Escolar Documentos
Profissional Documentos
Cultura Documentos
Distribution: 4/2008
Corecess S5 System
User's Guide
| Copyright |
Copyright ©2007 by Corecess Inc. All rights reserved.
| Trademark Credit |
Corecess S5 System is registered trademark of Corecess Inc.
Corecess Inc.
500-2, Sangdaewon-dong, Jungwon-ku, Sungnam-city, Kyungki-do, Korea, 462-120
TEL:+82-31-739-6600 FAX: :+82-31-739-6622
http://www.corecess.com
Manual Contents
Manual Contents
This instruction consists of following materials about Corecess S5 series which is multi-
functional broadband platform from Corecess Inc.
Careful reading of this manual before using the Corecess S5 System will alleviate the
complexity of manipulating the system. The user should read the chapters 1~3 to become
acquainted with the functions of the product, name and function of each part, and the
precautions before installation. Understanding chapters 1~3 will help a great deal for safety in
installing and using the product.
Note: Corecess S5 series provides for the flexibility for operator to deploy chassis, SCM board and LIM borad
adapted to its access network. Basic command is the same as it was. There might be additiional command
according to module.
9 If you have any problems or questions during installation or while using the product,
contact your equipment provider or visit our website at www.corecess.com and leave
a message in Q&A.
Audience
This manual is designed for the users with basic knowledge in Ethernet and FTTH. Thus, this
manual assumes that the reader is knowledgeable of basic concepts and terminology about
Ethernet and FTTH and does not provide separate explanations for these topics. If you feel that
the contents of this manual are difficult and require more detailed explanations, refer to other
network related books.
Revison History
Edition Date Description
0002 4/2008 Second Edition
III
Notations
Notations
This manual uses the notations explained below for assisting readers in understanding the
contents of this manual.
y { A | B | C } means that one entry among A, B, and C must be selected and entered.
y [A | B | C] means that one entry among A, B, and C may or may not be selected and
entered.
Conventions
This manual uses the following conventions:
Note: Introduces useful item for the use of product, reference, and its related materials.
Caution: Explains possible situations or conditions of improper operation and possibility of losing data and
provides suggestions how to deal with those cases.
Warning: Explains situtations in which product can be damaged or danger can be imposed to users physically,
and informs you how to respond to those situations.
V
Organization
Organization
The chapters of this manual are organized as follows:
Chapter 1 Overview
This chapter introduces the Corecess S5 System functions and features and describes several kinds of
network examples configurable with the Corecess S5 System.
Chapter 4 Installation
This chapter describes how to mount the Corecess S5 System on a rack, connect the cables to the ports,
and connect the power.
VII
Organization
Table of Contents
IX
Table of Contents
XI
Table of Contents
XIII
Table of Contents
XV
Table of Contents
Configuring IS-IS............................................................................................14-82
IS-IS Overview ..................................................................................................................... 14-82
Configuring IS-IS................................................................................................................. 14-86
Displaying IS-IS Configuration Information .................................................................. 14-98
IS-IS Commands ................................................................................................................14-103
Configuration RIP.........................................................................................14-105
RIP (Routing Information Protocol) Overview ............................................................14-105
Configuring RIP.................................................................................................................14-110
Displaying RIP Configuration Information ..................................................................14-118
RIP Commands ..................................................................................................................14-121
XVII
Table of Contents
List of Tables
XIX
List of Tables
Table 6-49 show show port epon link-id tag-map field decryption...................................................... 6-56
Table 6-50 Displaying Bandwidth Information .................................................................................... 6-57
Table 6-51 show show port epon link-id field description ................................................................... 6-57
Table 6-52 Displaying Statistics Information....................................................................................... 6-58
Table 6-53 show show port epon link-id counter field description ...................................................... 6-58
Table 6-54 Basic Configuration of ONU.............................................................................................. 6-59
Table 6-55 Setting Enable Status ....................................................................................................... 6-60
Table 6-56 Configuring Permission Mode........................................................................................... 6-61
Table 6-57 Configuring Upstream Queue ........................................................................................... 6-62
Table 6-58 Configuring Downstream Queue ...................................................................................... 6-64
Table 6-59 Specifying Packet Classification and Forward Queue...................................................... 6-65
Table 6-60 Configuring Ethernet port.................................................................................................. 6-68
Table 6-61 Specifying Number of Maximum MAC Address ............................................................... 6-70
Table 6-62 Clearing MAC address...................................................................................................... 6-71
Table 6-63 Restoring Configuration .................................................................................................... 6-71
Table 6-64 Resetting ONU.................................................................................................................. 6-72
Table 6-65 Clearing Statistics Information .......................................................................................... 6-72
Table 6-66 Upgrading Firmware ......................................................................................................... 6-73
Table 6-67 Displaying Index Number and MAC Address ................................................................... 6-75
Table 6-68 Displaying Configuration Information................................................................................ 6-75
Table 6-69 show port epon onu information field description ............................................................. 6-76
Table 6-70 Displaying Statistic Information......................................................................................... 6-77
Table 6-71 show port epon onu counter field description ................................................................... 6-77
Table 7-1 Default VLAN configuration .................................................................................................. 7-2
Table 7-2 Creating VLAN ...................................................................................................................... 7-4
Table 7-3 Assigning ports to a VLAN .................................................................................................... 7-5
Table 7-4 Assigning IP address to a VLAN........................................................................................... 7-6
Table 7-5 Assigning secondary IP address to a VLAN......................................................................... 7-7
Table 7-6 802.1 Configuring trunk port ................................................................................................. 7-9
Table 7-7 Configuring OSPF on the VLAN Interface .......................................................................... 7-12
Table 7-8 Setting Simple Password Authentication Method............................................................... 7-13
Table 7-9 IS-IS interface parameters .................................................................................................. 7-19
Table 7-10 RIP interface parameters .................................................................................................. 7-27
Table 7-11 Setting MD5 Authentication Mode .................................................................................... 7-28
Table 7-12 Setting Simple Password Authentication Mode................................................................ 7-29
Table 7-13 Specifying RIP Version ..................................................................................................... 7-30
Table 7-14 Enabling Split-Horizon ...................................................................................................... 7-31
Table 7-15 Enabling Multicasting on the VLAN Interface ................................................................... 7-32
Table 7-16 Shutting Down the VLAN Interface ................................................................................... 7-33
Table 7-17 Type and Function of IP Parameter.................................................................................. 7-34
Table 7-18 Configuring IP Parameters................................................................................................ 7-34
Table 8-1 Types of community.............................................................................................................. 8-5
Table 8-2 Default SNMP configuration.................................................................................................. 8-6
Table 8-3 Setting the system contact and location information ............................................................ 8-6
Table 8-4 Configuring SNMP community.............................................................................................. 8-7
Table 8-6 Enabling a trap type ............................................................................................................ 8-10
Table 8-7 Configuring a trap host........................................................................................................ 8-11
Table 8-8 Restrict Host Access........................................................................................................... 8-12
XXI
List of Tables
Table 10-17 show dhcpserver subnet <subnet-name> iprange field description ............................. 10-29
Table 10-18 show dhcpserver lease field descriptions ..................................................................... 10-31
Table 10-19 show dhcpserver lease field descriptions ..................................................................... 10-31
Table 10-20 show dhcpserver host field descriptions....................................................................... 10-32
Table 10-21 show dhcprealy field descriptions ................................................................................. 10-33
Table 10-22 show dhcprealy serverlist field descriptions ................................................................. 10-34
Table 10-23 show dhcp statistics field descriptions .......................................................................... 10-36
Table 10-24 DHCP configuration commands ................................................................................... 10-37
Table 11-1 Kinds of Global DHCP snoop Packet Control Parameters ...................................... 11-11
Table 12-1 Configuring Telnet Session Timeouts............................................................................... 12-5
Table 12-2 Defining Access Lists........................................................................................................ 12-7
Table 12-3 Applying the access list to terminal line............................................................................ 12-9
Table 12-4 Applying the Access List to SNMP Access..................................................................... 12-10
Table 12-5 Security configuration commands................................................................................... 12-11
Table 13-1 Enabling PIM-SM ............................................................................................................ 13-10
Table 13-2 Enabling PIM-DM............................................................................................................ 13-12
Table 13-3 Enabling DVMRP ............................................................................................................ 13-13
Table 13-4 Configuring a Static Multicast Route............................................................................... 13-16
Table 13-5 Enabling router compatibility with RFC 2362.................................................................. 13-28
Table 13-6 show ip mroute Field Description.................................................................................... 13-46
Table 13-7 show ip pim configuration field descriptions ................................................................... 13-48
Table 13-8 show ip pim interface field descriptions .......................................................................... 13-49
Table 13-9 show ip pim interface detail field descriptions ................................................................ 13-50
Table 13-10 show ip pim neighbor field descriptions........................................................................ 13-51
Table 13-11 show ip pim bsr-router field descriptions ...................................................................... 13-52
Table 13-12 show ip pim rp mapping Field Description.................................................................... 13-53
Table 13-13 show ip dvmrp configuration filed descriptions ............................................................. 13-54
Table 13-14 show ip dvmrp interface field descriptions.................................................................... 13-55
Table 13-15 show ip dvmrp neighbor field descriptions.................................................................... 13-56
Table 13-16 show ip dvmrp route field descriptions ......................................................................... 13-57
Table 13-17 show ip dvmrp prune field descriptions ........................................................................ 13-57
Table 13-18 show ip igmp configuration field descriptions ............................................................... 13-58
Table 13-19 show ip igmp group field descriptions........................................................................... 13-60
Table 14-1 Configuring the Standard Route ....................................................................................... 14-3
Table 14-2 Configuring the VLAN Interface Route ............................................................................. 14-4
Table 14-3 Configure the Loopback Route ......................................................................................... 14-5
Table 14-4 Configuring the Null Route................................................................................................ 14-6
Table 14-5 Configuring the Default Gateway...................................................................................... 14-7
Table 14-6 Enabling BGP ................................................................................................................. 14-11
Table 14-7 Specifying Router ID ....................................................................................................... 14-12
Table 14-8 BGP neighbor Parameters.............................................................................................. 14-18
Table 14-9 BGP neighbor Timer ....................................................................................................... 14-30
Table 14-10 BGP Parameters........................................................................................................... 14-34
Table 14-11 show ip bgp field description......................................................................................... 14-39
Table 14-12 show ip bgp attribute-info Field Description.................................................................. 14-41
Table 14-13 show ip bgp cidr-only Field Description ........................................................................ 14-42
Table 14-14 show ip bgp community-info Field Description ............................................................. 14-43
Table 14-15 show ip bgp community Field Description .................................................................... 14-44
XXIII
List of Tables
XXV
List of Tables
This chapter introduces the Corecess S5 System functions and features and describes several kinds of
network examples configurable with the Corecess S5 System.
9 Introduction 1-2
9 Applications 1-8
Introduction
Introduction
The Corecess S5 System is multi-functional platform used as AON switch, E-PON OLT and WDM-
PON OLT on Ethernet-based fiber optic network. The Corecess S5 System provides TPS (Triple Play
Service) solution that integrates broadband Internet, Broadcasting and telephone service.
y WDM-PON OLT : GW-PON( Gigabit Ethernet WDM PON) OLT , WE-PON (WDM E-PON) OLT
The S5 platform is high performance switch router that acts as PON OLT and Ethernet
Aggregation Switch. It provides various optical links while generating and controlling the
services. It offers the optical links of GEPON, Gigabit Ethernet and also acts as OLT for WDM
PON and Super PON if it combines with WDM multiplexer. The S5 platform makes access
network simple by integrating multiple functions into a single scalable platform. With its high
functionalities and scalability, it enables both of residential and commercial services with a
single platform.
The S5 consists of 3 different types of chassis, various Switching & Control Module(SCM) and
Line Interface Module(LIM). The capacity of back plane, SCM and LIM are scalable in terms of
throughput and density. The 10 Gigabit Ethernet is ready for the service of today and future.
SCM and LIM are compatible between chassis to implement a system with mix and match. With
this modular designs, it provides the great flexibility for operators to have wide ranges of
options depending on their services and density while keeping simplicity with same function
and performance.
The Corecess S5 System supports the high performance QoS. Thus, the user can control several
kinds of traffic (voice, video and other important data) efficiently. The Corecess S5 System
provides reliable service that gives important packets high priority and processes the packet
faster than others .
The Corecess S5 System is easy to use and can be easily installed as well. And LEDs on the front
panel of the Corecess S5 System make it easy to manage the product and networks through
notifying the operation status, port conditions and fault occurrence.
Overview 1-3
Hardware Features
Hardware Features
Slot Configuration
Slot composition according to Corecess S5 series chassis is as follows:
Chassis
S518 - 2 SCM slots, 16 LIM slots, 12 RU, DC only
S511 - 2 SCM slots, 8 LIM slots, 7 RU, DC/AC
S506 - 1 SCM slots, 4 LIM slots, 4 RU, DC/AC
LIM Slot
LIM-D4GF y 4 Gigabit Ethernet Ports (SFP)
Overview 1-5
Hardware Features
y Future proofed optical links : GEPON, Gigabit Ethernet, WDM PON and Super PON
y Capacity of back plane and SCM, throughput speed of interface and port density are scalable
y SCM and LIM are common and compatible for 3 different types of chassis
y Graceful restart
Software Features
Layer 2 Switching
y Supports Port based VLAN and IEEE 802.1q tagged VLAN (maximum: 4,096)
The Corecess S5 System supports Layer 3 switching. Because Layer 2 switches don’t support the
Layer 3 communication between VLANs, a separate router is needed to link the VLANs. But the
Corecess S5 System supporting Layer 3 switching can process all incoming packets without a
separate router.
y OSPF
y IS-IS
y BGPv4
y VRRP
y multiple priority queue support, congestion control, traffic shaping & policing and modification
Overview 1-7
Software Features
t Strict Priority
Yes Yes Yes
y (SP) support
Weight Fair Queue
No Yes Yes
T (WFQ) support
h Weight Round
e Robin (WRR) Yes Yes Yes
support
C Deficit Weighted
o Round Robin No Yes Yes
r (DWRR) support
e
128 per port 2,048 2,048
c ACL table size
e Maximum slot
4G 8G 8G
s capacity
Multicasting
The Corecess S5 System supports the following multicasting protocols for the high quality
broadcasting service:
y DVMRP
Security
y Supports CIFS filtering using MAC address, IP address and TCP/UDP port number
y Protection from IP/ARP spoofing, packet storming & TCP sync flooding
Network Management
The Corecess S5 System supports SNMP (Simple Network Management Protocol), RMON
(Rmote MONitoring) and port mirroring for network management. You can monitor and
control the Corecess S5 System network via the console port, Telnet session, or the Corecess
NMS, ViewlinX.
Overview 1-9
Software Features
y Port Mirroring
The Corecess S5 System allows you to use the port mirroring function without affecting the switching
performance.
y RMON
The Corecess S5 System provides four RMON groups (history, statistics, alarms, and events) in each
port as traffic management, monitoring and analysis tools.
Applications
This section describes example applications for the Corecess S5 System.
Overview 1-11
Applications
Overview 1-13
Applications
This chapter introduces the structures of the front and rear side of the Corecess S5 System and describes
the function and appearance of the modules provided for the Corecess S5 System. This chapter also briefs
the devices connected to the Corecess S5 System.
System Chassises
This section describes the external features of the Corecess S5 System chassises.
Corecess S5 series consists of various chassises and SCM(Switching Control Module), LIM(Line
interface Module). Those help operator with flexible and economical configuration environment
enough to achieve the aimed network.
S511 Chassis
View
There are ten slots, rack blaket, fan tray and fan filter in front of Corecess S511 system. The SCM
and LIM module are equiped in the slots, and a back-plane board inside the chassis makes SCM
and LIM module communicate each other. Three power moudules supplies the Corecess S5
system with the ensured power. The default state of two of them is running and that of the
other is under earmark for stand-by. In the emergent event of a failure of source power to one
supply, or the failure of one power supply, the redundant power option guarantees stable and
uninterrupted opertion.
