------------



1 VLAN0001 active 100001 1500 0

10 VLAN0010 active 100010 1500 0 gei_7/3

100 VLAN0100 active 100100 1500 0 gei_7/3

130 VLAN0130 active 100130 1500 0

136 VLAN0136 active 100136 1500 0

200 VLAN0200 active 100200 1500 0 gei_7/3

ZXR10(config)#





C h a p t e r 8

MAC Table Operation

This chapter describes the content and related knowledge of MAC address table and related configuration of MAC address table in ZXR10 T160G/T64G. It covers:

MAC address table overview

MAC Address table Configuration

Examples of MAC address table configuration

MAC Address Table Overview Media Access Control (MAC) address is the hardware identifier of network device, based on which, the switch forwards message. MAC address is unique, ensuring proper forwarding of message.

Every switch maintains one MAC address table. In this table, MAC address and switch port have one-to-one correspondence. When the switch receives data frame, it determines filtering or forwarding it to correspondent switch port. MAC address table is the basis and prerequisite of fast forwarding for the switch.

The Composition and Meaning of MAC Address Table The entry of MAC address table is uniquely identified by MAC address and VLAN ID; the entries with identical MAC address and VLAN ID are considered to be the same entry. Entries of MAC address table in ZXR10 T160G/T64G cover:

MAC address: e.g. 00D0.8756.95CA.

VLAN ID: If a port is set to belong to multiple VLANs, the same MAC address will correspond to multiple VLAN ID.

Port Number: Such as gei_2/3, smartgroup1.

Other related flags: indicating status and operation of MAC address



Related flags of MAC address entries in ZXR10 T160G/T64G include the following five categories:

Static: indicating whether MAC address is static

Permanent: Indicating permanent MAC address

to-static: Indicating whether MAC address is burnt in

src_filter: Indicating whether filtering the frame of source MAC address

dst_filter: Indicating whether filtering the frame of target MAC address

When the switch is performing layer2 forwarding, it searches MAC address table and VLAN table according to target MAC address of data frame with the purpose of knowing the destination port of the data frame forwarding.

When the switch is performing Layer 3 fast forwarding, after it gets MAC address corresponding to next-hop IP address, it also needs to know the destination port of the packet forwarding by searching MAC address table.

MAC Address Categories MAC address in MAC address table in ZXR10 T160G/T64G can be classified into the following three categories:

Dynamic MAC address

The switch learns the dynamic MAC address via data frame in the network, and the dynamic address will be deleted when aging time is approaching. When the switch port connected with the device changes, the correspondence between MAC address in the MAC address table and port will also change correspondingly. Dynamic MAC address will disappear when the switch is powered off and restarted; it has to be re-learnt.

Static MAC address

Static MAC address is generated via configuration, so it will not be aged. No matter how the switch port connected with the device changes, the correspondence between MAC address in the MAC address table and port will never change. Static MAC address will also disappear when the switch is powered off and restarted; it has to be reconfigured.

Permanent MAC address

Permanent MAC address is also generated via configuration, so it will not be aged. No matter how the switch port connected with the device changes, the correspondence between MAC address in the MAC address table and port will never change. Saved permanent MAC address will not disappear after the switch is powered off and restarted.

MAC Address Table Creation and Deletion Initially, the MAC address table of the switch is blank. MAC address table must be created for fast forwarding. Meanwhile, the switch has to delete old

Chapter 8 MAC Table Operation


MAC address table entries and upgrade changed entries owing to limited MAC address table capacity and frequent replacement of network devices.

Dynamic Learning The switch learns dynamic MAC address in MAC address table. The process that the switch learns MAC address is as follows:

The switch will analyze the source MAC address and VLAN ID (Assuming MAC1+VID1) when a port receives a data frame. If the MAC address is legal and can be learnt, search MAC address table with MAC1+VID1 as key value. If the address is unavailable in the MAC address table, add it to the table; if the address is available in the MAC address, update the entries.

Note: MAC address learning is to learn source MAC address of data frame rather than

destination MAC address.

MAC address learning learns unicast address only, for broadcast and multicast addresses, it doesn’t learn.

MAC Address Aging The capacity of MAC address table is limited. In order to utilize MAC address table resources effectively, the switch provides MAC address aging function.

If the switch doesn’t receive data frame transmitted by a certain device in a period of time (the set aging time), namely, it doesn’t receive the data frame whose source MAC address is this device’s MAC address, the switch will think that the device has left the network or no network communication is being performed. Here, the switch will delete MAC address of the device from the MAC address table, by which, the switch MAC address table can be updated in time.

MAC address aging can be applicable to dynamic MAC address only.

Adding and Deleting Manually If the network is relatively stable, and the switch port connected with a device is always fixed, directly add MAC address entries to switch MAC address table via configuration command MAC address can be configured to be one of the three categories: dynamic, static, and permanent. Adding static or permanent MAC address can prevent MAC-cheat network attack..

The added MAC addresses can be deleted via MAC address deletion command. Use deletion command in ZXR10 T160G/T64G to forcibly delete MAC address learnt dynamically, to let it relearn.

MAC Address Table Configuration The switch MAC address table can run normally using default setup. Appropriate configuration to MAC address table can enhance network stability.



The configuration of MAC address table covers:

Setting MAC Address Aging Time The setup of MAC address aging time will affect the switch performance.

If the set MAC address aging time is too short, the switch may delete many valid MAC address table entries, causing that the switch broadcast cannot find the destination MAC address message, occupying the bandwidth of the switch.

If the set MAC address aging time is too long, the switch may save a lot of outdated MAC address table entries thus exhaust MAC address table resources, which may cause that new MAC address cannot be added to MAC address table. Consequently, forwarding will also be affected.

Use the following command to configure MAC address aging time.


mac aging-time <time> Global Setting dynamic MAC address aging time

The default aging time of MAC address in ZXR10 T160G/T64G is 300s; the configurable range is 10s~630s.

Burning MAC Address If the network is stable after a period of running, the position of device connected with switch port is fixed, namely, port corresponding to MAC address in switch MAC address table is fixed. MAC address can be burnt.

Burning MAC address is to convert all dynamic MAC addresses in the MAC address table into static; the converted address will not take part in aging. At the same time, if the data frame whose source MAC address is converted MAC address appears in other ports, the switch will not relearn.

The configuration command of burning MAC address is as follows:


mac to-static [interface <interface-name>|smartgroup <smartgroup-id> {disable|enable}

Global Continue/cancel burning MAC address

Note: These MAC addresses will not be saved permanently after burning MAC address; it will disappear when the switch is powered off and restarted.



Binding MAC Address to Port In ZXR10 T160G/T64G, add static or permanent MAC address to MAC address table via configuration to implement MAC address binding in the port. After binding MAC address, the correspondence between MAC address and port is fixed, and the address will not be learnt. The binding relationship will not be terminated until the address is deleted manually.

The configuration command of binding port MAC address is as follows:


mac add {static|permanent} <mac-address> {ethernet <port-name>|smartgroup <smartgroup-id>} [vlan <vlan-id>]

Global Add MAC address.

mac delete {<mac-address>|ethernet <port-name>|smartgroup <smartgroup-id>} [<vlan-id>]

Global Delete MAC address

Note: If specified VLAN ID is unavailable when adding MAC address, add according to

PVID or the port.

When deleting MAC address, if specified port and VLAN ID are unavailable, delete all MAC address items matching with MAC-address parameters.

Enable Port MAC Address Learning By default, the MAC address learning function of switch port is enabled; the port can freely learn MAC address dynamically. If the devices connected with switch ports are all fixed, MAC address binding can be performed. Configure manually all possible MAC addresses in the port, and then disable port MAC address learning.

The configuration command of port MAC address learning is as follows:


mac learning ethernet <port-name> {disable|enable} Global Set port mac address learning

Limit Number of Port MAC Address The capacity of switch MAC address table is limited, when the number of users is large, reaching the maximum capacity, we can limit the number of MAC addresses that the low-priority-user-resident port can learn.

By limiting number of port MAC addresses, network attacks that attempts to flood or overflow the MAC address table can be prevented.



The configuration command of limiting number of MAC addresses is as follows:


mac limit-num [ethernet <port-name>] <max-number> Global Limit number of port mac

address

By default, the switch imposes no restriction on number of port MAC addresses. Configured number of port MAC address restriction can be cancelled by setting the number of restricted MAC address to be zero.

Port MAC Address Learning Protection ZXR10 T160G/T64G provides the function of port MAC address learning protection. When detecting MAC address learning anomaly, the switch will protect the MAC address learning of this port for a period of time. Once the port enters protection status, it will not learn new address; when the protection time is up, the port enters MAC learning status again.

Setting port MAC address learning protection in ZXR10 T160G/T64G requires the following procedures:

Set number restriction of port MAC address learning

Open the enable switch of port MAC address learning protection.

Set the protection time of protected port.

The detailed configuration command is as follows:


mac protect [ethernet <port-name>] {disable|enable} Global Set port MAC address learning

protection

mac protect time <time> Global Set port MAC address learning protection time

By default, the switch port MAC address learning function is disabled. Please reserve sufficient margin when configuring number restriction of port MAC address in order to use port MAC address learning protection function.

MAC Address Filtering To prevent invasion of illegal users, ZXR10 T160G/T64G supports data frame filtering according to MAC address, which covers the following three categories:

Match only source MAC address of data frame, namely, if the source MAC address of data frame is the set MAC address, the filtration will be performed.

Match only destination MAC address of data frame, namely, if the destination MAC address of data frame is the set MAC address, the filtration will be performed.



Match source or destination MAC address of data frame, namely, if the source or destination MAC address of data frame is the set MAC address, the filtration will be performed.

The configuration command of MAC address filtering is as follows:


mac filter {source|both|destination} <mac-address> <vlan-id>

Global Set filtration according to MAC address

Inputting port name is not needed when configuring MAC address filtration, for the switch will filter data frame from any port. Deleting the MAC address will cancel the configured MAC address filtration.

View MAC Address Table View MAC address table entries via the following command, the displayed MAC addresses include dynamically learnt address and manually added address.


show mac [dynamic|static|permanent|to-static | src-filter|dst-filter|<mac-address>|interface <interface-name>|vlan <vlan-id>]

All modes Show MAC address entries

Example: Show all MAC address table entries.

ZXR10(config)#show mac

Total mac address : 6

MAC_Address port vid static locked src_filter dst_filter

------------------------------------------------------------------

0000.0000.0018 fei_8/6 200 0 0 0 0

0000.0000.2222 1 1 1 1 0

0000.0000.0022 fei_8/14 888 0 0 0 0

0000.0000.1111 gei_3/3 888 1 0 0 0

0000.0000.3333 gei_3/3 888 1 1 0 0

0000.0000.0021 fei_8/12 888 0 0 0 0

------------------------------------------------------------------

ZXR10(config)#



Examples of MAC Address Table Configuration As shown in Figure 36, switch A and switch B are connected via convergence link smartgroup1, switch B is connected with three PCs and one ZXR10 2826E, the detailed data is as follows:

Device MAC Address Switch Port VLAN

PC1 0X00D0.8765.95CA fei_2/1 1

PC2 0X00D0.8765.95CB fei_2/3 2

PC3 0X00D0.8765.95CC fei_2/5 3

ZXR10 2826E ---------- fei_2/7 4

PC1, PC2 and PC3 serve as servers; MAC address should be bound with port of switch B. Owing to the large number of users connected to ZXR10 2826E, port MAC address learning protection should be set in the corresponding ports of switch B. The protected number is 1000, protection time is 120s. The MAC address aging time of switch B should be set to be 180s.

F I G U R E 36 E X AM P L E O F MAC AD D R E S S TAB L E C O N F I G U R AT I O N

PC 1ZXR10 2826E

Smartgroup1

Switch A

Switch B

PC 2 PC 3


/*Configure port MAC address binding*/

ZXR10_B(config)#mac add permanent 00D0.8765.95CA ethernet fei_2/1 vlan 1

ZXR10_B(config)#mac add permanent 00D0.8765.95CB ethernet fei_2/3 vlan 2

ZXR10_B(config)#mac add permanence 00D0.8765.95CC ehernet fei_2/5 vlan 3

/*Configure port MAC address learning protection*/

ZXR10_B(config)#mac limit-num ethernet fei_2/7 1000



ZXR10_B(config)#mac protect ethernet fei_2/7 enable

ZXR10_B(config)#mac protect time 120

/*Configure MAC address aging time*/

ZXR10_B(config)#mac aging-time 180





C h a p t e r 9

STP Configuration

This chapter describes the content and related knowledge of STP protocol and related configuration in ZXR10 T160G/T64G. It covers:

STP Overview

Configuring STP

Examples of configuring STP

STP maintenance and diagnosis

STP Overview Spanning Tree Protocol (STP) is applicable to loop network. It can block some redundant paths via specific algorithm, prune loop network into loop-free tree topology, to prevent the message proliferation and endless cycling in the loop network.

STP protocol is implemented via participating in exchanging BPDU (Bridge Protocol Data Unit) of all STP switches in a extended LAN. The following operations can be implemented via exchanging BPDU messages:

1. Select a root bridge in a stable SPT topology.

2. Select a specified switch in every switching network.

3. Set the redundant switch port to be Discard to avoid loop in topology network.

STP module of ZXR10 T160G/T64G supports three modes including SSTP, RSTP and MSTP, which respectively comply with IEEE802.1d, IEEE802.1w and IEEE802.1s.

SSTP Mode SSTP (Single Spanning Tree Protocol) fully complies with IEEE802.1d in functionality. Bridge running STTP mode can interconnect with RSTP and MSTP bridge.



RSTP Mode RSTP (Rapid Spanning Tree Protocol) provides higher convergence speed than STP (i.e. SSTP mode), namely when the network topology is changing, the status of old redundant switch port can be transferred (From Discard to Forward) quickly in the case of point-to-point connection.

MSTP Mode The concept of instance and VLAN mirroring are added in MSTP (Multiple Spanning Tree Protocol); SSTP mode and RSTP mode can both be considered to be instances of MSTP mode, namely, the case that only one instance 0 exists. MSTP mode also provides fast convergence and load balance in VLAN environment.

In SSTP and RSTP modes, there is no concept of VLAN. There is only one status for each port that is forwarding statuses of ports in different VLANs is consistent. While in MSTP mode, there are multiple spanning tree instances, forwarding statuses of ports are different in different VLANs. Multiple independent subtree instances can be formed inside MST region to achieve load balance.

Some basic concepts of MSTP are presented in detail as follows:

MST Config ID MST Config ID refers to the forwarding plan with different VID frames, that is, all bridges in MST region forward to specific spanning tree (CIST or an MST instance) according to VID in frames.

MST Config ID consists of the following parts:

Configuration name: the 32-byte-long character string.

Version level: 2-byte-long non-negative integer

Configuration abstract: the signature generated according to MST Config Table and processed by MD5, with the length of 16 bytes.

MST Config Table consists of 4096 consecutive two bytes, the first and the last two bytes are zero, and other two bytes can represent a binary number. The second two bytes indicate the MSTID value corresponding to VID 1; the third two bytes indicate MSTID value corresponding to VID 2; and the rest may be deduced by analogy, the last but one two bytes indicate the MSTID value corresponding to VID 4094. Configuration abstract is obtained by processing MST Config Table and fixed key value via HMAC-MD5 algorithm. It can learn that a VID belongs to which MST instance or CIST via resolution.

MST Region Every MST region is composed of one or multiple connected bridges with the same MST Config ID; they enable multiple same instances. This region also contains the LAN whose designated bridge is one of these bridges in CIST instances.

Chapter 9 STP Configuration


Note:

The MST Config ID of bridge in a MST region must be the same; but bridges with same MST Config ID are not necessarily in the same MST region. For example: If two bridges with same MST Config ID are connected via LAN belonging to another MST region, the two bridges belong to different MST region.

In MST region, there exist different spanning tree topologies: IST (Internal Spanning Tree), MST1, MST2…and MSTn. Every MSTi can be called MSTI (MST Instance), bridges forward specific VID frame according to paths (MSTI spanning tree topology) corresponding to VID. The correspondence between VID and MSTI is reflected in MST Config ID, while MSTI spanning tree topology is determined by parameters of system configuration priority.

MST Instances MST bridge must support implementation of two kinds of instances: one IST and multiple MST instances. IST is running in a region by default; all VLANs are configured to IST by default; IST is connected with all switches in the region, responsible for communication with other MST regions and SST regions outside. MST instance does not transmit BPDU message alone. Spanning tree information is contained in M-record, and transmitted as part of IST BPDU in the region.

CIST (Common and Internal Spanning Tree) Each IST inside MST area and CST outside comprise CIST, that is, inside MST area, CIST is the same with IST; outside of MST area, it is the same with CST.

IST Region Root Every MST region has one IST Region Root switch, which is the switch within the region with the lowest path cost to the CST root. If CIST Root is in an MST region, CIST Root is the IST Region Root of that MST region. After selecting IST Region Root, other ports directing to CIST Root in this region will be blocked.

MST BPDU MSTI in MST region does not communicate with outside; only IST exchanges BPDU message with outside. In the region, MSTI does not transmit BPDU message alone; MST BPDU message transmitted by IST contains MSTI information. MSTI indicates that it needs to transmit MST BPDU message via a flag, and the detailed message is transmitted by IST. Every MSTI needing to transmit BPDU saves its information in the M-record structure, which will be transmitted as part of IST BPDU.



Configuring STP Enable/Disable STP Use the following command to enable or disable STP protocol.


spanning-tree {enable|disable} Global Enable/Disable STP

Note: After disabling STP protocol in ZXR10 T160/T64G, every port with the physical status of up should be set to be the status of forwarding.

Configuring STP Mode Use the following command to configure STP protocol mode.


spanning-tree mode {sstp|rstp|mstp} Global Setting STP Mode

The default mode of ZXR10 T160G/T64G is MSTP. Whichever mode configured can be compatible and interconnected with other two modes.

Configuring STP Protocol Parameters STP protocol parameters cover:

Max-age

In CST network spanning tree topology, the latest BPDU packet is transmitted to leaf node switch along CST spanning tree topology from Root switch. In the BPDU packets transmitted from Root switch, message-age value is 0; message-age value increases by 1 and max-age value remains unchanged when passing a middle node switch. When message-age value is greater than max-age value in the BPDU packet, the BPDU packet will be invalid.

Hello-time

Hello-time parameters are used to control the interval of transmitting BPDU packet.

Forward-delay

In the condition of non-rapid-state-migration, the parameter determines the delay interval (2×forward-delay) from state Blocking to Forwarding.

Max-hops



Max-hops value is determined by region root node of instance in MST region; the value decreases by 1 when passing one switching node. When the parameter value is decreased to 0, the BPDU packet becomes invalid. Message-age and max-age of BPDU message in MST region remain unchanged in the process of region transmission.

Use the following command to configure STP protocol parameters.


spanning-tree hello-time <time> Global Set STP hello time interval

spanning-tree forward-delay <time> Global Set STP forward delay

spanning-tree max-age <time> Global Set max age of BPDU packet

spanning-tree mst max-hops <1-40> Global Set max hops of BPDU packet

Note: In CST network spanning tree topology, all switch hello-time parameter values are determined by Root switch. Max-hops parameter value is valid only when serving as region root node of an instance in the MST region.

Creating Instances In MSTP mode, users can build a MST region by creating or deleting switches connected with instances, to implement rapid convergence and load balance.

Use the following command to access MSTP configuration mode.


spanning-tree mst configuration Global Access MSTP configuration mode

Use the following command to create instance:


instance <instance> vlans <vlan-id> MSTP Create MSTP instance

Note: ZXR10 T160G/T64G has and has only one instance 0 in SSTP and RSTP modes. In MSTP mode, instance 0 exists by default, so it cannot be deleted arbitrarily.



Update MST Configuration Name and Configuration Version To judge whether interconnected switches are in the same MST region, we need to check whether MST configuration name and configuration version are same.

Use the following command to set MST configuration name and configuration version.


name <string> MSTP Set MST configuration name

revision <version> MSTP Set MST configuration version

Note: The following four prerequisites are indispensable for a switch belonging to the same MST region: same MST configuration name, same MST configuration version, same INS-VLAN mapping table, and interconnected switches.

Configuring Switch Priority and Port Priority In the whole spanning tree topology region, the switch’s location in the whole CST spanning tree topology (whether can be selected as the root of the whole spanning tree) or the location in the instance spanning tree topology in MST region (whether can be selected as the region root of the instance) is determined by setting bridge priority of an instance.

Designate a bridge to be spanning tree root by setting bridge with low priority.

Designate specific port to be contained in spanning tree by setting port priority. Generally, the smaller the set value is, the higher the port priority is, and the probability that the port is contained in the spanning tree increases. If same priority is set to all ports in the bridge, the port priority will be determined by the index number of the port.

Use the following command to configure switch priority and port priority.


spanning-tree mst instance <instance> priority <priority> Global Set bridge priority of an instance

spanning-tree mst instance <instance> priority <priority> Port Set port priority of an instance



Note: The bridge priority and port priority of ZXR10 T160G/T64G can be configured only when the instance has been created.

Configuring Whether a Port in STP Protocol Participates in Spanning Tree Calculation In some specific environments, the participation of port in the spanning tree calculation is not required, such as the uplink port of switch or port connecting PC.

Use the following command to configure whether the port participates in spanning tree calculation.


spanning-tree {enable|disable} Port Set whether ports participate in spanning tree calculation

Instances of Configuring STP MSTP supports multiple MST regions, but it is recommended configuring one MST region. Usually run MST region in backbone network, serving as root of the whole CST, which can better implement network rapid convergence and load balance.

Instance 1 As shown in Figure 37, run MSTP in backbone network; MST region serves as root of CST, that is, CIST Root Bridge is inside the MST region. Switches A, B and C are configured in the same region; their initialization priority is 32768; determine CIST root and IST root according to MAC address. The respective address of the three switches is as follows:

Switch A: 000d.0df0.0101

Switch B: 000d.0df0.0102

Switch C: 000d.0df0.0103

Create two MST instances, to which the VLAN in this region should be mapped.

Run CST mode in switch D with the MAC address of: 000d.0df0.0104, and priority: 32768.



The purpose of this instance is to implement rapid convergence of the whole network and load balance of two links in switch A.

F I G U R E 37 MSTP C O N F I G U R AT I O N E X AM P L E N E T W O R K I N G D I AG R AM 1

Switch D

Switch B

Switch C root node ofinstance 1

The port isblocked in ins 2

The port isblocked in ins 1

Root node ofInstance 2

A, B and C belong to the same MST area, and the identityof this area in the network topology is CIST root.

Switch A


/*Configure MST region*/

ZXR10_A(config)#spanning-tree mode mstp

ZXR10_A(config)#spanning-tree mst configuration

ZXR10_A(config-mstp)#name zte

ZXR10_A(config-mstp)#revision 2

/*Map VLAN 1~10 to instance 1, VLAN 11~20 to instance 2*/

ZXR10_A(config-mstp)#instance 1 vlan 1-10

ZXR10_A(config-mstp)#instance 2 vlan 11-20



ZXR10_B(config)#spanning-tree mode mstp

ZXR10_B(config)#spanning-tree mst configuration

ZXR10_B(config-mstp)#name zte

ZXR10_B(config-mstp)#revision 2


ZXR10_B(config-mstp)#instance 1 vlan 1-10

ZXR10_B(config-mstp)#instance 2 vlan 11-20

/*Change the priority of switch B in instance 2, to make it become the Root of instance 2*/

ZXR10_B(config-mstp)#spanning-tree mst instance 2 priority 4096

Switch C configuration:




ZXR10_C(config)#spanning-tree mode mstp

ZXR10_C(config)#spanning-tree mst configuration

ZXR10_C(config-mstp)#name zte

ZXR10_C(config-mstp)#revision 2


ZXR10_C(config-mstp)#instance 1 vlan 1-10

ZXR10_C(config-mstp)#instance 2 vlan 11-20

/*Change the priority of switch C in instance 1, to make it become the Root of instance 1*/

ZXR10_C(config-mstp)#spanning-tree mst instance 1 priority 4096

Switch D reserves the default configuration.

Instance 2 As shown in Figure 38, switch B and C run in the same region, CIST root bridge C is outside of the region; one boundary port of switch B and C will be blocked

F I G U R E 38 MSTP C O N F I G U R AT I O N E X AM P L E N E T W O R K I N G D I AG R AM 2

Switch B Switch C

Switch ACIST Root

The difference between instance 2 and instance 1 lies in:

The boundary port blocks or forwards all VLANs for there exists only one instance that can communicate with outside in a region, there is no probability of load balance, and it cannot exert the advantages of MSTP mode. In the following figure, the link from switch A to switch C will block all VLANs, while the link from switch B to switch A will forward all VLANs.

STP Maintenance and Diagnosis ZXR10 T160G/T64G provides command show to view STP-related information and implements fault diagnosis.



1. Display detailed instance-based spanning tree information

Command format

Command Mode Command function

show spanning-tree instance <instance> All modes Display detailed instance-based

spanning tree information

2. Display spanning tree information of designated port


show spanning-tree interface <port-name> All modes Display spanning tree

information of designated port

3. Display statistical information of transmitting and receiving BPDU packets in designated port.


show spanning-tree statistics <port-name> All modes

Display statistical information of transmitting and receiving BPDU packets in designated port.

In the following three cases, even if switch STP function is enabled, the appearance of loop cannot be avoided, please take care when configuring.

Two switches are connected with multiple parallel links, one of the two switches configures link aggregations for these ports, and the other does not.

One switch configures aggregations for multiple ports, but one port in the aggregation port group connects with other ports of the device by self-loop.

Two switches connect two parallel links; either of the two parties cannot receive the BPDU packet transmitted by the opposite party for unknown reason.


C h a p t e r 10

Link Aggregation Configuration

This chapter introduces the principles and configuration of ZXR10 T160G/T64G Ethernet port link aggregation. It covers:

Overview of link aggregation

Configuring link aggregation

Instances of configuring link aggregation

Link aggregation maintenance and diagnosis

Overview of Link Aggregation Link Aggregation is also called Trunk; it refers to bundling multiple physical ports to be a logical port, to implement load balance of in/out flow in each member port. The switch determines from which member port to transmit message to the peer end switch according to port load sharing policy that the users configured. When the switch detects that one member port link is broken, it does not transmit messages in this port until this port link becomes normal. Link aggregation is a very important technology in adding link bandwidth, implementing link transmission flexibility and redundancy.