The view above displays that LIM-GW16GF, designed to be equipped in only S511, occupies
double slots. LIM module can be installed up to 8 from bottom.
Slot
SCM Slot (10)
SCM Slot (9)
LIM Slot (8)
LIM Slot (7)
LIM Slot (6)
LIM Slot (5)
LIM Slot (4)
LIM Slot (3)
LIM Slot (2)
LIM Slot (1)
S511 Features
Power is supplied in the form of module with DC -48V. Three power moudules supplies the
Corecess S5 system with the ensured power. The default state of two of them is running and
that of the other is under earmark for stand-by.
The function of hot swapping provided by Corecess S5 system allows operator to add, replace
or remove any modules without interrupting or shutting down the system power or interfaces.
The 9 and 10 number of SCM modules are under control of redundancy.
S518 Chassis
There are 18 slots, rack bracket, fan tray and fan filter in font of Corecess S518 System. The SCM
and LIM module are equipped in the slots, and a back-plane board inside the chassis makes
SCM and LIM module communicate each other.
View
DC Power
Rack blaket
Fan filter
<Corecess S518>
Slot (S518)
System slot of Coreecess S5 518 may be equipped with 2 SCM modules for switching and
system control and 16 Lim modules that can be used for Gigabit Ethernet or Gigabit Ethernet
PON Interface. Type and slot numbers for Corecess S5 system slot are as follows. Slot numbers
are used when performing system setup or monitoring via CLI command.
LIM Slot 01
LIM Slot 02
LIM Slot 03
LIM Slot 04
LIM Slot 05
LIM Slot 06
LIM Slot 07
LIM Slot 08
LIM Slot 09
LIM Slot 10
LIM Slot 11
LIM Slot 12
LIM Slot 13
LIM Slot 14
LIM Slot 15
LIM Slot 16
SCM Slot 1
SCM Slot 2
S518 Features
S506(S505) Chassis
There are five slots, rack bracket, fan tray and fan filter in font of Corecess S5 System. The SCM
and LIM module are equipped in the slots, and a back-plane board inside the chassis makes
SCM and LIM module communicate each other. Unlike the Corecess S505, the Corecess S506
provides maximum two AC power modules.
View
<Corecess S505>
Rack Braket Fan Tray Fan Filter Rack Braket
<Corecess S506>
AC Power Module AC Power Module
Slot(S505,S506)
The Corecess S506 has five slots in which one SCM module and four LIM modules can be
installed. The SCM module takes charge of switching and system control, and the LIM modules
provide Gigabit Ethernet PON interface. When you execute CLI commands for system
configuration or monitoring, use the slot number. Each slot’s type and number is as follows:
S506 Feature
The AC power modules supplies AC power (100V~220V) to the Corecess S5 System. The
Corecess S506 supports redundant AC-input power supplies. In the event of a failure of source
power to one supply, or the failure of one power supply, the redundant power option ensures
uninterrupted operation.
S505 Feature
The terminal block is used to connect external DC power supplies of –48VDC or rectifiers. There
are 3 terminals in the terminal block: FG, GND, and -48VDC. The Corecess S505 supports
redundant DC-input power supplies. In the event of a failure of source power to one supply, or
the failure of one power supply, the redundant power option ensures uninterrupted operation.
the Corecess S505 provides two terminal blocks on the rear of chassis
SCM Slot Installation of SCM modules that control overall performance of system and provide
switching functions
LIM Slot Installation of LIM modules that provides Gigabia Ethernet or PON interface for Gigabit
Ethernet
The Corecess S5 System’s slots support hot-swap function, and you can install a module into the
slot without turning the system off.
Note : For more information of modules, ports and LEDs, refer to System Modules in this chapter.
Rack Bracket
The rack bracket is used when equipping the Corecess S5 System to install it on a 19-inch rack.
Chapter 4 Installation describes how to mount the Corecess S5 System with a rack bracket on a 19-
inch rack.
Fan Tray
The system fan comes with cooling fan that maintain proper temperatures inside the chassis.
The LED on the fan tray denotes power supply and operating status. During the fan module
operates normally, the LED is lit on green. When a user stops operating the cooling fan, the LED
is lit on orange. When the cooling fan has a problem, the LED is lit on red.
Fan Filter
The fan filter filters dust which comes into the system through the ventilation holes. The fan
filter should be checked depend on cleanliness of the location, and replaced or cleaned if
necessary.
Ground Terminal
The ground terminal is a terminal for the system ground. Connect the ground terminal to the
external ground using ground for preventing an electric shock or the system damage .
A ground terminal is generally on the rear of chassises, but S518 chassis is not.
<Corecess S505>
Ground Terminal
Ventilation Holes
The ventilation holes are where heat, which is generated while the Corecess S5 System is
operating, comes out and external cold air is taken in. If the ventilation holes are blocked when
using the Corecess S5 System, the product may overheat because the internal hot air and
external cold air cannot circulate properly.
System Modules
Slot Configuration
Operator can make his or her easier way to configure the aimed network with the help of
various chassis and module in Corecess S5 series.
8 2 1 1
Maximum backplane
capacity 64G 64G 32G 32G
SCM Module
The Corecess S5 system provides the following SCM module:
IPv4 routing
Max. 64K entry 12288 12288
table size
Memory
Item SCM20G SCM-B24G SCM-B72G
Main Memory size 256Mbytes
Boot ROM size 512Kbytes
Packet buffer size
(per switching chip) 1Mbytes 2Mbytes 2Mbytes
Note: Master LED is only operated when two SCM modules are installed in the system for redundancy.
Port Type
The console port is used to connect a console terminal for monitoring and configuring the
Corecess S5 System. To connect the console port to a console terminal, use the included console
cable. A PC or a workstation installed with a terminal emulation program or VT-100 terminal
can be used as a console terminal.
The Ethernet Management port is used for connecting the Corecess S5 System to the network to
manage the system by the NMS (Network Management System) or Telnet. The Ethernet
Management port is a 10/100Base-TX port. In connection with 10/100Base-TX port, the speed
(10Mbps or 100Mbps) and the transmission mode (full-duplex or half-duplex) are automatically
configured in accordance with the speed and transmission mode of the connected device. The
cables for connecting to the Ethernet Management port are twisted-pair category 3, 4 and 5 with
RJ-45 connectors at both ends.
The following table describes the information indicated by the Ethernet Management port
LEDs:
Table 2-4 LED Functions of Ethernet Management Port on the SCM Module
The couple of ports can be combined for its use. Therefore the one port is surely "off" in the case
of the 'on" status of the other.
O O O X X X X O
Port Number 4 4
Maximum
100m Optional
Transfer Distance
The following table describes the information indicated by the 10/100/1000Base-T port LEDs:
The following table describes the information indicated by the port LEDs:
The Gigabit Ethernet port is an uplink port connected the Corecess S5 System to core network.
XFP 10GBaseR upilnk port requires additional 10GbE XFP transciver.
The following table lists the specifications of the Gigabit Ethernet port on the SCMmodule:
Port Number 2
SCM-B72G
SCM-B72G is switching control module that privide system control function and Layer 3
swithching. SCM-B72G module provides 4 Gigabit Ethernet uplink ports (SFP type), optional
two 10G Ethernet uplink ports(XFP type), optional 4 Gigabit Ethernet uplink ports (RJ-45),
console port and ethernet port.
Reset Switch
SCM-B24G
SCM-B24G is switching control module that privide system control function and Layer 3
swithching . SCM-B24G module provides 4 Gigabit Ethernet uplink ports (SFP type), optional 4
Gigabit Ethernet uplink ports (RJ-45), console port, and ethernet port.
SCM-20G
SCM-20G is switching control module that privide system control function and Layer 3
swithching. The SCM-20G has four Gigabit Ethernet uplink ports (RJ-45 or SFP), the Console
port and the Ethernet port.
LIM Module
The Corecess S5 system provides the following LIM module:
LIM Slot
LIM-D4GF y 4 Gigabit Ethernet Ports (SFP)
Run LED
Run LED displays the status of the LIM module.
Port LED
The following table describes the information indicated by port LEDs:
Port Type
GW-PON port(optical link) in S5-LIM-GW16GF can transport the electric signal to the
multiplexed 16 channel in one fiber in one time.
Feature Specification
No.of Channel 16
The 1000Base-PX SFP E-PON Port is connected to the maximum number of 32 ONT(Optical
Network Terminal) through a splitter.
The following table lists the specifications of the 1000Base-PX SFP E-PON Port.
Feature Specification
Port Number 4
Branch Number per
32
Port
The SFP GbE Port is used as downlink port connected to other Gigabit Ethernet devices.
The following table lists the specifications of the SFP GbE Port on the LIM module.
Feature Specification
1000Base-T port
The 1000Base-T Port is used as downlink port connected to other Gigabit Ethernet devices.
The following table lists the specifications of the 1000Base-T Port on the LIM module.
Feature Specification
Transfer Mode Full-duplex mode or Half-duplex mode (Auto sensing)
Transfer Speed 10/100/1000Mbps
Connector Type RJ-45
Maximum Transfer
100m
Distance
Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the
aperture of the port when no fiber cable is connected. Thus, if you don’t use the fiber optic port for a long time
during the system operation, Close the port with a cap or Connect the port with a fiber optic cable.
LIM-D16GT(LIM-D8GT)
LIM-D16GT module is a Gigabit Ethernet interface module. LIM-D16GT module can provide
10/100/1000Base-T Ports.
Run LED
LIM-D16GF(LIM-D8GF,LIM-D4GF)
LIM-D16GF module is a Gigabit Ethernet interface module. LIM-D16GF module can provide
SFP GbE Ports.
Run LED
LIM-EP4G-GR
LIM-EP4G-GR module is a Gigabit Ethernet PON interface module. LIM-EP4G-GR module can
provide four 1000Base-PX SFP E-PON Ports.
LIM-GW16GF
LIM-GW16GF is marked by its only use for S511 chassis. It, along with L1-BLS-16CH, send
through optical link to 1 core fiber the multiplexed 16-channel GbE in accordance with wave-
length.
Port LED
Light Source port 2
Support Devices
E-PON Splitter
The Corecess 4500 is an optical splitter connected to ONTs (Optical Network Terminal). The
Corecess 4500 provides the maximum number of 32 connections.
There are one OLT port connected to the Corecess S5 System and 32 ONT ports connected to
ONTs in front of the Corecess 4500 Optic Splitter.
ONT Port
OLT Port
WDM Filter
M5-GWDMX-16CH is characterized as the dimultiplexing device that receives GW-PON signal
from multiplexed 1 core and filter it to 16 CH.
GW-PON Port
Cable Connecting
The M5 SuperPON MUX Platform is combined with S5 system to construct Corecess’ SuperPON service.
The M5 platform utilizes different types of OLU board, one for GW-PON, and the other for WE-PON,
to provide both services in a single common chassis.
The M5 chassis provides two slots for SLU (Seed Light source Unit), eight slots for OLU (Optical Link
Unit), and two slots for power modules. It also offers an additional slot for the fan module. The SLU
may be configured for 1+1 redundancy or each SLU may provide seed light for its side of four OLUs.
The power slots are redundant, and each slot is designed to power the whole system. The fan module is
removable and hot-swappable.
Cable Connecting
Splitter
ONT
RN
10Km
Down Up
1 2 3 4 5 6 7
1 2 3 4 5 6 7 8
8
RX TX
The chapter 19 M5 SuperPon Mux Platform will give you more detailed description as its
reference.
This chapter describes the precautions for the Corecess S5 installation and installation environment for the
normal operation. It also describes the way to unpack the Corecess S5 box and verify the contents.
9 Precautions 3-2
9 Unpacking 3-10
Precautions
Precautions
Warning: Before you install the Corecess S5 system, read this section. This section contains important safety
information you should know before working with the system.
General Precautions
y While or after installing the equipment, keep the equipment clean and free from dust all the
time.
y After removing the cover of the equipment, keep the cover in safe place.
y Any tool or cable should not be left on the way of passage for better safety.
y When installing the equipment, the installer should not wear baggy clothing so that tie, scarf,
and sleeves should not be caught in the equipment. Keep tie and scarf from getting slack,
and roll up the sleeves.
y Avoid any harmful action that damages the people or the equipment.
y In case that opening the case for repairing or test is required, contact the sales agency where
you purchased this equipment, or directly contact Corecess Inc. for professional help.
Power Considerations
y Be careful when connecting the system to the supply circuit so that wiring is not overloaded.
y When plugging in a power socket or handling any power source, avoid ring, necklace, metal
watch for better safety. If these materials touch the power socket or ground of the product,
the parts can be burnt out.
y Always verify whether there is any possible danger in the workshop. Wet floor, ungrounded
extension, rubbed-off power code, or unsafe (or ungrounded) floor might be dangerous.
DC Power
y Connect DC-input power supplies only to a DC power source that complies with the safety
extra-low voltage (SELV) requirements in the UL 1950, CSA 950, EN 60950, and IEC 60950
standards.
y Ensure that power is removed from the DC circuit before installing or removing power
supplies. Tape the switch handle of the DC circuit breaker in the off position.
y Use approved wiring terminations, such as closed-loop or spade-type with upturned lugs,
when stranded wiring is required. These terminations should be the appropriate size for the
wires and should clamp both the insulation and the conductor.
y Ensure that no exposed portion of the DC-input power source wire extends from the
terminal block plug. An exposed wire can conduct a harmful level of electricity.
AC Power
y The system is designed for connection to TN power systems. A TN power system is a power
distribution system with one point connected directly to earth (ground). The exposed
conductive parts of the installation are connected to that point by protective earth conductors.
y Ensure that the plug-socket combination is accessible at all times, because it serves as the
main disconnecting device.
Spare Power
If you purchase the product whose a spare power supply is installed, two power supplies are
connected to each input power. Then, if one of the power supplies is not working, the system
can be operating continuously.
Preventing ESD
Electrostatic discharge (ESD) damage occurs when electronic cards or components are
mishandled and can result in complete or intermittent failures. Note the following guidelines
before you install or service the system:
y Always wear an ESD-preventive wrist or ankle strap when handling electronic components.
Connect one end of the strap to an ESD jack or an unpainted metal component on the system
(such as a captive installation screw).
y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.
y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.
y Avoid contact between the cards and clothing. The wrist strap only protects the card from
ESD voltages on the body; ESD voltages on clothing can still cause damage.
y For safety, periodically check the resistance value of the antistatic strap. The measurement
should be between 1 and 10 Mohms.
y Remove all jewelry (including rings and chains) or other items that could get caught in the
system or heat up and cause serious burns.
y Do not touch the backplane or midplane with your hand or metal tools.
y Do not perform any action that creates a potential hazard to people or makes the equipment
unsafe.
Disconnecting Power
y Locate the emergency power-off switch for the room before working with the system.
y Turn off the power and disconnect the power from the circuit when working with
components that are not hot-swappable or when working near the system backplane or
midplane. If the system does not have an on/off switch, unplug the power cord.
y To completely de-energize the system, disconnect the power connection to all power supplies.
y For DC power supplies, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the off position, and tape the switch handle of the circuit
breaker in the off position.
y Do not touch the power supply when the power cord is connected. Line voltages are present
within the power supply even when the power switch is off and the power cord is connected.
Connecting Cables
y Use caution when installing or modifying telephone lines to prevent electric shock.
y Do not work on the system or connect or disconnect cables during periods of lightning activity.
y Do not touch uninsulated telephone wires or terminals unless the telephone line has been
disconnected at the network interface.
y Hazardous network voltages are present in WAN ports regardless of whether power to the
system is off or on. When you detach cables, detach the end away from the system first.
y Do not use a telephone to report a gas leak in the vicinity of the leak.
y Do not install telephone jacks in wet locations unless the jack is specifically designed for wet
locations.
y To avoid exposure to radiation, do not stare into the aperture of a fiber-optic port. Invisible
radiation might be emitted from the aperture of the port when no fiber cable is connected.
y Always keep unused fiber-optic ports capped with a clean dust cap.