ZXR10 T160G/T64G supports static Trunk and LACP link aggregation modes.

Static Trunk adds multiple physical ports to trunk group, to form a logical port.This mode goes against observing status of link aggregation port.

LACP (Link Aggregation Control Protocol) complies with IEEE 802.3ad. LACP aggregates multiple physical ports to trunk group dynamically via protocol to form a logical port. LACP generates aggregation automatically to obtain the maximum bandwidth.

Configure link aggregation function in ZXR10 T160G/T64G in compliance with the following principles:



Thirty-two trunk groups totally can be configured, each trunk group contains up to eight member ports.

Support cross-interface-board aggregation, the member ports can be located at any interface board, but the selected port must work in full-duplex mode and the working rate must be consistent.

The modes of member ports could be access, trunk or hybrid, but they must be consistent.

In ZXR10 T160G/T64G, the logical ports formed by link aggregation are called SmartGroup, which can be used as ordinary port.

Configuring Link Aggregation Link aggregation configuration covers:

1. Creating trunk group


interface <smartgroup-name> Global Creating trunk group

2. Bundling port to trunk group, setting port aggregation mode


smartgroup <smartgroup-id> mode {passive|active|on} Port Bundling port to trunk group,

setting port aggregation mode

When the aggregation mode is set to be On, the port runs static trunk, two ends participating in aggregation should be set to be On mode.

When aggregation mode is active or passive, the port runs LACP. Active means that the port is in active negotiation mode. Passive means that the port is in passive negotiation mode. When configuring dynamic link aggregation, set the aggregation mode of one end of port to be active and the other end to be passive or set both ends as active.

Note:

The configuration of VLAN link type in member port must be consistent with that of smartgroup, otherwise it cannot be added into this trunk group.

3. Setting port link aggregation load sharing mode

ZXR10 T160G/T64G port link aggregation supports 6 types of load sharing modes which respectively based on source IP, destination IP, source and destination IP, source MAC, destination MAC, and source and destination. By default, MAC is based on source and destination MAC.


smartgroup load-balance <mode> Port Setting port link aggregation load sharing mode

Chapter 10 Link Aggregation Configuration


Instances of Configuring Link Aggregation As shown in Figure 39, switch A connects switch B via smartgroup port, which are composed of four physical ports by aggregation. The port mode of SmartGroup is trunk, bearing VLAN10 and VLAN20.

F I G U R E 39 E X AM P L E O F L I N K AG G R E G AT I O N C O N F I G U R AT I O N

Smartgroup10gei_5/1-4

Smartgroup11gei_3/5-8

Switch B

Switch A

trunk VLAN 10,20


/*Create trunk group*/

ZXR10_A(config)#interface smartgroup10

/*Bundle port to trunk group*/


ZXR10_A(config-if)#smartgroup 10 mode active







/*Modify VLAN link types of the smartgroup port*/

ZXR10_A(config)#interface smartgroup10




ZXR10_A(config-if)#switchport trunk native vlan 10


ZXR10_B(config)#interface smartgroup11


ZXR10_B(config-if)#smartgroup 11 mode passive









ZXR10_B(config)#interface smartgroup11




ZXR10_B(config-if)#switchport trunk native vlan 10

Link Aggregation Maintenance and Diagnosis ZXR10 T160G/T64G provides related show commands for easier link aggregation maintenance and diagnosis.

1. Display the aggregation status of member port


show lacp [<smartgroup-id>] internal


View the aggregation status of trunk group member port

Instance: view aggregation status of trunk group 2 member ports.

ZXR10(config)#show lacp 2 internal

Smartgroup:2

Actor Agg LACPDUs Port Oper Port RX Mux

Port State Interval Priority Key State Machine Machine

------------------------------------------------------------------

fei_3/17 selected 30 32768 0x202 0x3d current

collecting-distributing

fei_3/18 selected 30 32768 0x202 0x3d current

collecting-distributing

ZXR10(config)#

When Agg State is selected, and Port state is 0x3d, it means that the port aggregation is successful. If aggregation failed, the Agg state indicates unselected

2. View protocol packet counter of member ports

Chapter 10 Link Aggregation Configuration



show lacp [<smartgroup-id>] counter


View protocol packet counter of trunk group member ports

Instance: view protocol packet counter of trunk group 2 member ports.

ZXR10(config)#show lacp 2 counter

Smartgroup:2

Actor LACPDUs Marker LACPDUs Marker

Port Tx Rx Tx Rx Err Err

-------------------------------------------------------------------

fei_3/17 11 5 0 0 0 0

fei_3/18 10 6 0 0 0 0

ZXR10(config)#

Only when counter of protocol transmitting packets Tx and protocol receiving packets Rx of every member port is available, can the aggregation succeed.

3. View member ports of the peer end.

Command format Command Mode

Command function

show lacp [<smartgroup-id>] neighbors


View member ports of the peer end.

Instance: view the member port of the peer end of trunk group 2.

ZXR10(config)#show lacp 2 neighbors

Smartgroup 2 neighbors

Actor Partner Partner Port Oper Port

Port System ID Port No. Priority Key State

---------------------------------------------------------------

fei_3/18 8000,00d0.d0c0.0f60 513 0x8000 0x202 0x3d

fei_3/17 8000,00d0.d0c0.0f60 514 0x8000 0x202 0x3d

ZXR10(config)#

Where Partner Port No stands for port number of neighbors, when Port State is 0x3d, it means the aggregation of the two ends is successful.





C h a p t e r 11

IGMP Snooping Configuration

This chapter introduces principle and configuration of IGMP Snooping in ZXR10 T160G/T64G. It covers:

Overview of IGMP Snooping

Configuring IGMP Snooping

Instances of IGMP Snooping configuration

IGMP Snooping maintenance and diagnosis

Overview of IGMP Snooping IGMP Snooping is a feature of layer2 switch, it could restrict the forwarding of IP multicast traffic.

As shown in Figure 40, IGMP (Internet Group Management Protocol) runs between host and multicast router. IGMP Snooping monitors IGMP communication between host and router, ensuring that the switch could learn the ports belonging to multicast member before forwarding multicast packets, and get the multicast forwarding table. Here, multicast packet will be transmitted to ports in multicast forwarding table rather than all ports; as a result, it restricts the spread of multicast packet in the switch and boosts the utilization rate by avoiding unnecessary bandwidth waste.

F I G U R E 40 IGMP S N O O P I N G AP P L I C AT I O N

PC

Router

Switch

Run IGMP

Run IGMP Snooping



Join a Multicast Group The host joins corresponding multicast group by transmitting IGMP joining message. When the switch monitors the IGMP message transmitted by the host, the forwarding module creates a layer2 forwarding entry for the VLAN that the message-receiving port resides on. When other hosts in the same VLAN are interested in the multicast traffic and send a request of joining the group, the switch adds them to the existed forwarding entries.

The switch creates only one forwarding entry for each multicast group in the same VLAN, forwards the multicast traffic of the multicast group in all ports receiving a multicast group request message.

Leave a Multicast Group The hosts that joined multicast group must respond to IGMP query message transmitted by router periodically. As long as one host responds to IGMP query in a VLAN, the router must continue forwarding traffic of the multicast group that the host resides on to VLAN.

When a host wants to a multicast group, it could ignore the IGMP query message transmitted by router periodically (called “static leave”), or transmit IGMPv2 leave message of specified group.

When IGMP Snooping hears IGMPv2 leave message of specified group, the switch sends specified group query message to the port receiving the message, to query whether other hosts belonging to the multicast group are available in this port. If IGMP Snooping cannot receive any response message after several queries, it indicates that there are no hosts belonging to the multicast group in this port, and IGMP Snooping will delete corresponding ports in the layer2 forwarding entries; if receiving response message, it is not necessary to modify forwarding table.

Fast Leave The fast leave function of IGMP Snooping means that: When hearing IGMPv2 leave message of specified group, the switch does not transmit query message, instead, it deletes corresponding ports in the layer2 forwarding entries directly.

Please take care when enabling fast leave function in a VLAN, if one of the multiple hosts in a port leaves multicast group, other hosts of the same multicast group in the port cannot receive multicast traffic of the multicast group.

Configuring IGMP Snooping Basic Configuration Basic configuration of IGMP Snooping contains:

Chapter 11 IGMP Snooping Configuration


1. Global enable IGMP Snooping


Command function

ip igmp snooping Global Global enable IGMP Snooping

2. Enable IGMP Snooping in VLAN


Command function

igmp snooping VLAN Enable IGMP Snooping in VLAN

3. Configure whether to broadcast multicast data when IGMP Snooping is enabled but there is no user.


Command function

Igmp snooping drop <ip-address> [num< num>] vlan

Configure whether to broadcast multicast data when IGMP Snooping is enabled but there is no user.

4. Configure fast leave


Command function

igmp snooping fast-leave VLAN Configure group fast leave in VLAN

Configure Proxy Querier Usually, there is at least one multicast router in multicast network, transmitting IGMP query message periodically. If there is no multicast router in the network, you can configure proxy querier for transmitting IGMP query message.

1. Configure IGMP Snooping proxy querier function


Command function

ip igmp snooping querier Global Configure IGMP Snooping proxy querier function

2. Configure query-interval of proxy querier


Command function

ip igmp snooping query-interval <interval> Global Configure query-interval of proxy

querier

3. Configure maximum query-response-interval


Command function

ip igmp snooping query-response-interval <interval> Global Configure maximum

query-response-interval



Limit Multicast Group Impose some restrictions on multicast group in ZXR10 T160G/T64G.

1. ACL filter the group


Command function

igmp snooping acl <acl-number> VLAN ACL filter the group

2. Limit the maximum-group-number


Command function

igmp snooping max-group-num <number> VLAN Configure the permitted

max-group-number in VLAN

Static Configuration Static configuration will not age and can only be deleted statically.

1. Configure static users in VLAN


Command function

igmp snooping static <ip-address> interface <port-name> VLAN Configure static users in VLAN

When a user needs to join a multicast group, but IGMP and IGMP Snooping are not in operation, so it cannot be monitored, here static configuration can be performed.

2. Configure multicast router interface in VLAN


Mode Command function

igmp snooping mrouter interface <port-name> VLAN Configure multicast router

interface in VLAN

It is applied when PIM-Snooping is not configured or connecting to multicast router that does not transmit query message.

Modify Default Time 1. Modify user’s aging time


Command function

igmp snooping host-time-out <time> VLAN Modify user’s aging time

2. Modify last-member-query-interval

Command format Command Command function

Chapter 11 IGMP Snooping Configuration


Mode

igmp snooping last-member-query-interval <interval>

VLAN Modify last-member-query-interval

3. Modify aging time of routing port


Command function

igmp snooping mrouter-time-out <time> VLAN Modify aging time of routing port

Instances of IGMP Snooping Configuration As shown in Figure 41, ports fei_1/1, fei_1/3, and fei_1/5 connect host, port fei_3/1 connects multicast router, and all the ports belong to VLAN10. Enable IGMP Snooping function in the switch.

F I G U R E 41 E X AM P L E O F IGMP S N O O P I N G C O N F I G U R AT I O N

IGMP Router

fei_3/1

fei_1/1Switch

fei_1/3fei_1/5

Switch configuration:

ZXR10(config)#ip igmp snooping

ZXR10(config)#vlan 10

ZXR10(config-vlan)#igmp snooping

IGMP Snooping Maintenance and Diagnosis ZXR10 T160G/T64G provides show command to view information related to IGMP Snooping, helping with maintenance and diagnosis.

1. Display IGMP Snooping configuration information of specified VLAN




Command function

show ip igmp snooping vlan <vlan-id>


Display IGMP Snooping configuration information of specified VLAN

2. Display port information related to IGMP Snooping


Command function

show ip igmp snooping port-info vlan <vlan-id>


Display port information related to IGMP Snooping

3. Display statistical information of IGMP message


Command function

show ip igmp snooping statistic [clear | interface <port-name>]


View IGMP message statistical information of all or specified ports

ZXR10 T160G/T64G also provides debug command to debug IGMP Snooping, tracing related information.


Command function

debug ip igmp-snooping Privileged Turn on the debugging switch of IGMP Snooping

Instance: Tracing the process of transmitting and receiving packets of IGMP Snooping.

ZXR10#debug ip igmp-snooping

ZXR10#

IGMP SNOOPING Rcv 224.1.1.1 Group Report Msg: From Vlan 1, Port fei_4/10

IGMP SNOOPING Rcv 224.1.1.1 Group Report Msg: From Vlan 1, Port fei_4/11

...


C h a p t e r 12

Network Protocol Configuration

This chapter introduces IP address and ARP protocol, it also describes related configuration of ZXR10 T160G/T64G. It covers:

IP address

ARP configuration

IP Address Introduction to IP Address Network layer address in the IP protocol stack refers to IP address. An IP address is composed of two parts, the network ID part and the host ID part. The network ID is used to reference a specific network. The host ID is used to identify a specific device on that network

IP addresses fall into 5 classes including A, B, C, D, and E, classes A, B, and C are popular, class D address is network multicast address, and class E address is reserved. Table 23 presents the range of each class of address.

T AB L E 23 R A N G E O F IP AD D R E S S E S

Category Header characteristic bit

Network bit

Host bit Range

Class A 0 8 24 0.0.0.0~127.255.255.255

Class B 10 16 16 128.0.0.0~191.255.255.255

Class C 110 24 8 192.0.0.0~223.255.255.255

Class D 1110 Multicast Address 224.0.0.0~239.255.255.255

Class E 1111 Reserved 240.0.0.0~255.255.255.255



In class A, B, and C addresses, some are reserved for private network, it is recommended using private network address when constructing internal network. These addresses are:

Class A: 10.0.0.0~10.255.255.255

Class B: 172.16.0.0~172.31.255.255

Class C: 192.168.0.0~192.168.255.255

The original intension of dividing addresses like this is to facilitate routing protocol design, judging network type from the header characteristic bit of the IP address. However, this method cannot make maximal use of addresses, as a result, the shortage of addresses is becoming increasingly serious with the development of Internet.

To make maximal use of IP addresses, we can divide one network into multiple subnets. By means of borrowing, borrow from the maximum of the host ID to serve as subnet ID, and the remainder of the host ID is still host ID. Here, IP address is composed of three parts: network ID, subnet ID and Host ID. Network ID and subnet ID identify a network uniquely. Use subnet mask to determine the network ID, subnet ID, and host ID parts in the IP address. The part with the subnet mask of 1 corresponds to network ID and subnet ID in IP address, the part with the subnet mask of 0 corresponds to host ID.

The division of subnet boosts utilization rate of IP address significantly, which, to some extent, relieves the problem of IP address shortage.

Regulations regarding IP address:

0.0.0.0 will be employed when the host without IP addresses boots; it obtains address via RARP, BOOTP, and DHCP, in routing table, the address is also used as default route.

255.255.255.255 is for broadcast destination address and it cannot be used as source address.

127.X.X.X is called loop-back address, which can be used to represent “this computer” even if the real IP address of the host is unknown.

The address with the host ID of all zeroes represents the network itself; the address with the host ID of all “1” is used for the network broadcast address.

For legal host IP address, the network part or the host part cannot be all “0” or all “1”.

Basic Configuration of IP Address The IP address configuration is performed in interface configuration mode, the procedures of which are as follows:

1. Access interface configuration mode


Command function

interface <interface-name> Global Access interface configuration

Chapter 12 Network Protocol Configuration


mode If the interface does not exist, create it and access interface configuration mode

2. Set interface IP address


Command function

ip address <ip-address> <net-mask> [<broadcast-address>] [secondary]

VLAN interface Set interface IP address

Instances of IP Address Configuration Assuming that layer3 interface VLAN1 is created in ZXR10 T160G/T64G, configure the IP address of the interface to 192.168.3.1, and mask to be 255.255.255.0. The detailed configuration is as follows:

ZXR10(config)#interface vlan 1

ZXR10(config-if)#ip address 192.168.3.1 255.255.255.0

Use show ip interface command to view interface IP address.

ARP Configuration Overview of ARP A network device should know the IP address of the destination device and its physical address (MAC address) when transmitting data to another network device. The function of ARP (Address Resolution Protocol) is mapping IP address to physical address to ensure successful communication.

First, the source device broadcast carries the ARP request of destination device IP address, so all devices in the network will receive this ARP request. If a device finds that the IP address in the request and its own IP address match, it will transmit a response containing MAC address to source device. The source device obtains the MAC address of the current device via this response.

The mapping relationship between IP address and MAC address is cached in the local ARP table with the purpose of reducing ARP packets in the network to transmit data more rapid. When the device needs transmitting data, it will search ARP table according to IP address, if MAC address of destination device is found in the ARP table, transmitting ARP request is not needed. Dynamic entries in the ARP table will be deleted automatically after a period of time, which is called ARP aging time.

Basic Configuration of ARP The configuration of ARP covers:



1. Configure aging time of ARP entries in ARP buffer


Command function

arp timeout <timeout> VLAN interface

Configure aging time of ARP entries in ARP buffer

2. Clear all dynamic ARP entries in the ARP buffer of specified interface


Command function

clear arp-cache [<interface-name>] Privileged Clear all dynamic ARP entries in the interface ARP buffer

Instances of configuring ARP One configuration instance of ARP is as follows:


ZXR10(config-if)#arp timeout 1200

Use the following command to view ARP entries of specified interface.


Command function

show arp [<interface-name>] All modes Display ARP entries of interface

View ARP table of layer3 interface VLAN1:

ZXR10#show arp vlan1

Address Age(min) Hardware Addr Interface

10.1.1.1 - 000a.010c.e2c6 vlan1

10.1.100.100 18 00b0.d08f.820a vlan1

ZXR10#


C h a p t e r 13

Static Route Configuration

This chapter describes static route and its configuration, including special summary static route or default route.

Basic configuration of static route

Instance of static route configuration

Maintenance and diagnosis of static route

Basic Configuration of Static Route Static Route is that the network administrator specifies routing information to routing table via configuration command, unlike dynamic route creating routing table according to routing algorithm. When configuring dynamic route, sometimes we need to transmit the routing information of the whole Internet to a router, which exceeds the load of the router, in such situation, static route can be employed to solve the problem. Application of static route, which requires relatively fewer configurations, can avoid the usage of dynamic route. But the configuration of static route will become complicated when in the environment with multiple routers and multiple paths.

The configuration of static route uses ip route command.


Command function

ip route [vrf <vrf-name>] <prefix> <net-mask> {<forwarding-router's-address>| <interface-name>} [<distance-metric>] [tag <tag>]

Global Create static route

Tag value is the identifier of route; two static routes (with different next-hop) to the same destination network cannot have the same tag value.



Instance of Static Route Configuration Configuring Static Route A simple network with three routers connected is shown in Figure 42.

F I G U R E 42 C O N F I G U R I N G S T AT I C R O U T E

R1 R2 R3

192.168.3.1/24

192.168.4.1/24

192.168.4.2/24

192.168.5.1/24

192.168.5.2/24

192.168.6.1/24

If R1 needs to access network in R3, the static route configuration is as follows:

ZXR10_R1(config)#ip route 192.168.5.0 255.255.255.0 192.168.4.2


We can see that from the above configuration information, static route is configured in global configuration mode; only one static route can be configured once. Behind the command ip route, is remote network, subnet mask and next-hop IP address reaching remote network. In other words, if R1 wants to transmit message to network 192.168.5.0/24, it must deliver the message to R2 with the IP address of 192.168.4.2; moreover, R1 and R2 are connected directly.

Another way to configure static route is as follows:

ZXR10_R1(config)#ip route 192.168.5.0 255.255.255.0 vlan2


This configuration is similar to the method mentioned above. The only difference is that in the above method, next-hop IP address is applied while in this method, local interface is applied, that is to say, it transmits all messages towards network 192.168.5.0/24 and 192.168.6.0/24 from VLAN2 instead of routing to next-hop logical address.

If multiple paths to the same destination are available, configure the router with multiple static routes with different administrative distance values, but the routing table will only show the routing information with the minimum distance value. Because when the router is notified that there are multiple competitive sources to a network, the route with the minimum administrative distance value has a higher priority. Parameter distance-metric in static route configuration command ip route can be used to change the administrative distance value of a static route. Assume that there are two different routes from R1 to 192.168.6.0/24 network segment, and the configuration is as follows:

Chapter 13 Static Route Configuration



ZXR10_R1(config)#ip route 192.168.6.0 255.255.255.0 192.168.3.2 25 tag 10

The above two commands configure two different static routes to the same network, the first command does not configure administrative distance value, so default value 1 is applied; the second command configures the administrative distance value to be 25. The administrative distance value of the first route is smaller than that of the second one, so only the information of the first route is available in the routing table, that is to say, the router reaches the destination network 192.168.6.0/24 via next-hop 192.168.4.2. The second route will be available in the routing table only when the first route becomes invalid and disappears from the routing table.

Summarizing Static Routes Summary static route is a special static route, which can summarize expressions of two or multiple specific routing tables into one, to reduce entries of routing table on the basis of remaining all old connections.

F I G U R E 43 S T AT I C R O U T E S S U M M AR I Z AT I O N

R1 R2 R3

192.168.3.1/24

192.168.4.1/24

192.168.4.2/24

192.168.5.1/24

192.168.5.2/24

10.2.0.0/16

10.1.0.0/1610.1.0.1/16

10.2.0.1/16

As shown in Figure 43, R3 has two networks including 10.1.0.0/16 and 10.2.0.0/16. Usually, the following two static routes should be configured in R1 to reach these networks.



The IP connection can be implemented via the above configuration assuming R3 is properly configured. But we can use summary static route to optimize R1 routing table; the following command can substitute two above commands.


This command indicates that all messages with the destination of network 10.0.0.0/8 pass 192.168.4.2, that is to say, all messages of subnets (here refer to subnet 10.1.0.0/16 and 10.2.0.0/16) with the destination of 10.0.0.0/8 transmits to 192.168.4.2. We summarize all subnets of main network 10.0.0.0/8 by this means.

Default Route Configuration Default route is a type of special static route. Default route will be applied when all other routes in the routing table failed, which provides a last destination for the routing table, thus relieve the processing load of the router.



If a router cannot route for a message, the message has to be discarded to an “unknown” destination, which is beyond our expectation. To make the router fully connected, one router must be connected to a network. The default route can be applied when the router wants to be fully connected and requires no record of individual route. We can specify an individual route to represent all other routes via default route.

The function and usage of static route are illustrated in the following instance:

F I G U R E 44 C O N F I G U R E D E F AU L T R O U T E

R1 R2 R3

192.168.3.1/24

192.168.4.1/24

192.168.4.2/24

211.211.211.1/24

211.211.211.2/24 Internet

As shown in Figure 44, R2 and router R3 in the Internet network are connected. R2 did not record all network addresses in the Internet, it uses default route to directly transmit unknown messages to R3. The configuration of default route in R2 is as follows:


The configuration procedure of default route is identical with that of static route, which is a little bit different is that both the network part and subnet mask part are 0.0.0.0. We can view routing table of R2:

ZXR10_R2#show ip route

IPv4 Routing Table:

Dest Mask Gw Net Owner

211.211.211.0 255.255.255.0 direct

192.168.4.0 255.255.255.0 direct

0.0.0.0 0.0.0.0 211.211.211.2 static

ZXR10_R2#

We can see from the routing table that, the default route with next-hop of 211.211.211.2 is added to the routing table as the last route.

When using default route in routing protocol configuration, it differs when routing protocol varies.

If default route is configured in a router running RIP protocol, RIP will notify the default route 0.0.0.0/0 to its neighbor, even needn’t reallocating routes in the RIP domain.

For OSPF protocol, the router running OSPF will not notify default route automatically to its neighbor. Command default-information originate must be used to enable OSPF to transmit default route to OSPF domain. If reallocating default routes in the OSPF domain, this kind of notification is usually implemented via ASBR (autonomous system border router).

Chapter 13 Static Route Configuration


Maintenance and Diagnosis of Static Route Use the following command to display global routing table of router and to view whether static route is configured in routing table.



show ip route [<ip-address> [<net-mask>]|<protocol>] All modes Display global routing table

This command is frequently applied in routing protocol diagnosis.





C h a p t e r 14

RIP Configuration

The Routing Information Protocol (RIP) is a vector distance routing protocol with the latest version of RIPv2, which is usually applied in small-sized network. In this chapter, you will learn about:

Overview of RIP

Configuring RIP

Instances of configuring RIP

RIP maintenance and diagnosis

Overview of RIP RIP Fundamentals Routing Information Protocol (RIP) is the first routing protocol identifying the best path dynamically, which is implemented based on vector distance algorithm of local network. RIPv1 is defined in RFC1058 and RIPv2 is defined in RFC1723. ZXR10 T160G/T64G supports both RIPv1 and RIPv2, RIPv2 is applied by default. RIPv2 has the following advantages compared to RIPv1:

Subnet mask is available in route refresh

Authentication of route refresh

Multicasting route refresh

In the following instruction, RIP refers to RIPv2 if not specially designated.

Metric and Administrative Distance RIP uses UDP packet (Port number 520) to exchange RIP routing information. The routing information in RIP message includes the number of routes passed, i.e. hop count, according to which, the router determines the route to the destination network. RFC stipulates that the maximum hop count should be less than 16, so RIP is only applicable to small-sized network. Hop count 16 indicates infinite distance, representing unreachable route, which is one way for RIP to identify and prevent the routing loop.



Only hop count is taken as the metric for RIP routing; bandwidth, delay and other variable factors are not considered. The RIP always takes paths with the least hop count as the optimized path, which may results that the selected path is not the best one.

The default administrative distance value of RIP is 120. As far as AD is concerned, the lower is the value; the higher is the routing source reliability. The RIP is not quite reliable, compared to other routing protocol.

Timer Router running RIP transmits update message of routing information at a certain interval (30s by default), which reflects all the routing information of the router. This process is called routing information notification. If a router failed to receive update information from another router in a certain time period (180s by default), it will mark the routes provided by the router to be “unavailable” and if it is not updated in the succeeding period of time (240s by default), the router will clear the route completely from the routing table.

The RIP provides the following four types of timers:

Update timer

Invalid timer

Hold-down timer

Flush Timer

Route Update The RIP protocol employs trigger update to speed up the spread of routing changes in the RIP routing domain. When a RIP router detects that an interface is working or has stopped working, an adjacent node is down or a new subnet or neighbor node joining in, it will transmit a trigger update. The trigger update message only contains changed route.

The RIP protocol uses poison reverse to speed up protocol convergence. The poison reverse sets the metrics of the infinite network prefix to be 16 (meaning infinite), after receiving routing update of the metric, the router will discard the route instead of waiting for the aging time.

The RIP uses split horizon to prevent routing loop and reduce the size of routing update. Split horizon means that in the interface that receives a routing update, these update information will not be transmitted repeatedly.

Configuring RIP The RIP configuration covers: basic configuration, enhanced configuration and version configuration.

Chapter 14 RIP Configuration


Basic Configuration 1. Start RIP


Command function

router rip Global Start RIP routing process

2. Define interface


Command function

network <ip-address> <net-mask> Route RIP Select route and specify network table for RIP

Enhanced Configuration 1. Adjust the timer


Command function

timers basic <update> <invalid> <holddown> <flush> Route RIP Adjust RIP network timer

Many RIP characteristics can be self-defined to adapt to any network environment. Although in most cases, it is not necessary to modify the default value of the timer, sometimes, adjusting timer can improve the protocol performance.

2. Change inter-message-group delay transmitted by RIP update


Command function

output-delay <packets> <delay> Route RIP Change inter-message-group delay transmitted by RIP update

3. Define the adjacent router exchanging routing information with this router


Command function

neighbor <ip-address> Route RIPDefine the adjacent router exchanging routing information with this router

4. Configure authentication

In order to strengthen the security of routing process, configure RIP authentication in the router. Set interface password; the network neighborhood must use the same password in the network. RIPv1does not support authentication.


Command function

ip rip authentication key <key> VLAN interface

Specify the password value for interface simple text authentication



ip rip authentication mode {text|md5}

VLAN interface

Specify the authentication type for RIP message packet

5. Enable split horizon mechanism


Command function

ip split-horizon VLAN interface

Make split-horizon mechanism valid

6. Enable poison reverse mechanism


Command function

ip poison-reverse VLAN interface

Make poison reverse mechanism valid

7. Redistribute route from a route domain to RIP route domain


Command function

redistribute <protocol> [metric <metric-value>] [route-map <map-tag>]

Route RIP Redistribute route from a route domain to RIP route domain

8. Set the default metric, which is adopted when redistributing routes generated by other protocols to be RIP routes


Command function

default-metric <metric-value> Route RIP

Set the default metric, which is adopted when redistributing routes generated by other protocols to be RIP routes

Version: ZXR10 T160G/T64G supports both RIPv1 and RIPv2; RIPv2 is applied by default. The following commands can be applied to designate RIP versions received or transmitted by router.


Command function

version {1|2} Route RIP Specify RIP version for router global use

ip rip receive version {1|2} [1|2] VLAN interface

Specify the RIP version received in the interface

ip rip send version {1|2 {broadcast|multicast}}

VLAN interface

Specify the RIP version transmitted in the interface

Instances of configuring RIP As shown in Figure 45, run RIP in R1 and R2.

Chapter 14 RIP Configuration


F I G U R E 45 B AS I C R IP C O N F I G U R AT I O N

R1 R2192.168.1.1/24

192.168.1.2/2410.1.0.1/16

10.2.0.1/16

R1 configuration:

ZXR10_R1(config)#router rip

ZXR10_R1(config-router)#network 10.1.0.0 0.0.255.255


R2 configuration:

ZXR10_R2(config)#router rip



RIP Maintenance and Diagnosis ZXR10 T160G/T64G provides show command to implement maintenance and diagnosis. The frequently used commands in RIP maintenance and diagnosis are presented as follows:

1. Show protocol information


Command function

show ip rip [vrf <vrf-name>] All modes Show basic information of running RIP

2. Examine RIP interface


Command function

show ip rip interface [vrf <vrf-name>]<interface-name> All modes Show current configuration and

status of RIP interface

3. Show RIP neighbor


Command function

show ip rip neighbors All modes Show information of all configured neighbors

4. Show routing entry database


Command function

show ip rip database[vrf <vrf-name>] [network <ip-address>

All modes Show routing entries generated by RIP protocol



[mask <net-mask>]]

5. Show all RIP interface information configured by user command


Command function

show ip rip networks[vrf <vrf-name>] All modes

Show all RIP interface information configured by user command

ZXR10 T160G/T64G also provides debug command to debug RIP protocol, tracing related information. For example:


Command function

debug ip rip Privileged Trace RIP basic process of transmitting and receiving packet

debug ip rip database Privileged Trace the change process of RIP routing table

The debugging output example of debug ip rip command

ZXR10#debug ip rip

RIP protocol debugging is on

ZXR10#

11:01:28: RIP: building update entries

130.1.0.0/16 via 0.0.0.0, metric 1, tag 0

130.1.1.0/24 via 0.0.0.0, metric 1, tag 0

177.0.0.0/9 via 0.0.0.0, metric 1, tag 0

193.1.168.0/24 via 0.0.0.0, metric 1, tag 0

197.1.0.0/16 via 0.0.0.0, metric 1, tag 0

199.2.0.0/16 via 0.0.0.0, metric 1, tag 0

202.119.8.0/24 via 0.0.0.0, metric 1, tag 0

11:01:28: RIP: sending v2 periodic update to 224.0.0.9 via vlan10 (193.1.1.111)

130.1.0.0/16 via 0.0.0.0, metric 1, tag 0

130.1.1.0/24 via 0.0.0.0, metric 1, tag 0

177.0.0.0/9 via 0.0.0.0, metric 1, tag 0

193.1.1.0/24 via 0.0.0.0, metric 1, tag 0






C h a p t e r 15

OSPF Configuration

OSPF is the abbreviation of Open Shortest Path First. OSPF protocol is a link status routing protocol, which satisfies the demands of large-scaled and extensible network that cannot be solved by distance vector routing protocol like RIP. In this chapter, you will learn about:

OSPF overview

Configuring OSPF

Instances of configuring OSPF

OSPF Maintenance and Diagnosis

OSPF overview OSPF Fundamental OSPF (Open Shortest Path First) is one of the most popular and widely-used protocols presently. OSPF is a link-state protocol, which overcomes the disadvantages of RIP and other distance-vector protocols. OSPF is an open standard, which makes devices of different vendors interconnect with each other via protocol.

OSPF version 1 is defined in RFC1131. Currently used OSPF version 2 , is defined in RFC2328. ZXR10 T160G/T64G completely supports OSPF version 2.

OSPF has the following characteristics:

Fast convergence, ensure database synchronization via fast diffusing link state update, and calculates routing table synchronously.

Loop-free, ensure that no loop generated via SPF algorithm.

Aggregation, reduce size of routing table.

Totally classless, supports Variable Length Subnet Mask (VLSM) and Classless Inter-Domain Routing (CIDR)



Reduce the required network bandwidth; for trigger update mechanism is adopted, only when the network changes, the update information will be transmitted.

Supports interface packet authentication, ensuring security of routing calculation

Transmit update via multicast mode, which reduces interference against irrelated network devices while broadcasting.

OSPF Algorithm OSPF is a link-state protocol, so OSPF router generates routing table via creating link-state database, which contains information of all networks and routers. Routers use the information to create routing table; all routers must have an identical link-state database to ensure reliability. Link-state database is built according to link state advertisement (LSA), and LSA is generated by each router and spreads in the whole OSPF network. LSA has a lot of categories; integrated LSA aggregation will present the precise distribution diagram of the whole network for routers

OSPF uses cost as its metric. The cost is distributed to each interface of the router; by default, the cost of an interface is calculated automatically with the reference of 100M. The path cost to a specific destination is the sum of all link costs from the router to destination.

In order to generate routing table from LSA database, the router runs Dijkstra SPF algorithm to construct a cost routing tree, the router itself serves as the root of the routing tree. Dijkstra algorithm makes the router calculate the lowest-cost-path to each node in the network, and the router saves the routes of these paths to routing table.

Unlike RIP, OSPF doesn’t simply broadcast all routing information periodically. OSPF router uses calling message to let neighbors know that it is alive. If a router doesn’t receive hello packets from neighbors in a specific period, it indicates that the neighbor may not be functional. OSPF routing-update is increasing; usually the router sends update information only when the topology is changing. When the age of LSA reaches 1800 seconds, retransmit a new version of the LSA.

OSPF Network Types The type of the network connected to an interface is for judging the OSPF default activities in the interface. The network type will affect the formation of adjacency and the method that the router distributes timer to the interface.

The following five network types are available in OSPF:

Broadcast

Non-broadcast Multi-access, NBMA

Point-to-Point

Point-to-Multipoint

Chapter 15 OSPF Configuration


Virtual Links

Hello Packet and Timer OSPF router exchanges Hello packet at a certain interval, whose function is to keep alive among neighbors. Hello packet can detect OSPF neighbor, create association and adjacency among neighbors, and select designated router. In broadcast, point-to-point, point-to-multipoint network types, Hello packets are multicast packets; in NBMA network and virtual links, Hello packets unicast to neighbor router.

OSPF uses three kinds of hello-packet-related timers:

Calling Interval

Calling interval is a property of interface, which defines the interval of sending hello packets by the router from each interface. The default calling interval is determined by the network type. In the broadcast and point-to-point network, the default calling interval is 10 seconds; while in NBMA and point-to-multipoint network, the default calling interval is 30 seconds. The adjacent routers must accept the length of calling interval so as to become neighbors.

Router dead-interval

The router dead-interval refers to the waiting time from the router receiving the last hello packet from neighbor to the router detecting that the neighbor is offline. The default router dead-interval is four times of calling interval, which is applicable to all network types.

Poll Interval

Poll interval is only applied in NBMA network.

OSPF Neighbor OSPF neighbor is a group of routers in the same network; these routers stipulated some configuration parameters. The routers must be neighbors then they can become adjacent with neighbor.

Analyze hello packets mutually when the routers form neighbor relationship, to make sure that the required parameters are stipulated. The parameters cover: Area ID, area flag, authentication information, calling interval, and router dead interval.

Adjacency and Designated Router When two routers become adjacent, they can exchange routing information. The network type connecting routers determines whether two routers become adjacent.

Point-to-point network and virtual link have only two routers, so the routers become adjacent automatically. Point-to-multipoint network can be considered to be the aggregation of point-to-point network, every pair of routers become adjacent.



In the broadcast and NBMA network, neighbors not necessarily become adjacent. If all the n routers in a network formed adjacency, every router has (n-1) adjacencies, and there will be n (n-1)/2 adjacencies in the network. In a big multi-access network, if every router has to trace so many adjacencies, the burden of the router will be quite heavy, at the same time, routing information in each pair of adjacent routers will waste plenty of network bandwidth.

Therefore, OSPF defines a designated router (DR) and a backup designated router (BDR). DR and BDR must establish adjacency with every OSPF router, and every OSPF router only forms adjacency with DR and BDR. If DR stop working, BDR will become DR.

Router Priority and DR Election Every router has a priority, which will affect the router’s capability of becoming DR or BDR in the connected network. The router priority is indicated by octet unsigned integer, with the range of 0~255, defaults to 1.

In DR election, the router with the highest priority will become the DR. When the priorities are the same, the router with the highest election IP address is the DR. The router with the priority of 0 cannot become DR or BDR.

OSPF Area OSPF divides the network into several minor parts to reduce the information size each router saved and maintained. Every router must have the integrated information of the area it resides in. Each area shares information; routing information can be filtrated, which can reduce the size of routing information saved in the router.

One area is identified with 32-bit unsigned number. Area 0 is reserved to identify backbone network, all other areas must be connected with area 0. An OSPF network must have a backbone area. Routers can be one or multiple of the following types according to its tasks in the area, as shown in Figure 46.

F I G U R E 46 OSPF R O U T E R TY P E S

Area1

Area 0

Area2Internal Router

Backbone Router

Backbone Router

Backbone Router

ABR

RIP

ASBR

Internal router: A router that has all of its interfaces within the same area



Backbone router: A router that has at least one interface in area zero.

Area Border Router (ABR): A router has at least one interface in area 0 and at least one interface in other area.

Autonomous System Border Routers (ASBR): The router connects an AS running OSPF to another AS running other protocols (such as RIP or IGRP).

LSA Types and Diffusion LSA is the way of exchanging information for link state database between OSPF routers, the router uses LSA to construct a precise and complete network view, and generates routes used in the routing table. ZXR10 T160G/T64G supports 6 types of LSA. They are respectively:

Type 1: Router LSA

Type 2: Network LSA

Type 3: Network summary LSA

Type 4: ASBR summary LSA

Type 5: AS external LSA

Type 7: NSSA external LSA

The OSPF operation is determined by all the routers in an area sharing a public link state database, hence, all LSA need to be diffused via this area, at the same time, processing must be reliable. Every router receiving LSA of specific area will diffuse it to other interfaces belonging to this area. LSA has no its own message, which are contained in the Link State Update (LSU) messages, several LSA can be contained in one LSU. When the router receives a LSU, it separates the messages from LSA and input them into its own database rather than simply transmitting the message. Meanwhile, the router constructs its own LSU and transmits the updated LSU to its adjacent neighbors.

The OSPF uses Link State Acknowledgements (LSAck) to confirm that whether each LSA is received by the neighbor successfully. An LSAck has identified LSA header, which provides efficient information to identify an LSA uniquely. When a router sends an LSA to an interface, the LSA will be recorded in the retransmission queue of the interface. The router will wait for the maximum interval to receive the LSAck of the LSA. If it failed to receive LSAck in the stipulated time, the router will retransmit the LSA. The router can adopt unicast or multicast to transmit old LSU, but the retransmitted LSU is unicast.

Stub Area and Totally Stubby Area When ASBR is not available in a non-backbone, the router has only one path to AS external network, namely, via ABR. Therefore, routers in these areas will transmit the LSA which are transmitted toward AS external unknown hosts to ABR. As a result, type 5 LSA is not required to be diffused to the area, and in this area, there is no LSA of type 4. This kind of area type is called Stub Area.



In a stub area, all routers must be configured to be stub routers. Hello packet contains a “stub area ” flag bit, which must be consistent in the neighbors.

The ABR in the stub area can filter type 5 LSA to prevent them from releasing in the stub area. At the same time, ABR will generate a type 3 LSA, notifying a default route reached AS external destination address.

If the ABR also filters type 3 LSA, and notifies a default route reached area external destination address. This kind of area is called Totally Stubby Area.

Not-So-Stubby Area Routers in stub area don’t permit type 5 LSA, so ASBR is not a part of stub area. However, we may expect a stub area with ASBR, in which, the router receives AS external routes from the ASBR in this area, but external routing information from other areas will be blocked.

So, OSPF defines Not-So-Stubby Area (NSSA). In an NSSA, ASBR generates type 7 LSA instead of type 5 LSA. The ABR cannot transmit type 7 LSA to other OSPF area. On the one hand, it blocks the external routers from reaching the NSSA area, on the other hand, convert type 7 LSA into type 5 LSA.

OSPF Authentication Authentication can be applied in packet switching between two OSPF neighbors. The neighbors must agree on authentication type, which is contained in all packets.

Authentication 0 indicates no authentication, 1 indicates simple password authentication and 2 indicates MD5 password authentication.

When configuring simple password authentication, one interface allows only one password, the password of each interface can be different, but in a specific network, every interface must have identical password. Simple password is transmitted by OSPF packets via clear text.

Configuring OSPF The OSPF configuration can be either simple or complicated. ZXR10 T160G/T64G supports many OSPF complicated options, to satisfy the requirements of various networks.

Basic Configuration Enable OSPF


Command function



router ospf <process-id> Global Enable OSPF routing process

Define interface


Command function

network <ip-address> <wildcard-mask> area <area-id>

Router OSPF

Define the interface running OSPF protocol and the area ID of the interface, if the area does not exit, it will be created automatically

The network command will traverse all interfaces, if the interface belongs to the specified range of <address> and <wildcard-mask>, add it to the specified OSPF area in the command.

Configure Basic Attributes of Interface 1. Configure interface timer


Command function

ip ospf hello-interval <seconds> VLAN interface

Specify the interval of interface’s transmitting Hello message

ip ospf retransmit-interval <seconds>

VLAN interface

Specify the interval of interface’s retransmitting LSA

ip ospf transmit-delay <seconds> VLAN interface

Specify the delay of interface’s transmitting a link state update packet

ip ospf dead-interval <seconds> VLAN interface

Specify the neighbor’s dead time in the interface

Many OSPF characteristics can be self-defined to adapt to any network environment. Although in most cases, it is not necessary to modify the default value of the timer, sometimes, adjusting timer can improve the protocol performance.

2. Configure interface cost


Command function

ip ospf cost <cost> VLAN interface Show configured interface cost

Note:

When using network devices of multiple vendors, make sure that all OSPF can work together. For example, all routers must use the same method to calculate interface cost.

3. Configure interface priority


Command function



ip ospf priority <priority> VLAN interface Configure interface priority

Configure Neighbor Router The neighbor routers in the non-broadcast network must be set manually. It is necessary to traverse all interfaces, when the neighbor IP address and interface IP address are in the same network segment, mount the neighbor to the interface.


Command function

neighbor <ip-address> [cost <cost>] [priority <priority>] [poll-interval <seconds>]

Route OSPF

Configure neighbor router in the non-broadcast network

Set OSPF Area OSPF uses area to implement hierarchical router. OSPF area covers stub area, totally stubby area, and not-so-stubby area. The backbone area belongs to conversion area.


area <area-id> stub [default-cost <cost>]

Route OSPF Define an area to be stub area

area <area-id> stub no-summary [default-cost <cost>]

Route OSPF

Define an area to be totally stubby area

area <area-id> nssa [no-redistribution] [default-information-originate [metric <metric-value>] [metric-type <type>]] [no-summary]

Route OSPF

Define an area to not-so-stubby area

Configure Inter-area Route Convergence One of the reasons of OSPF’s prevalence is route convergence. The router convergence can occur between areas or between autonomous systems. The inter-area route convergence occurs in ABR, while inter-autonomous-systems route convergence occurs in ASBR.

Configuring stub area can save route resources in the stub area, but for backbone network, it is helpless. When network address distribution in an area is consecutive, configure ABR to advertise a converged route to replace these consecutive single routes. The route convergence can save backbone resources, which can be implemented via advertising a group of network addresses to be a convergence address.


Command function

area <area-id> range <ip-address> <net-mask> [advertise|not-advertise]

Route OSPF

Configure the summary address range in the area



Generate Default Route Configure an ASBR to advertise a default route to the entire OSPF area. A router becomes an ASBR after using redistribution route. By default, the ASBR does not advertise default route to the entire OSPF area automatically. Configure router to notify default route via command, then the router will become ASBR automatically.


Command function

notify default route [always] [metric <metric-value>] [metric-type <type>] [route-map <map-tag>]

Route OSPF

Configure ASBR to notify default route to OSPF area

Configure Virtual Link All areas in the OSPF network must be connected to backbone area directly. It will restrict the area layout, especially when the network is vast. To solve this problem, connect a remote area via other area to backbone area by the means of virtual link. The area that the virtual link crossed must have complete routing information; hence, the area cannot be a stub area.



area <area-id> virtual-link <router-id> [hello-interval <seconds>] [retransmit-interval <seconds>] [transmit-delay <seconds>] [dead-interval <seconds>] [authentication-key <key>] [message-digest-key <keyid> md5 <cryptkey> [delay <time>]] [authentication [null|message-digest]]

Route OSPF

Define OSPF virtual link, if the specified area does not exist, it will be created automatically

Redistribute Other Routing Protocols Different dynamic routing protocols can share routing information via route redistribution. In the OSPF, the routing information of other routing protocol is external routing information of autonomous system. The external routing information of autonomous system can be diffused to the entire OSPF network via OSPF LSA only when it is redistributed to OSPF protocol.

Use redistribute command to control that route of other routing protocols redistributes into OSPF autonomous system; the router becomes an ASBR after using the command.


Command function

redistribute <protocol> [as <as-number>] [peer <peer-address>] [tag <tag-value>]

Route OSPF

Control importing matched routes of other protocols into OSPF autonomous system; the



[metric <metric-value>] [metric-type <type>] [route-map <map-tag>]

router becomes an ASBR after using the command

Configure Route Convergence of Route Redistribution Every individual route is advertised as an external LSA when routes of other protocols are redistributed to OSPF. Take the external routes as a single route to advertise via convergence, which will significantly reduce the size of OSPF link state database.


Command function

summary-address <ip-address> <net-mask>

Route OSPF

Construct convergence address for OSPF; Summarize other routing protocol paths that are being redistributed to OSPF.

Configure OSPF Authentication In order to enhance the security of routing process in the network, configure OSPF authentication in the router. Set interface password; the network neighborhood must use the same password in the network.


Command function

area <area-id> authentication [message-digest]

Route OSPF

Enable authentication in the OSPF area

ip ospf authentication [null|message-digest]

VLAN interface

Set the type of authentication for the interface

ip ospf authentication-key <password>

VLAN interface

Set password for the interface with the type of simple password authentication

Configure Routes Supporting Opaque LSA In the process of link state database switching, the opaque LSA is contained in database abstract list and transmitted to the adjacent routers that do not support opaque LSA either.

When a router floods opaque LSA to adjacent router, it first checks whether the adjacent router supports opaque LSA. The opaque LSA is transmitted to the adjacent routers that support this function; they are added to the link state retransmission list of the adjacent router. When the link state update report is multicast, the adjacent routers that do not support this function will receive this advertisement passively and then simply discard.



capability opaque Route Make the route support opaque



OSPF LSA

Modify OSPF Administrative Distance The administrative distance represents the reliability of information source. Usually the administrative distance is an integer in the range of 0~255, the higher is the value, the lower the reliability is. If the administrative distance is 255, it means that the routing information source is unreliable.

ZXR10 T160G/T64G can define the administrative distance of three types of OSPF routes: Internal route, type 1 external route and type 2 external route. By default, the administrative distances of the three types of routes are 110.


Command function

distance ospf {[internal <distance>] [ext1 <distance>] [ext2 <distance>]}

Route OSPF

Define route-type-based OSPF route administrative distance

Instances of Configuring OSPF Basic OSPF Configuration As shown in Figure 47, run OSPF in routers R1 and R2, divide the network into three areas.

F I G U R E 47 B AS I C OSPF C O N F I G U R AT I O N

R1 R2192.168.1.1/24

192.168.1.2/24

192.168.3.1/24

192.168.2.1/24

Area 0Area 23 Area 24

R1 configuration:

ZXR10_R1(config)#router ospf 1

ZXR10_R1(config-router)#network 192.168.2.0 0.0.0.255 area 23


R2 configuration:






Configure Multiple-area OSPF When a single area network is expanded to a specific scale, design the network to be multiple OSPF areas. An instance of configuring multiple-area OSPF is shown in Figure 48.

F I G U R E 48 E X AM P L E O F M U L T I -AR E A OSPF C O N F I G U R AT I O N

R1 R2

R3

R4 R5

Area 0

Area 1 Area 2

10.0.0.1/24

10.0.0.2/24

10.0.0.3/24

10.0.1.1/30

10.0.1.2/30

10.0.2.1/30

10.0.2.2/30

192.168.1.1/24

RIP

BGP192.168.0.1/24

The following illustrates the detailed configuration of each router.

Area 1 is an NSSA area; R1 is an ABR working between NSSA area 1 and backbone area. R1 advertises a default route to this area.

R1 configuration:

ZXR10_R1(config)#interface vlan1

ZXR10_R1(config-if)#ip address 10.0.1.1 255.255.255.252

ZXR10_R1(config-if)#exit





ZXR10_R1(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0


ZXR10_R1(config-router)#area 0.0.0.1 nssa default-information-originate

Area 2 is a stub area; R2 is an ABR working between area 2 and backbone area. In the stub area, ABR will advertise a default route to stub area automatically.

R2 configuration:












ZXR10_R2(config-router)#area 0.0.0.2 stub

R3 is a router working in backbone area 0; externally it connects other autonomous system via BGP. As the exit router of the entire autonomous system, R3 advertises a default route to the entire OSPF area via manual configuration.

R3 configuration:









ZXR10_R3(config-router)#notify default route always

R4 is an ASBR in NSSA area 1; it also runs RIP protocol other than OSPF; RIP protocol can be injected into OSPF via route redistribution.

R4 configuration:









ZXR10_R4(config-router)#area 0.0.0.1 nssa

ZXR10_R4(config-router)#redistribute rip metric 10

R5 is a router working in stub area 2.

R5 configuration:








ZXR10_R5(config-router)#area 0.0.0.2 stub

Configure OSPF Virtual Link Figure 49 presents an instance of configuring OSPF virtual link.

F I G U R E 49 E X AM P L E O F OSPF V I R T U AL L I N K C O N F I G U R AT I O N

R1

R2

R3

Area 0

Area 1

Area 2

10.0.0.1/24

10.0.0.2/24

10.0.1.1/30

10.0.1.2/30

10.0.2.1/24

Virtual link

The following illustrates the detailed configuration of each router.

R1 configuration:






R2 configuration:










ZXR10_R2(config-router)#area 1 virtual-link 10.0.1.2



R3 configuration:










ZXR10_R3(config-router)#area 1 virtual-link 10.0.0.2

Configure OSPF Authentication Figure 50 presents an instance of configuring OSPF authentication. Area 0 adopts clear text authentication mode; area 1 adopts MD5 encryption authentication mode

F I G U R E 50 E X AM P L E O F OSPF AU T H E N T I C AT I O N C O N F I G U R AT I O N

R1

R2

R3

Area 0

Area 1

10.0.0.1/24

10.0.0.2/24

10.0.1.1/30

10.0.1.2/30

Clear TextAuthentication

MD5 Authentication

The following illustrates the static configuration of each router.

R1 configuration:



ZXR10_R1(config-if)#ip ospf authentication-key ZXR10




ZXR10_R1(config-router)#area 0 authentication

R2 configuration:





ZXR10_R2(config-if)#ip ospf authentication-key ZXR10




ZXR10_R2(config-if)#ip ospf message-digest-key 1 md5 ZXR10





ZXR10_R2(config-router)#area 0 authentication

ZXR10_R2(config-router)#area 1 authentication message-digest

R3 configuration:



ZXR10_R3(config-if)#ip ospf message-digest-key 1 md5 ZXR10








ZXR10_R3(config-router)#area 1 authentication message-digest

OSPF Maintenance and Diagnosis Compared to RIP, OSPF is much more complicated, the troubleshooting of OSPF protocol will be rather difficult, for the same symptom may be caused by various reasons. The frequently used commands in OSPF maintenance and diagnosis are presented as follows:

1. Show protocol information


Command function

show ip ospf All modes Show the detailed information of OSPF process

2. Examine OSPF interface


Command function



show ip ospf interface [<interface-name>] [process <process-id>]

All modes Show current configuration and status of OSPF interface

3. Show OSPF neighbor


Command function

show ip ospf neighbor [interface <interface-name>] [neighbor-id <neighbor>] [process <process-id>]

All modes Show information of OSPF neighbor

The routing information between two routers cannot communicate because the adjacency is not formed. Check whether the neighbor relationship state between two OSPF routers is Full, which is the flag of normal running OSPF protocol.