Preventing EMI
When you run wires for any significant distance in an electromagnetic field, electromagnetic
interference (EMI) can occur between the field and the signals on the wires.
y Strong EMI, especially when it is caused by lightning or radio transmitters, can destroy the
signal drivers and receivers in the system, and can even create an electrical hazard by
conducting power surges through lines and into the system.
y If Strong EMI occurs in the installation place, consult RFI experts to get rid of it.
Ensure that all cards, faceplates, and covers are in place. Blank faceplates and cover panels are
used to:
y Help contain electromagnetic interference (EMI) that might disrupt other equipment
y Install the system in an open rack whenever possible. If installation in an enclosed rack is
unavoidable, ensure that the rack has adequate ventilation.
y Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted,
or if the intake air is too warm, an over temperature condition can occur.
y Avoid placing the system in an overly congested rack or directly next to another equipment
rack. Heat exhaust from other equipment can enter the inlet air vents and cause an over
temperature condition.
y Equipment near the bottom of a rack might generate excessive heat that is drawn upward
and into the intake ports of the equipment above. The warm air can cause an over
temperature condition in the equipment above.
y Ensure that cables from other equipment do not obstruct the airflow through the chassis or
impair access to the power supplies or cards.
y Load the rack from the bottom to the top, with the heaviest system at the bottom.
y If there is equipment already installed in the rack, select the location for the system carefully
considering the size of the system:
y Ensure that your footing is solid and the weight of the system is evenly distributed between
your feet.
y Lift the system slowly, keeping your back straight. Lift with your legs, not with your back.
Bend at the knees, not at the waist.
y Do not attempt to lift the system with the handles on the power supplies or on any of the
cards. These handles are not designed to support the weight of the system.
y To lift and move the system, following number of people or a crane should be needed
depends on weight of the system:
Below 18Kg 1
18~32Kg 2
32~55Kg 3
Installation Place
Environmental Requirements
For the safe installation and use of the Corecess S5, the place for installation should satisfy the
following requirements:
y While or after installing the product, keep the product clean all the time.
y The system should be installed in a cool place where has no direct ray of sunlight. Any tool
or equipment should not be place on the way of passage.
y The following ambience condition for temperature and humidity should always be kept.
Power Supply
y The Corecess S5 should be installed in the place where power supply satisfying the following
condition is provided.
y Verify the power (source) be clean. If there is too much noise or spark, it is better to have the power
control equipment.
y Locate an electric outlet near the system for easy installation of power cable.
y Be careful with connecting power supply equipment and avoiding overload wiring.
Unpacking
As the following instructions, unpack the shipping carton and inspecting contents of the
shipping carton.
1. Open the shipping carton of the Corecess S5. There is this manual, desiccant, a power
cable(s), and a console cable on the cushion inserted- Corecess S5 system.
2. Without taking off the cushions, pick out the equipment with two hands, and put it in a safe
place.
3. And then, verify whether there is a plastic bag that contains rack brackets and screws under
the shipping carton.
Corecess S5 System
Recommendation: After unpacking, do not throw away the box including cushions and keep them in a safe
place in case the product is relocated, it is better to move the product after packing with the box including
cushions.
Note: If there are some missing contents or damaged components, contact the sales agency where you
purchased this product to replace them with new ones.
This chapter describes how mount the Corecess S5 System on a rack, install the SCM/LIM module and
connect the cables to the ports.
9 Rack-Mounting 4-3
Installation Procedure
The following summarizes the installation procedure for the Corecess S5. The next section will
describe in detail the step-by-step procedures for each step.
1. Rack-mount
The design allows the Corecess S5 System to be mounted on a 19-inch rack. The screws
needed for rack mounting are enclosed with the product.
2. Installing modules
Install SCM/LIM modules in the slots of the Corecess S5 system.
Rack-Mounting
The design allows the Corecess S5 System to be mounted on any kind of standard 19-inch racks.
This section describes how to install the Corecess S5 System on a 19-inch rack.
Caution: Before installing the system in a rack, read the Rack-Mounting the System section in the Chapter 3
Before Installation to familiarize yourself with the proper site and environmental conditions.
y Make sure that the 19-inch rack is placed on a convenient location for the Corecess S5 System
installation. At least, the space of 550 x 750 (width x length)mm is needed to install the 19-inch rack.
y Check to see if there is a vertical space of around rack units in the rack because of the Corecess S5
System and air flow space (1U).
Installation 4-3
Rack-Mounting
y A Philips screwdriver
y Four (4) binder-head screws (M5, 8mm) (provided along with the product)
Note: For more information about ESD, refer to the Chapter 3/ Before Installation.
Once all the tools and equipment are prepared, mount the Corecess S5 on a 19-inch rack
according to the following procedure:
1. Place the Corecess S5 on a spacious floor or a sturdy table near the rack. And check the
tools and materials.
2. Lift up the Corecess S5 as high as the available space in the 19-inch rack.
3. Place the rack brackets installed on the Corecess S5 to the holes of the 19-inch rack. And fix
the brackets using four (4) binder-head screws.
Caution: The following explanations should be noticed when installing the Corecess S5 into the 19-inch rack:
y Locate the heavy things at the bottom of the rack. If there is another equipment already installed in the rack,
select the location for the Corecess S5 carefully considering the size of the Corecess S5.
y If the rack is empty, you should install the Corecess S5 System at the bottom of the rack.
Installing Modules
The Corecess S5 System has five slots, and the following types of module can be installed.
Table 4-1 Kinds of Module and Slot Number installed in each slot
LIM Slot
LIM-D4GF y 4 Gigabit Ethernet Ports (SFP)
Installation 4-5
Installing Modules
This section describes how to install modules in the Corecess S5 System slots.
Note: Place the removed module where there is no static electricity or keep it in an anti-static envelop.
3. When installing a module in an empty slot, loosen the screws on the blank bracket that
blocks the empty slot. And remove the blank bracket.
Note: When LIM module’s installation, it is convenient that installation proceed from the number 1 slot in
order.
4. Prepare a module that is to be installed. Check to see if there is any defect by examining the
exterior of the module.
5. Place module to the guide rail that is located in the both sides of the slot. Then, insert the
module carefully until it gets installed in the connector of the back plane. And push the
ejectors located in the both sides of the module.
6. Fasten the module firmly by tightening the two screws using a Philips screwdriver.
7. If the module is installed successfully, the Run LED on the module is turned on with green,
and then it is flashing. Connect cables to ports of the module, and configure the ports using
CLI commands if necessary.
Note: Since the Corecess S5 System provides the hot-swap functions, the system power doesn’t have to be
turned off.
Note: 1000Base-PX module is included with LIM-EP4G-GR, but 1000Base-SX/LX SFP module is optional. For
more information, refer the manual or document.
Installation 4-7
Installing Modules
1. Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface on the
chassis.
2. Take the SFP modules out of the packing and check carefully to see if there is any defect.
Dust plug
Actuator Button
3. Align a GBIC module in front of the GBIC module slot facing the letter-printed side
upward.
4. Insert the SFP module into the slot until you feel the connector on the module snap into
place in the rear of the slot.
Caution: Do not remove the dust plugs from the fiber-optic SFP module port or the rubber caps from the fiber-
optic cable until you are ready to connect the cable. The plugs and caps protect the SFP module portsand cables
from contamination and ambient light.
1. Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface on the
chassis.
2. Disconnect the fiber-optic cable from the SFP module and insert a dust plug into the optical
ports of the SFP module to keep the optical interfaces clean.
3. Press the actuator button to release the SFP module from the slot. Grasp the SFP module
between your thumb and index finger and carefully remove it from the module slot.
Actuator Button
4. Place the removed SFP module in an antistatic bag or other protective environment.
Installation 4-9
Connecting Network Devices
For the information of cables connected to each port, refer to Appendix B Connector and Cable
Specifications.
Caution: If the distance of two devices connected with a cable is farther than the distance described in this
manual, data can be lost during the transmission.
Caution: The RJ-45 connector and the LC connector of SFP module cannot be used at the same time. Only one
connector type should be used for each port.
The four RJ-45 ports on the SCM module support 10/100/1000Base-T interface, and the RJ-45
ports can be connected with the Gigabit Ethernet device that support the transmission speed up
to 1000Mbps.
Using the twisted-pair cable, connect the 10/100/1000Base-T port to the Gigabit Ethernet device.
Note: The 10/100/1000Base-T port on the SCM module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.
Note: Connecting the 10/100/1000Base-T port is the same, regardless of the Corecess chassis type. This
manual describes system installation based on the Corecess S506 chassis.
Installation 4-11
Connecting Network Devices
The 1000Base-SX/LX SFP module can be installed in the SFP slot of the SCM module, and the
Corecess S5 System can be connected to the core network using the 1000Base-SX/LX SFP
module. Depends on the type of SFP modules, connect cables as follows:
Corecess S506
Note: Connecting the 1000Base-SX/LX SFP module on the SCM is the same, regardless of the Corecess chassis
type. This manual describes system installation based on the Corecess S506 chassis.
Prepare the single mode fiber optic cable (Rx: 1310nm, Tx: 1490nm), then connect the cable to
the 1000Base-PX SFP port of the EP4G-GR module and the optical splitter. The optical splitter
can be connected to the maximum number of 32 ONT (Optical Network Terminal).
Corecess S506
Single Mode Fiber Optic Cable
y Connector : Simplex SC/APC
y Wavelength : 1310nm (Rx), 1490nm (Tx)
y Max. cable length : 10/20Km
Note: Connecting the 1000Base-PX SFP module on the LIM-EP4G-GR is the same, regardless of the Corecess
chassis type. This manual describes system installation based on the Corecess S506 chassis.
Installation 4-13
Connecting Network Devices
Corecess S506
Note: Connecting the 1000Base-SX/LX SFP module on the LIM-D4GF is the same, regardless of the Corecess
chassis type. This manual describes system installation based on the Corecess S506 chassis.
The Corecess S5 System can manage the following tasks through local or remote connection.
y Can browse various network statistics information and the status of the switch and ports.
y Can change the switch configuration for changing the topology, improving the switch
performance or controlling the network traffic.
y Can browse the logs of various events and traps occurring at the switch.
y Can strengthen the system security through specifying hosts that can access switches.
This section describes how to connect the console port and the Ethernet management port to the
console terminal and the Ethernet LAN.
Installation 4-15
Connecting the System Management Device
Corecess S506
Note: Note: Connecting the Console port on the SCM is the same, regardless of the Corecess chassis type. This
manual describes system installation based on the Corecess S506 chassis .
Corecess S506
Twisted pair Cable
y 10Mbps : Category-3,4,5
Connect to the local network (Ethernet LAN)
y 100Mbps : Category-5
y Max. cable length : 100m
Note: The Ethernet Management port in the SCM module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.
Note: Connecting the Ethernet Management port on the SCM is the same, regardless of the Corecess chassis
type. This manual describes system installation based on the Corecess S506 chassis.
Installation 4-17
Connecting Power
Connecting Power
There two connecting power type of the Corecess S5 System. The Corecess S505(S511,518)
chassis can be connected with DC power. The Corecess S506 chassis, on the other hand, can be
connected with AC power. This section describes how to connect power to the Corecess S5
System.
Connecting DC Power
There are two or three terminal blocks in the Corecess S5 series(S505-Rear, Else-Front, ). If you
want to use power redundancy function, connect each terminal block to the different external
power supply. If you connect only one terminal block to the external power supply, the power
redundancy function is disabled.
1. For safety, a transparent plastic cover is attached on the terminal block. Loosen the two
screws using a screw driver, and remove the plastic cover.
Plastic Cover
Plastic Cover
2. Connect the DC power cable to the terminal block A. Loosen the screws from the terminal
block A, and put the rounded roop of the power cable, then tighten the screws again. Be
aware of power polarity when connecting cables. Attach the transparent plastic cover on
the terminal block A again.
Plastic Cover
3. Connect the DC power cable, connected with the terminal block A, to the external power
supply or the rectifier.
Installation 4-19
Connecting Power
4. Connect the DC power cable to the terminal block B. Loosen the screws from the terminal
block B, and put the rounded roop of the power cable, then tighten the screws again. Be
aware of power polarity when connecting cables. Attach the transparent plastic cover on
the terminal block B again.
Plastic Cover
5. Connect the DC power cable, connected with the terminal block B, to the external power
supply or the rectifier. For the power redundancy, the DC power cable should be connected
to the different external power supply from what connected to the terminal block A.
Connecting AC Power
There are two power modules in font of the Corecess S506. If you want to use power
redundancy function, connect each terminal block to the different external power supply. If you
connect only one terminal block to the external power supply, the power redundancy function
is disabled.
1. Be sure that the power switch on the power module is turned off.
2. Connect the power cable, which is provided with the Corecess S5 System, to the power
input on the power module. Then, plug opposite side of the power cable into an outlet.
Corecess S506
Installation 4-21
Starting the System
1. Check the followings once again before operating the Corecess S5 System:
y Make sure that modules are properly inserted in the slot of the Corecess S5 System.
y Make sure that cables are properly connected to each port.
y Make sure that the power cable is properly connected.
2. Turn on the power of the console terminal and execute the terminal emulator program.
3. Supply power to the Corecess S5 System. In case of the Corecess S505, turn on the switches
of the external power supplies. In case of the Corecess S506, turn on the swithes of the
power modules on the Corecess S5 System.
5. If the power is properly supplied to the Corecess S5 System without any problem, the RUN
LED turns on in green, and the following message is displayed on the console terminal.
Err: serial
IDE: Bus 0: OK
Device 0: Model: SanDisk SDCFB-128 Firm: Rev 3.03 Ser#: X0318 20021223051815
Type: Removable Hard Disk
Capacity: 122.2 MB = 0.1 GB (250368 x 512)
Device 1: not available
BEDBUG:ready
Press CTRL-C to stop autoboot: 0
.
.
6. Once the initialization is properly completed in a short while, the RUN LED is starting to
flash green. And the following login message is displayed on the console screen.
localhost login:
Now, the Corecess S5 System is properly installed. Log in the CLI of the Corecess system, then
configure the system depend on the environment of site.
Installation 4-23
Starting the System
This chapter briefs general configuration method of the Corecess S5. The Corecess S5 has already
configured with default upon the shipment and can immediately be used without additional configuration
explained in this chapter. If the default configuration should be changed according to user’s network
environment, refer to the contents in this chapter.
Before Configuration
This section describes how to access the Corecess S5 System CLI (Command Line Interface) and
provides information that you should know before using the Corecess S5 System CLI.
Note : Examples and pictures in this manual are explained on the basis of S505 and S506 systems. Many of
features in this manual are identical as S518 since S518 uses same protocol.
1. To access the Corecess CLI on the console screen, the console port on the Corecess S5 System
should be connected to a serial port(DB-9) of the console using a console cable as the
following figure:
Corecess S506
Note : Console port connection is identical regardless of S505, S506, and S518 types. This manual uses Corecess
S506 in the examples.
2. Make sure that you have started the emulation software program such as HyperTerminal from
your console terminal.
3. Press [Enter], then the following login message is displayed on the console terminal:
login:
4. Enter the login ID and the password, then press the [Enter]. The default login id is ‘corecess’.
If you entered the login ID and the password correctly, localhost> prompt appears.
login: corecess
Password:
localhost>
5. To configure the Corecess S5, enter the ‘Privileged’ mode by enable command. If you enter
Privileged mode, the prompt is changed from localhost> to localhost#.
localhost> enable
localhost#
Note: After specifying the IP address of the NMS port (Management interface), you can access the Corecess S5
CLI through the Telnet session or NMS.
Command Modes
The CLI of the Corecess S5 System supports various command modes. The CLI commands are
only executed in their command modes. The following table describes the type of command
modes and the tasks.
You can enter the each command mode by entering the following command.
When you start a session on the Corecess S5, you begin in User mode. Only a limited subset of
the commands is available in User mode. To have access to all commands, you must enter
Privileged mode. To enter Privileged mode from User mode, enter the enable command. The
CLI prompt will be changed from > to # entering Privileged mode.
localhost> enable
localhost#
To exit from Privileged mode, enter disable command. The CLI prompt will be changed from #
to > returning to User mode from Privileged mode.
localhost# disable
localhost>
If you enter the exit command in Privileged mode, you can exit form the CLI.
localhost# exit
login:
Global configuration mode allows you to change configuration for the Corecess S5 System. Also,
you can enter other configuration mode through Global configuration mode.