4. Show link state database


Command function

show ip ospf database All modes Show all or part information of a link state database

Link state database is the source of all OSPF routes in the IP routing table. Many route problems may be caused by the incorrect information or information losing in the link state database.

ZXR10 T160G/T64G provides debug command to debug OSPF protocol, tracing related information. For example:


Command function

debug ip ospf adj PrivilegedTurn on the switch of looping back OSPF adjacent events debugging information

debug ip ospf packet Privileged

Turn on the switch of looping back OSPF receiving and transmitting packets events debugging information, monitor receiving and transmitting all OSPF packets

debug ip ospf lsa-generation Privileged

Turn on the switch of looping back OSPF generation link state address events debugging information

debug ip ospf events PrivilegedTurn on the switch of looping back OSPF important events debugging information





C h a p t e r 16

IS-IS Configuration

IS-IS protocol is a routing protocol for connectionless network service (CLNS) developed by International Standardization Organization (ISO). It is a link-state protocol also based on Dijkstra shortest path first (SPF) algorithm. IS-IS is similar to OSPF in many aspects. In this chapter, you will learn about:

IS-IS overview

Configuring IS-IS

Instances of configuring IS-IS

IS-IS Maintenance and Diagnosis

IS-IS Overview Intermediate System-to-Intermediate System (IS-IS) is a routing protocol for Connectionless Network Service developed by ISO. IS-IS is a network layer protocol in OSI protocol. By expanding IS-IS protocol, added the supporting for IP route, formed integrated IS-IS protocol. The IS-IS protocols mentioned presently refer to integrated IS-IS protocol.

IS-IS Fundamental IS-IS protocol is widely used in network as an IGP. The working mechanism of IS-IS is similar to that of OSPF: Partition the network into areas, in which the router only manages the routing information in the area, thus save the router cost. This feature enables it to adapt to the requirements of large-scaled network.

IS-IS protocol is based on CLNS instead of IP, so when the routers are communicating, IS-IS uses Protocol Data Unit (PDU) defined by ISO. The PDU types used in IS-IS include:

Hello PDU

Link state PDU (LSP)

Sequence number PDU (SNP)



The Hello PDU is similar to Hello message in OSPF protocol, responsible for forming adjacency between routers, finding new neighbor and detecting whether any neighbor exits.

IS-IS routers exchange routing information via link state PDU, create and maintain link state database. One LSP indicates important information related to a router, including area and connected network. Meanwhile, ensure reliability transmission by using SNP. The SNP contains the summary information of every LSP in the network. When the router receives an SNP, it will compare the SNP with the link state database. If the router loses an LSP existed in SNP, it will launch a multicast SNP, requesting the needed LSP to other routers in the network. The coordination of LSP and SNP enables the reliable routing interaction of IS-IS protocol in the large-scaled network.

IS-IS protocol also uses Dijkstra SPF to calculate route. The IS-IS uses SPF obtain the optimized route using SPF algorithm according to link state database, and then adds the route IP routing table.

IS-IS Area The concept of area is introduced in IS-IS for easier link state database management. The router in an area is only responsible for the maintenance of link state database in this area, as a result, the burden of the router is relieved, which is particularly important in large-scaled network.

The areas in the IS-IS can be classified into backbone area and non-backbone area:

The router in the backbone area possesses the database information of the entire network.

The router in the non-backbone area possesses only the information of this area.

In response to the area partition, IS-IS defines three types of routers:

L1 router: Exists in non-backbone area, interacts routing information with L1 router and L1/L2 router in this area

L2 router: Exists in backbone area, interacts routing information with other L2 router and L1/L2 router.

L1/L2 router: Exists in non-backbone area, responsible for interacting routing information between this area and backbone area.

IS-IS area partition and router types are shown in Figure 51.

Chapter 16 IS-IS Configuration


F I G U R E 51 IS - IS AR E A D I AG R AM

Area10

Area20 Area30

L2

L2 L2

L1/L2

L1

L1

L1/L2

L1

L1

A

Router

B

C

D E F

G

H

IS-IS Network Types There are only two types of network types in IS-IS: Broadcast network and Point-to-point network, which makes IS-IS configuration and implementation easier.

DIS and Router Priority In the broadcast network, similar to OSPF protocol, IS-IS also uses designated router (DIS). The DIS is responsible for advertising network information to all routers in the broadcast network, meanwhile, only one of other routers will be advertised to DIS adjacency.

Configure router priority parameter for DIS election, or configure different priorities for L1 and L2. When performing DIS election, the router with high priority will be selected as DIS; when the priorities are the same, for frame relay interface, the router with higher system ID value will be selected as DIS; for Ethernet interface, the router with higher interface MAC value will be selected as DIS.

Configuring IS-IS IS-IS configuration mentioned here refers to the configuration based on IP route.

Configuring Basic IS-IS 1. Enable IS-IS


Command function

router isis Global Enable IS-IS routing process



2. Specify the IS-IS area and system IS

In the IS-IS routing configuration mode, it is required to define an area, specify the router to belong to the area. At the same time, it is required to define a system ID to identify the router in the area, usually, which are indicated with the interface MAC address of the router. By default, the router running IS-IS protocol is identified as LEVEL-1-2, in order to optimize network, it can be modified via command.


Command function

area <area-address> Route IS-IS Set IS-IS area address

system-id <system-id> [range <range-number>]

Route IS-IS Set IS-IS system-id

3. Specify the interface to run IS-IS

When configuring IS-IS, specify the interface to run IS-IS protocol in the router. After accessing interface mode, specify the interface to run IS-IS.


Command function

ip router isis VLAN interface

Configure IS-IS protocol to run in the interface

Set IS-IS Global Parameters If what are running in the network are all ZXR10 series switches or routers, when configuring IS-IS, using default parameters will be ok. But when connecting with equipment of other vendors, the related interface parameters and timer may have to be adjusted to make IS-IS protocol run more efficiently in the network.

The parameter configuration in IS-IS involves global parameter setup and interface parameter setup. The IS-IS global parameter must be configured in IS-IS route mode, the following describes a few common used global parameter setups.

1. Set IS-IS operation types

It is a basic parameter setup in the IS-IS configuration. The purpose is to define the operation type of the router according to actual networking conditions.


Command function

is-type {level-1|level-1-2|level-2-only}

Route IS-IS Set the IS-IS-permitted level

2. Set the PSNP interval

The PSNP is usually applied in point-to-point network. The parameter is used to set the transmission interval between two PSNPs, with the default value of 3.




Command function

isis psnp-interval <interval> [level-1|level-2]

VLAN interface

Set the transmission interval of PSNP packet

3. Advertise resources insufficient

Set the OL flag bit of IS-IS, which is used to advertise other routers running IS-IS when the processing capability of the router is insufficient.


Command function

set-overload-bit Route IS-IS Set the OL flag bit of IS-IS

4. Generate a Default Route

When configuring redistribution of routes, the router needs the following commands to redistribute the default route in the routing entries to IS-IS domain.


Command function

default-information originate [always] [metric <metric-value>] [metric-type <type>] [level-1|level-1-2|level-2]

Route IS-IS

Configure the advertisement policy of default routes

5. Route convergence

The IS-IS can generate a convergent route to advertise outward after converging part entries of the routing table, rather than advertise detailed route entries. The minimum metric in the converged route entries will be selected as the metric of convergent route


Command function

summary-address <ip-address> <net-mask> <metric-value> [level-1|level-1-2|level-2]

Route IS-IS Set IS-IS summary address

Set IS-IS Interface Parameters The IS-IS parameter setup in the interface must be performed in the interface mode running IS-IS protocol. The follows describe a few kinds of typical interface parameter setups.

1. Set interface operation types

It is a basic parameter setup in the IS-IS configuration, which is used for specifying interface operation type. The value should match the IS-IS global operation type.


Command function

isis circuit-type {level-1|level-1-2|level-2-only}

VLAN interface

Configure the types of adjacency that the port can construct



2. Set Hello interval


Command function

isis hello-interval <interval> [level-1|level-2]

VLAN interface

Configure the interval of the port’s transmitting Hello

3. Set Hello Multiplier


Command function

isis hello-multiplier <multiplier> [level-1|level-2]

VLAN interface

Configure the multiple of interface keeping time and hello interval

4. Set the LSP interval


Command function

isis lsp-interval <interval> [level-1|level-2]

VLAN interface

Set the transmission interval of LSP packet

5. Set the Retransmit interval


Command function

isis retrasmit-interval <interval> [level-1|level-2]

VLAN interface

Set the retransmission interval of LSP packet

6. Set the priority


Command function

isis priority <priority> [level-1|level-2]

VLAN interface

Configure the DIS election priority of the interface

7. Set IS-IS Interface metrics

It is applied to set the metric when the interface participates IS-IS SPF calculation, different metrics can be set for L1 and L2 in the same interface. The default value is 10.


Command function

isis metric <metric-value> [level-1|level-2]

VLAN interface Configure the interface metric

8. Set the CSNP interval

It is applied to set CSNP packet interval. In the broadcast network, the default value is 10; in the point-to-point network, the default value is 3600.


Command function

isis csnp-interval <interval> [level-1|level-2]

VLAN interface

Set the transmission interval of CSNP packet



Configuring IS-IS Authentication ZXR10 T160G/T64G supports clear text authentication and MD5 encryption authentication. Use the following commands to select authentication mode.


Command function

isis authentication-type {text|md5} [level-1|level-2]

VLAN interface

Set the interface authentication mode

authentication-type {text|md5} [level-1|level-2] Route IS-IS Set the LSP message

authentication mode

For each authentication mode, ZXR10 T160G/T64G supports the following three types of IS-IS authentication:

Interface authentication

LSP authentication

SNP authentication

1. Interface authentication


Command function

isis authentication <key> [level-1|level-2]

VLAN interface Set ADJ authentication

2. LSP authentication


Command function

authentication <key> [level-1|level-2]

Route IS-IS Set LSP authentication of IS-IS

3. SNP authentication


Command function

set-snp-authentication Route IS-IS Set SNP PDU authentication

Example: Configure SNP authentication, whose authentication string is welcome

ZXR10(config)#router isis

ZXR10(config-router)#authentication welcome

ZXR10(config-router)#set-snp-authentication



Instances of Configuring IS-IS Single-Area IS-IS Configuration Analyze the entire network before configuring IS-IS, and then determine the network topology according to the network size, whether dividing multiple areas is needed, whether multiple routing protocols are running in the network. The following illustrates the basic configuration of IS-IS protocol taking sing-area network as an example, as shown in Figure 52.

F I G U R E 52 IS - IS C O N F I G U R AT I O N I N S I N G L E AR E A

192.168.1.1/24 192.168.6.1/24

192.168.2.2/24192.168.2.1/24

Area 1R1 R2

In the above figure, R1 and R2 comprise area 1, running IS-IS protocol. The detailed configuration is as follows:

R1 configuration:

ZXR10_R1(config)#router isis

ZXR10_R1(config-router)#area 01

ZXR10_R1(config-router)#system-id 00D0.D0C7.53E0

ZXR10_R1(config-router)#exit



ZXR10_R1(config-if)#ip router isis




R2 configuration:



ZXR10_R2(config-router)#system-id 00D0.D0C7.5460










Multiple-Area IS-IS Configuration When the network is vast, we should consider using multiple areas in the IS-IS. Divide the similar routers into the same area according to the zone and functionality; the partition of area is helpful in reducing memory requirement. It makes the router in this area maintain relatively smaller link state database. Figure 53 is an instance of configuring multiple-area IS-IS.

F I G U R E 53 IS - IS C O N F I G U R AT I O N I N M U L T I AR E A

Area 1

Area 0

Area 2

192.168.100.1/24

192.168.101.1/24 192.168.102.1/24

192.168.10.0/24

192.168.14.1/24

192.168.13.0/24

R2

R3 R4

R1 R5 R6

192.168.11.0/24

192.168.15.0/24

192.168.12.0/24

192.168.16.0/24

Where, R1 belongs to area 1; R2, R3 and R4 belong to area 0; R5 and R6 belong to area 2. In R1, perform route convergence to network segment in area 1. In R6, redistribute the default route to IS-IS.

The following illustrates the detailed configuration of each router in the figure.

R1 configuration:



ZXR10_R1(config-router)#system-id 00D0.D0C7.53E0

ZXR10_R1(config-router)#is-type LEVEL-1-2





ZXR10_R1(config-if)#isis circuit-type LEVEL-2




















ZXR10_R1(config-router)#summary-address 192.168.100.0 255.255.252.0 10

R2 configuration:



ZXR10_R2(config-router)#system-id 00D0.E0D7.53E0

ZXR10_R2(config-router)#is-type LEVEL-2












R3 configuration:



ZXR10_R3(config-router)#system-id 00D0.E0C7.53E0




















R4 configuration:



ZXR10_R4(config-router)#system-id 00D0.E0E7.53E0


















R5 configuration:



ZXR10_R5(config-router)#system-id 00D0.D0CF.53E0

ZXR10_R5(config-router)#is-type LEVEL-1-2














R6 configuration:



ZXR10_R6(config-router)#system-id 00D0.0ECD.53E0













ZXR10_R6(config-router)#default-information originate

ZXR10_R6(config-router)#redistribute protocol static metric 10

ZXR10_R6(config-router)#end

ZXR10_R6#

IS-IS Maintenance and Diagnosis ZXR10 T160G/T64G provides show command to help diagnose IS-IS fault. The frequently used commands in IS-IS maintenance and diagnosis are presented as follows:

1. Show adjacency, display current neighbor state


Command function

show isis adjacency [level-1|level-2] All modes Show the current neighbors

2. Show the current IS-IS interface information




Command function

show isis circuits [detail] All modes Show the current IS-IS interface

3. Show the current IS-IS database information


Command function

show isis database [level-1|level-2] [detail] All modes Show the current IS-IS database

4. Show the current IS-IS topology


Command function

show isis topology [level-1|level-2] All modes Show the current IS-IS topology

ZXR10 T160G/T64G provides some debug commands other than show commands mentioned above, for practical application. For example:


Command function

debug isis adj-packets PrivilegedTrace and show the hello message IS-IS received and transmitted

debug isis snp-packets Privileged

Trace and show SNP message that IS-IS received and transmitted and related processing events

debug isis spf-events PrivilegedTrace and show IS-IS routing calculation event debugging information

debug isis update-packets PrivilegedTrace and show IS-IS LSP packet processing event debugging information





C h a p t e r 17

BGP Configuration

Border Gateway Protocol (BGP) is an inter-domain routing protocol. BGP-4 is widely used on the Internet to communicate network information about available paths and networks.

In this chapter, you will learn about:

BGP Overview

Configuring BGP

Example of Configuring BGP

BGP Maintenance and Diagnosis

BGP Overview BGP is an inter-domain routing protocol between AS. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (AS) that reachability information traverses. This information is sufficient to construct a graph of AS connectivity from which routing loops may be pruned and some policy decisions at the AS level may be enforced.

BGP-4 is defined in RFC1771. It supports the implementation of CIDR, supernet and subnet and the route aggregation and filtering. BGP-4 is widely used on the Internet.

Sessions established by BGP routers in different ASs are called EBGP sessions. Sessions established by the internal BGP routers in the same AS are called IBGP sessions. The administration area that allows independent routing policies is called Autonomous System (AS). A primary feature of AS is that an AS has a unified internal route differing from other ASs, and presents the same topology to the reachable destinations through which it passes. The indicator of an AS is a 16-bit value ranging from 1~65535, in which 1~32767 are allocatable, 32768~64511 are reserved temporarily, and 64512~65534 are used for private ASs (similar to the private IP addresses).



BGP runs over reliable transmission protocols with TCP as its lower layer protocol on port 179. A TCP connection should be established first between the routers running BGP. All the routing table information is exchanged via message authentication. When the routing table is changed later, route update information will be sent to all the BGP neighbors, by which the routing information will be extended until the routing information is available in the entire network.

The destination network related BGP update information sent by the router to its peers include the BGP metric related information, which is called path attribute. Path attribute is classified into four categories:

1. Well-known mandatory: These attributes should be included in the router description.

AS-path

Next-hop

Origin

2. Well-known discretionary: These attributes are not necessary in the router description.

Local preference

Atomic aggregate

3. Optional transitive: These attributes are not required to be supported by all the BGP implementations. If supported, they will be transmitted to BGP neighbors. Those not supported by the local router should be transmitted continuously to other BGP routers.

Aggregator

Community

4. Optional non-transitive: This attribute indicates it should be deleted from the routers that do not support it.

Multi-exit-discriminator (MED)

In addition to these attributes, weight attribute (Cisco defined) is also a common attribute.

Configuring BGP Basic BGP Configuration

To enable the BGP protocol on a router, follow the three steps:

1. Enable BGP process

Command format Command mode Command function

router bgp <as-number> Global Enables BGP routing process

Chapter 17 BGP Configuration


2. Configure BGP neighbor


neighbor <ip-address> remote-as <number> Routing BGP Configures a BGP neighbor

3. Advertise a network using BGP


network <ip-address> <net-mask> Routing BGP Specifies a network table for the BGP routing process

Figure 54 shows an example of BGP configuration, where R1 resides in AS 100 and R2 resides in AS 200.

F I G U R E 54 B AS I C BGP C O N F I G U R AT I O N

AS100 AS200

10.1.1.2/30

10.1.1.1/30

182.16.0.0/16 182.17.0.0/16

R1 R2

Configuration of R1

ZXR10_R1(config)#router bgp 100

ZXR10_R1(config-router)#neighbor 10.1.1.1 remote-as 200


Configuration of R2




In the configurations above, R1 and R2 define the other party as a BGP neighbor each other. Since R1 and R2 reside in different ASs, an EBGP session will be established. R1 will advertise network 182.16.0.0/16. R2 will advertise network 182.17.0.0/16.

Advertising BGP Routes In the above description, the network command is used to advertise BGP routers. Generally, BGP routers can be advertised in three ways after a BGP neighbor is established:

1. Use the network command to advertise a router

In BGP, the network command can be used to advertise the networks known by the local router. Known networks include the networks that can



be learnt via direct connections, static routes and dynamic routes. The use of the network command in BGP is different from the use in IGP.

2. Use the redistribute command to re-distribute the routes learnt by other routing protocols to BGP.


redistribute <protocol> [metric <metric-value>] [route-map <map-tag>] Routing BGP

Re-distributes the routes obtained by other routing protocols into the BGP routing table

The redistribute command can be used to re-distribute the routes learnt by the IGP protocols (RIP, OSPF, IS-IS) into BGP. When using the redistribute command, make sure to prevent the routes learnt by IGP from BGP from being re-distributed into BGP. Use the filtering command to prevent the loop from occurring if necessary.

3. Distribute static routes into BGP

The route source of the static routes re-distributed into BGP is shown as “incomplete” in the routing table.

The following example advertises routes in BGP via route re-distribution. See Figure 55 for the network topology.

F I G U R E 55 AD V E R T I S I N G BGP R O U T E S

AS100

AS200

AS300

129.213.198.0/24 175.220.0.0/24

1.1.1.1/24

R1 R2 R3

R4

Configuration of R3





ZXR10_R3(config-router)#redistribute ospf



Advertising BGP Aggregation BGP can aggregate several pieces of learnt routing information into one piece of information and advertise it to the outside, greatly reducing the number of route entries in the routing table.

The following is an example of route aggregation. R1 and R2 advertise route 170.20.0.0/16 and 170.10.0.0/16 respectively, as shown in Figure 56. R3 aggregates the two pieces of routing information into 170.0.0.0/8 and advertises it to R4. After configuring aggregation, the R4 routing table can only learn the aggregated route 170.0.0.0/8.

F I G U R E 56 AD V E R T I S iN G BGP AG G R E G A T I O N

170.20.0.0/16 170.10.0.0/16

3.3.3.0/24

4.4.4.0/24

2.2.2.0/24

AS100 AS200AS300

AS400

R1 R2

R4

R3

Configuration of R1






Configuration of R2






Configuration of R3



aggregate-address <ip-address> <net-mask> [count <count>] [as-set] [summary-only] [strict]

Routing BGP Creates an aggregation policy in the BGP routing table












ZXR10_R3(config-router)#aggregate-address 170.0.0.0 255.0.0.0

summary-only

R3 has learnt routes 170.20.0.0 and 170.10.0.0, but it advertises aggregate route 170.0.0.0/8 only. Note the summary-only parameter in the aggregate advertisement commands. If the parameter is not included, R3 will advertise the specific routes in addition to the aggregate route.

Configuration of R4





Configuring EBGP Multihop Generally, EBGP neighbors should be established on the straight-through interfaces of two routers. To establish EBGP neighbors on the interfaces that are not directly connected, use the multihop command to configure EBGP multihop. In addition, appropriate IGP or static route configuration is required to enable the interworking of these neighbors.

Command format Command mode

Command function

neighbor <ip-address> ebgp-multihop [ttl <value>] Routing BGP Configures EBGP multihop

R1 needs to establish the neighbor relation with the interface with the IP address 180.225.11.1 on R2, to which it is not connected directly, as shown in Figure 57. To do this, use the multihop command.

F I G U R E 57 C O N F I G U R I N G BGP M U L T I H O P

AS100 AS300

129.213.1.2/24

129.213.1.3/24

180.225.11.1/24R1 R2



Configuration of R1



ZXR10_R1(config-router)#neighbor 180.225.11.1 ebgp-multihop

Configuration of R2



Filtering Routes via the Route Map Route filtering and attribute setting are the basis of BGP route selection. Input or output route attributes can be controlled as required via route filtering.

Route map is used to control routing information and re-distribute routes between route domains based on defined conditions. Route map usually determines route selections with the use of route attributes. A route map is usually used in two steps:

1. Define a route map


route-map <map-tag> [permit|deny] [<sequence-number>] Global Defines a route map

2. Configure the filtration of routes advertised by or to the neighbors


neighbor <ip-address> route-map <map-tag> {in|out} Routing BGP

Configures the filtration of routes advertised by or to the neighbors

The following example configures filtering using a route map.



ZXR10_R1(config-router)#neighbor 182.17.20.1 route-map MAP1 out

ZXR10_R1(config-router)#neighbor 182.17.20.1 send-med

ZXR10_R1(config)#route-map MAP1 permit 10

ZXR10_R1(config-route-map)#match ip address 1

ZXR10_R1(config-route-map)#set metric 5

ZXR10_R1(config)#acl basic number 1

ZXR10_R1(config-basic-acl)#rule 1 permit 172.3.0.0 0.0.255.255

The above example defines route map MAP1, which allows network 172.3.0.0 to be advertised to autonomous system 200 and sets the MED value to 5. When filtering routes using a route map, match and set commands are both usually used. The match command defines matching



criteria. The set command defines actions to be executed when the match conditions are satisfied.

Filtering Routes via NLRI To control the routing information obtained or advertised by the router, routes to or from a specific adjacent device can be filtered from updates. The filter includes an update list used to be sent to or coming from an adjacent peer.

As shown in Figure 58, R1 and R2 are IBGP peers of each other; R1 and R3 are EBGP peers of each other; and R2 and R4 are EBGP peers of each other.

F I G U R E 58 F I L T E R I N G R O U T E S V I A NLRI

AS100

AS200 AS300

182.17.20.1/30192.18.10.0/24

182.17.1.2/30

182.17.20.2/30

R3 R4

182.17.1.1/30

R1

R2

To prevent AS100 from being a transit AS, network 192.18.10.0/24 coming from AS300 is advertised to AS200. R1 is configured with the filtering function as follow:


ZXR10_R1(config-router)#no synchronization







ZXR10_R1(config-basic-acl)#rule 1 deny 192.18.10.0 0.0.0.255

ZXR10_R1(config-basic-acl)#rule 2 permit any

In this example, the route-map command and access control list (ACL) is used to prevent R1 from spreading prefix 192.18.10.0/24 to AS200.

Filtering Routes via AS_PATH If all the routes in one or more ASs should be filtered, the routes are filtered based on the AS path information usually. This prevents it from being complex due to prefix-based filtering.



An ACL can be specified for the input and output update based on the AS path attribute values.


ip as-path access-list <acl-number> {permit|deny} <as-regular-expression>

Global Defines a BGP access list

In the case as shown in Figure 58, routes can also be filtered based on AS path, which prevents R1 from advertising network 192.18.10.0/24 (coming from AS300) to AS200. Configuration







ZXR10_R1(config-route-map)#match as-path 1

ZXR10_R1(config)#ip as-path access-list 1 permit ^$

In the above configuration, the AS ACL allows R1 to advertise the networks initiated from AS100 only to AS200, thus filtering network 192.18.10.0/24.

LOCAL_PREF Attribute The local preference attribute is used to determine the route selection between IBGP peers within an AS.

When the two IBGP routers in an AS have learnt a route with the same destination from the outside, the local preference attribute will be compared. The route with the higher value is preferred. The default value of local preference is 100.


bgp default local-preference <value>

Routing BGP

Configures the local preference value of the router that BGP advertises to the outside

In the case as shown in Figure 59, R3 and R4 has learnt route 170.10.0.0 at the same time. Since the local preference value set for R4 is greater than that for R3, the R4 egress is preferred for the route to the destination within AS256.



F I G U R E 59 C O N F I G U R I N G T H E LO C AL P R E F E R E N C E AT T R I B U T E

AS100

AS256

AS300

1.1.1.2/30

3.3.3.2/30

R3 R4

1.1.1.1/30R1 R2

R5

170.10.0.0/24

128.213.11.1/30128.213.11.2/303.3.3.1/30

IBGP R6

AS34

LOC=150 LOC=200

The LOCAL_PREF attribute can be configured in two methods.

Use the bgp default local-preference command

Configuration of R3




ZXR10_R3(config-router)#bgp default local-preference 150

Configuration of R4




ZXR10_R4(config-router)#bgp default local-preference 200

Use the route-map command

Configuration of R4



ZXR10_R4(config-router)#neighbor 3.3.3.2 route-map setlocalin in


....

ZXR10_R4(config)#ip as-path access-list 7 permit ^300$

...