To enter Global configuration mode from Privileged mode, enter the configure terminal
command. The CLI prompt will be changed localhost(config)# entering Global configuration
mode.
To exit from Global configuration mode, enter end command. The CLI prompt will be changed
to localhost# returning to Privileged mode.
localhost(config)# end
localhost#
To log out from CLI, you should return to User mode or Privileged mode. Use the exit or end
command to return to User mode or Privileged mode from other command mode:
This example shows how to return to Privileged mode from Policy-map mode by using the
exit command:
localhost(config-pmap)# exit
localhost(config-qos)# exit
localhost(config)# exit
localhost#
To return to Privileged mode directly without what mode you are in, use the end command.
This example shows how to return to Privileged mode from Policy-map mode by using the end
command:
localhost(config-pmap)# end
localhost#
To log out from the CLI, enter the exit command in User mode or Privileged mode.
This example shows how to log out from the CLI in Privileged mode. After logging out from
the CLI, login prompt will be displayed as follow.
localhost# exit
login:
Prompt
On the Corecess S5 CLI prompt, the node name and current command mode are indicated as
follows:
localhost(config-qos)#
Node name Command mode
Node Name
The default node name is ‘localhost’. This default node name is used for the prompt until you
change it. If the proper node name is specified, it is useful to classify the product purpose or the
location.
Note: You can change the node name of the Corecess S5 System by using hostname command in global
configuration mode.
The following table describes the prompt of the main command modes.
User >
Privileged #
Global (config)#
Address-family (config-router-af)#
Key-chain (config-keychain)#
Key (config-keychain-key)#
Route-map (config-route-map)#
QoS (config-qos)#
Class-map (config-cmap)#
Policy-map (config-pmap)#
Policy-map-class (config-pmap-c)#
Getting Help
The Corecess S5 CLI provides help system that shows the list of available commands or
parameters. You can also get information about their function and brief description of usage.
y To obtain a list of commands that are available for each command mode, enter a question
mark (?) at the prompt:
# ?
calendar calendar
clear Reset functions
clock System clock
close Close the terminal
cls Clear a screen
configure Configuration from vty interface
copy Copy from one file to another
debug
delete Delete
diag Diagnosis mode
disable Turn off privileged mode command
enable enable
end End current mode and down to previous mode
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
ping send echo messages
quit Exit current mode and down to previous mode
reset reset
session Create Session
show Show
ssh Open a ssh connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also 'debug')
update Update Images
write Write Information
#
y To obtain the syntax for commands that are available for each command mode, enter the
list command at the prompt:
# list
calendar set WORD [WORD] [WORD] [WORD]
clear arp
clear arp A.B.C.D
clear arp-cache
clear dhcp statistics
clear dhcprelay lease all
clear dhcpserver lease all
clear dhcpserver lease ip A.B.C.D
clear dhcpserver lease mac A:B:C:D:E:F
.
.
update option image NAME slot <1-100>
update option image id <1-100> slot <1-100>
update port epon WORD onu mac WORD image NAME
update rootfs image NAME
update rootfs image id <1-100>
write dhcpserver leasefile
write file
write memory
write terminal
#
y To obtain a list of any command's associated keywords and arguments, enter a question
mark (?) after a partial command followed by a space:
# clear ip ?
bgp GP information
dhcp ynamic Host Configuration Protocol
igmp nternet Group Management Protocol
mroute elete multicast route table entries
ospf SPF information
pim rotocol Independent Multicast (PIM)
prefix-list uild a prefix list
rip lear rip routing table
route lear all routing table
static tatic routing table & configuration
vrrp RRP information
# clear ip
To executing a CLI command, you should enter both the command and it’s parameter. You can
execute the commands in the command mode which the prompt is locating now.
y The CLI supports command completion, so you do not need to enter the entire name of a
command or parameter. As long as you enter enough characters of the command or
parameter to avoid ambiguity with other commands or parameters, the CLI understands
what you are typing. For example, you can enter only con t to execute the configure
terminal command at Privileged command mode.
localhost# con t
localhost(config)#
But if you enter only co t, the following error message will be displayed. Because there are
copy and configure command and the system can’t distinguish the two commands.
localhost# co t
% Unknown command.
y To complete a command, press Tab key. If you enter a few known characters, then press Tab
key, the CLI displays the rest characters of the command. For example, if you enter only con
in Privileged mode, then press Tab key, the CLI displays configure on the terminal.
Specifying Ports
y Use slot-number/port-number to specify one port. For example, enter 1/1 to specify the port 1
on the module installed in the slot 1.
y Use dash (-) to specify consecutive number of ports. For example, enter 1/1-4 instead of
entering 1/1, 1/2, 1/3 and 1/4.
y Use comma (,) to specify non-consecutive number of ports. For example, enter 1/1,1/3-4
instead of entering 1/1, 1/3 and 1/4.
Editing Commands
The CLI supports the following line editing commands. To enter a line-editing command, use
the CTRL-key combination for the command by pressing and holding the CTRL key, then
pressing the letter associated with the command.
Ctrl-Key
Description
Combination
Ctrl+a Moves to the first character on the command line.
Ctrl+u Deletes all characters from the cursor to the beginning of the command line.
To set the IP address of the Ethernet management port, follow this procedure:
Command Task
interface 3. Enter Interface configuration mode for configuring the Ethernet management
management port.
show interface
8. Verify the IP address configuration.
management
The following is an example of assigning an IP address and subnet mask to the Ethernet
management port and verifying the configuration:
(config)# interface management Enter the interface mode of the Ethernet Manegement port
Specify the IP address and subnet mask of
(config-if)# ip address 172.27.68.100/16
the Ethernet Management port
(config-if)# exit Enter the Global Configuration Mode
172.27.2.49 is alive!
# write memory Save the changed configuration to the backup configuration file
Building Configuration...
[OK]
#
User Management
To access the CLI of the Corecess S5 System, you must login by entering the user name and the
password. By default, ‘corecess’ exists. This section describes how to add and delete user who
can login the CLI of the Corecess S5 System.
Command Task
3. Add a user.
username <name> y <name> The user ID for entering the Corecess S5 System CLI.
password <password> [8] y <password> The password for the user.
y 8 Encrypts the password
The following example shows how to adds a user whose id is ‘kka’ and password is ‘violet’ and
verifies the configuration:
# configure terminal
(config)# username kka passwd violet
(config)# end
# show username
corecess none none **Never logged in**
kka none none **Never logged in**
# write memory
Building Configuration...
[OK]
Command Task
The following example shows how to change a password of the user ‘kka’:
# configure terminal
(config)# user kka password corecess
(config)# end
# write memory
Building Configuration...
[OK]
#
Deleting a User
Command Task
3. Delete a user.
no username <user-name>
y <user-name>: The user name to delete
The following example shows how to delete the user ‘kka’ and verify the deletion:
# configure terminal
(config)# no username kka
(config)# end
# show username
corecess none none **Never logged in**
# write memory
Building Configuration...
[OK]
#
y System name
y System date and time
y NTP (Network Time Protocol) mode and time zone
y Time zone
The system name is used as the prompt on the console. Therefore, it is convenient for finding
out which device is connected to. To change the system name, use the following commands.
Command Task
The following example shows how to change the system name to ‘Corecess’:
localhost> enable
localhost# configure terminal
localhost(config)# hostname Corecess
Corecess(config)# end
Corecess# write memory
Building Configuration...
[OK]
Corecess#
The system date and time is used in the log which is the record of the events occurred in the
system. When recording events or commands executed in the system into a log, the date and
time of the system is recorded with events or commands. Such logs can be used as an important
data in solving problems in the system, thus it is very important to accurately set the date and
time of the system.
The following describes how to set the system time and date.
Command Task
The following example shows how to adjust the system calendar and change the system clock
into the system calendar:
To use the current software clock (calendar) as the system clock, use the clock read-
calendar command in Privileged mode.
# show calendar
Fri Oct 8 11:26:38 KST 2004
# clock read-calendar
# show clock
Note: The ‘calendar’ is a software clock that is erased when the system is powered off or reboot. The other
hand, the system clock run continuously, even if the system is powered off or reboot.
NTP (Network Time Protocol) synchronizes timekeeping among a set of distributed time
servers and clients. This synchronization allows events to be correlated when system logs are
created and other time-specific events occur.
y Server mode
In server mode, the Corecess S5 System regularly requests the time information to an NTP
server.
Command Task
Command Task
2. Set the NTP mode.
y broadcast: Configure the system in NTP broadcast client mode.
y multicast <group-address>: Configure the system in NTP
multicast client mode.
ntp config type - <group-address>: Multicast group address
{broadcast | multicast y server <poll> <ip-address>: Configure the system in NTP
<group-address> | server server mode.
<poll> <ip-address> - <poll>: The polling interval.
preset {on | off}} - <ip-address>: The IP address of the NTP server.
y preset: Whether to preset the system clock to the time received
from NTP server.
- on: Preset.
- off: Not preset.
ntp enable 3. Enable NTP on the system
The following example shows how to configure the system in NTP server mode and verify the
configuration:
You can specify a time zone for the Corecess S5 System to display the time based on that time
zone. The Corecess S5 System learnt time from NTP sets its clock according to the specified time
zone and displays time. For example, when you set the time zone as ‘Seoul’ and ‘Los Angeles’,
the displayed date is different.
The default time zone is UTC. You must enable NTP before you set the time zone. If NTP is not
enabled, this command has no effect.
Command Task
The following example shows how to set the time zone and the area code to Asia/Seoul:
The Corecess S5 System contains two types of configuration files: the running (current
operating) configuration and the startup (last saved) configuration.
The feature of the files is as follows:
Running configuration
The running configuration is the current (unsaved) configuration that reflects the most recent
configuration changes. When a user changes the system configuration, the system configuration
is saved in the running configuration file of RAM and is applied immediately to the system.
You can upload or download the running configuration file via FTP or TFTP.
Startup configuration
The startup configuration is the saved configuration in NVRAM and is used when the system
initializes. The startup configuration is not removed when the system power is turned off. You
can upload or download the startup configuration file via FTP or TFTP.
Caution: Whenever you make changes to the Corecess S5 System configuration, you must save the changes to
memory so they will not be lost if the system is rebooted.
Command Task
The following example shows how to display the current running configuration file of the
Corecess S5 System.
# show running-config
Building configuration...
Current configuration:
!
! version 0.73
!
hostname Corecess
!
snmp-server community "public" ro
snmp-server community "private" rw
snmp-server contact Unknown
snmp-server location Unknown
snmp-server enable rmon
!
system fan enable 33 25
system temperature enable 90 80
!
port gigabitethernet 1/1 flowctl off
port gigabitethernet 1/1 duplex full
port gigabitethernet 1/2 flowctl off
port gigabitethernet 1/2 duplex full
port gigabitethernet 1/3 flowctl off
port gigabitethernet 1/3 duplex full
port gigabitethernet 1/4 flowctl off
port gigabitethernet 1/4 duplex full
!
interface management
ip address 172.18.22.6/16
!
ip multipath count 32
!
line vty
!
dhcprelay enable
dhcprelay serverlist 100.1.1.1
!
no ntp
!
.
.
#
There are three commands to save the current running configuration file to the startup
configuration file.
Command Mode
write memory
The following example shows how to save the current running configuration to the startup
configuration using the write memory command:
# write memory
Building Configuration...
[OK]
#
The following example shows how to save the current running configuration to the startup
configuration using the write file command:
# write file
Building Configuration...
[OK]
#
The following example shows how to save the current running configuration file to the startup
configuration file using the copy running-config startup-config command.
Commands Task
copy factory-default
2. Restore the default configuration.
start-up config
To check whether the Corecess S5 System is properly connected and configured, use the
following commands:
Commands Task
show interface 4. If the host is unresponsive, check the IP address and the subnet mask
management in the configuration of the Ethernet Management port.
# ping 172.27.2.49
PING 172.27.2.49 (172.27.2.49) from 172.27.2.100 : 56(84) bytes of data.
64 bytes from 172.27.2.49: icmp_seq=0 ttl=128 time=955 usec
64 bytes from 172.27.2.49: icmp_seq=1 ttl=128 time=817 usec
64 bytes from 172.27.2.49: icmp_seq=2 ttl=128 time=816 usec
The following messages are displayed according to the status of host and network after
execution of the ping command:
64 bytes from <host> : Host or network is connected. (When the ICMP echo response
icmp_seq=n ttl=n time=n ms messages have been received from the host or network)
Destination does not respond. (When any packets have not
no answer from <host>
been received from the host or network)
<host> is unreachable Host is unreachable.
This example shows how to perform a traceroute to the host whose IP address is 192.1.1.1:
# traceroute 192.1.1.1
traceroute to 192.1.1.1 (192.1.1.1), 30 hops max, 38 byte packets
1 * 172.27.1.254 (172.27.1.254) 4.204 ms 9.754 ms
2 * 192.168.11.126 (192.168.11.126) 1.640 ms 1.317 ms
3 61.107.96.1 (61.107.96.1) 1.825 ms 1.778 ms 1.441 ms
4 61.96.195.249 (61.96.195.249) 1.723 ms 1.812 ms 1.838 ms
5 172.30.4.1 (172.30.4.1) 2.375 ms 1.838 ms 1.856 ms
6 172.30.100.33 (172.30.100.33) 2.212 ms 1.813 ms 1.838 ms
7 172.30.100.10 (172.30.100.10) 2.404 ms 1.888 ms 2.277 ms
8 211.61.251.1 (211.61.251.1) 2.305 ms 1.861 ms 1.802 ms
The following example displays sample traceroute output when a destination host IP
address is specified:
# traceroute 61.107.97.51
traceroute to 61.107.97.51 (61.107.97.51), 30 hops max, 40 byte packets n
1 172.26.1.254 (172.26.1.254) 14.812 ms 29.758 ms 22.752 ms
2 192.168.11.126 (192.168.11.126) 0.497 ms 0.454 ms 0.360 ms
3 61.107.97.51 (61.107.97.51) 14.812 ms 29.758 ms 22.752 ms
o p q
#
The table below describes the fields shown by the traceroute command:
Field Description
n Maximum TTL value and the size of the ICMP datagrams being sent
o Indicates the sequence number of the switch router in the path to the host
q Round-trip time for each of the three probes that are sent
If the host is irresponsible after execution of the PING or traceroute commands, check the
interface of the Ethernet Management port using the show interface management
command, and check the routing table using the show ip route command.
The following example shows how to display the interface of the Ethernet Management port
using the show interface management command.
The following example shows how to display the IP routing table using the show ip route
command.
# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info
# show cpuinfo
cpu : 440GP Rev. C
revision : 4.129 (pvr 4012 0481)
bogomips : 595.96
vendor : IBM
machine : Ebony
#
The following table describes the fields shown by show cpuinfo command:
Field Description
Bogomips is the number of million times per second a CPU can do absolutely nothing
bogomips
and is used for a measurement of speed for the non Intel CPUs.
The following example shows how to display the information of the memory.
# show meminfo
total: used: free: shared: buffers: cached:
Mem: 250851328 106090496 144760832 0 3883008 40488960
Swap: 0 0 0
MemTotal: 244972 kB
MemFree: 141368 kB
MemShared: 0 kB
Buffers: 3792 kB
Cached: 39540 kB
SwapCached: 0 kB
Active: 8684 kB
Inactive: 77488 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 244972 kB
LowFree: 141368 kB
SwapTotal: 0 kB
SwapFree: 0 kB
#
The table below describes the fields shown by the show meminfo command:
Field Description
(Continued)
Field Description
# show module
Mod Ports Description Status Serial No.