ZXR10_R4(config)#route-map setlocalin permit 10

ZXR10_R4(config-route-map)#match as-path 7

ZXR10_R4(config-route-map)#set local-preference 200



ZXR10_R4(config)#route-map setlocalin permit 20

ZXR10_R4(config-route-map)#set local-preference 150

MED Attribute The metric attribute is also called Multi Exit Discrimination (MED), which is used for the interaction among ASs for route selection.

By default, the router only compares the metric values of the BGP neighbors in the same AS. To compare the values of the neighbors in different ASs, use the bgp always-compare-med command for a mandatory comparison.


bgp always-compare-med Routing BGP Allows the comparison of the MEDs for paths from neighbors in different ASs

The default value of medic is 0. The path with a lower metric is preferred over a path with a higher metric. The metric value is not transferred to third-party ASs. That is, when an update with a metric value is received and it should be transmitted to a third-party AS, the default metric value will be transmitted.

R1 receives the update of 180.10.0.0 from R2, R3 and R4 at the same time, as shown in Figure 60. By default, only the metric values of neighbor R3 and R4 in the same AS are compared. The metric value of R3 is lower than that of R4, so R1 takes the update from R3.

F I G U R E 60 C O N F I G U R I N G T H E MED AT T R I B U T E

AS100

AS300

AS400

2.2.2.1/30

180.10.0.0/24

R3 R4

2.2.2.2/30

R1

R2

1.1.1.1/30 1.1.1.2/30

4.4.4.1/304.4.4.2/30

3.3.3.1/30

3.3.3.2/30

170.10.0.0/24

med 120

med 50

med 200

In the following example, the route-map command is used to set the MED value.

Configuration of R1







....

Configuration of R3



ZXR10_R3(config-router)#neighbor 2.2.2.2 route-map setmetricout out


ZXR10_R3(config)#route-map setmetricout permit 10


Configuration of R4







Configuration of R2






In the following example, the bgp always-compare-med command is used to allow a mandatory comparison of R1 metric value and R2 metric value. The metric value of R2 is lower than that of R3, so R1 will select R2 instead of R3 for the update of 180.10.0.0.

Configuration of R1





ZXR10_R1(config-router)#bgp always-compare-med



Community String Attribute Community string is an optional transit attribute ranging from 0~4,294,967,200. A selection can be made from a group of routes according to the community string attribute.

The following are the definitions of the well-known community attributes:

no-export: Do not advertise this route to an EBGP neighbor

no-advertise: Do not advertise this route to any BGP neighbor

no-export-subconfed: Do not advertise the routes with this attribute to peers outside the confederation.

The route-map command is generally used to define the community attribute. This attribute will not be sent to neighbors by default and the following command should be used also.


neighbor <ip-address> send-community Routing BGP

Sends the community attribute when advertising routes to the neighbors

In the following example, R1 notifies its neighbors that route 192.166.1.0/24 should not be advertised to other EBGP neighbors.

Configuration of R1



ZXR10_R1(config-router)#neighbor 3.3.3.3 send-community

ZXR10_R1(config-router)#neighbor 3.3.3.3 route-map setcommunity out

ZXR10_R1(config)#route-map setcommunity permit 10


ZXR10_R1(config-route-map)#set community no-export

ZXR10_R1(config)#route-map setcommunity permit 20



BGP Synchronization In AS100 as shown in Figure 61, R1 and R2 runs IBGP. R5 does not run BGP.



F I G U R E 61 C O N F I G U R I N G BGP S Y N C H R O N I Z AT I O N

AS100

AS300 AS400

2.2.2.1/30

150.10.0.0/24

2.2.2.2/30

R3 R4

3.3.3.1/30R1 R2

R5

170.10.0.0/24

170.10.0.0/24 170.10.0.0/24

1.1.1.2/30

1.1.1.1/30

R2 has learnt route 170.10.0.0 via IBGP. The next hop is 2.2.2.1. It can be known from the diagram that the next hop for R2 to reach 170.10.0.0 is R5, but R5 hasn’t got route 170.10.0.0 and will discard the packet. If R2 tells R4 that it has route 170.10.0.0, it will also be discarded in R5.

To allow the packet with the destination address 170.10.0.0 to reach R3 successfully through R5, the route to 170.10.0.0 should be available in R5. Therefore, routes should be redistributed so that R5 can learn this route via IGP. Before advertising the BGP routes to EBGP neighbors, it should be waited until R2 has learnt this route (via R5) via IGP, which is called route synchronization.


synchronization Routing BGP Enables the synchronization between BGP and IGP

The synchronization function of ZXR10 T160G/T64G is enabled by default.

To transit AS, the routes learnt from other ASs should be advertised to the third-party ASs. If non-BGP router exists in AS then Route synchronization is required. In this case, R2 uses route synchronization.

In the case that BGP routes have no need to be advertised to third-party ASs or all the routers within the AS run BGP, route synchronization is not required.

The following configuration disables route synchronization on R2.


ZXR10_R2(config-router)#network 150.10.0.0






BGP Route Reflector For the BGP routers within the same AS, the neighbor relation should be established between every two routers to enable an overall interconnection. In this way, the number of neighbors will increase at a rate of n (n-1) /2 (“n” is the number of IBGP routers) when the number of IBPGs increases. Route reflector and confederation are used to reduce the workload of maintenance and configuration.

For the IBGP speaking routers within an AS, one of them is selected to be the route reflector (RR). All the other IBGP routers act as clients and establish the neighbor relation only with the RR. All the clients reflect routes via RR, thus reducing the number of neighbors to n-1.


neighbor <ip-address> router-reflector-client Routing BGP Set a neighbor as a

route-reflector client peer

There are two route reflectors within AS100, i.e. R3 and R4, as shown in Figure 62. The clients of R4 are R5 and R6. The clients of R3 are R1 and R2.

F I G U R E 62 C O N F I G U R I N G BGP R O U T E R E F L E C T O R S

R3

R1 R2

R4

R5 R6

R7

R9

R8

AS100

AS200

AS300

Lo: 1.1.1.1 Lo: 2.2.2.2

Lo: 3.3.3.3 Lo: 4.4.4.4

Lo: 5.5.5.5 Lo: 6.6.6.6

Lo: 7.7.7.7

Lo: 8.8.8.8

Lo: 9.9.9.9

Configuration of R3





ZXR10_R3(config-router)#neighbor 2.2.2.2 route-reflector-client


ZXR10_R3(config-router)#neighbor 1.1.1.1 route-reflector-client



Configuration of R2



When a route is received by the RR, it will be reflected depending on the type of peer.

A route from a Non-Client peer will be reflected to all the Client peers

A route from a Client peer will be reflected to all the Non-Client peers and Client peers.

A route from an EBGP peer will be reflected to all the Non-Client peers and Client peers.

If there are multiple RRs within an AS, these RRs can be grouped into a cluster. An AS can include multiple clusters. A cluster includes more than one RR at least.

BGP Confederation Route confederation has the similar function as the route reflector, which is to reduce the number of IBGP neighbor connections established within an AS. Route confederation allows an AS to be divided into multiple sub-ASs. The IBGP routers within the AS belong to the sub-ASs respectively. IBGP is established within the sub-ASs. EBGP is established between the sub-ASs. The sub-AS ID is called confederation ID. The sub-ASs are invisible to the outside world of the AS.


bgp confederation identifier <value> Routing BGP Set a confederation ID

bgp confederation peers <value> […<value>] Routing BGP Sets the AS ID of a

confederation peer

The following examples illustrate the applications of route confederation.

There are 5 BGP routers in AS200, as shown in Figure 63. It is divided into two sub-ASs. One is defined as AS65010, which includes R3, R5 and R6, and the other is defined as AS65020, which includes R4 and R7.



F I G U R E 63 C O N F I G U R I N G BGP C O N F E D E R AT I O N

R3

R5 R6

R4

R7

R1 R2

AS200

Lo: 210.61.10.1 Lo: 210.61.20.1

2.2.2.1/30Lo: 210.61.30.1

Lo: 210.61.40.1

AS100 AS300

AS65010AS65020

2.2.2.2/30

210.61.19.1/30 210.61.19.2/30

Configuration of R3


ZXR10_R3(config-router)#bgp confederation identifier 200

ZXR10_R3(config-router)#bgp confederation peers 65020





Configuration of R5


ZXR10_R5(config-router)#bgp confederation identifier 200



When establishing the neighbor relation, the EBGP neighbor relation is established between R3 and the confederation peers. The IBGP neighbor relation is established with the confederation, and the EBGP neighbor relation is also established with AS100. The confederation is non-existent to AS100, so AS100 still establishes the neighbor relation with R3 as AS200.

Configuration of R1





BGP Route Dampening BGP provides a route dampening mechanism to minimize the instability due to route flapping.

A route is assigned a penalty of 1000 per flap. When the penalty reaches a suppress-limit, the router stops advertising the route. The penalty decreases geometrically after every half-life-time. As the penalty decreases and falls below the reuse limit, the route is unsuppressed.


bgp dampening [<half-life> <reuse> <suppress> <max-suppress-time>| route-map <map-tag>]

Routing BGP Enables BGP route damping or modifies various damping factors

Half-life-time: 1~45 min, 15 min by default

Reuse-value: 1~20000, 750 by default

Suppress-value: 1~20000, 2000 by default

Max-suppress-time: 1~255, 4 times of half-life-time by default

To enable dampening on the router:

ZXR10(config)#router bgp 100

ZXR10(config-router)#bgp dampening

ZXR10(config-router)#network 203.250.15.0 255.255.255.0

ZXR10(config-router)#neighbor 192.208.10.5 remote-as 300

Example of Configuring BGP The following is a comprehensive BGP example, which involves the practical applications of BGP functions including route aggregation and static route redistribution.

As shown in Figure 64, EBGP is established between R4 and R1. IBGP is established between R1 and R2. Multihop EBGP is established between R2 and R5. Suppose 4 static routes, as shown in the upper right corner of the figure, exist in R4. In the configuration of R4, only 192.16.0.0/16 is aggregated and advertised. 170.16.10.0/24 is not allowed to be advertised through BGP to the outside world via the route map. The multihop relation is established between R2 and R5 via R3. Make sure the neighbor addresses of the two routers are interconnected before configuring BGP.



F I G U R E 64 E X AM P L E O F C O N F I G U R I N G BGP

155.16.10.0/24

172.16.1.2/16

172.16.1.1/16173.16.20.2/16172.16.20.2/16

172.16.20.1/16

183.16.20.2/16 AS3AS2

AS1Static route:192.16.20.0/24192.16.21.0/24192.16.22.0/24170.16.10.0/24

R1 R2

R4 R3 R5

Configuration of R4

ZXR10_R4(config)#route bgp 2

ZXR10_R4(config-router)#redistribute static


ZXR10_R4(config-router)#aggregate-address 192.16.0.0 255.255.0.0

count 0 as-set summary-only

ZXR10_R4(config-router)#neighbor 172.16.20.2 route-map torouter1 out



ZXR10_R4(config)#route-map torouter1 deny 10


ZXR10_R4(config)#route-map torouter1 permit 20

Configuration of R1




ZXR10_R1(config-router)#neighbor 172.16.1.2 next-hop-self


Configuration of R2




ZXR10_R2(config-router)#neighbor 172.16.1.1 next-hop-self


ZXR10_R2(config-router)#neighbor 183.16.20.2 ebgp-multihop 2

ZXR10_R2(config-router)#neighbor 183.16.20.2 route-map torouter5 in





ZXR10_R2(config)#route-map torouter5 deny 10


ZXR10_R2(config)#route-map torouter5 permit 20

Configuration of R5

ZXR10_R5(config)#ip route 173.16.0.0 255.255.0.0 gei_1/1



ZXR10_R5(config-router)#neighbor 173.16.20.2 ebgp-multihop 2

BGP Maintenance and Diagnosis When encountering BGP routing problems, relevant debugging commands can be used for troubleshooting. The most commonly used command is show, which allows you to view the current statuses of BGP neighbors and the BGP routing information the router has learnt.

Show the configuration information of the BGP module


show ip bgp protocol All modes Shows the configuration information of the BGP module

View the BGP neighbor relation and show the current neighbor statuses


show ip bgp neighbor [in|out] <ip-address>

All modes Shows related information of BGP neighbors

Show the entries in the BGP routing table


show ip bgp route [network <ip-address> [mask <net-mask>]] All modes Shows the entries in the BGP

routing table

show ip bgp route detail <ip-address> <net-mask> All modes Shows the entries in the BGP

routing table

Show the statuses of all the BGP neighbor connections


show ip bgp summary All modes Shows the statuses of all the BGP neighbor connections

Besides the show command, the debug command can be used to observe the BGP neighbor relation establishment and route update process.


debug ip bgp in Privileged Tracks and shows the notification messages sent by BGP and lists error codes and sub-error codes



debug ip bgp out Privileged Tracks and shows the notification messages sent by BGP and lists error codes and sub-error codes

debug ip bgp events Privileged Tracks and shows the BGP connecting statuses and migration

Use the debug ip bgp events command to track the process of BGP status migration.

ZXR10#debug ip bgp events

BGP events debugging is on

ZXR10#

04:10:07: BGP: 192.168.1.2 reset due to Erroneous BGP Open received

04:10:07: BGP: 192.168.1.2 went from Connect to Idle

04:10:08: BGP: 192.168.1.2 went from Idle to Connect

04:10:13: BGP: 192.168.1.2 went from Connect to OpenSent

04:10:13: BGP: 192.168.1.2 went from OpenSent to OpenConfirm

04:10:13: BGP: 192.168.1.2 went from OpenConfirm to Established

ZXR10#





C h a p t e r 18

Multicasting Route Configuration

This chapter describes the basic principle and configurations of multicasting routes. This chapter includes:

Multicast Overview

Configuring Public Multicast

Configuring IGMP

Configuring PIM-SM

Configuring MSDP

Example of Configuring Multicasting

Multicasting Maintenance and Diagnosis

Multicast Overview Multicasting is a point-to-point or multipoint-to-multipoint communication, that is, multiple receivers receive the same information from one source at the same time. Applications on the basis of multicasting include videoconferencing, teleeducation and software distribution.

Multicasting protocols include Internet Group Management Protocol (IGMP) and Multicast Route Protocols (MRP). IGMP is used to manage the participation and leaving of multicast group members. MRPs are used to exchange information and establish the multicast tree among routers. MRPs include Protocol Independent Multicast Sparse Mode (PIM-SM) and Multicast Source Discovery Protocol (MSDP).

ZXR10 T160G/T64G supports the following protocols:

Internet Group Management Protocol (IGMP)

Protocol Independent Multicast Sparse Mode (PIM-SM)

Multicast Source Discovery Protocol (MSDP)



Multicast Address In a multicast network, the originator sends a packet to multiple receivers via multicasting. The originator is called multicast source. The multiple receivers of the same packet can be identified using a single ID, which is called multicast source address. In the IP address allocation scenario, addresses Class-D, i.e. 224.0.0.0~239.255.255.255, are multicast source addresses. 224.0.0.0~224.0.0.255 and 239.0.0.0~239.255.255.255 are used for research and management.

IGMP IGMP allows the multicast router to learn about the information of multicast group members and runs between host and multicast router.

A multicast router sends group member query messages to all the hosts periodically to learn about which group members exist in the connected networks. The hosts return group member report messages containing the information of the multicast groups to which they belong. When a host wants to be added in a new group, it sends a group member report message instead of waiting for a query.

When the host begins to receive information as a group member, the multicast router will query the group periodically to learn about whether this member is still in the group. If members of the group still exist on an interface, the multicast router will continue to forward data from the group to the interface. When the host leaves the group, it will send a leave message to the multicast router. The multicast router will query immediately whether the group still contains active members or not. If yes, the multicast router continues to forward data; if no, it stops forwarding data.

There are two versions, IGMP V1 and IGMP V2, in the practical applications. IGMP V2 has more enhanced features than IGMP V1. It uses 4 types of messages to accomplish the information interaction between the hosts and the router.

Group member query

V2 member report

Leave report

V1 member report

Where, the V1 member report is used to be compatible with IGMP V1.

Multicast Tree To enable multicast communication in the networks, the multicast source, receivers and the paths of multicast packets should be available. The most commonly used routing method is to establish tree routes, which provides the following two advantages:

Packets are sent to different receivers along the tree branches in parallel.

Chapter 18 Multicasting Route Configuration


Packets are copied only on crotches, which minimizes the number of packets transmitted in the networks.

A multicast tree is a set of a series of router incoming interfaces and outgoing interfaces. It determines a unique forwarding path between the subnet to which the multicast source belongs and all the subnets that contain the group members.

There are two ways to construct a multicast tree: per-source multicast tree and shared multicast tree.

Per-Source Multicast Tree Per-source multicast tree is also called source shortest path tree. It establishes a spanning tree to all the receivers for each source. This spanning tree takes the subnet to which the source belongs as the root node and reaches the subnets to which the receivers belong. A multicast group may include multiple multicast sources. Each source or pair (S, G) has a corresponding multicasting tree.

The method to construct a per-source multicast tree is reverse path forwarding (RPF). Each router can find the shortest path to the source and the corresponding outgoing interface according to the unicast route. When a router receives a multicast packet, it verifies whether the incoming interface that the packet reaches is the outgoing interface with the shortest unicast path from the packet to the source. If yes, the route copies the packet and forwards it to other interfaces; otherwise, it discards the multicast packet.

The incoming interface from which the router receives multicast packets is called parent link. The outgoing interface that sends multicast packets is called child link.

Shared Multicast Tree Shared multicast tree establishes a multicast route tree for each multicast group, which is shared by all the group members, that is, the tree is shared by the group (*, C) instead of every pair (S, G). Every device to receive the multicast packets from the group should be added to the shared tree explicitly.

A shared multicast tree uses one or a group of routers as the center of the tree. Multicast packets from all the sources in this group to the receivers are sent as unicast packets to the center, from which the packets will then be forwarded as multicast packets along the tree.

PIM-SM PIM-SM transmits multicast packets using a shared tree. A shared tree has a central point, which is responsible for sending packets for all the sources in a multicast group. Each source sends packets to the central point along the shortest-path route and then takes the central point as the root node to distribute the packets to all the receivers in the group. The central point of a PIM-SM group is called Rendezvous Point (RP). A network can have multiple RPs, but a multicast group can only have one RP.



A router can learn about the positions of RPs in three ways. The first way is to configure static RP manually on each router that runs PIM-SM. The other two ways are dynamic, depending on the version of PIM-SM used in the network. PIM-SM V1 uses Auto-RP. PIM-SM V2 uses candidate-RP.

PIM-SM V2 allows the manually configured routers that run PIM-SM to be used as candidate bootstrap routers (BSRs) and elects the candidate BSR with the highest priority as the formal BSR. BSR is responsible for collecting the candidate RP messages from all the multicast router, trying to find the candidate RPs existing in the multicast domain and advertising them to all the PIM routers in the PIM domain. Each PIM router selects the optimum RP for each group in the RP set according to the unified RP election rule. RP candidates are configured manually.

Routers running PIM-SM attempt to find each other and maintain the neighbor relation by exchanging hello messages. On the multi-access network, a hello message also includes router priority information, which can be used to elect the designated router (DR).

The multicast source or the first-hop router (DR directly connected to the source) encapsulates the packet into a Register message and sends it to the RP via a unicast route. When receiving the Register message, the RP decapsulates the packet and sends it along the shared tree downward to the receivers in this group.

Each host acting as a receiver will join the multicast group via an IGMP member report message. The last-hot router (or DR on the multi-access network) sends the received Join message by level to the RP for registration. The media router checks if a route for this group is available after receiving the Join message. If yes, it adds the downstream requesting router into the shared tree as a branch. Otherwise, the Join message will proceed to the RP.

If the RP or multicast router is directly connected to any receiver, it can be switched over from the shared tree to the per-source, shortest-path tree. When receiving a Register message from a new multicast source, the RP returns a Join message to the DR directly connected to the multicast source, thus establishing the tree with the shortest-path from the source to the RP.

When a DR or a router with multicast members connected directly receives the first multicast packet from the multicast group, or when the received packets reach a threshold, it can be switched over from the shared tree to the per-source, shortest-path tree. Once the switchover occurs, the route will send a Prune message to the upstream neighbors, requesting to be separated from the shared tree.

MSDP MSDP is a mechanism that allows the RPs in each PIM-SM domain to share information about active sources. Each RP knows the receivers within the local domain. When the RPs have learnt about the information about the active sources in the remote domains, they can transfer the information to the receivers in the local domain. Thus, multicast packets can be forwarded among domains.



The MSDP speaker in a PIM-SM domain establishes the MSDP session relation with the MSDP neighbors in other domains via TCP connection. When the MSDP speaker has learnt about a new multicast source (through the PIM register mechanism) in the local domain, it will create a Source-Active message and send it to all the MSDP neighbors. Each receiving neighbor uses a neighbor RPF check to check the SA message. Only the SA message received on the correct interface is forwarded. Other SA messages will be discarded. If the MSDP neighbor receiving this SA message is the RP in the local domain, and the outgoing interface corresponding to the (*, G) entry for the multicast group G in the SA is non-null, which means there are receivers in this domain. The RP will then create a (S, G) status for the multicast source and add it to the shortest-path tree of the source.

In addition, each MSDP neighbor will save the received SA messages in a cache, thus establishing a SA cache table. If the RP in a PIM-SM domain receives a message for joining a new multicast group G, the RP will search its own SA cache table to get all the active multicast sources immediately, thus generating the corresponding (S, G) Join message.

Configuring Public Multicast Enable IP multicast routing


ip multicast-routing Global Enables IP multicast routing

When the IP multicast routing function is enabled, the router will forward multicast packets.

Delete IP multicast routing table


clear ip mroute [group-address <group-address>] [source-address <source-address>]

Privileged Deletes IP multicast routing table

If the command does not contain any option, all the multicast route entries will be deleted.

Configuring IGMP The IGMP function of ZXR10 T160G/T64G is based on the PIM interface. The IGMP function will be enabled automatically on all the PIM-enabled interfaces.



Configuring IGMP Versions IGMP versions include V1 and V2. The default is V2, which can be changed as required. In view of security requirements, the routes require all the network elements in the same network to use IGMP V1 or IGMP V2.

The configuration of IGMP version is based on interface. Different interfaces can be configured with different versions.


ip igmp version <version> VLAN interface Configures the IGMP version on an interface

Configuring IGMP Groups on Interfaces Configure the range of groups to which IGMP is allowed to be added

When IGMP is running on an interface, all the multicast groups are received by default. You can set the range of receiving groups. If the Join request from a host does not belong to the range, it will be discarded.

Example:

Only group 239.10.10.10 is received on interface vlan1.

ZXR10(config)#acl basic number 10

ZXR10(config-basic-acl)#rule 1 permit 239.10.10.10 0.0.0.0


ZXR10(config-if)#ip igmp access-group 10

Configure the range of groups from which IGMP is allowed to leave immediately

After receiving an IGMP Leave message, or no report message is received after (last member query interval×2+1) seconds, the group members will leave.


ip igmp immediate-leave [group-list <acl-number>] VLAN interface

Configure the range of groups from which IGMP can leave immediately

Example:

Allow group 239.10.10.10 to leave immediately from interface vlan1





ip igmp access-group <acl-number>

VLAN interface Configures the range of groups to which IGMP can be added



ZXR10(config-if)#ip igmp immediate-leave group-list 10

Configure static group members on an IGMP interface

You can bind a static group address on an interface, suppose there always be group members on this interface.


ip igmp static-group <group-address>

VLAN interface Configure static group members on an IGMP interface

Example:

Configure static group 239.10.10.10 on interface vlan1.


ZXR10(config-if)#ip igmp static-group 239.10.10.10

Configuring IGMP Timers After enabling IGMP on the multicast router interfaces connected to the shared network, the optimum router is elected as the querier on this network, responsible for obtaining group member information by sending query messages.

After sending a query message, the querier will wait for receiving Host Membership Reports in a period of time. The duration is the value of max response time contained in the query message sent, 10 seconds by default. After receiving the query message, the host members on the network take the result of the max response time minus a random offset value as their own response time. If other Host Member Reports are received in this period, it will be cancelled, otherwise, host reports will be sent at the response time. Therefore, increasing the max response time will extend the waiting time of the group members on the network, thus lowering the occurrence of multiple host reports on the network.

Parameters of the timers related to the querier can be changed according to the network conditions.

Configure the IGMP query interval


ip igmp query-interval <seconds> VLAN interface Configures the IGMP query interval

Configure the IGMP querier timeout


ip igmp querier-timeout <seconds>

VLAN interface Configures the IGMP querier timeout

Configure the max response time contained in the query message sent by IGMP




ip igmp query-max-response-time <seconds>

VLAN interface

Configures the value of max response time contained in the query message sent by IGMP

Configure the IGMP specific group query interval


ip igmp last-member-query-interval <seconds>

VLAN interface Configures the IGMP specific group query interval

Configuring PIM-SM The details of the PIM-SM configuration are described in the following sections.

PIM-SM Basic Configurations Enabling PIM-SM

Enable PIM-SM


router pimsm Global Enables IP multicast protocol PIM-SM

Add an interface that run PIM-SM


ip pim sm VLAN interface Enables PIM-SM on the interface

Configuring Static RPs A static RPs can be configured for one or more specific groups, and the same static RP should be configured for the group on all the PIM-SM multicast routers in the multicast domain. RP addresses should be reachable from other routers. Generally, loopback interface addresses are used to reduce the network oscillations due to physical interface up/down. When a static RP is configured, the candidate RP will not be needed for the group.


static-rp <ip-address> [group-list <acl-number>] [priority <priority>] Routing PIM-SM Configures a static RP

Example:

Configure static RP 10.1.1.1 for all the groups.



ZXR10(config-router)#static-rp 10.1.1.1

Example: Configure static RP 10.1.1.1 for group 239.132.10.100.

ZXR10(config-router)#static-rp 10.1.1.1 group-list 10



Configuring Candidate BSRs If the static RP mechanism is not used, candidate BSRs should be configured on more than one multicast routers in every multicast domain. The BSR sends bootstrap (BSR) messages periodically to advertise the RP conditions. Routers running PIM-SM update the RP statuses according to the latest advertisement messages. The bootstrap messages sent by the BSR are also used to elect the formal BSR from the candidate BSRs.


bsr-candidate <interface-name> [<hash-mask-length>] [<priority>] Routing PIM-SM Configures a candidate BSR

The default priority of a candidate BSR is 0. The candidate BSR with the highest priority will become the formal BSR. If multiple routers have the same BSR priority, the IP addresses will be compared. The candidate BSR with the largest address will become the formal BSR.