--- ----- --------------------------------- ---------------- ---------------
A N/A Control Module active N/A
1 4 LIM-EP4G-GR insert,up N/A
2 4 LIM-EP4G-GR insert,up N/A
3 4 LIM-EP4G-GR insert,up N/A
4 4 LIM-EP4G-GR insert,up N/A
5 4 SCM-20G insert,up N/A
Mod Version Hw Fw Sw
--- -------------------- ---------------- ---------------- ----------------
1 release.rev(patch) 0.0(3) N/A N/A
2 release.rev(patch) 0.0(3) N/A N/A
3 release.rev(patch) 0.0(3) N/A N/A
4 release.rev(patch) 0.0(3) N/A N/A
5 release.rev(patch) 0.0(2) N/A N/A
#
The table below describes the fields shown by the show module command:
Field Description
# show system
System Information
-----------------------------------------------------
CoreCMR(Control Module Redundancy)
side : A
local status : active
remote status : not-exist
FAN S[ 1] N / Normal
Auxiliary Information
-----------------------------------------------------
Fan (`C(`F)) -
Max/Min Threshold : 33/ 25 ( 91/ 77)
Temperature (`C(`F)) -
Current Temperature : 47 (116 )
Max/Min Threshold : 90/ 80 (194/176)
#
Each field shown by the show system command describes the following information about
system state:
Field Description
1. Emergency
More critical
2. Alert
3. Critical
4. Errors
5. Warning
6. Notify
7. Inform
8. Debug Less critical
By default, all events of the Corecess S5 System are specified to the level 6. Thus, if the event
occurs from the level 1 to the level 6, the event message is displayed on the console screen or
the remote host screen.
The event level can be changed. The following procedure describes how to change the event
level.
Commands Task
This example shows how to specify the sys event to the level 4 and verify the result.
# configure terminal
(config) # logging level sys 4
(config) # end
# show logging
console logging is disable
logging buffer is disable
# write memory
Building Configuration...
[OK]
#
Event Description
sys Events related to system hardware
filesys Events related to file system
authorize Events related to security and authentication
port Events related to ports
interface Events related to interfaces
vlan Events related to VLAN (Virtual LAN)
spantree Events related to spanning tree and bridge
lacp Events related to LACP (Link aggregation Control Protocol)
gvrp Events related to GARP/GVRP
igmp Events related to IGMP and IGMP snoopping
pbnac Events related to PBNAC (Port Base Network Access Control)
mcast Events related to multicast
qos Events related to QoS (Quality Of Service)
acl Events related to access list
snmp Events related to SNMP
snmp_rmon Events related to SNMP RMON
dhcp Events related to DHCP
ntp Events related to NTP
route_main Events related to Main Routing Control
rip Events related to RIP
ospf Events related to OSPF
bgp Events related to BGP
dvmrp Events related to DVMRP
pim Events related to PIM
To configure the log messages to display on the console screen, use the following commands:
Command Task
The following example configures the log messages to display on the console screen and check
the result:
# configure terminal
(config)# logging console enable
(config)# end
# show logging
console logging is enable
logging buffer is enable
logging servers
1.1.1.1
.
.
# write memory
Building Configuration...
[OK]
#
To configure the log messages to display on a remote host, use the following command:
Command Task
The following example configures the system log to display on the remote host whose IP address
is 172.10.1.0:
# configure terminal
(config)# logging 172.10.1.0
(config)# end
# show logging
console logging is enable
logging buffer is enable
logging servers
172.10.1.0
.
.
# write memory
Building Configuration...
[OK]
#
To configure the log messages to display on telnet sessions, use the following commands:
Command Task
The following example configures the system log to display on telnet sessions:
# configure terminal
(config)# logging session enable
(config)# end
# write memory
Building Configuration...
[OK]
#
The following example shows how to configure the log message to be save in a file:
# configure terminal
(config)# logging file enable
(config)#
The following table describes the fields shown by the show logging buffer command:
No Description
n Date and time that the event occurred (month, date, hour:minute:second)
o System name
Upgrading Software
You can download the software for the modules on the Corecess S5 System from a remote TFTP
or FTP server. To download software from a remote TFTP or FTP server to the Corecess S5
System, perform this task:
Command Task
The following example shows how to download the image file from TFTP server and apply the
download file to the system.
This chapter describes how to configure the Gigabit Ethernet port, the Gigabit Ethernet PON port and ONU.
9 Profile 6-78
Configuring Gigabit Ethernet port
This section describes the basic configuration of the Gigabit Ethernet port, then how to
configure the Gigabit Ethernet port and monitor the ports.
Trap Disabled
Whenever the port configuration is changed, the changed configuration is applied immediately
to the system without the system rebooting or the command execution. Yet, if you want to keep
using the configuration after the system rebooting, the changed configuration should be saved
using the write memory command in Privileged mode.
All ports of the Corecess S5 System are enabled by default. To change administrative status
(disabling a port or reenabling a port), use the following command in Global configuration
mode:
Command Description
The following example shows how to disable the Gigabit Ethernet port 5/1.
The following example shows how to reenable the Gigabit Ethernet port 5/1.
The auto sensing function of the Gigabit Ethernet port is used to exchange flow control
parameter, fault information of remote ports and transfer mode information. By default, the
auto sensing function is enabled on the Gigabit Ethernet port of the Corecess S5 System.
Ports that are located in both ends of the Gigabit Ethernet link must have the same
configuration. If the configurations are different each other, the link can not be connected. The
following table shows connection state of link depending on state of the auto sensing function
on the Gigabit Ethernet port.
Off Off Up Up
On On Up Up
Off On Up Down
On Off Down Up
1
Local port : Gigabit Ethernet port of the local system
2
Remote port : Gigabit Ethernet port that is connected to the local port
To enable the auto sensing function of the Gigabit Ethernet port, use the following command in
Global configuration mode.
Command Task
port gigabitethernet
<slot>/<port> y <slot>/<port> slot number/port number
link-status auto
The following example shows how to enable the auto sensing function on the Gigabit Ethernet
5/1:
By default, the Gigabit Ethernet port on the Corecess S5 System can automatically match
transmission speed of the connected port. This function is called the auto-negotiation. The
maximum speed of the 10/100/1000Base-T port can be set as 10/100/1000Mbps by users
instead of auto-negotiation.
If the port speed is set as 10/100Mbps, full-duplex or half-duplex mode is operated. If the port
speed is set as 1000Mbps, only full-duplex is operated.
To change port speed and the transfer mode of the 10/100/1000Base-T port, use the following
commands.
Command Task
The following example shows how to change port speed and the transfer mode of the
10/100/1000Base-T port on the SCM module (5/1).
You can enable or disable flow control of a port, which manages traffic rates during congestion.
If a port experiences congestion and cannot receive any traffic, flow control notifies the other
port to stop transmitting until the condition clears.
By default, flow control is disabled on the ports of the Corecess S5 System. To change flow
control status, use the following command in Global configuration mode:
Command Task
y <slot>/<port> Port/Slot number
port gigabitethernet y <status> Flow control status
<slot>/<port> - on Enables flow control
flowctl <status> - off Disable flow control
- auto Auto-negotiation
The following example enables flow control on the Gigabit Ethernet port 5/1:
You can assign a name to each port. If you use connected device information as port names, you
can manage the devices easily.
To set a port name, use the following command in Global configuration mode:
Command Task
port gigabitethernet
y <slot>/<port> Slot/Port number
<slot>/<port>
y <port-name> Port name (Maximum: 32 character)
name <port-name>
The following example shows how to set the name of the Gigabit Ethernet port 5/1.
When port status is changed (up, down), a SNMP link trap is occurred, then the SNMP agent
notifies SNMP host or NMS of the trap occurrence.
By default, the SNMP link trap of the ports on the Corecess S5 System is disabled.
To set trap for a port, use the following command in Global configuration mode:
Command Task
The following example enables the SNMP link trap on the Fast Ethernet port 5/1:
The following example show information of all port on the Corecess S5 System using the show
port command.
# show port
Port Name Status Vlan FlwCtl Duplex Speed Type
----- --------------- ---------- ----- ------ ------ ------------- ----------
1/1 DEFAULT connected 1 off full 1000 1000BaseT
1/2 DEFAULT connected 1 off full 1000 1000BaseT
1/3 DEFAULT connected 1 off full 1000 1000BaseT
1/4 DEFAULT connected 1 off full 1000 1000BaseT
.
.
5/1 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
5/2 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
5/3 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
5/4 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
#
The table below describes the fields shown by the show port command:
Field Description
The following example show information of the Gigabit Ethernet port 5/1 using the show
port command.
If Index Logical ID
---------- ----------
4 257
access-type : transparent
Extension status
#
The table below describes the fields shown by the show port command with a port number:
Field Description
Field Description
Trap Whether to enable displaying trap messages of the port (enable, disable).
input runt Number of packet less then 64 byte without CRC error.
Note: The LIM-EP4G-GR module has four GE-PON chips to perform the E-PON OLT function for each Gigabit
Ethernet PON port. Thus, the configuring the Gigabit PON port is the same as the configuring the GE-PON chip.
Bandwidth 1000Mbps
x Level-0 : 1msec
Polling interval of the bandwidth x Level-1 : 4msec
x Level-2 : 8msec
Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But, if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.
y Upgrading Firmware
The Gigabit Ethernet PON (GE-PON) port is enabled by default. To change the operating status
of the Gigabit Ethernet PON port, use the following command in Global configuration mode:
Command Description
The following example shows how to disable the E-PON side of the Gigabit Ethernet PON port 2/1:
The following example shows how to enable the E-PON side and the Network side of the
Gigabit Ethernet PON port 2/1:
(config)# no port epon 2/1 disable all
(config)#
By default, the maximum bandwidth is not set to the Gigabit Ethernet PON (GE-PON) port of
the Corecess S5 System, thus the Gigabit Ethernet PON port use all of physical bandwidth to
transmit data. To configure the maximum bandwidth of the Gigabit Ethernet PON port, use the
following command in Privileged mode.
Command Task
Note: To disable the maximum bandwidth of the Gigabit Ethernet PON port, use no port epon
<slot>/<port> aggregated-bandwidth {upstream|downstream} command in Global
configuration mode.
The Corecess S5 System assigns all logical links of the Gigabit Ethernet PON port to one of three
bandwidth groups (level-0, 1, 2) automatically, and the Corecess S5 System controls the
bandwidth for each group.
y level-0 : Link that the minimum bandwidth and the maximum bandwidth are set to the same value
(sensitive from processing delay).
The bandwidth control applies only the upstream data and assigns the bandwidth to the
specific group depend on the configured polling interval. For example, if the polling interval is
2msec, the Corecess S5 System looks up the bandwidth every 2 msec to transmit the upstream.
If there is a appopriate bandwidth, the timeslot is assigned to the link to transmit the upstream.
By default, the polling intervals of the bandwidth group (level-0, 1, 2) are specified as each 1, 4
and 8msec. To change the polling interval of the bandwidth group, use the following command
in Privilege mode.
Command Task
2. Set the polling interval of the bandwidth group for the link of the
port epon <slot>/<port>
GE-PON port
dba polling-rate
y <slot>/<port> Slot/Port of the GE-PON port
<interval-0>
y <interval-0> Polling interval of level-0 group (0 ~ 4000msec)
<interval-1>
y <interval-1> Polling interval of level-1 group (0 ~ 4000msec)
<interval-2>
y <interval-2> Polling interval of level-2 group (0 ~ 4000msec)
The following example shows how to change the polling interval of the bandwidth group for
the link of the Gigabit Ethernet PON port 2/1 and verify the result.
Note: To clear the polling rate of the bandwidth group, use no port epon <slot>/<port> dba
polling-rate command in Global configuration mode.
By default, the maximum number of IGMP groups is ‘0’ not to operate the IGMP proxy function
on all Gigabit Ethernet PON ports.
To enable the IGMP proxy function on Gigabit Ethernet PON ports and specify the maximum
number of IGMP groups, use the following command in Privileged mode.
Command Description
The following example shows how to set the maximum number of IGMP group including the
Gigabit Ethernet PON port 2/1 and verify the result.
Specify the number and size of loopback packets before loopback test in the Gigabit Ethernet
PON port.
To execute the loopback test in the specific Gigabit Ethernet PON port, use the following
command in Privileged mode.
Command Description
The following example shows how to set parameters (number and size of packets) for the
loopback test and execute the loopback test on the link of the Gigabit Ethernet 2/1:
Note: If the loopback test is executed without the parameter setting, the following message is displayed.
To clear all MAC addresses (dynamic MAC address, static MAC address) learnt from the
Gigabit Ethernet PON port, use the following command in Privileged mode.
Command Description
The following example shows how to clear all MAC addresses learnt from the Gigabit Ethernet
PON port 2/1:
To reset the Gigabit Ethernet PON port, use the following command in Global configuration
mode.
Command Description
The following example shows how to reset the Gigabit Ethernet PON port 2/1:
Note: If the Gigabit Ethernet PON port is reset, the bandwidth and the VLAN mode information are maintained.
To restore the defult port configuration, use port epon <slot>/<port> restore command in
Global configuration mode.
To clear the configuration information of the Gigabit Ethernet PON port and restore the default
setting, use the following command in Global configuration mode.
Command Description
The following example shows how to restore the default setting of the Gigabit Ethernet PON port
2/1:
Caution: After executing restore command, all setting values that set to specific OLT(port) are changed to
default values; thus, confirm the configurations before excute restore command.
To clear the statistics information of the Gigabit Ethernet PON port, use the following
command in Global configuration mode.
Command Description
The following example shows how to clear the statistics information of the Gigabit Ethernet PON
port 1/.2:
Upgrading Firmware
You can upgrade the chip firmware of the Gigabit Ethernet PON port on the Corecess S5
System. To upgrade the firmware, use the following command in Privileged mode.
Command Description
show port epon 1. Check the image version of the GE-PON port.
<slot>/<port> information y <slot>/<port> Slot/Port number of the GE-PON port
show port epon <slot>/ 6. Verify the upgrading status of the firmware.
<port> upgrade-status y <slot>/<port> Slot/Port number of the GE-PON port
show port epon 10. Verify the image version of the GE-PON port.
<slot>/<port> information y <slot>/<port> Slot/Port number of the GE-PON port
The following example shows how to upgrade the firmware of the Gigabit Ethernet PON port 2/1:
done
# show flash config
Configuratin flash directory:
File Length (bytes) Name/status
----- --------------- -----------------------------------
1 493666 App3721Asic_R104_Amd16.tkf
2 615 startup-config
3 0 startup-config.sav
# configure terminal
(config)# port epon 2/1 upgrade firmware App3721Asic_R104_Amd16.tkf
100 percent download !. writing image to flash
It will take more than 20 second. Please wait..
(config)# end
# show port epon 2/1 upgrade-status
# configure terminal
(config)# port epon 2/1 reset
(config)# end
# show port epon 2/1 information
Not provide Vendor specific info!
mac addr IEEE OUI product code product version Firmware version
----------------- -------- ------------ --------------- ----------------
00:90:a3:21:50:00 0090a3 3721 060 0104
Caution: Frimware upgrade can not be executed on over two ports at the same time. If firmware upgrade is
being executed on a particuar port, excute show port epon <slot>/<port> upgrade-status
command, then verify upgrade result (‘success’ or ‘fail’ message) and proceed firmware upgrade.
To display the chip information of the Gigabit Ethernet PON port, use the following command
in Privileged mode.
Command Description
The following example shows how to display the chip information of the Gigabit Ethernet PON
port 1/2:
The table below describes the fields shown by the show port epon information command.
Field Description
To display the link information of the specific Gigabit Ethernet PON port, use the following
commands in Privileged mode.
Command Description
show port epon <slot>/<port> Display all registered links on the specified GE-PON port.
registered-link y <slot>/<port> Slot/Port of the GE-PON port
show port epon <slot>/<port> Display blocked links on the specified GE-PON port.
block-link y <slot>/<port> Slot/Port of the GE-PON port
The following example shows how to display all registered links on the Gigabit Ethernet PON port
2/1:
total : 6
#
The following example shows how to display blocked links on the Gigabit Ethernet PON port 2/1:
To display the statistics information of the Gigabit Ethernet PON port, use the following
command in Privileged mode.
Command Description
The following example shows how to display the downstream packet information of E-PON
side on the Gigabit Ethernet PON port 1/2:
The table below describes the fields shown by the show port epon counter command.
Field Description
To display parameter settings used for ONU registration, use the following command in
Privileged mode.
Command Description
The table below describes the fields shown by the show port epon discovery command.
Field Description
window size Time interval to decide whether or not the SLA setting of ONU is allowed
The Corecess S5 System supports the maximum of three links per an ONU and the maximum of
96 (32x3) per the Gigabit Ethernet PON port.
This section describes the basic configuration of the Gigabit Ethernet PON link and how to
configure the Gigabit Ethernet PON links between the Corecess S5 System and ONUs.
Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But, if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.
y Rediscovering link
Note: If you retrieve the LLID and MAC addresses of the Gigabit Ethernet PON link between the Corecess S5
System and OUNs, use show port epon <slot>/<port> registered-link command in
Privileged mode.
To decide the service level provided to subscribers, the following SLA (Service Level
Agreement) parameters should be configured.
To configure SLA parameters of the Gigabit Ethernet PON link, use the following command in
Global configuration mode.
Command Task
Caution: If the processing delay is set to sensitive, the minimum bandwidth and the maximum bandwidth
should be specified with the same value.
The following example shows how to configure SLA parameters of the specified link on the
Gigabit Ethernet PON port 2/1 and verify the result.
(config)# port epon 2/1 link-id 3700 down-bw 1000 1000 delay sensitive
(config)# port epon 2/1 link-id 3700 down-bw enable
(config)# end
# show port epon 2/1 link-id 3700 down-bw
min bw(Mbps) max bw(Mbps) delay max burst(KByte) state
------------ ------------ --------- ---------------- -------
1000 1000 sensitive 100 enable
#
Note: To clear the SLA parameter setting, use no port epon <slot>/<port> {link-
id|link-mac} {up-bw|down-bw} command.
By default, the Corecess S5 System encrypts frames, which communicated through links, using
128bit AES (Advanced Encryption Standard) algorithm, and the encryption key exchange timer
is not set.
To set the encryption key exchange timer for 128bit AES, use the following command in Global
configuration mode.
Command Task
The following example shows how to set the encryption key exchange timer to 10 seconds for
the specified link whose ID is 3700 on the Gigabit Ethernet PON port 2/1.
The following table describes how to add a static MAC address to a particular link.
Command Task
The following example shows how to add a static MAC address to the specified link whose ID
is 3700 on the Gigabit Ethernet PON port 2/1.
To block the transmission of the user traffic through a particular link of the Gigabit Ethernet
PON port, set the link not to be registered to the port.
To set a particular link not to be registered to the Gigabit Ethernet PON port, use the following
command in Global configuration mode.
Command Task
The following example shows how to set the link not to be registered to the Gigabit Ethernet
PON port 2/1 and verify the result:
Note: To set a particular link to be registered to the port, execute no port epon <slot>/<port>
{link-id <llid> | link-mac <link-mac>} block command in Global configuration
mode.
Rediscovering Links
To rediscover a particular link, use the following command in Global configuration mode.
Command Description
The following example shows how to rediscover a particular link on the Gigabit Ethernet PON
port 2/1:
To clear configuration information (VLAN mode, SLA parameter setting and so on) configured
on a particular link, use the following command in Global configuration mode.
Command Description
clear port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
{link-id <llid> | link-mac y <llid> Proper ID of link
<link-mac>} provision y <link-mac> MAC address of link
The following example shows how to clear the configuration information of the link whose ID
is 3701 on the Gigabit Ethernet PON port 2/1:
The Corecess S5 System provides dynamic or static MAC-based filtering and packet
classification function. The Corecess S5 System also supports several links (or logical links).
VLAN can be applied to several links which consist of a link or a broadcast domain (Shared
VLAN group). The Shared VLAN group works as a virtual bridge and is effective for multi-
service which provides reliable quality to each service. The downstream bridging is decided
depending on a VLAN or a combination of IPv4 TOS and DA fields.
The Corecess S5 System supports the maximum of three links per an ONU, which connected to
the Gigabit Ethernet PON port. Each link can be consisted of a bridging mode and be managed
independently. All ONU can classify packets by the filtering rule and send the classified packets
by the priority of queue.
The Gigabit Ethernet PON link of the Corecess S5 System can be consisted of nine types of the
bridging mode as follows:
y Simple Bridge
y Single VLAN
y Double-vlan
y Shared-vlan
y Transparent VLAN
y Translated-vlan
y Priority-vlan
y Priority-shared-vlan
y Cross-connect
This section describes how to configure various bridging modes on the Gigabit Ethernet PON
link.
In the Simple bridge mode, the Corecess S5 System works as a bridge, and ports are dividesd
into two types as follows:
y Network-side port: connects the Corecess S5 System to an upstream device such as an edge router or a
switch.
In the Simple bridge mode, an upstream frame can have a VLAN tag, but the system ignores the
VLAN tag. And a downstream frame has the VLAN tag also is dropped. The Simple bridge is
appropriate for applications that use the normal Ethernet bridge.
Upstream
A frame arrived to user-side ports is only forwarded to a network-side ports by their
destination address. At this moment, if the frame has destination addresses learnt from other
user-side port, the frame is droped. And, if the frame has a destination address which is not in
the address table, the frame is flooded to all network-side ports.
Downstream
A frame arrived to a network-side port is only forwarded to a user-side port. At this moment, if
the fame has a destination address which is not in the address table, the fame is flooded to all
network-side ports. When the fame is flooded to all user-side ports, the broadcast LLID is used.
By default, the Simple bridge mode is set on the Gigabit Ethernet PON link of the Corecess S5
System. To configure the Simple bridge mode on a particular Gigabit Ethernet PON link, use
the following command.
Command Description
The following example shows how to configure the 3700 link of the Gigabit Ethernet PON port 2/1
to Simple Bridge mode and verify the result.
In Transparent VLAN mode, the VLAN tag information of all forwarded frames is maintained.
Transparent VLAN mode is appropriate for applications that users use their own VLAN tag
value.
Upstream
Since downstream bridging is only decided by VID, it does not need to learn a destination
address of a upstream frame. All upstream frames arrived on links, which consist of transparent
VLAN, are forwarded.
Downstream
In Transparent VLAN, each link supports the maximum of 62 VLAN tags. When a downstream
frame that has tag value is arrived on the OLT’s uplink port, the OLT compares tag value of the
frame with tag value configured by a host, then OLT forwards the frame through the
Transparent VLAN link which has the same VID value. If a downstream frame does not have
tag value, OLT drops the downstream frame.
Port 4
To configure Transparent VLAN mode on the Gigabit Ethernet PON link, use the following
command in Global configuration mode.
Command Task
The following example shows how to configure the 3700 link of the Gigabit Ethernet PON port 2/1
to Transparent VLAN mode and verify the result.
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
Single VLAN mode removes a user defined VLAN tag before adding VLAN tag provided from
the network. Unlike Transparent VLAN mode, Single VLAN mode allows the network
administrator can control VLAN tags inserted to the core network.
Upstream
When a tagged upstream frame is arrived on the link configured Single VLAN, the frame is
forwarded after the tag is removed. If a tagged upstream frame has over one VLAN tag, the
outermost tag (the nearest tag of Layer 2 Source Address)is only removed. An upstream frame
that does not have a tag is simply forwarded.
EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4
VID=5
EPON 0
VID=2000 VID Link
2000 Link 0
Uplink 1 VID=2010 2010 Link 1
Corecess 3804T ONT - B
2004 Link 2
VID=2004 Port 1
EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3
Port 4
Downstream
If a tagged downstream frame is matched with a link configured to Single VLAN, the frame is
received by the uplink port of the OLT, and the tag is removed before the frame is forwarded to
the link. An untagged downstream frame is discarded.
EPON 0
ID=2000 VID Link
2000 Link 0
Uplink 1 ID=2010 2010 Link 1
Corecess 3804T ONT - B
2004 Link 2 Port 1
ID=2004
EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3
Port 4
To configure the Gigabit Ethernet PON link to Single VLAN mode, use the following command
in Global configuration mode.
Command Task
The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Single VLAN mode and verify the result.
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
Since Double VLAN mode maintains VLAN tag information that a user specifies, data of an
uplink port have over two VLAN tags. One is provided by the network, and another is specified
by a user. The outermost tag (the nearest tag of Ethertype field), assigned by the network, can
controls switching and traffic engineering. The other hand, the nearested tag, assigned by a
user, should be configured how to process it. In case of upstream, the tag is added by OLT. The
other hand, in case of downstream, the tag is discarded before transmited to subscribers.
EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4
VID=5
EPON 0
VID=2000, VID=5 VID Link
2000 Link 0
Uplink 1 VID=2010 2010 Link 1
Corecess 3804T ONT - B
2004 Link 2
VID=2004 Port 1
EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3
Port 4
To configure a particular link to Double VLAN mode, use the following command in Global
configuration mode.
Command Task
The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Double VLAN mode and verify the result.
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
Shared VLAN mode works as a virtual bridge, which divides PON to several broadcast
domain. Each broadcast domain consists of at least one link.
Shared VLAN mode can divide PON based on service types. For example, One Shared VLAN
can be used exclusively for voice traffic, and another VLAN can be used exclusively for data
service.
If a particular link is configured as Shared VLAN mode, the link is added to the Shared VLAN,
and a VLAN tag is assigned. All links configured the Shared VLAN with the same VLAN ID are
said to be members of the same Shared VLAN multicast group. Each Shared VLAN has a
broadcast channel, and the broadcast channel can isolate broadcast traffic of the same group
member from broadcast traffic of other links. There is no bound on the number of links
configured as a Shared VLAN, but two links with the same destination UNI port can not be
included in the same Shared VLAN.
Filtering and classification on OLT and ONU are used to support an additional security
function.
Upstream
When an upstream frame is received on a link of Shared VLAN, the OLT adds a VLAN tag
before forwarding the frame to the core network. OLT learns the destination address of the
upstream frame as dynamic MAC address filtering rule for downstream bridging.
EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4
EPON 0
VID=1
Link 0
VID=2 Link 1
Uplink 1
VID=1 Link 2
Corecess 3804T ONT - B
Link 3
VID=2 Port 1
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Port 4
Downstream
A tagged downstream frame identifying a Shared VLAN group is received by the OLT’s uplink
port, and the tag is removed before forwarding the frame. A downstream frame which can not
identify the destination address is broadcasted to Shared VLAN. These frames are forwarded to
all links of the Shared VLAN group, but are not forwarded to other links. If there is a certain
destination address, the frames are forwarded to the link.
EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT Multicast0
Multicast1 Port 4
EPON 0
VID=1 Link 0
VID=2
Link 1
Link 2
Uplink 1 VID=1
VID=2
Link 3
Corecess 3804T ONT - B
Multicast 0
VID=1 Port 1
Multicast 1
VID=2
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Multicast0
Multicast1 Port 4
To configure a particular link as Shared VLAN mode, use the following command in Global
configuration mode.
Command Task
The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Shared VLAN mode and verify the result.
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
Translated VLAN mode is used when the uniqueness of VLAN tags used by subscribers
connected to one EPON cannot be guaranteed, for example, in the case when VLAN tag values
are selected by the subscribers themselves. In Translated VLAN mode, an OLT changes a user
tag and unique LLID to 2-tuple and a network VLAN tag for each upstream frame. OLT also
changes a network VLAN to a user VLAN tag and a unique LLID for downstream frames.
Upstream
A tagged upstream frame is arrived on a user-side port, the OLT changes a non-unique tag to a
unique VLAN tag using the original VLAN tag and LLID field of the arrived frame. An
untagged upstream frame is discarded.
Port 4
Downstream
When an untagged downstream frame is received to an uplink port of OLT, the OLT changes
VLAN tag value to a new non-unique value which a user use, then selects each user-side port
based on the VLAN tag value of the frame. An untagged downstream frame is discarded.
Port 4
To configure the Gigabit Ethernet PON link to Translated VLAN mode, use the following
command in Global configuration mode.
Command Task
The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Translated VLAN mode and verify the result.
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
Priority VLAN mode uses the VID carried by the downstream frame to select a ONU and the
802.1p priority (VLAN CoS) field or IPv4 ToS field to select a particular link of that ONU. This
mode allows mapping of user-side priority information, such as the IP-precedence or TOS field,
into each link. The service class on network-side is decided depending on the VLAN priority.
Note: Links which is in the same ONU use the same VID values.
In downstream, switching is executed in two steps. The first step is that the VID is used to select
a link group. The second step is that the priority field is used to select the specific link of the
selected link group. The priority can be a value or continuous range of priority value such as (3
~ 5).
Note: If IPv4 ToS is used, one link should be configured to transmit non-IP (non ToS) frames. The link should be
only used for this purpose. This link normally has the lowest priority link and is only used for data
communication.
In upstream, the link which the frame is arrived is used to select VLAN tag (VID or upstream
CoS value). Upstream user tag is removed before forwarding similar to Single VLAN. A range
of priority value can be used in downstream, but only one priority field is used to select the
VLAN.
To configure the Gigabit Ethernet PON link as Priority VLAN mode, use the following
command in Global configuration mode.
Command Task
(Continued)
Command Task
Caution: If the three links which connected with a particular ONU are all configured as Priority VLAN, send-
non-tos field should be enabled in at least one link to transmit packets which do not have ToS field.
The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Priority VLAN mode and verify the result.
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
Priority Shared VLAN mode is similar to Shared VLAN mode except that all bits of the VLAN
tag are used to specify a VLAN as Priority VLAN. The VID is used to select a group of ONUs in
Priority Shared VLAN. The 802.1p priority field (CoS) is used to select a group of ONUs, and
IPv4 ToS field can be used as VLAN CoS.
In Priority Shared VLAN mode, IPv4 ToS is used for downstream bridging, and VLAN address
space is maintained using priority value which is used to identify a domain. Downstream
bridging can be decided as specifying the range in the case of IPv4 ToS value.
Note: If a particular link is configured as Priority VLAN mode, Check the priority range(0~7) for each VLAN.
For example, if a link of Priority Shared VLAN is configured as follows,
The traffic of VLAN 10 is not allowed because VLAN 10 and Priority 7 is not configured in any link. At this
occasion, the configuration should be changed to include all priority range as follows:.
Case 1:
Upstream
In upstream, links are associated with a particular VLAN depending on a combination of VID
and CoS value. When a frame is arrived on a link that is configured in Priority Shared VLAN,
the OLT inserts a VLAN tag that is the combination of the upstream CoS and VID value. The
OLT, as Shared VLAN mode, learns the L2 source address of upstream frames for dynamic
MAC filtering downstream.
EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Corecess S5 OLT
Port 4
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Port 4
Downstream
In downstream, forwarding decision is more complicated. The VID which is transmitted by the
frame is used to decide a subset of ONU UNI ports. The priority field (IPv4 ToS or VLAN CoS)
is used to select a smaller subset of link from the subset of UNI ports. The Layer 2 destination
address is used to select a particular link within the VLAN to forward the frame. If the
destination address is not learnt, the frame is broadcasted on the VLAN.
Note: There should be no links that have the same ONU UNI port in the same Shared VLAN.
Note: When the Priority Shared VLAN is configured, all LLID groups that have the same VID should be
configured such that they do not have the matching or overlapping priority ranges. Downstream forwarding is
decided by VID (or CoS) and ToS value. If LLID groups have the same priority, it can cause unexpected result.
Furthermore, all priority value within the downstream (ToS or CoS) range should be defined.
Note: If IPv4 ToS is used as the priority field, one link should be configured for forwarding non-IP frame. At this
time, this is usually the lowest priority link, and dedicates to data communications. To allow a link to forward
non-IP frames, the Tx-Non-ToSFrame option should be set to 1.