Configuring Candidate RPs In PIM-SM, RP is the root of a shared multicast tree. It is responsible for sending multicast packets to the downstream receiving group members along the shared tree. A multicast group can only have one formal RP.


rp-candidate <interface-name> [group-list <acl-number>] [priority <priority>]

Routing PIM-SM Configures a candidate RP

The default priority of a candidate RP is 192. The candidate RP with a smaller priority is preferred.

Enhanced PIM-SM Configurations Source Shortest Path Tree Switchover Only the last-hop DR and RP can switch over to the source shortest path tree. By default, the switchover begins when the RP has received the first Register message. For the last-hop DR, the switchover threshold policy can be configured with single unicast group as the granularity of control. If the shortest path tree threshold is configured as infinite, no switchover will occur. By default, a switchover will occur if only there is flow.




spt-threshold infinity [group-list <acl-number>] Routing PIM-SM

Configures the router to which receivers are connected directly to the switchover from shortest path tree back to the shared tree (RP tree)

Configuring an Interface as the PIM Domain Border Use the following command to configure an interface as the PIM domain border.


ip pim bsr-border Vlan Interface Configures an interface as the PIM domain border

When the command is configured on an interface, bootstrap data messages will not be able to pass through the border in any direction. This command allows a network to be divided into areas using different BSRs. However, other PIM messages can pass through the domain border.

Setting the RP to Filtering the Received Register Messages Source addresses in multicast data messages encapsulated in the Register messages are filtered according to the rules defined in the ACL.


accept-register <acl-number> Routing PIM-SM Filters the received Register messages

Limiting the Candidate RPs Advertised by a BSR Message Use the following command to filter the addresses of the candidate RPs advertised by a BRS message.


accept-rp <acl-number> Routing PIM-SM Filters the candidate RP messages received on E-BSR

Setting DR Priorities A DR should be elected from a shared (or multi-access) network. The router with the highest priority will be elected. If the routers have the same priority, the one with the largest IP address will be selected.

On the shared network connected to the multicast data source, only the DR can send Register messages to the RP. On the shared network connected to the receivers, only the DR can respond to the IGMP Join/Leave messages and send PIM Join/Prune messages to the upstream routers.




ip pim dr-priority <priority> Interface Sets a DR priority

The priority of a route is contained in a Hello message exchanged with neighbors. The default is 1.

Setting Hello Message Intervals The interval of hello messages sent by PIM-SM neighbors can be adjusted according to the network conditions. The default is 30 seconds.


ip pim query-interval <seconds> Interface Configures a Hello message interval

Limiting PIM-SM Neighbors In view of security requirements, PIM-SM will not allow some of the routers to be neighbors on an interface.


ip pim neighbor-filter <acl-number>

Interface Does not allow some of the routers to be PIM neighbors

Example:

Router 10.1.1.1 is not allowed to be a PIM neighbor on interface vlan1.


ZXR10(config-basic-acl)#rule 1 deny 10.1.1.1 0.0.0.0

ZXR10(config-basic-acl)#rule 2 permit any


ZXR10(config-if)#ip pim neighbor-filter 10

Configuring MSDP The details of the MSDP configuration are described in the following sections.

Basic MSDP Configuration Configure an MSDP peer to enable MSDP.


ip msdp peer <peer-address> connect-source <interface-name> Global Configures an MSDP peer to

enable MSDP



Enhanced MSDP Configurations Configure the default MSDP peer


ip msdp default-peer <peer-address> [list <acl-number>]

Global Defines the default MSDP peer

When the default MSDP peer is configured, the local router will accept the SA messages from the peer’s RP under the control of the list. If no list parameter is configured, all the SA messages from this peer will be accepted. When multiple default peers are configured on a route, if one of them requires a list parameter, all the peers should be configured with list parameters.

Configure an originating RP

This configuration is used to generate the MSDP speaker of SA messages and use the address of the specified interface as the RP address in a SA.


ip msdp originator-id <interface-name>

Global Uses the address of the specified interface as the RP address in a SA

Configure the MSDP peer as a mesh group member

A "mesh group" appears to be a group of MSDP speakers which have fully meshed connectivity.


ip msdp mesh-group <peer-address> <mesh-name>

Global Configures the MSDP peer as a mesh group member

Configure the maximum number of SA messages allowed in the SA cache


ip msdp sa-limit <peer-address> <sa-limit>

Global Limit the number of SA messages from the specified MSDP peer in the SA cache

Shut down the configured MSDP peer


ip msdp shutdown <peer-address>

Global Shuts down the configured MSDP peer

Clear the TCP connection established with the MSDP peer

This command shuts down the TCP connection to the MSDP peer and reset all the statistics of the MSDP peer.


clear ip msdp peer [<peer-address>] Privileged

Clear the TCP connection(s) established with one or all of the MSDP peers



Clear the entries in the MSDP SA cache


clear ip msdp sa-cache [<group-address>]

Privileged Clears the entries in the MSDP SA cache

Clear the statistical counter for the MSDP peer

This configuration clears the statistical counter for the MSDP peer but does not reset the MSDP sessions.


clear ip msdp statistics [<peer-address>]

Privileged Clear the statistical counter for the MSDP peer

Example of Configuring Multicasting The following is an example of PIM-SM configuration. Figure 65 shows the network topology.

F I G U R E 65 E X AM P L E O F C O N F I G U R I N G MU L T I C AS T I N G

R1 R2

R3

Multicast Source Receiver

Lo:10.1.1.3/32

Lo:10.1.1.1/32 Lo:10.1.1.2/32

10.10.10.1/24

10.10.10.2/24

10.10.20.1/24 10.10.20.2/24

10.10.30.2/24

10.10.30.1/24

10.10.40.2/24

10.10.40.1/24

10.10.50.1/24

10.10.50.2/24

Configuration of R1

ZXR10_R1(config)#interface loopback1


ZXR10_R1(config)#ip multicast-routing

ZXR10_R1(config)#router pimsm

ZXR10_R1(config-router)#rp-candidate loopback1 priority 10

ZXR10_R1(config-router)#bsr-candidate loopback1 10 10





ZXR10_R1(config-if)#ip pim sm









Configuration of R2















ZXR10_R2(config-if)#ip igmp access-group 10



ZXR10_R2(config)#access-list 10 permit any

Configuration of R3

















Note the sequence of configuration. The ip multicast-routing should be configured prior to router pimsm. Next, enable ip pim sm on the interface. The configuration will not be successful if the sequence is not followed.

To allow multicast data to be sent from the source to the receivers when using the ZXR10 T160G, the rpf incoming interface should be configured for all the routers on the entire path from the source to the receivers (command: ip pimsm source A.B.C.D group A.B.C.D receive-port <interface>). In a ring network, if the next-hop of the unicast route changes due to a link status change, the rpf incoming interface should be re-configured.

Multicasting Maintenance and Diagnosis For the ease of multicast maintenance and diagnosis, ZXR10 T160G/T64G provides many show commands for every multicast protocol supported.

Common Show Commands View the IP multicast routing table


show ip mroute [group <group-address>] [source <source-address>] [summary]

All modes Displays IP multicast routing table

Example:

Display the contents of the current IP multicast routing table

ZXR10#show ip mroute

IP Multicast Routing Table

Flags:D -Dense,S -Sparse,C -Connected,L -Local,P -Pruned

R -RP-bit set,F -Register flag,T -SPT-bit set,J -Join SPT,

M - MSDP created entry,N -No Used,U -Up Send,

A - Advertised via MSDP,X -Proxy Join Timer Running,

* -Assert flag

Statistic: Receive packet count/Send packet count

Timers:Uptime/Expires

Interface state:Interface,Next-Hop or VCD,State/Mode

(*, 229.3.3.16), 00:00:01/00:03:34, RP 5.5.5.6 , 0/0, flags: SP

Incoming interface: vlan5, RPF nbr 5.5.5.6

Outgoing interface list: NULL

(100.1.1.100, 229.3.3.16), 00:00:01/00:03:34 , 0/0, flags: UN



Incoming interface: vlan4, RPF nbr 4.4.4.5

Outgoing interface list:

vlan6, Forward/Sparse, 00:00:01/00:03:29

Display the multicast forwarding route entries

If the command does not contain any source address option, it displays the (*, G) and (S, G) multicast forwarding entries. If it contains a source address option, it displays the (S, G) multicast forwarding entries.


show ip mforwarding module <module-number> {summary|group-address <group-address> [source-address <source-address>]}

All modes Displays the multicast forwarding route entries

Example:

Display the multicast forwarding route entries.

ZXR10#show ip forwarding mroute module 7 group-address 229.3.3.16

IP Forwarding Multicast Routing Table

Flags: N -No Used,U -Up Send,L -Limit upSend,A - Assert send

(*, 229.3.3.16), Flags:, HitFlag:0, Incoming interface: Null,

LastSrcIp: 0.0.0.0

Outgoing vlan interface list: NULL

L2bitmap:0x0000000000000000 L3bitmap:0x0000000000000000

(100.1.1.100, 229.3.3.16), Flags:, HitFlag:0, Incoming interface:

vlan4 19/3, LastSrcIp: 0.0.0.0

Outgoing vlan interface list: NULL

L2bitmap:0x4000000000000008 L3bitmap:0x0000000000000000

Display the information of multicast RPF.


show ip rpf <source-address> All modes Display the multicast RPF information

IGMP Use the following command to display the IGMP related information.

View the IGMP configurations on an interface

Displayed information includes the current IGMP version, querier ID, query time interval and max response time.




show ip igmp interface [<interface-name>]


Displays the IGMP configurations on an interface

Example:

Display the IGMP configurations on interface vlan4.

ZXR10#show ip igmp interface vlan4

vlan4

Internet address is 4.4.4.4, subnet mask is 255.255.255.0

IGMP is enabled on interface

Current IGMP version is 2

IGMP query interval is 125 seconds

IGMP last member query interval is 1 seconds

IGMP query max response time is 10 seconds

IGMP querier timeout period is 251 seconds

IGMP querier is 4.4.4.4, never expire

Inbound IGMP access group is not set

IGMP immediate leave control is not set

View the IGMP group joining condition on an interface


show ip igmp groups [<interface-name>]


Views the IGMP group joining condition on an interface

Example:

Display the group member information on interface vlan1.

ZXR10#show ip igmp groups

IGMP Connected Group Membership

Group addr Interface Present Expire Last Reporter

224.1.1.1 vlan4 00:00:48 never 4.4.4.4

PIM-SM Use the following command to display the PIM-SM related information.

Display the BSR information


show ip pim bsr All modes Displays the BSR information

Example:

Display the BSR information

ZXR10#show ip pim bsr

Uptime: 00:00:11, BSR Priority :0, Hash mask length:30



Expires:00:00:49

This system is a candidate BSR

candidate BSR address: 6.6.6.6, priority: 0, hash mask length: 30

This System is Candidate_RP:

candidate RP address: 6.6.6.6(vlan6),priority:192

Display the information of the RP set advertised by a BSR


show ip pim rp mapping All modes Displays the information of the RP set advertised by a BSR

Example:

Display the information of the RP set advertised by a BSR

ZXR10#show ip pim rp mapping

Group(s) 224.0.0.0/4

RP 5.5.5.6 static, Priority :192

RP 6.6.6.6 <?>, :v2, Priority :192

BSR: 6.6.6.6 <?>, via bootstrap

Uptime: 00:00:14, expires: 00:02:16

Display the RP information selected by a specific multicast group


show ip pim rp hash <group-address>

All modes Displays the RP information selected by a specific multicast group

Example:

Display the RP information selected by group 224.1.1.1

ZXR10#show ip pim rp ha 224.1.1.1

rp address:5.5.5.6 static

View the information of the configured PIM-SM interface


show ip pimsm interface[<interface-name>] All modes

Displays the information of the configured PIM-SM interface

Example:

View the information of the configured PIM-SM interface

ZXR10#show ip pimsm interface

Address Interface State Nbr Query DR DR

Count Intvl Priority

4.4.4.4 vlan4 Up 0 30 4.4.4.4 1

5.5.5.5 vlan5 Up 0 30 5.5.5.5 1

6.6.6.6 vlan6 Up 0 30 6.6.6.6 1



0.0.0.0 vlan100 Down 0 30 0.0.0.0 1

View the information of the PIM-SM interface peer


show ip pimsm neighbor [<interface-name>] All modes Displays the information of

the PIM-SM interface peer

Example:

View the information of the PIM-SM interface peer.

ZXR10#show ip pimsm neighbor

Neighbor Address Interface DR Prio Uptime Expires

131.1.1.91 vlan4 30000 00:19:34 00:01:29

22.22.22.43 vlan5 1 03:21:25 00:01:16

MSDP Use the following command to display the MSDP related information.

Display the statistics of SA messages

Display the number of SA messages from every MSDP peer in the SA cache


show ip msdp count All modes Displays the statistics of SA messages

Example:

Display the statistics of SA messages

ZXR10#show ip msdp count

SA State per Peer Counters, <Peer>: <# SA learned>

101.1.1.1: 2

102.2.2.2: 20

103.3.3.3: 10

Total entries: 32

Display detailed information of MSDP peers


show ip msdp peer [<peer-address>]

All modes Displays detailed information of MSDP peers

Example:

Display detailed information of MSDP peers

ZXR10(config)#show ip msdp peer

MSDP Peer 11.1.1.1



Description:

Connection status:

State: Down, Resets: 0, Connection source: vlan4 (4.4.4.4)

Uptime(Downtime): 00:00:04, Messages sent/received: 0/0

Connection and counters cleared 00:00:04 ago

SA Filtering:

Input (S,G) filter: none

Output (S,G) filter: none

Peer ttl threshold: 0

SAs learned from this peer: 0

Display the (S, G) status from every MSDP peer


show ip msdp sa-cache [<group-address> [<source-address>]]

All modes Display the (S, G) status from every MSDP peer

Example:

Display the (S, G) status from every MSDP peer

ZXR10#show ip msdp sa-cache

MSDP Source-Active Cache - 4 entries

(101.101.101.101, 224.1.1.1), RP 49.4.4.4, 00:21:45/ 00:05:57

(101.101.101.101, 224.1.1.2), RP 49.4.4.4, 00:21:45/ 00:05:57

(101.101.101.101, 226.1.1.1), RP 50.4.4.4, 00:09:04/ 00:04:57

(101.101.101.101, 226.1.1.2), RP 50.4.4.4, 00:09:04/ 00:04:57

Display the statuses of MSDP peers


show ip msdp summary All modes Display the statuses of MSDP peers

Example:

Display the statuses of MSDP peers

ZXR10#show ip msdp summary

MSDP Peer Status Summary

Peer Address State Uptime/ Reset SA

Downtime Count Count

101.1.1.1 Up 1d10h 9 2

*102.2.2.2 Up 14:24:00 5 20

103.3.3.3 Up 12:36:17 5 10


C h a p t e r 19

ACL Configuration

This chapter describes access control list (ACL). ACL is applied to port or policy for filtering and control of data flow. This chapter includes:

ACL Overview

Configuring ACL

Examples of Configuring ACL

ACL Maintenance and Diagnosis

ACL Overview To filter data, a network device should be configured with a series of matching rules to identify the objects to be filtered. After identifying the specific objects, corresponding packets will be allowed or denied according to the preset policy. ACL is used to implement these functions.

Generally, ACL is used to implement data message filtering, policy routing and special flow control. An ACL may contain one or more rules defined for special types of packets. These rules tell the switch to allow or deny the access of packets that match the criteria specified in the rules. Packet matching rules defined in ACL can also used in the cases where flow should be identified, for example, defining flow classification rules in QoS.

ZXR10 T160G/T64G provides four types of ACLs:

Basic ACL: Only source IP addresses are matched against the ACL.

Extended ACL: Source/destination IP address, IP protocol type, TCP source/destination port number, UDP source/destination port number, ICMP type, ICMP code, DiffServ Code Point (DSCP), ToS and precedence are matched against the ACL.

Layer 2 ACL: Source/destination MAC address, source VLAN ID, Layer 2 Ethernet protocol type and 802.1p priority value are matched against the ACL.



Mixed ACL: Source/destination MAC address, source VLAN ID, source/destination IP address, TCP source/destination port number, UDP source/destination port number are matched against the ACL.

Each ACL has an ACL code for identification, which is a digit. The code ranges of different types of ACLs are as follows:

Basic ACL: 1~99

Extended ACL: 100~199

Layer 2 ACL: 200~299

Mixed ACL: 300~349

Each ACL supports up to 100 rules with the codes ranging from 1 to 100.

Configuring ACLs To configure ACL, follow the three steps in order:

Configure a time range

Define an ACL

Apply the ACL to physical ports

Configure a Time Range The configuration of time range includes the following cases:

Configure the time range in every day: Specify the start and end time in every day. If not configured, it indicates all the time in a day.

Configure period range: Specify a day of week

Configure range of dates: Specify the start and end dates If not configured, it indicates the time from the date when the configuration takes effect to the maximum system time.

Use the following command to configure a time range.


time-range <timerange-name> {<hh:mm:ss> to <hh:mm:ss> <days-of-the-week>|from <hh:mm:ss> <mm-dd-yyyy> [to <hh:mm:ss> <mm-dd-yyyy>]}

Global Defines a time range

Defining ACLs To configure an ACL, enter the ACL configuration mode first, and then define the ACL rules.

Note the following issues when you define ACL rules:

Chapter 19 ACL Configuration


If a packet meets multiple rules, the first rule will be matched. So the rule sequence is very important. Generally, rules in a small range are put in the front and rules in a large range are put in the back.

Considering the network security, the system will add an implicit deny rule to the end of each ACL automatically for denying all the packets. A permit rule for allowing all the packets should be defined at the end of each ACL.

Configuring Basic ACLs Use the following command to define a basic ACL.

Enter the basic ACL configuration mode


acl basic {number <acl-number>|name <acl-name>}

Global Enters the basic ACL configuration mode

Configure rules in an ACL


rule <rule-no> {permit|deny} {<source> [<source-wildcard>]|any} [time-range <timerange-name>]

Basic ACL Defines rules

Move a rule to the back of another one


move <rule-no> after <rule-no> Basic ACL Moves a rule to the back of anther one.

Example:

Define a basic ACL to allow the access of messages from network 192.168.1.0/24 but deny the messages from source IP address 192.168.1.100.


ZXR10(config-basic-acl)#rule 1 deny 192.168.1.100 0.0.0.0


Configuring Extended ACLs Use the following command to define an extended ACL.

Enter the extended ACL configuration mode


acl extend {number <acl-number>|name <acl-name>}

Global Enters the extended ACL configuration mode





Command function

rule <rule-no> {permit|deny} icmp {<source> <source-wildcard>|any} {<dest> <dest-wildcard>|any} [<icmp-type> [icmp-code <icmp-code>]] [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>]

Extended ACL Defines ICMP-based rules

rule <rule-no> {permit|deny} {<ip-number>|ip} {<source> <source-wildcard>|any} {<dest> <dest-wildcard>|any} [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>]

Extended ACL Defines rules on the basis of IP or IP protocol code

rule <rule-no> {permit|deny} tcp {<source> <source-wildcard>|any} [<rule> <port>] {<dest> <dest-wildcard>|any} [<rule> <port>] [established] [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>]

Extended ACL Defines TCP-based rules

rule <rule-no> {permit|deny} udp {<source> <source-wildcard>|any} [<rule> <port>] {<dest> <dest-wildcard>|any} [<rule> <port>] [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>]

Extended ACL Defines UDP-based rules



move <rule-no> after <rule-no> Extended ACL Moves a rule to the back of another one

Example:

Define an extended ACL to implement the following functions.

Allows the access of UDP messages from network 210.168.1.0/24, destination IP address 210.168.2.10, source port 100 and destination port 200.

Denies the BGP messages from network 192.168.2.0/24.

Denies all the ICMP messages.

Denies all the messages with IP protocol code 8.

ZXR10(config)#acl extend number 150

ZXR10(config-ext-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq 100

210.168.2.10 0.0.0.0 eq 200

ZXR10(config-ext-acl)#rule 2 deny tcp 192.168.2.0 0.0.0.255 Eq BGP any

ZXR10(config-ext-acl)#rule 3 deny icmp any any

ZXR10(config-ext-acl)#rule 4 deny 8 any any



Configuring Layer 2 ACLs Use the following command to define a Layer 2 ACL.

Enter the Layer 2 ACL configuration mode


acl link {number <acl-number>|name <acl-name>}

Global Enters the Layer 2 ACL configuration mode



rule <rule-no> {permit|deny} <prot-number> [cos <cos-vlaue>] [ingress {[<source-vlanid>] [<source-mac> <source-mac-wildcard>|any]}] [egress {<dest-mac> <dest-mac-wildcard>|any}] [time-range <timerange-name>]

Layer 2 ACL Defines rules



move <rule-no> after <rule-no> Layer 2 ACL Moves a rule to the back of another one

Example:

Define a Layer 2 ACL to allow the access of IP packets with source MAC address 00d0.d0c0.5741 and 802.1p code 5.

ZXR10(config)#acl link number 200

ZXR10(config-link-acl)#rule 1 permit ip cos 5 ingress 10

00d0.d0c0.5741 0000.0000.0000

ZXR10(config-link-acl)#rule 2 deny 8847

Configuring Mixed ACLs Use the following command to define a mixed ACL.

Enter the mixed ACL configuration mode


acl hybrid {number <acl-number>|name <acl-name>}

Global Enters the mixed ACL configuration mode



rule <rule-no> {permit|deny} <prot-number> {<source> <source-wildcard>|any} {<dest> <dest-wildcard>|any} [<source-vlanid>] [ingress

Mixed ACL Defines rules on the basis of source/destination IP address or MAC address



{<source-mac> <source-mac-wildcard>|any}] [egress {<dest-mac> <dest-mac-wildcard>|any}] [time-range <timerange-name>]

rule <rule-no> {permit|deny} tcp {<source> <source-wildcard>|any} [<rule> <port>] {<dest> <dest-wildcard>|any} [<rule> <port>] [<source-vlanid>] [ingress {<source-mac> <source-mac-wildcard>|any}] [egress {<dest-mac> <dest-mac-wildcard>|any}] [time-range <timerange-name>]

Mixed ACL Defines TCP-based rules

rule <rule-no> {permit|deny} udp {<source> <source-wildcard>|any} [<rule><port>] {<dest> <dest-wildcard>|any } [<rule> <port>] [<vlanid>] [ingress {<source-mac> <source-mac-wildcard>|any}] [egress {<dest-mac> <dest-mac-wildcard>|any}] [time-range <timerange-name>]

Mixed ACL Defines UDP-based rules



move <rule-no> after <rule-no> Mixed ACL Moves a rule to the back of another one

Example:

Define a mixed ACL to implement the following functions.

Allows the access of UDP messages from network 210.168.1.0/24, destination IP address 210.168.2.10, destination MAC address 00d0.d0c0.5741, source port 100 and destination port 200.

Denies the BGP messages from network 192.168.3.0/24.

Denies the messages from MAC address 0100.2563.1425.

ZXR10(config)#acl hybrid number 300

ZXR10(config-hybd-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq 100

210.168.2.10 0.0.0.0 eq 200 Egress 00d0.d0c0.5741 0000.0000.0000

ZXR10(config-hybd-acl)#rule 2 deny tcp 192.168.3.0 0.0.0.255 Eq BGP any

ZXR10(config-hybd-acl)#rule deny any any ingress 0100.2563.1425

0000.0000.0000



Applying ACLs to Physical Ports Defined ACLs will not take effect until they are applied to physical ports. Use the following command to apply the ACLs to the corresponding physical ports.

Enter port configuration mode


interface <port-name> Global Allows you to enter port configuration mode

Apply the ACL to physical ports


ip access-group <acl-number> in Port Binds ACLs to Physical Ports

Tip: A physical port can only apply one ACL. The new configuration overwrites the old one. For example, in the gei_4/1 port configuration mode, the following two commands are configured in order:

ip access-group 10 in

ip access-group 100 in

Only ACL 100 takes effect.

Examples of Configuring ACL As shown in Figure 66, a company has an Ethernet switch, to which the server and users of Dept. A and B are connected. An administrative regulation is as follows:

Users of Dept. A and B are not allowed to access the FTP server and VOD server during working time (9:00~10:00), but access to the mail server is allowed at any time.

Internal users can access the Internet via proxy 192.168.3.100, but users of Dept. A are not allowed to access the Internet during working time.

The general managers of Dept. A and B (with IP address 192.168.1.100 and 192.168.2.100, respectively) are allowed to access the Internet and all the servers at any time.



F I G U R E 66 E X AM P L E O F C O N F I G U R I N G ACL

MailServer

FTPServer

VODServer

Dept. A192.168.1.0/24

Dept. B192.168.2.0/24gei_2/1

VLAN1

gei_2/2VLAN2

gei_2/4VLAN4

Internet

Switch

The server IP addresses are allocated as follows:

Mail server: 192.168.4.50

FTP server: 192.168.4.60

VOD server: 192.168.4.70

Switch configuration

/* Configure a time range */ ZXR10(config)#time-range working-time 9:00:00 to 17:00:00

/* Define an extended ACL to limit the users of Dept. A */ ZXR10(config)#acl extend number 100

ZXR10(config-ext-acl)#rule 1 permit ip 192.168.1.100 0.0.0.0 any

ZXR10(config-ext-acl)#rule 2 deny ip 192.168.1.0 0.0.0.255

192.168.4.60 0.0.0.0 time-range working-time

ZXR10(config-ext-acl)#rule 3 deny tcp any eq 8888 192.168.4.70 0.0.0.0

time-range working-time

ZXR10(config-ext-acl)#rule 4 deny ip any 192.168.3.100 0.0.0.0


ZXR10(config-ext-acl)#rule 5 permit ip any any

/* Define an extended ACL to limit the users of Dept. B */ ZXR10(config)#acl extend number 101




ZXR10(config-ext-acl)#rule 2 deny ip 192.168.2.0 0.0.0.255

192.168.4.60 0.0.0.0 time-range working-time

ZXR10(config-ext-acl)#rule 3 deny tcp any eq 8888 192.168.4.70 0.0.0.0



/* Apply ACLs to the corresponding physical ports */ ZXR10(config)#interface fei_2/1

ZXR10(config-if)#ip access-group 100 in

ZXR10(config-if)#exit

ZXR10(config)#interface fei_2/2



ACL Maintenance and Diagnosis ZXR10 T160G/T64G provides related show commands for the ease of ACL maintenance and diagnosis.

Display the contents of all the ACLs or of the ACL with the specified list number


show acl [<acl-number>|name <acl-name>] All modes

Displays the contents of all the ACLs or of the ACL with the specified list number

View if a physical port applies an ACL


show running-config interface <port-name>


Displays the configuration information of an Ethernet port





C h a p t e r 20

QoS Configuration

Quality of Service (QoS) refers to the capability to provide better service to the selected network communication by using various technologies.


QoS Overview

Configuring QoS

Example of Configuring QoS

QoS Maintenance and Diagnosis

QoS Overview Traditional networks provide best-effort services in which all messages are treated equally. The network devices do their best effort to send messages to the destination following the First Come, First Served principle. However, they do not provide any guarantee of message transmission reliability or relay.

As new applications continually appear, new requirements of network QoS are addressed. The best-effort services of traditional networks no long meet the requirements for the applications. For example, in VoIP services and real-time video transmission, if the message transmission relay is too large, the users will not be able to use the services normally. A feasible way to solve these problems is to provide the networks with the support for the QoS capability.

QoS is designed to provide different service quality for various applications depending on the requirements, e.g. providing dedicated bandwidth, reducing message loss rate, lowering message transmission relay and relay jitter. QoS provides the following functions to achieve these goals:

Traffic classification

Traffic monitoring and control

Traffic shaping



Queue scheduling and default 802.1p priority

Redirection and policy routing

Priority tagging

Traffic mapping

Traffic statistics

Traffic Classification Traffic refers to the messages passing through the switches. Traffic classification allows the messages transmitted across the switches to be classified, and defines or describes the messages with specific characteristics.

QoS traffic classification is based on ACL and the rule of ACL must be “permit”. The customer can classify the messages based on the filtering options of an ACL, e.g. source/destination IP address of the message, source/destination MAC address, IP protocol type, TCP source/destination port number, UDP source/destination port number, ICMP type, ICMP code, DSCP, ToS, precedence, source VLAN ID, Layer 2 Ethernet protocol type and 802.1p priority.

Traffic Monitoring and Control Traffic monitoring and control is designed to restrict the bandwidth for a service and prevent it from exceeding the specified bandwidth and affecting other services. Traffic exceeding the bandwidth can be processed as follows:

Discard or forward

Change its DSCP value

Change its discard priority (the message with a higher priority is preferred to be discard in the case of queue congestion).

Traffic monitoring and control does not cause extra relay.

Traffic Shaping Traffic shaping allows the control of message output rate, which allows the messages to be sent at an equal rate. Traffic shaping is usually used to match the message rate with the downstream devices to avoid congestion and prevent the messages from being discarded.

The primary difference between traffic shaping and traffic monitoring and control is that the shaping caches the messages exceeding the rate limit so that the messages can be sent at an equal rate, whereas traffic monitoring and control discards the messages exceeding the rate limit. Traffic shaping increases delay, but traffic monitoring and control does not.

Traffic shaping includes:

Bandwidth traffic shaping on ingress interfaces

Bandwidth traffic shaping on egress interfaces

Chapter 20 QoS Configuration


Queue Scheduling and Default 802.1p Priority Each physical port of the ZXR10 T160G/T64G supports 8 output queues (Queue 0~7), which are called CoS queues. The switch performs input queue operations according to the CoS queues corresponding to the 802.1p of the messages. When the network is congested, many messages would compete for resources. This problem is generally solved via queue scheduling.

ZXR10 T160G/T64G supports two types of queue scheduling: strict priority (SP) and weighted round robin (WRR). The 8 output queues on a port can be scheduled in different ways.

SP scheduling

SP scheduling allows the data of each queue to be scheduled according to the queue priority strictly. Messages in the queue with the highest priority are dequeued and sent first until all the messages in this queue are sent. Messages in the queue with the second highest priority will then be sent. Similarly, messages in the queue with the next priority will be sent after all the messages in the queue with the higher priority are sent.

SP scheduling allows the messages of key services to be processed at a higher priority. However, queues with lower priorities may never be processed and will be “starved to death”.

WRR

WRR allows every queue to be scheduled. However, queues are scheduled at different time, that is, each queue has a different weight (which indicates the proportion of resource a queue gets). Messages in the queues with higher priorities have larger scheduling opportunities than those in the queues with lower priorities.

An 802.1Q label contains a data priority. If the data entering a port has no 802.1Q label, the switch will allocate it a default 802.1p value.

Redirection and Policy Routing Redirection refers to the re-determination of forwarding data messages with a specific characteristic based on the traffic classification to change the output direction of the messages and output them to the specified port, CPU or the next-hop IP address.

Messages will be redirected to the next-hop IP address to implement policy routing.

As for message forwarding control, policy-based routing is stronger than the traditional routing and can select the forwarding path according to the matched segments in an ACL. Policy routing enables the implementation of traffic engineering to a certain extent, allowing the traffic with different QoS or the data of different services (e.g. voice and FTP) to be transmitted via different paths. As the users have higher requirements for network performance, it is necessary to select different packet forwarding paths depending on services or user types.



Priority Tagging Priority tagging re-allocates a set of service parameters for the specific traffic described in an ACL. The following operations are allowed:

Change the CoS queue of data messages as well as the 802.1p value.

Change the CoS queue of data messages, but the 802.1p value is not changed.

Change the DSCP value of data messages.

Change the discard priority of data messages.

Traffic Mapping Traffic mapping enables the service traffic that matches ACL rules to be copied to the CPU or the specified port for message analysis and monitoring, which is generally used for network failure diagnosis.

Traffic Statistics Traffic statistics provides statistics of packets of the specified service traffic so that you can learn about the actual network conditions and allocate network resources as required. Traffic statistics mainly provides the number of packets received on a port in the incoming direction.

Configuring QoS The details of the QoS configuration are described in the following sections.

Traffic Monitoring and Control Use the following commands to configure traffic monitoring and control:


traffic-limit in <acl-number> rule-id <rule-no> rate-limit <limit-value> bucket-size <size>

traffic-limit in <acl-number> rule-id <rule-no> rate-limit <limit-value> bucket-size <size> exceed forward [remark-dscp <dscp-value>]

traffic-limit in <acl-number> rule-id <rule-no> rate-limit <limit-value> bucket-size <size> exceed drop

Global Monitors and controls the traffic of data messages



traffic-limit in <acl-number> rule-id <rule-no> rate-limit <limit-value> bucket-size <size> exceed remark-dscp <dscp-value> [forward|drop-precedence <drop-value>]

traffic-limit in <acl-number> rule-id <rule-no> rate-limit <limit-value> bucket-size <size> drop-precedence <drop-value> [remark-dscp <dscp-value>]

Global Monitors and controls the traffic of data messages

Example:

Monitor and control the traffic of packets with destination IP address 168.2.5.5 on port gei_5/1. Set the bandwidth to 10 M, burst transmission rate to no greater than 1 M and change the DSCP value to 23 for the part that exceeds the limit and set the discard priority to high (this part of packets will be discarded at a higher priority in queue congestion).


ZXR10(config-ext-acl)#rule 1 permit any 168.2.5.5

ZXR10(config-ext-acl)#exit

ZXR10(config)#traffic-limit in 100 rule-id 1 rate-limit 10000

bucketsize 1000 exceed remark-dscp 23 drop-precedence high



Traffic Shaping Use the following commands to configure port traffic shaping:


traffic-limit rate-limit <limit-value> bucket-size <size> {in|out}

Port Enables the shaping of traffic on a port

Example:

Enable traffic shaping on port gei_5/1. Set the ingress rate to 200 M and egress rate to 40 M.


ZXR10(config-if)#traffic-limit rate-limit 200000 bucket-size 2000

in

ZXR10(config-if)#traffic-limit rate-limit 40000 bucket-size 2000 Out



Queue Scheduling and Default 802.1p Priority ZXR10 T160G/T64G supports two types of queue scheduling: strict priority (SP) and weighted round robin (WRR). When both types are used, SP is more preferred than WRR.

Use the following commands to configure queue scheduling and the default 802.1p priority.


queue-mode {strict-priority|wrr <queue-number> <weight> [...<queue-number> <weight>]}

Port Schedules the queues on a port. SP by default.

priority <value> Port Configures the default 802.1p for a port

Example:

Enable strict scheduling based on priority on port gei_5/1. Enable WRR scheduling on port gei_5/2. The weights of Queue 0~7 are 10, 5, 8, 10, 5, 8, 9, 10. Set the default 802.1p of port gei_5/2 to 5.


ZXR10(config-if)#queue-mode strict-priority



ZXR10(config-if)#queue-mode wrr queue-0 10 queue-1 5 queue-2 8 queue-3

10 queue-4 5 queue-5 8 queue-6 9 queue-7 10

ZXR10(config-if)#priority 5

Redirection and Policy Routing Use the following commands to configure redirection:


redirect in <acl-number> rule-id <rule-no> {cpu|interface <port-name>|next-hop <ip-address>}

Global Configures redirection or policy routing

Example:

Redirect the packets with the source IP address 168.2.5.5 on port gei_4/4 to port gei_6/3. Enable policy routing for the packets with the destination IP address 66.100.5.6. Set the next-hop IP address to 166.88.96.56.


ZXR10(config-ext-acl)#rule 1 permit ip 168.2.5.5 any

ZXR10(config-ext-acl)#rule 2 permit ip any 66.100.5.6




ZXR10(config)#redirect in 100 rule-id 1 interface gei_6/3

ZXR10(config)#redirect in 100 rule-id 2 next-hope 166.88.96.56 0.0.0.0



Priority Tagging Use the following commands to configure priority tagging.


priority-mark in <acl-number> rule-id <rule-no> {[dscp <dscp-value>] [drop-precedence <drop-value>] [cos <cos-value>|local-precedence <local-value>]}

Global Enables message priority tagging

Example:

Change the DSCP value of the packets with the source IP address 168.2.5.5 on port gei_5/1 to 34, and select 4 for output queues.


ZXR10(config-basic-acl)#rule 1 permit 168.2.5.5

ZXR10(config-basic-acl)#exit

ZXR10(config)#priority-mark in 10 rule-id 1 dscp 34 cos 4



Traffic Mapping Use the following commands to configure traffic mapping:


traffic-mirror in <acl-number> rule-id <rule-no> {cpu|interface <port-name>}

Global Enables the mapping of the specified traffic

Example:

Map the data traffic with the source IP address 168.2.5.6 on port gei_4/8 to port gei_4/4.





ZXR10(config)#traffic-mirror in 10 rule-id 2 interface







ZXR10(config-if)#monitor session 1 destination

Tip: If cross-card traffic mapping is configured, only one session can be configured for port mapping.

Traffic Statistics Use the following commands to configure traffic statistics:


traffic-statistics in <acl-number> rule-id <rule-no>

Global Collects the statistics on the specified traffic

Example:

Collect the traffic statistics on the data in the network with the destination IP address 67.100.88.0/24 on port gei_4/8.



ZXR10(config-ext-acl)#rule 2 permit ip any 67.100.88.0 0.0.0.255


ZXR10(config)#traffic-statistics in 100 rule-id 2



Example of Configuring QoS Example of a Typical QoS Configuration Network A, Network B and the internal servers are connected to an Ethernet switch, as shown in Figure 67. The internal servers include a VOD server with the IP address 192.168.4.70. To ensure the QoS of VOD, it should be configured with a higher priority. Internal users can access the Internet via proxy 192.168.3.100. However, the bandwidth of Network A and B should be limited and traffic statistics is required.



F I G U R E 67 E X AM P L E O F A T Y P I C AL QO S C O N F I G U R AT I O N

VODServer

Network A192.168.1.0/24

Network B192.168.2.0/24gei_2/1

VLAN1

gei_2/2VLAN2

gei_2/4VLAN4

Internet

Switch



ZXR10(config-ext-acl)#rule 1 permit tcp any eq 8888 192.168.4.70

0.0.0.0




/* To ensure the QoS of VOD, change the 802.1p value to 7 */ ZXR10(config)#priority-mark in 100 rule-id 1 cos 7

/* Limit the bandwidth of the access from Network A to the Internet */ ZXR10(config)#traffic-limit in 100 rule-id 2 rate-limit 50000

bucketsize 1000 exceed drop-precedence high

/*Collect the statistics on the traffic of Network A */ ZXR10(config)#traffic-statistics in 100 rule-id 3


ZXR10(config-ext-acl)#rule 1 permit tcp 192.168.2.0 0.0.0.255 eq 8888

192.168.4.70 0.0.0.0




/* To ensure the QoS of VOD, change the 802.1p value to 7 */ ZXR10(config)#priority-mark in 101 rule-id 1 cos 7

/* Limit the bandwidth of the access from Network B to the Internet */ ZXR10(config)#traffic-limit in 101 rule-id 2 rate-limit 100000



bucketsize 10000 exceed drop-precedence low

/*Collect the statistics on the traffic of Network B */ ZXR10(config)#traffic-statistics in 101 rule-id 3






Example of Configuring Policy Routing When multiple Internet service provider (ISP) egresses exist in a network, different ISP egresses can be selected for different groups of users via policy routing.

Users in two subnetworks are connected to the switch as shown in Figure 68, in which two ISP egresses are available. It is required to select different egresses according to the users’ IP addresses. Users in subnetwork 10.10.0.0/24 use the ISP1 egress. Users in subnetwork 11.11.0.0/24 use the ISP2 egress.

F I G U R E 68 E X AM P L E O F C O N F I G U R I N G P O L I C Y R O U T I N G

Switch

ISP1100.1.1.1

ISP2200.1.1.1

10.10.0.0/24

11.11.0.0/24

gei_1/1VLAN1

gei_1/2VLAN2


/* Define an ACL. Describe the users in networks 10.10.0.0/24 and 11.11.0.0/24 */ ZXR10(config)#acl basic number 10




/* Configure QoS policy routing */ ZXR10(config)#redirect in 10 rule-id 1 next-hope 100.1.1.1 0.0.0.0

ZXR10(config)#redirect in 10 rule-id 2 next-hope 200.1.1.1 0.0.0.0

/* Apply it to the corresponding ports */ ZXR10(config)#interface gei_1/1







QoS Maintenance and Diagnosis ZXR10 T160G/T64G provides related show commands for easier QoS maintenance and diagnosis.


show qos [number <acl-number> [rule-id <rule-no>]] Privileged Displays QoS configuration

information





C h a p t e r 21

DHCP Configuration

This chapter introduces the dynamic host configuration protocol (DHCP). DHCP is a widely used protocol providing the capability of obtaining dynamic addresses for the hosts in a network. ZXR10 T160G/T64G can be configured as a DHCP server or DHCP relay according to the actual networking requirement.


DHCP Overview

Configuring DHCP

Examples of Configuring DHCP

DHCP Maintenance and Diagnosis

DHCP Overview DHCP allows a host on a network to obtain an IP address for normal communications and related configuration information from a DHCP server. Details of DHCP are described in RFC 2131.

DHCP uses UDP as the transmission protocol. The host sends messages to port 67 of the DHCP server, who will return messages to port 68 of the host. A DHCP works in the following steps:

1. A host sends a DHCPDiscover broadcast message requesting an IP address and other configuration parameters.

2. A DHCP server returns a DHCPOffer unicast message containing a valid IP address.

3. The host selects the server at which the DHCPOffer arrives first, and sends a DHCPRequest unicast message to the server, which indicates it accepts the related configurations.

4. The selected DHCP server returns a DHCPAck unicast message for acknowledgement.

Thus, the host can communicate with other network devices using the IP address and related configurations obtained from the DHCP server.



The IP addresses allocated by the DHCP server for the host include 3 types:

Administrator allocates an IP address to a specific host

An address is allocated to a host permanently at random.

An address is allocated to a host at random for a period of time.

The third type of address is generally used. The validity time of an address is called “lease period”. Before the lease period expires, the host must request continue lease from the server. The address can no longer be used unless the server accepts the request otherwise the address will be abandoned unconditionally.

The routers do not send the received broadcast packets from one subnetwork to anther by default. When the DHCP server and the client host do not exist in the same subnetwork, the router acting as the default gateway of the client host must send the broadcast packets to the subnetwork where the DHCP server resides, which is called DHCP relay.

ZXR10 T160G/T64 can be used either as a DHCP server or the DHCP relay for forwarding DHCP information, but the two functions cannot be enabled at a time.

Configuring DHCP The DHCP server configurations include the following contents:

Configure an IP address pool. DHCP server allocates the addresses in the pool to client hosts.


ip local pool <pool-name> <low-ip-address> <high-ip-address> <net-mask>

Global Configures an IP address for a DHCP server

Configure other parameters related to the DHCP server


Command function

ip dhcp server leasetime <time> Global Sets the lease time of the IP address

leased by a DHCP server to a client host

ip dhcp server dns <mdns-address> [<sdns-address>]

Global Sets the DNS address returned by a DHCP server to a user

ip dhcp server update arp Global Sets the binding of the IP address allocated by a DHCP server with ARP

Enable the DHCP attribute on the interface connected to the subnetwork where clients reside

Chapter 21 DHCP Configuration



user-interface VLAN interface Configures a user-side interface flag

Configure the default user gateway address on the interface connected to the subnetwork where clients reside


ip dhcp server gateway <ip-address>

VLAN interface Configures the DHCP gateway address for an interface

Enable the built-in DHCP server process


ip dhcp server enable Global Enables the built-in DHCP server process

The DHCP relay configurations include the following contents:

Enable the DHCP attribute on the interface connected to the subnetwork where clients reside


user-interface VLAN interface Configures a user-side interface flag

Configure the default user gateway address on the interface connected to the subnetwork where clients reside


ip dhcp relay agent <ip-address> VLAN interface Configures the DHCP proxy address for an interface

Configure the IP address for the external DHCP server on the interface connected to the subnetwork where clients resides


ip dhcp relay server <ip-address> VLAN interface Configures the IP address for the external DHCP server for an interface

Bind the IP address allocated by a DHCP server with ARP


ip dhcp relay update arp Global Sets the binding of the IP address allocated by a DHCP server with ARP

Enable the built-in DHCP relay process


ip dhcp relay enable Global Enables the built-in DHCP relay process



Examples of Configuring DHCP Example of Configuring a DHCP Server R1 is used as a DHCP server and acts as the default gateway additionally, as shown in Figure 69. The host obtains an IP address dynamically via DHCP.

F I G U R E 69 C O N F I G U R I N G A DHCP S E R V E R

10.10.1.1/24

10.10.1.2/24

R1

PCFTP Server

10.10.2.2/24DNS Server

Configuration of R1

ZXR10(config)#ip dhcp server dns 10.10.2.2

ZXR10(config)#ip dhcp server leasetime 90

ZXR10(config)#ip local pool dhcp 10.10.1.3 10.10.1.254 255.255.255.0

ZXR10(config)#interface vlan10

ZXR10(config-if)#user-interface


ZXR10(config-if)#ip dhcp server gateway 10.10.1.1 255.255.255.0

ZXR10(config-if)#peer default ip pool dhcp


ZXR10(config)#ip dhcp server enable

Example of Configuring DHCP Relay When DHCP clients and the server do not reside in one network, the router directly connected to the user ends should act as the DHCP relay.

Chapter 21 DHCP Configuration


As shown in Figure 70, the DHCP relay function is enabled on R1. The separate server 10.10.2.2 provides the DHCP server functions. This method is usually used in the case where there are many hosts that require the DHCP service.

F I G U R E 70 C O N F I G U R I N G A DHCP R E L AY

10.10.1.1/24

10.10.1.2/24

R1

PCFTP Server

10.10.2.2/24DHCP Server

Configuration of R1


ZXR10(config-if)#user-interface


ZXR10(config-if)#ip dhcp relay agent 10.10.1.1

ZXR10(config-if)#ip dhcp relay server 10.10.2.2


ZXR10(config)#ip dhcp relay enable

DHCP Maintenance and Diagnosis When a failure occurs in the IP address allocation for the DHCP users, relevant debugging commands can be used for troubleshooting. The commands to be used include show commands and debug commands.

The show commands allow you to view the current DHCP configuration information.



Display the configuration information of the DHCP server process module


show ip dhcp server All modes except user mode

Displays the configuration information of the DHCP server process module

Display the list of current online users on the DHCP server process module


show ip dhcp server user All modes except user mode

Displays the list of current online users on the DHCP server process module

Display the configuration information of the DHCP relay process module


show ip dhcp relay All modes except user mode

Displays the configuration information of the DHCP relay process module

Display the information of the local address pool configured


show ip local pool [<pool-name>] All modes except user mode

Displays the information of the local address pool configured

Display the configuration information of the DHCP server/relay related to an interface


show ip interface All modes

Displays the configuration information of the DHCP server/relay related to an interface

The debug commands allow you to track the packet sending/receiving and processing of the DHCP server/relay process


debug ip dhcp Privileged

Tracks the packet sending/receiving and processing on the DHCP server/relay


C h a p t e r 22

VRRP Configuration

This chapter introduces the Virtual Router Redundancy Protocol (VRRP). In the case where there are many egress routers, this protocol can be used to provide the redundancy of multiple egress gateways for a host.


VRRP Overview

Configuring VRRP

Examples of Configuring VRRP

VRRP Maintenance and Diagnosis

VRRP Overview In a broadcast domain, a default gateway is generally set as the next-hop of the routing packets for the hosts. When the default gateway does not work normally, the hosts in this broadcast domain will be unable to communicate with the hosts in other networks. To prevent the single point failure due to the default gateway, you can configure multiple router interfaces in a broadcast domain and enable VRRP on these routers.

VRRP puts multiple router interfaces in a broadcast domain into one group to form a virtual router, and allocates it an IP address as the interface address. The interface address of the virtual router can be either the address of one of the routers, or a third-party address. If the interface address of a router is used, the router having this IP address is used as the master router, while others are used as the backup routers. If a third-party address is used, the router with a higher priority is used as the master router. If two routers have the same priority, the one who sends a VRRP message first is the master router.

On the hosts in this broadcast domain, set the IP address of the virtual router as the gateway. When the master router fails, the router with the highest priority will be selected from the backup routers to replace it, which has no impact on the hosts in this domain. The hosts in this domain can communicate with the outside world unless no routers in this VRRP GROUP work properly.



These routers can also be put into multiple groups and act as standby routers for each other. The host in the domain use different IP addresses as the gateways, thus achieving data load-balance.

Configuring VRRP To configure VRRP:

Run VRRP on an interface


vrrp <group> ip <ip-address> [secondary] VLAN interface

Sets a VRRP virtual IP address and runs VRRP on an interface

A VRRP group can be configured with multiple virtual addresses. The hosts connected to it can use any one of them as the gateway for communications.

Configure the VRRP priority on an interface


vrrp <group> priority <priority> VLAN interface Configures a VRRP priority, 100 by default

Configure preemption on an interface


vrrp <group> preempt [delay <seconds>] VLAN interface

Configures if preemption is allowed when the virtual router is in the standby state. Preemption is allowed by default with a delay of 0 in unit of millisecond.

Configure the time interval for sending VRRP advertisements


vrrp <group> advertise [msec] <interval> VLAN interface

Configures the interval for sending VRRP advertisements. 1s by default

On an interface, configure how to know the interval for sending VRRP messages


vrrp <group> learn VLAN interface Configures the interval of

Chapter 22 VRRP Configuration


messages sending from the master to be learnt from a VRRP message Non-learn by default. The local configuration is used

Configure the authentication character string on an interface


vrrp <group> authentication <string> VLAN interface

Configures an authentication character string with a length no greater than 8 No authentication and the character string is null by default

Examples of Configuring VRRP Basic VRRP Configuration VRRP runs between R1 and R2, as shown in Figure 71. The interface address 10.0.0.1 of R1 is used as the VRRP virtual address. R1 acts as the master router.

F I G U R E 71 B AS I C VRRP C O N F I G U R AT I O N

R1 R2

PC1 PC2 PC3 PC4

10.0.0.1/16 10.0.0.2/16

Gateway: 10.0.0.1/16

Master Backup

Configuration of R1

ZXR10_R1(config)#interface vlan 1


ZXR10_R1(config-if)#vrrp 1 ip 10.0.0.1



Configuration of R2




Symmetric VRRP Configuration Figure 72 illustrates an example in which two VRRP groups are used. PC1 and PC2 use the virtual router of Group 1 as the default gateway with the address 10.0.0.1. PC3 and PC4 use the virtual router of Group 2 as the default gateway with the address 10.0.0.2. R2 and R2 act as the standby routers for each other. The four hosts can communicate with the outside world unless both of the routers fail.

F I G U R E 72 S Y M M E T R I C VRRP C O N F I G U R AT I O N

Interface:10.0.0.1/16group-id=1,addr=10.0.0.1/16group-id=2,addr=10.0.0.2/16

Interface:10.0.0.2/16group-id=1,addr=10.0.0.1/16group-id=2,addr=10.0.0.2/16

R1 R2

PC1 PC2 PC3 PC4

Gateway: 10.0.0.1/16

Master Backup

Gateway: 10.0.0.2/16

Configuration of R1





Configuration of R2





Chapter 22 VRRP Configuration


VRRP Maintenance and Diagnosis ZXR10 T160G/T64G provides related show commands for easier VRRP maintenance and diagnosis.


show vrrp [<group>|brief|interface <interface-name>]


Displays the configuration information of all the VRRP groups

ZXR10 T160G/T64G also provides VRRP debugging commands.


debug vrrp {state|packet|event|error|all} Privileged Enables the display of VRRP

debug information





C h a p t e r 23

Load Balance Configuration

Load balance allows data traffic to be forwarded via multiple links among devices, maximizing the utilization of the bandwidths of these links.


Load Balance Overview

Configuring Load Balance

Examples of Configuring Load Balance

Load Balance Maintenance and Diagnosis

Load Balance Overview Load balance allows data traffic to be forwarded via multiple activated links among devices, maximizing the bandwidths of the multiple links. Load balance does not mean the data traffic volume on each link is equal.

Data traffic includes the traffic from two directions, one is incoming and the other is outgoing. The traffic of load-balance in the incoming and outgoing directions are closely related to the routes advertised and learnt by the devices. The traffic load balance in the incoming direction shares the impact of the internal routes advertised to the outside by the devices. The traffic load balance in the outgoing direction shares the impact of external routes advertised to the inside by the devices. They have a direct impact on whether multiple routing entries to the destination are installed in the forwarding tables on the devices, as well as the control of multiple routes.