EPON 0 Queue 0
Port 2
Link 0 UNI
Link 1 Queue 1 Port 3
Multicast0
Corecess S5 OLT
Multicast1 Port 4
EPON 0
VID=1, Pri=0 Link 0
VID=1, Pri=1
Link 1
Link 2
Uplink 1 VID=1, Pri=0
VID=1, Pri=0
Link 3
Corecess 3804T ONU - B
Multicast 0
VID=1, Pri=0 Port 1
Multicast 1
VID=1, Pri=1
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Multicast0
Multicast1 Port 4
To configure the Gigabit Ethernet PON link as Priority Shared VLAN mode, use the following
command in Global configuration mode.
Command Task
Caution: If the three links which connected with a particular ONU are all configured as Priority VLAN, send-
non-tos field should be enabled in at least one link to transmit packets which do not have ToS field.
The following example shows how to configure the 3701 link of the Gigabit Ethernet PON port 2/1
to Priority Shared VLAN mode and verify the result.
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
In Cross-connect mode, two links are connected each other. Upstream traffic from one link is
switched to the downstream of the other link, and vice versa. None of the traffic from the cross-
connected links appears on the uplink side of the OLT. Only the two links involved in the cross-
connect can see the traffic.
Cross-connect mode is useful to create VPN pipe between two ONUs on the same PON.
To connect two Gigabit Ethernet PON links each other, use the following command in Global
configuration mode.
Command Task
The following example shows how to connect two Gigabit Ethernet PON links 2/1 each other and
verify the result.
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
To display bridging mode information of logical link, use the following command in Privileged
mode.
Command Description
The following example shows how to display bridging mode information of 3700 link on the
Gigabit Ethernet PON port 2/1.
To display VLAN tag information of link, use the following command in Privileged mode.
Command Description
The following example shows how to display VLAN tag information of 3700 link on the Gigabit
Ethernet PON port 2/1.
The table below describes the fields shown by the show port epon link-id tag-map
command.
Table 6-49 show show port epon link-id tag-map field decryption
Field Description
translated vlan When link is configured as translated VLAN, tag value to be changed.
To display bandwidth information of a logical link, use the following command in Privileged
mode.
Command Description
The following example shows how to display downstream bandwidth information of 3700 link
on the Gigabit Ethernet 2/1.
The table below describes the fields shown by the show port epon link-id command.
Field Description
To display statistics information of link, use the following command in Privileged mode.
Command Description
y <slot>/<port> Slot/Port number of the GE-PON port
show port epon <slot>/<port>
y <llid> Proper ID of logical link
{link-id <llid> | link-mac
y <link-mac> MAC address of logical link
<link-mac>} counter
y upstream Display upstream statistics information.
{upstream | downstream}
y downstream Display downstream statistics information.
The following example shows how to display downstream statistics information of 3700 link on
the Gigabit Ethernet PON port 2/1.
The table below describes the fields shown by the show port epon link-id counter
command.
Table 6-53 show show port epon link-id counter field description
Field Description
Configuring ONU
This section describes configuration of an ONU (Optical Network Unit) which is connected to
the Gigabit Ethernet PON port and how to configure and monitor an ONU.
x Number of link : 3
x Number of queue : 7
Upstream Queue
x Number of used queue : 1 (Queue-0)
x Size of used queue : 30Kbyte (Queue-0)
x Number of queue : 7
Downstream Queue x Number of used queue : 1 (Queue-0)
x Size of used queue : 22Kbyte (Queue-0)
Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But, if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.
Configuring ONU
This section describes ONU configuration.
y Restoring configuration
y Resetting ONU
y Upgrading firmware
By default, the ONU which is connected to the Gigabit Ethernet PON port is configured to be
operated. To change the operation status, use the following command in Global configuration
mode.
Command Description
The following example shows how to configure E-PON side of the number 1 ONU not to
operate on the Gigabit Ethernet PON port 2/1.
(config)#
The following example shows how to configure E-PON side of the number 1 ONU to operate on
the Gigabit Ethernet PON port 2/1.
You can register ONUs that have particular MAC addresses on the permission mode. The MAC
addresses are set through CLI. The Permission mode cannot be applied to a particular slot or
port, but only the whole system. To change to the permission mode, no ONUs are registered to
the Corecess S5 System.
To configure the permission mode and register ONUs that have particular MAC addresses,
execute the following tasks:
Command Task
The following example shows how to regiter an ONU that has address of 00:90:a3:15:04:a1 and
verify the result.
# configure terminal
(config)# onu-permission-mode on
(config)# port epon 1/1 permit 00:90:a3:15:04:a1
(config)# end
# show port epon 1/1 onu
index mac address product name attach allow profile
------ ----------------- --------------- ------ ----- --------------------
1 00:90:a3:15:04:a1 R1-OPT-S Yes Yes N/D
.
.
# show port epon 1/1 permit
id mac
--- -----------------
1 00:90:a3:15:04:a1
Note: To remove registered MAC address, use no port epon <port>/<slot> permit {<mac-
address> | <mac-address-id>} command.
To configure upstream queues, specify the maximum number of logic links first, then specify
the maximum number of queues and the size of queue for each logical link.
To configure the upstream queues of ONU, use the following command.
Command Description
Command Description
The following example shows how to configure three upstream queues to be used at the first
link (link0) of number 1 ONU on the Gigabit Ethernet PON port 2/1 and set the size of each
queue to 12Kbyte, 7Kbyte and 5Kbyte.
In the Corecess S5 System, it is already defined which link will be used to send data to an ONU.
Thus, unlike upstream queue, only the maximum number of queue and the size of queue can be
set for downstream queue. To configure the downstream queue, use the following commands.
Command Task
The following example shows how to configure three downstream queues to be used at the first
link (link0) of number 1 ONU on the Gigabit Ethernet PON port 2/1 and set the size of each
queue to 12Kbyte, 7Kbyte and 5Kbyte.
(config)# port epon 2/1 onu index 1 down-queue max 2 20 20 0 0 0 0
(config)# end
# show port epon 2/1 onu index 1 queue
upstream queue0(KB) queue1 queue2 queue3 queue4 queue5
-------- ---------- ------ ------ ------ ------ ------
Link 0 30 0 0 0 0 0
Link 1 30 0 0 0 0 0
Link 2 30 0 0 0 0 0
In the Corecess S5 System, packets from ONU are classified by a particular rule, and the link
(upstream) and the queue (both upstream and downstream) for forwarding the classified
packets are specified. Because of these reasons, the Corecess S5 System provides different
services for each packet.
To configure the classification rule and the queue, use the following commands.
Command Task
(Continued)
Command Task
port epon <slot>/<port> 3. Set forwarding queue of packet which matched with the
onu {index <index> | mac classification rule
<mac>} up-class forward y <slot>/<port> Slot/Port number of the GE-PON port
<link> queue <queue-number> y <index> Index number of ONU
<priority> y <mac> MAC address of ONU
y up-class forward Specify forwarding queue of
upstream.
port epon <slot>/<port> y down-class forward Specify forwarding queue of
onu {index <index> | mac upstream.
<mac>} down-class forward y <link> Logical link to forward upstream packet (link-0,
queue <queue-number> link-1, link-2)
<priority> y <queue-number> Number of forward queue (0 ~ 5)2
y <priority> Priority of packet classification rule (4 ~ 6) 3
The following example shows how to classify packets that have a link index field in the
downstream packets and forward the packets through the number 0 queue.
(config)# port epon 2/1 onu index 1 down-class rule link-index 0 field-exist
(config)# port epon 2/1 onu index 1 down-class forward queue 0 4
(config)# end
# show port epon 2/1 onu index 1 down-class
queue priority field lookup value operation
----- -------- -------------- -------------------- -------------------------
0 4 link-index 0x000000000000 match when field exist
#
The following example shows how to classify the downstream packets which is forwarded from
the Gigabit Ethernet PON port 2/1 to ONU. The downstream packets have a link index field,
and IP-precedence field value is not 2. The packets are forwarded through the number 1 queue.
(config)# port epon 2/1 onu index 1 down-class rule link-index 0 field-exist
(config)# port epon 2/1 onu index 1 down-class rule ip-precdence 2 not-equal
(config)# port epon 2/1 onu index 1 down-class forward queue 1 4
(config)# end
# show port epon 2/1 onu index 1 down-class
queue pri field lookup value match condition
----- -------- ------------ --------------------- ------------------------
1 4 link-index 0 field exist
ip-prec 2 not equal to
#
The following example shows how to classify upstream packets which is forwarded from ONU
to the Gigabit Ethernet PON port 2/1. The upstream packets have less 234 of VLAN ID and are
forwarded through first link (link-0).
(config)# port epon 2/1 onu index 1 up-class rule vid 234 less-than-or-equal
(config)# port epon 2/1 onu index 1 up-class forward link-0 queue 1 6
(config)# end
# show port epon 2/1 onu index 1 up-class
queue pri field lookup value operation
----- ---------- ---------- ----------------------- ------------------------
1 6 vid 234 less-or-equal
#
To configure the Ethernet port of ONU connected with the Corecess S5 System, use the
following commands.
Note: Description of this section is only applied when the Corecess S5 System is connected to the Corecess
3804T. If the Corecess S5 System is connected to the Corecess R1-SW24L2B, you can skip the command
description of this section.
Command Description
Command Description
3 Set bandwidth of the ONU Ethernet port.
y <slot>/<port> Slot/Port number of the GE-PON port
port epon <slot>/<port> onu y <mac> MAC address of ONU
mac <mac> port <number> y <number> Number of Ethernet port (1 ~ 4)
ratelimit {ingree | egress} y ingress Set the maximum receiving speed.
<rate> <burst-rate> y egress Set the maximum sending speed.
y <rate> maximum sending/receiving speed
y <burst-rate> Size of burst traffic
3 Set the transfer speed of the ONU Ethernet port.
y <slot>/<port> Slot/Port number of the GE-PON port
port epon <slot>/<port> onu
y <mac> MAC address of ONU
mac <mac> port <number>
y <number> Number of Ethernet port (1 ~ 4)
speed {10 | 100}
y 10 10Mbps
y 100 100Mbps
The following example shows how to configure number 1 Ethernet port of number 1 ONU
connected to the Gigabit Ethernet PON port 2/1 and verify the result.
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 duplex full
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 speed 100
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 maclimit 64
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 userpri 1
(config)# end
# show port epon 2/1 onu mac 54:4b:37:01:1a:01 port
port onu port status flwctl dupx speed link-conf adm macn macl
----- ------------ ---- ------ ------ ---- ----- ------------ --- ---- ----
2/ 1 544b37011a01 1 conn off full 100 100-full-off en 0 64
2/ 1 544b37011a01 2 conn off half 10 auto en 0 0
2/ 1 544b37011a01 3 conn off half 10 auto en 0 0
2/ 1 544b37011a01 4 conn off half 10 auto en 0 0
#
By default, the maximum number of MAC address learnt from ONU is 64. To change the
maximum number of MAC address, use the following commands.
Command Description
The following example shows how to the maximum number of MAC address learnt from the
number 1 ONU connected to the Gigabit Ethernet PON port 2/1 and verify the result.
To clear all dynamic MAC address learnt from ONU and verify the result, use the following
command in Privileged mode.
Command Description
clear port epon Clear all dynamic MAC address learnt from ONU.
<slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | y <index> Index number of ONU
mac <mac>} dynamic y <mac> MAC address of ONU
The following example show how to clear all dynamic MAC address learnt the number 1 ONU
and verify the result.
Restoring Configuration
Command Description
The following example shows how to restore the configuration of the number 1 ONU connected
to the Gigabit Ethernet PON port 2/1:
Resetting ONU
To reset the ONU on the Gigabit Ethernet PON port, use the following command.
Command Description
The following example shows how to reset the number 1 ONU connected to the Gigabit Ethernet
PON port 2/1.
To clear the statistics information of the ONU, use the following command in Privileged mode.
Command Description
clear port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | mac <mac>} y <index> Index number of ONU
counter y <mac> MAC address of ONU
The following example shows how to clear the statistics information of the number 1 ONU
connected to the Gigabit Ethernet PON port 2/1:
Upgrading Firmware
In the Corecess S5 System, the firmware of the ONU can be upgraded. To upgrade the firmware
of the ONU, download the latest version of the firmware from TFTP or FTP server to the flash
memory of the Corecess S5 System.
To upgrade the firmware of the ONU, use the following command in Privileged mode.
Command Description
copy {tftp <host-ip> | 2. Download firmware image file form TFTP or FTP server
ftp <host-ip> [id y <host-ip> IP address of TFTP or FTP server.
<login-id> passwd y <login-id> login ID
<password>]} flash y <password> login password of FTP server
config <file-name> y <file-name> Image file name
show port epon <slot>/ 7. Check the upgrade status of the specified ONU.
<port> onu {index y <slot>/<port> Slot/Port number of the GE-PON port
<index> | mac <mac>} y <index> Index number of ONU
upgrade status y <mac> MAC address of ONU
The following example shows how to upgrade the firmware of the number 1 ONU connected to
the Gigabit Ethernet PON port 2/1:
Monitoring ONU
This section describes how to monitor configuration information and statistics information of
the ONU connected to the Gigabit Ethernet PON port.
To display index numbers and MAC addresses of all ONUs connected to the Gigabit Ethernet
PON port, use the following command in Privileged mode.
Command Description
The following example shows how to display index numbers and MAC addresses of all ONUs
connected to the Gigabit Ethernet PON port 2/1:
Note: When an ONU is registered, a fixed index number is assigned to ONU. To remove the index number, use
no port epon <slot>/<port> onu-index <index-number> command in Global configuration
mode. If a paticular ONU has already been registered, index number cannot be removed.
To display configuration information of the ONU connected to the Gigabit Ethernet PON port,
use the following command in Privileged mode.
Command Description
show port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | mac y <index> Index number of ONU (1 ~ 32)
<mac>} information y <mac> MAC address of ONU
The following example shows how to display configuration information of the number 1 ONU
connected to the Gigabit Ethernet PON port 2/1:
The table below describes the fields shown by the show port epon onu information
command.
Field Description
To display statistics information of the ONU connected to the Gigabit Ethernet PON port, use
the following command in Privileged mode.
Command Description
The following example shows how to display statistic information of the number 1 ONU
connected to the Gigabit Ethernet PON port 2/1:
The table below describes the fields shown by the show port epon onu counter command.
Field Description
Profile
Localhost # con t
Localhost (config) # epon-llid-profile test
Localhost (config-epon-llid-profile) # up-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # down-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # token 16
Localhost (config-epon-llid-profile) # end
Localhost # conf t
Localhost (config) # port epon 1/1 link-id 3700 profile tests
Or
Localhost # conf t
Localhost (config) # port epon 1/1 link-mac 0090a3112233 profile test
Localhost # conf t
Localhost (config) # port epon 1/1 link-all profile test
Localhost # conf t
Localhost (config) # no port epon 1/1 link-id 3700 profile tests
Or
Localhost # conf t
Localhost (config) # no port epon 1/1 link-mac 0090a3112233 profile
test
Localhost # conf t
Localhost (config) # no port epon 1/1 link-all profile test
Setting confirmation
FunctionSummary
y EPON must specify whether is going to apply profile to some Link because ONT/ONU that have multiple
LLID at specification ONT/ONU registration because support multiple LLID basically can be registered.
Therefore, you establish 'Link-index' item at profile creation. Multiple link is possible to 0 ~ 4.
Localhost # con t
Localhost (config) # epon-llid-profile allLinkDef
Localhost (config-epon-llid-profile) # up-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # down-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # token 16
Localhost (config-epon-llid-profile) # Default enable
Localhost (config-epon-llid-profile) # Link-index 0
when attached link, this is applied automatically., so special command does not need.
Localhost # conf t
Localhost (config) # no port epon 1/1 link-id 3700 profile defaults
Or
Localhost # conf t
Localhost (config) # no port epon 1/1 link-mac 0090a3112233 profile
default
Setting confirmation.
Localhost # con t
Localhost (config) # epon-llid-profile allLinkDef
Localhost (config-epon-llid-profile) # default disable
Localhost (config-epon-llid-profile) # end
Localhost #
Restriction Items:
y You can not create profile name over 15 length character.