ZXR10 T160G/T64G supports route-based load balance. By configuring static routes, routing protocols and the number of routing entries, multiple reachable route entries to one destination can be installed in the forwarding table, thus providing a basis for load balance.

ZXR10 T160G/T64G supports the per-destination load balance policy, which considers both the source and destination addresses of packets, allowing the packets with the same source-destination address pair to be routed along the same path (even if there are multiple available paths). Packets with different source-destination address pairs can be routed along different



paths. This policy ensures that the packets with the same source-destination address pair arrive in order. In the case where there are a lot of source-destination address pairs in the traffic, load balance will be more effective.

ZXR10 T160G/T64G supports up to 8 different paths to the same destination. After configuring load balance, the traffic on the interfaces will be balanced after a period of time.

Configuring Load Balance The load balance configuration includes the following contents:

Configure the maximum number of paths in routing configuration mode


maximum-paths <number> Routing Configures the maximum number of paths allowed in load balance

The maximum number of paths can be configured in RIP, OSPF, IS-IS and BGP routing configuration modes. The default number of paths is 1. Up to 8 paths are supported.

Configure load balance for static routes


ip route [vrf <vrf-name>] <prefix> <net-mask> {<forwarding-router's-address>|<interface-name>} [<distance-metric>] [tag <tag>]

Global Establishes a static route

Configure multiple static routes to one destination. Up to 8 routes are supported, but they should have different tags. The default value of tag is 3.

Examples of Configuring Load Balance Seven links are connected between R1 and R2 as shown in Figure 73.

Chapter 23 Load Balance Configuration


F I G U R E 73 E X AM P L E O F C O N F I G U R I N G LO A D B AL AN C E

R1 R2PC1 PC2

...

vlan810.1.1.1/24

vlan820.1.1.1/24

10.1.1.2/24 20.1.1.2/24

vlan7: 107.1.1.1/30vlan6: 106.1.1.1/30vlan5: 105.1.1.1/30vlan4: 104.1.1.1/30vlan3: 103.1.1.1/30vlan2: 102.1.1.1/30vlan1: 101.1.1.1/30

vlan7: 107.1.1.2/30vlan6: 106.1.1.2/30vlan5: 105.1.1.2/30vlan4: 104.1.1.2/30vlan3: 103.1.1.2/30vlan2: 102.1.1.2/30vlan1: 101.1.1.2/30

The following sections describe the configurations of load balance in examples of static route and dynamic route protocol OSPF.

Static Route Configuration of R1
























Configuration of R2


























The 7 links between R1 and R2 achieve load balance. Users PC1 and PC2 can access each other via the 7 links.

OSPF Configuration of R1










ZXR10_R1(config-router)#maximum-paths 7

Configuration of R2

Chapter 23 Load Balance Configuration











ZXR10_R2(config-router)#maximum-paths 7

The 7 links between R1 and R2 achieve load balance. Users PC1 and PC2 can access each other via the 7 links.

Load Balance Maintenance and Diagnosis Use the following commands to display relevant configurations and running information of load balance.


show ip route [<ip-address> [<net-mask>]|<protocol>] All modes Display the global routing

table

In the load balance of static routes, 7 paths to the destination network 20.1.1.0/24 can be seen from R1.

ZXR10_R1#show ip route 20.1.1.0

IPv4 Routing Table:

Dest Mask Gw Interface Owner pri metr

20.1.1.0 255.255.255.0 107.1.1.1 vlan7 static 1 0

20.1.1.0 255.255.255.0 106.1.1.1 vlan6 static 1 0

20.1.1.0 255.255.255.0 105.1.1.1 vlan5 static 1 0

20.1.1.0 255.255.255.0 104.1.1.1 vlan4 static 1 0

20.1.1.0 255.255.255.0 103.1.1.1 vlan3 static 1 0

20.1.1.0 255.255.255.0 102.1.1.1 vlan2 static 1 0

20.1.1.0 255.255.255.0 101.1.1.1 vlan1 static 1 0

ZXR10_R1#

In the load balance of dynamic routes, 7 paths to the destination network 20.1.1.0/24 can be seen from R1.

ZXR10_R1#show ip route 20.1.1.0

IPv4 Routing Table:



Dest Mask Gw Interface Owner pri metr

20.1.1.0 255.255.255.0 107.1.1.1 vlan7 ospf 110 2

20.1.1.0 255.255.255.0 106.1.1.1 vlan6 ospf 110 2

20.1.1.0 255.255.255.0 105.1.1.1 vlan5 ospf 110 2

20.1.1.0 255.255.255.0 104.1.1.1 vlan4 ospf 110 2

20.1.1.0 255.255.255.0 103.1.1.1 vlan3 ospf 110 2

20.1.1.0 255.255.255.0 102.1.1.1 vlan2 ospf 110 2

20.1.1.0 255.255.255.0 101.1.1.1 vlan1 ospf 110 2

ZXR10_R1#


C h a p t e r 24

Network Management Configuration

This chapter describes the functions commonly used in network management, including Network Time Protocol (NTP), RADIUS Authentication, Simple Management Network Protocol (SNMP), Remote Monitoring (RMON) and System Log (SysLog).


NTP

RADIUS Authentication

SNMP

Remote Monitoring

System Log

NTP NTP Overview NTP is applied to different network elements for time synchronization. The transmission of NTP itself is based on UDP. Devices enabling NTP adjust their system clocks by exchanging NTP messages and keep their clock in synchronization. ZXR10 T160G/T64G can be used as an NTP client in practical applications.

Configuring NTP The configuration of NTP includes:

Define a time server


ntp server <ip-address> [version Global Defines a time server



<number>]

Enable NTP


ntp enable Global Enables NTP

Configure the source address used for sending a Synchronize Time request via NTP


ntp source <ip-address> Global

Configures the source address used for sending a Synchronize Time request via NTP

Check the NTP running status


show ntp status All modes except user mode

Displays the NTP running status

Examples of Configuring NTP As shown in Figure 74, the routing switch is used as an NTP client. Suppose the NTP is version 2.

F I G U R E 74 E X AM P L E O F C O N F I G U R I N G NTP

NTP Server

vlan24192.168.2.2/24

192.168.2.1/24

ZXR10

Configuration of ZXR10




ZXR10(config)#ntp enable

ZXR10(config)#ntp server 192.168.2.1 version 2

Chapter 24 Network Management Configuration


RADIUS Authentication RADIUS Overview Remote Authentication Dial-In User Service (RADIUS) is a standard authorization, authentication and accounting (AAA) protocol. To the routing switch, AAA allows the users accessing the switch to be authenticated to prevent illegal users and improve the device security.

ZXR10 T160G/T64G supports the RADIUS authentication function for authenticating Telnet users accessing the routing switch.

ZXR10 T160G/T64G supports multiple RADIUS server groups. Each RADIUS group can be configured with 3 authentication servers. A server timeout parameter and the number of timeout retransmissions can be set for each group. The administrators can select specific RADIUS servers by configuring different RADIUS groups.

Configuring RADIUS The configuration of RADIUS includes:

Configure RADIUS servers


radius server <group-number> authen {master|slave|third} <ip-address> <port> <key>

Global Sets a configuration group for the RADIUS server authentication

Configure Radius server parameters


radius server timeout <group-number> <timeout>

Global Sets the timeout of the authentication request for RADIUS servers

radius server retry-time <group-number> <times>

Global

Sets the number of retries when the authentication request of a RADIUS server times out

User configuration


user-authentication-type {local|radius <group>}

Global Specifies the type of user authentication for Telnet login

Example of Configuring RADIUS Configure a RADIUS group with the timeout set to 3 seconds and the number of retries set to 3. The network between the RADIUS servers and the routing switch is reachable.



See the configuration below:

ZXR10(config)#radius server 1 authentication master 192.168.4.45 1812

demoradius

ZXR10(config)#radius server 1 authentication slave 192.168.4.46 1812

demoradius2

ZXR10(config)#radius server timeout 1 3

ZXR10(config)#radius server retry-time 1 3

ZXR10(config)#user-authentication-type radius 1

SNMP SNMP Overview SNMP is one of the most popular network management protocols. This protocol enables a network management server to manage all the devices in a network.

SNMP allows the management based on server and client. The background network management server acts as the SNMP server. The foreground network equipment acts as the SNMP client. The foreground and background systems share the same MIB management database and communicate with each other via SNMP. The routing switch acts as an SNMP agent. A specified SNMP server should be configured. Contents allowed to be collected by network administrators and the collection rights should also be defined. ZXR10 T160G/T64G supports multiple versions of SNMP.

Configuring SNMP The SNMP configuration on ZXR10 T160G/T64G includes:

Set the community name in an SNMP message


snmp-server community <community-name> [view <view-name>] [ro|rw]

Global Sets the community name in an SNMP message

The SNMPv1/v2c authentication is based on community. An SNMP community is named using a character string. Different communities can be assigned read-only or read-write privileges. Communities with the read-only privilege can only query device information. Those with the read-write privilege can configure the devices.

However, the privileges of both read-only and read-write are limited by view. Operations are allowed within the scope of view only. If the view parameter is omitted, the default view in the system is used. If the ro/rw parameter is omitted, ro (read-only) is used.



Define an SNMPv2 view


snmp-server view <view-name> <subtree-id> {included|excluded} Global Defines an SNMPv2 view

The included or excluded parameter of this command adds or removes <subtree-ID> from the specified view. Configurations are allowed for many times for the same <view-name>, which results in a set of cooperating commands.

Set the system contact (sysContact) for the MIB objects


snmp-server contact <mib-syscontact-text>

Global Sets the system contact for an MIB object

sysContact is a management variable in the system group in MIB II. It contains the ID and contact of the person relevant to a managed device.

Set the location (sysLocation) of the system of an MIB object


snmp-server location <mib-syslocation-text>

Global Sets the location of the system of an MIB object

sysLocation is a management variable in the system group in MIB II. It is used to indicate the locations of managed devices.

Set the type of TRAP allowed to be sent


snmp-server enable trap [<notification-type>] Global Sets the type of trap allowed

to be sent by a proxy

Trap is the information a managed device sends to the Network Management System (NMS) without request. It is used to report emergent and important events.

Set a trap destination host


snmp-server host [mng|vrf <vrf-name>] <ip-address> [trap|inform] [version {1|2c|3 {auth|noauth|priv}}] <community-name> [udp-port <udp-port>] […<trap-type>]

Global

Configures the sending address, port, version and type of the trap or inform for the host

ZXR10 T160G/T64G supports 5 types of conventional traps: snmp, bgp, ospf, rmon and stalarm.

View relevant information of SNMP


show snmp All modes except user mode

Displays the statistics on SNMP messages



View the configuration information of SNMP


show snmp config All modes except user mode

Displays the configuration information of the SNMP module

Example of Configuring SNMP The following is an example of SNMP configuration.

ZXR10(config)#snmp-server view myViewName 1.3.6.1.2.1 included

ZXR10(config)#snmp-server community myCommunity view myview rw

ZXR10(config)#snmp host 168.1.1.1 ver 1 community-name ospf

ZXR10(config)#snmp-server location this is ZXR10 in china

ZXR10(config)#snmp-server contant this is ZXR10, tel: (025)2872006

Remote Monitoring Remote Monitoring Overview The Remote Monitoring (RMON) system is used to monitor the services on remote-ends. With RMON, a remote probe is used to collect and process data, i.e. the routing switch system. The routing switch also includes RMON agent software communicating with the NMS via SNMP. Information is transferred from the routing switch to the NMS only when it is required.

Configuring RMON The RMON configuration on ZXR10 T160G/T64G includes:

Enable statistics on an interface (only for Ethernet)


rmon collection statistics <index> [owner <string>] Port Enables statistics on a port

Set alarms and MIB objects


rmon alarm <index> <variable> <interval> {delta|absolute} rising-thershold <value> [<event-index>] falling-threshold <value> [<event-index>] [owner <string>]

Global Sets alarms and MIB objects

Enable history collection on an interface




rmon collection history <index> [owner <string>] [buckets <bucket-number>] [interval <seconds>]

Port Enables history collection on an interface

Configure an event


rmon event <index> [log] [trap <community>] [description <string>] [owner <string>]

Global Configures an event

Display the RMON configuration and related information


show rmon [alarms] [events] [history] [statistics]


Displays the RMON configuration and related information

Examples of Configuring RMON The following are examples of SNMP configurations.

Configure and enable the RMON statistics control entry


ZXR10(config-if)#rmon collection statistics 1 owner rmontest

ZXR10(config-if)#

Suppose n computers are connected to port fei_1/1. When these computers communicate on a subnetwork, traffic statistics can be viewed via the network management software or using a show command.

ZXR10#show rmon statistics

EtherStatsEntry 1 is active, and owned by rmontest

Monitors ifEntry.1.1 which has

Received 60739740 octets, 201157 packets,

1721 broadcast and 9185 multicast packets,

0 undersized and 0 oversized packets,

0 fragments and 0 jabbers,

0 CRC alignment errors and 32 collisions.

# of dropped packet events (due to lack of resources): 511

# of packets received of length (in octets):

64: 92955, 65-127: 14204, 128-255: 1116,

256-511: 4479, 512-1023: 85856, 1024-1518:2547

ZXR10#



Configure and enable the RMON history control entry


ZXR10(config-if)#rmon collection history 1 bucket 10 interval 10 owner

rmontest

ZXR10(config-if)#

Use a show command to view the RMON history information

ZXR10#show rmon history

Entry 1 is active, and owned by rmontest

Monitors ifEntry.1.1 every 10 seconds

Requested # of time intervals, ie buckets, is 10

Granted # of time intervals, ie buckets, is 10

Sample # 1 began measuring at 00:11:00

Received 38346 octets, 216 packets,

0 broadcast and 80 multicast packets,

0 undersized and 0 oversized packets,

0 fragments and 0 jabbers,

0 CRC alignment errors and 0 collisions.

# of dropped packet events is 0

Network utilization is estimated at 1

Configure and enable the RMON alarm control entry

ZXR10(config)#rmon alarm 1 system.3.0 10 absolute rising-threshold

1000 1 Falling-threshold 10 0 owner rmontest

ZXR10(config)#

Use a show command to view the RMON alarm information

ZXR10#show rmon alarm

Alarm 1 is active, owned by rmontest

Monitors system.3.0 every 10 seconds

Taking absolute samples, last value was 54000

Rising threshold is 1000, assigned to event 1

Falling threshold is 10, assigned to event 0

On startup enable rising or falling alarm

ZXR10#

Configure and enable event

ZXR10(config)#rmon event 1 log trap rmontrap description test owner

rmontest

ZXR10(config)#

Configure an alarm control entry and wait for 10s. Use a show command to view the contents of the RMON event.

ZXR10#show rmon event

Event 1 is active, owned by rmontest



Description is test

Event firing causes log and trap to community rmontrap, last fired

05:40:20

Current log entries:

index time description

1 05:40:14 test

ZXR10#

System Log SysLog Overview ZXR10 T160G/T64G allows the user to set and query logs. Log information makes it easy for maintaining the routing switch regularly. Log information allows you to view the alarm information and port status changes on the routing switch. Logs can be displayed on the configured terminals in real time, or saved on the routing switch or a background log server in files. You can enable the SysLog protocol on ZXR10 T160G/T64G to transmit the logs by communicating with the background syslog server via the protocol.

Configuring SysLog The configuration of SysLog includes:

Enable log


logging on Global Enables log

Set the size of log buffer


logging buffer <buffer-size> Global Sets the size of log buffer

Set a log cleanup mode


logging mode <mode> [<interval>] Global Sets a log cleanup mode

Set the level of logs to be displayed on a console interface or telnet interface


logging console <level> Global Sets the level of logs to be displayed on a console interface or telnet interface

Set the level of logs to be saved in the log cache




logging level <level> Global Sets the level of logs to be saved in the log cache

Set the parameters of the FTP log server


logging ftp <level> [vrf <vrf-name>|mng] <ftp-server> <username> <password> [<filename>]

Global Sets the parameters of the FTP log server

Set the parameters of the background SysLog server


syslog on Global Enables SysLog protocol processing

syslog level <level> Global Sets a log level for SysLog protocol processing

syslog server [vrf <vrf-name>|mng] <ip-address> [fport <fport>] [lport <lport>]

Global Sets the parameters of the background SysLog server

View log information


show logging alarm {[typeid <type>] [start-date <date>] [end-date <date>] [level <level>]}

All modes except user mode Displays log information

The types of supported alarmed information include environment, board, port, ROS, database, OAM, security, OSPF, RIP, BGP, DRP, TCP-UDP, IP, IGMP, Telnet, ARP, ISIS, ICMP, SNMP and RMON.

Example of Configuring SysLog The following is an example of setting SysLog. Before configuring SysLog, enable the log function using the logging on command.

ZXR10(config)#logging on

ZXR10(config)#logging buffer 100

ZXR10(config)#logging mode FULLCLEAR

ZXR10(config)#logging console warnings

ZXR10(config)#logging level errors

ZXR10(config)#logging ftp notificational 168.1.70.100 target target

zxralarm.log


Acronyms and Abbreviations

Abbreviation Full Name

ABR Area Border Router

ACL Access Control List

AD Administrative Distance

ARP Address Resolution Protocol

AS Autonomous System

ASBR Autonomous System Border Router

ATM Asynchronous Transfer Mode

BGP Border Gateway Protocol

BOOTP BOOTstrap Protocol

BRD Backup Designate Router

CHAP Challenge Handshake Authentication Protocol

CIDR Classless Inter-Domain Routing

CLNP ConnectionLess Network Protocol

CLNS ConnectionLess Network Service

CoS Class of Service

CRC Cyclic Redundancy Check

CRLDP Constraint based Routing Label Distribution Protocol

CSN Cryptographic Sequence Number

DHCP Dynamic Host Configuration Protocol

DIS Designate IS

DNS Domain Name System

DR Designate Router

EBGP External Border Gateway Protocol

EGP External Gateway Protocol

ES End System

FEC Forwarding Equivalence Class

FIFO First In and First Out

FPGA Field Programmable Gate Array

FSM Finite State Machine




FTP File Transfer Protocol

GBIC Gigabit Interface Converter

GRE General Routing Encapsulation

ICMP Internet Control Message Protocol

IETF Internet Engineering Task Force

IGMP Internet Group Management Protocol

IGP Interior Gateway Protocol

IP Internet Protocol

ISO International Organization for Standardization

ISP Internet Service Provider

LACP Link Aggregation Control Protocol

LAN Local Area Network

LAPB Link Access Procedure Balanced

LCP Link Control Protocol

LDP Label Distribution Protocol

LSA Link State Advertisement

LSP Link State PDU

LSR Label Switch Router

MAC Media Access Control

MD5 Message Digest 5

MED MULTI_EXIT_DISC

MIB Management Information Base

MPLS Multi-Protocol Label Switching

MSTP Multiple Spanning Tree Protocol

MTU Maximum Transmission Unit

NAT Network Address Translation

NBMA Non-Broadcast Multiple Access

NCP Network Control Protocol

NIC Network Information Center

NLRI Network Layer Reachable Information

NMS Network Management System

NSAP Network Service Access Point

NSP Network Service Provider

NTP Network Time Protocol

NVT Network Virtual Terminal

OAM Operation And Management

Acronyms and Abbreviations



OSI Open Systems Interconnection

OSPF Open Shortest Path First

PAP Password Authentication Protocol

PAT Port Address Translation

PCM Pulse Code Modulation

PDU Protocol Data Unit

POS Packet over SDH

PPP Point-to-Point Protocol





Figures

Figure 1 ZXR10 T160G/T64G sketch map of system principle ...........................10 Figure 2 Abridged General View of ZXR10 T160G components position...............11 Figure 3 ZXR10 T160G Front Panel ...............................................................12 Figure 4 Abridged General View of ZXR10 T64G components position ................13 Figure 5 ZXR10 T64G Front Panel .................................................................13 Figure 6 The front panel of ZXR10 T160G MCS ...............................................14 Figure 7 The front panel of ZXR10 T64G MCS.................................................14 Figure 8 Front panel of 44+4 fast Ethernet electrical interface board .................17 Figure 9 Front panel view of twelve-port gigabit Ethernet optical interface..........18 Figure 10 Front panel view of twenty-four-port gigabit Ethernet optical interface

board................................................................................................19 Figure 11 Front panel view of twelve-port gigabit Ethernet electrical interface board

........................................................................................................20 Figure 12 Front panel view of twenty-four-port gigabit Ethernet electrical interface

board................................................................................................22 Figure 13 Front panel view of one-port 10-gigabit Ethernet optical interface board

........................................................................................................23 Figure 14 Front panel view of two-port 10-gigabit Ethernet optical interface board

........................................................................................................24 Figure 15 Front panel view of power supply module ........................................26 Figure 16 Rear panel view of DC power supply board.......................................26 Figure 17 Rear panel view of AC power supply board.......................................26 Figure 18 Front Panel View of Fan Plug-in Box ................................................28 Figure 19 ZXR10 T160G/T64G Configuration Mode..........................................30 Figure 20 Hyperterminal Configuration 1 .......................................................31 Figure 21 Hyperterminal Configuration 2 .......................................................31 Figure 22 Hyperterminal Configuration 3 .......................................................32 Figure 23 Running Telnet ............................................................................33 Figure 24 Telnet login schematic diagram ......................................................34 Figure 25 Setting the IP address and port No of SSH server .............................36 Figure 26 Setting SSH version......................................................................37 Figure 27 WFTPD Window............................................................................38 Figure 28 User/Rights Security Dialog Box .....................................................38 Figure 29 TFTPD Window.............................................................................39 Figure 30 Configuration Dialog Box...............................................................40 Figure 31 Example of Port Mirroring..............................................................66 Figure 32 The Format of VLAN Tag ...............................................................70 Figure 33 Typical Networking of VLAN ...........................................................74 Figure 34 Typical QinQ Networking ...............................................................76 Figure 35 Example of SuperVLAN Configuration ............................................79 Figure 36 Example of MAC Address Table Configuration ...................................90 Figure 37 MSTP Configuration Example Networking Diagram 1........................100 Figure 38 MSTP Configuration Example Networking Diagram 2........................101 Figure 39 Example of Link Aggregation Configuration ....................................105 Figure 40 IGMP Snooping Application ..........................................................109 Figure 41 Example of IGMP Snooping Configuration ......................................113 Figure 42 Configuring Static Route .............................................................120 Figure 43 Static Routes Summarization .......................................................121 Figure 44 Configure Default Route ..............................................................122



Figure 45 Basic RIP Configuration...............................................................129 Figure 46 OSPF Router Types.....................................................................134 Figure 47 Basic OSPF Configuration ............................................................141 Figure 48 Example of Multi-Area OSPF Configuration .....................................142 Figure 49 Example of OSPF Virtual Link Configuration....................................144 Figure 50 Example of OSPF Authentication Configuration ...............................145 Figure 51 IS-IS Area Diagram....................................................................151 Figure 52 IS-IS Configuration in Single Area ................................................156 Figure 53 IS-IS Configuration in Multi Area ..................................................157 Figure 54 Basic BGP Configuration ..............................................................165 Figure 55 Advertising BGP Routes...............................................................166 Figure 56 Advertising BGP Aggregation .......................................................167 Figure 57 Configuring BGP Multihop ............................................................168 Figure 58 Filtering Routes via NLRI .............................................................170 Figure 59 Configuring the Local Preference Attribute .....................................172 Figure 60 Configuring the MED Attribute......................................................173 Figure 61 Configuring BGP Synchronization..................................................176 Figure 62 Configuring BGP Route Reflectors .................................................177 Figure 63 Configuring BGP Confederation ....................................................179 Figure 64 Example of Configuring BGP ........................................................181 Figure 65 Example of Configuring Multicasting..............................................197 Figure 66 Example of Configuring ACL.........................................................212 Figure 67 Example of a Typical QoS Configuration.........................................223 Figure 68 Example of Configuring Policy Routing...........................................224 Figure 69 Configuring a DHCP Server ..........................................................230 Figure 70 Configuring a DHCP Relay ...........................................................231 Figure 71 Basic VRRP Configuration ............................................................235 Figure 72 Symmetric VRRP Configuration.....................................................236 Figure 73 Example of Configuring Load Balance............................................241 Figure 74 Example of Configuring NTP.........................................................246


Tables

Table 1 Typographical Conventions................................................................iii Table 2 Mouse Operation Conventions............................................................iv Table 3 Safety Signs....................................................................................iv Table 4 ZXR10 T160G/T64G Technical Features and Parameters ...................... 6 Table 5 Features of Fast Ethernet Management Interface ................................ 15 Table 6 Functional description of front panel LEDs in the control switching board 15 Table 7 Functional description of buttons in the control switching board ............ 16 Table 8 Characteristics of 44+4 Fast Ethernet Electrical Interface Board............ 17 Table 9 Functional description of front panel LEDs in 44+4 fast Ethernet interface

board............................................................................................... 17 Table 10 Characteristics of twelve-port gigabit Ethernet optical interface board .. 18 Table 11 Functional description of front panel LEDs in 12-port gigabit Ethernet optical

interface board.................................................................................. 18 Table 12 Characteristics of twenty-four-port gigabit Ethernet optical interface board

....................................................................................................... 19 Table 13 Functional description of front panel LEDs in 24-port gigabit Ethernet optical

interface board.................................................................................. 20 Table 14 Characteristics of twelve-port gigabit Ethernet electrical interface board21 Table 15 Functional description of front panel LEDs in 12-port gigabit Ethernet

electrical interface board..................................................................... 21 Table 16 Characteristics of twenty-four-port gigabit Ethernet electrical interface

board............................................................................................... 22 Table 17 Functional description of front panel LEDs in 24-port gigabit Ethernet

electrical interface board..................................................................... 23 Table 18 Characteristics of one-port 10-gigabit Ethernet optical interface board . 24 Table 19 Functional description of front panel LEDs in one-port 10-gigabit Ethernet

optical interface board........................................................................ 24 Table 20 Characteristics of two-port 10-gigabit Ethernet optical interface board . 25 Table 21 Functional description of front panel LEDs in two-port 10-gigabit Ethernet

optical interface board........................................................................ 25 Table 22 Command Mode ........................................................................... 41 Table 23 Range of IP Addresses .................................................................115

Date post:	10-Nov-2014
Category:	Documents
Upload:	senthil-rajan
View:	1,067 times
Download:	173 times

ZTE ZXR10 T160G/T64G

Documents