Localhost # con t
Localhost (config) # epon-onu-profile test
Localhost (config-epon-onu-profile) # port 1 admin disable
Localhost (config-epon-onu-profile) # end
ONU profileApplication
Localhost # conf t
Localhost (config) # port epon 1/1 onu index 1 profile test
Or
Localhost # conf t
Localhost (config) # port epon 1/1 onu mac 0090a3112233 profile test
Localhost # conf t
Localhost (config) # port epon 1/1 onu all profile test
Localhost # conf t
Localhost (config) # no port epon 1/1 onu index 1 profile test
Or
Localhost # conf t
Localhost (config) # no port epon 1/1 onu mac 0090a3112233 profile
test
Localhost # conf t
Localhost (config) # no port epon 1/1 onu all profile test
Setting confirmation
Function Summary
Localhost # con t
Localhost (config) # epon-onu-profile onuDef
Localhost (config-epon-onu-profile) # port 1 admin disable
Localhost (config-epon-onu-profile) #Default enable
Localhost (config-epon-onu-profile) #Product CC3804TN
Localhost # conf t
Localhost (config) # no port epon 1/1 onu index 1 profile default
Or
Localhost # conf t
Localhost (config) # no port epon 1/1 onu mac 0090a3112233 profile
default
Default ONU profile deletion to all ONU that is registered on specific port.
Localhost # conf t
Localhost (config) # no port epon 1/1 onu all profile default
Setting confirmation
Localhost # con t
Localhost (config) # epon-onu-profile onuDef
Localhost (config-epon-llid-profile) # default disable
Localhost (config-epon-llid-profile) # end
Localhost #
This Chapter describes how to create/clear VLAN and add/clear port to VLAN. This chapter also describes
how to configure VLAN interface.
VLAN Configuration
Default Configuration
The table below shows the default VLAN configuration for the Corecess S5 System:
Parameter Default
VLAN ID 1
IP address 0.0.0.0
Tag Untagged
After modifying the default VLAN configuration, modified configuration will be applied
immediately without rebooting system or using additional command. To maintain the modified
configuration after rebooting the system, save the configuration using write memory
command in Privileged mode.
You can configure VLAN on the Corecess S5 System using the following procedures:
2. Create VLAN
3. Assign ports to the defined VLAN (or clear ports from VLAN).
4. Save the VLAN configuration and apply the configuration to the system.
Creating VLANs
In the factory default configuration, VLAN support is enabled and all the ports are only in the
Corecess S5 System physical broadcast domain, which is given the name DEFAULT. You can
partition the Corecess S5 System into multiple virtual broadcast domains by adding one or
more additional VLANs and moving ports from the default VLAN to the new VLANs. Because
the default VLAN permanently exists in the Corecess S5 System, adding new VLANs results in
multiple VLANs existing in the Corecess S5 System.
VLAN is distinguished ID from other VLANs. VLAN ID and name can be specified by user.
The range of VLAN ID can be properly selected from 2 to 4094. Defining VLAN does not mean
that broadcast domain is created. When defined VLANs are added in ports, broadcast domain
is created with defined VLANs. Default VLANs in the system can not be removed, and
ID/VLAN name can not be changed.
Command Task
2. Define VLAN.
vlan id <vlan-id>
y <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>
y <vlan-name> VLAN name
# configure terminal
(config)# vlan id 2 name test
(config)# end
# show vlan
VLAN Name Status Slot/Ports
---- ---------------- -------- ------------------------------------
1 DEFAULT active 1/1-4
2/1-4
3/1-4
4/1-4
5/1-4
2 test active
To delete a VLAN, use the no vlan command in Global configuration mode. The following
example deletes the VLAN whose id is 2:
(config)# no vlan id 2
(config)#
You should add ports that belong to the same broadcast domain to a VLAN after defining a
VLAN. When ports are assigned to a VLAN, a broadcast domain with assigned ports is created.
If you add ports belonging to the default VLAN to other VLAN, the ports are deleted from the
default VLAN and are added to other VLAN.
To add ports to a VLAN, use the following commands.
Commands Task
The following example shows how to add the Gigabit Ethernet port 5/4 to the VLAN that the
ID is 2:
# configure terminal
(config)# vlan id 2 port gigabitethernet 5/4
(config)# end
# show vlan id 2
VLAN Name Status Slot/Ports
---- ---------------- -------- ------------------------------------
2 test active 5/4
To remove ports from a VLAN, use no vlan command in Global configuration mode. The
following example shows how to remove the Gigabit Ethernet port 5/4 from the VLAN that
name is ‘test’.
Commands Task
This example shows how to specify the IP address of the VLAN whose id is ‘1’:
You can specify another IP address to a VLAN. This is called ‘secondary’ IP address. Secondary
IP address is useful that the number of hosts is more than the number of IP addresses.
To specify the secondary IP address to the VLAN, use the following command in Global
configuration mode:
Commands Task
This example shows how to specify the secondary IP address of the VLAN whose id is ‘1’:
# configure terminal
(config)# interface vlan id 1
(config-if)# ip address 172.25.1.100/16 secondary
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
If 802.1Q trunk is applied, the devices can share their VLANs. Because a switch generally does
not know VALN information of other switch, the switch can not share VALN. Thus, nodes that
connected to several devices can not be configured to be included in the same VLAN. In this
occasion, if traffic that has VLAN information is transmitted by 802.1Q trunk, because the
switch that receives traffic recognizes VLAN information and can forward traffic to the
corresponding VLAN, VLANs can be shared between switches.
802.1Q truck is generally used for VPN (Virtual Private Network).
To configure trunk ports for 802.1Q tunneling, use the following commands.
Commands Task
If 802.1Q trunk port is configured on the Corecess S5 System as above, traffic is transmitted
through the tunnel between 802.1Q trunk port of the connected neighbor device and the
Corecess S5 System. Traffic is also received from 802.1Q trunk port that is defined on the
Corecess S5 System. The trunk port that received traffic does not remove 802.1Q tag of the
traffic header but forward all received 802.1Q traffic to the VLAN that has the trunk port
instead.
The VLAN that has the trunk port transmits the subscriber traffic to other neighbor device that
is included in the VLAN of the trunk port. When the traffic reaches to the final destination,
802.1Q tag is removed, traffic is removed from the tunnel.
The following example shows how to specify 802.1Q trunk port and verify the result.
# configure terminal
(config)# vlan id 2 port gigabitethernet 5/1,5/2
(config)# dot1q port gigabitethernet 5/1 tag 1-2
(config)# end
# show dot1q
Port allowed 802.1q VLAN TAGs
-------- -----------------------------------------------------------------
5/1 1-2
# show dot1q port gigabitethernet 5/1
Port PVID Acceptable frame types Ingress filter
---------- ---- ---------------------- --------------
5/1 2 all off
Port allowed 802.1q Vlans
-------- -----------------------------------------------------------------
5/1 1-2
#
The following example shows how to enter Interface configuration mode to configure VLAN
interface that ID is 1.
You have entered interface configuration mode when the prompt changes to (config-if)#.
You can configure the followings of the VLAN interface on Interface configuration mode:
Note: To specify the IP address of the VLAN interface, refer to Assigning the IP address of a VLAN section
in this chapter.
Parameter Description
OSPF supports three methods of authentication for each interface—none, simple
password, and MD5.
y None : Send/Receive OSPF routing packet without any authentication mode.
y Simple Password : The simple password method of authentication requires you
to configure an alphanumeric password on an interface. The simple password
setting takes effect immediately. All OSPF packets transmitted on the interface
Authentication contain this password. Any OSPF packet received on the interface is checked
Mode for this password. If the password is not present, then the packet is dropped.
y MD5 : The MD5 method of authentication requires you to configure a key ID
and an MD5 Key. The key ID is a number from 1 – 255 and identifies the MD5
key that is being used. The MD5 key can be up to sixteen alphanumeric
characters long.
Only one method of authentication can be active on an interface at a time. The
default authentication value is none, meaning no authentication is performed.
In Simple Password authentication method, the key can be up to eight characters
Authentication long. In MD5(Message Digest) authentication method, the key ID is a number from
Key 1 – 255 and identifies the MD5 key that is being used. The MD5 key can be up to
sixteen alphanumeric characters long.
The overhead required to send a packet across an interface. You can modify the cost
to differentiate between 100 Mbps and 1000 Mbps (1 Gbps) links. The default cost is
Cost calculated by dividing 100 million by the bandwidth. For 10 Mbps links, the cost is
10. The cost for both 100 Mbps and 1000 Mbps links is 1, because the speed of 1000
Mbps was not in use at the time the OSPF cost formula was devised.
The number of seconds that a neighbor router waits for a hello packet from the
dead-interval current router before declaring the router down. The value can be from 1 – 65535
seconds. The default is 40 seconds.
The length of time between the transmissions of hello packets. The value can be
hello-interval
from 1 – 65535 seconds. The default is 10 seconds.
The time between retransmissions of link-state advertisements (LSAs) to adjacent
retransmit-
routers for this interface. The value can be from 0 – 3600 seconds. The default is 5
interval
seconds.
The time it takes to transmit Link State Update packets on this interface. The value
transmit-delay
can be from 0 – 3600 seconds. The default is 1 second.
network The OSPF network type. The default network type is broadcast.
The priority allows you to modify the priority of an OSPF router. The priority is
used when selecting the designated router (DR) and backup designated routers
Priority
(BDRs). The value can be from 0 – 255. The default is 1. If you set the priority to 0,
the Corecess S5 System does not participate in DR and BDR election.
In simple Password authentication method, a particular key is specified for each area. Routers
in the same area should use the same key. This method has a disadvantage that the key can be
disclosed because the key is not encrypted.
To set simple authentication key and password authentication method, use the following
commands.
Command Task
area <area-id>
6. Set simple password authentication method in the specified area.
authentication
The following example shows how to set simple password authentication method.
To remove the key of the specified simple password authentication method, use no ip ospf
authentication-key command.
MD5 (Message Digest) authentication assign a key and key identifier to each router. The router
makes authentication information(Message digest) using OSPF packets, key, and key identifier.
This authentication information will be appended to OSPF packets and sent.
In general, one key is used per interface to generate authentication information when sending
packets and to authenticate incoming packets. The same key identifier on the neighbor router
must have the same key value.
The following example shows that the new MD5 password is added over the existing MD5
password.
The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It
sends multiple copies of the same packet, each authenticated by different keys. In this example,
the system sends out two copies of the same packet—the first one authenticated by key 100 and
the second one authenticated by key 101.
Then, only key 101 is used for authentication on the interface eth1. We recommend that you not
keep more than one key per interface. Every time you add a new key, you should remove the
old key to prevent the local system from continuing to communicate with a hostile system that
knows the old key. Removing the old key also reduces overhead during rollover.
The following example sets a new key 100 with the password mypasswd on interface vlan1:
Each interface can have only one cost in the Corecess S5 System. The cost of OSPF interface is
calculated by the following formula depending on interface bandwidth.
If interface cost using above formula is not preferable to be used to user network, use ip ospf
cost command to specify cost to each interface in Interface configuration mode.
Command Description
The following example sets the cost value of a VLAN interface to 10:
Specifying Dead-Interval
Dead-interval indicates the number of seconds that a neighbor router waits for a hello packet
from the current router before declaring the router down. The value can be from 1 - 65535
seconds. The default is 40 seconds.
Command Description
ip ospf dead-interval y <seconds> Unsigned integer that specifies the interval in seconds;
<seconds> the value must be the same for all nodes on the network (1 ~ 65535)
Specifying Hello-Interval
Hello-interval represents the length of time between the transmissions of hello packets. The
value can be from 1 - 65535 seconds. The default is 10 seconds. To specify the hello-interval, use
the following commands in Interface configuration mode:
명령 설명
The following example sets the interval between hello packets to 15 seconds:
Command Description
The following example sets the retransmit-interval value of the interface vlan1 to 8 seconds:
Transmit delay is the time it takes to transmit Link State Update packets on the interface. The
value can be from 1 - 65535 seconds. The default is 1 second. To specify the transmit delay, use
the following commands in Interface configuration mode:
Command Description
ip ospf ospf transmit- y <seconds>: Time in seconds that it takes to transmit a link state
delay <seconds> update (1 ~ 65535).
The following example sets the retransmit-delay value of the interface vlan 1 to 3 seconds:
Specifying Priority
Priority allows you to modify the priority of an OSPF router. The priority is used when
selecting the designated router (DR) and backup designated routers (BDRs). The value can be
from 0 - 255. The default is 1. If you set the priority to 0, the system does not participate in DR
and BDR election.
To set the router priority, use the following commands in Interface configuration mode:
Command Description
The following example sets the router priority value to 4 of the interface vlan1:
Parameter Description
Hello Padding Enables or disables hello padding for IS-IS hello packets.
Hello Multiplier Specifies the hello multiplier for calculating the hold time.
LSP interval Configures the delay between successive IS-IS link state packet transmissions
Configures the number of seconds between retransmission of IS-IS LSPs for
Retransmit Interval
point-to-point links.
Mesh Group Creates a mesh group and designate that an interface is part of the group.
Metric Configure a cost for a specified interface.
Password Configures a password for a specified interface.
Priority Configures the priority of designated router (DR).
Note: Most interface configuration commands can be configured independently from other attached routers.
But the isis password command should configure the same password on all routers on a network.
You specify the IS-IS level on a per-interface basis, and the Corecess S5 System becomes
adjacent with other routers on the same level on that link only. The Corecess S5 System
supports the following IS-IS levels:
• Level-1
Establish a Level 1 adjacency if there is at least one area address in common between this
system and its neighboring systems. If Level 1 is set, this interface cannot support Level 2
adjacencies.
• Level-1-2
Establish a Level 1 and Level 2 adjacency if a neighboring system is also configured as a Level
-1-2 and there is at least one area address in common. If there is no area address in common, a
Level 2 adjacency is established.
• Level-2-only
Establish a Level 2 adjacency if the neighboring system is configured as a Level 2-only router.
To configure the type of IS-IS adjacency for an interface, enter the isis circuit-type
command in Interface configuration mode:
Command Description
The following example shows how to configure the VLAN interface to support a Level-2
adjacency:
Note: Normally, this command does not need to be configured. Only on routers that are between areas (Level
1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending
out unused Level 1 hellos. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same
packet.
All IS-IS routes have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. The cost is an arbitrary, dimensionless integer that can be from 1 through 63. The
default metric value is 10.
To modify the default value, enter the isis metric command in Interface configuration
mode:
Command Description
The following example shows how to configure the default metric for the VLAN interface:
Note: If no level is specified, the isis metric command configures the metric for level-1 routing only.
On broadcast networks, designated routers send complete sequence number PDU (CSNP)
packets to maintain database synchronization. The CSNP interval timer is the number of
seconds between transmissions of CNSP packets from this interface.
The CSNP interval is configured independently for Level 1 and Level 2. This feature does not
apply to point-to-point interfaces. To modify the CSNP interval, enter the csnp-interval
command in Interface configuration mode.
Command Description
The following example shows how to configure the transmission interval for CSNP packets:
To modify how often the system sends hello packets out of an interface, enter the isis
hello-interval command in Interface configuration mode.
Command Description
The following example shows how to configure the VLAN interface to advertise hello packets
every 5 seconds:
If the minimal keyword is specified, the hold time is 1 second and the system computes the
hello interval based on the hello multiplier as follow:
The hello multiplier determines the total holding time transmitted in the IS-IS hello packet.
Holding time is the time a neighbor waits for another hello packet before declaring the neighbor
is down.
The hello interval times multiplied by the hello multiplier equals the hold time. If the hello
interval is 10 seconds and the hello multiplier is 3, the hold time is 30 seconds.
To modify the hello multiplier, enter the isis hello-multiplier command in Interface
configuration mode.
Command Description
The following example configures the hello interval and hello multiplier to 6 and 10. As the
result, an adjacency will go down only when many (10) hellos are missed and the total time to
detect link failure is 60 seconds.
Padding adds extra characters to the hello packets so that all packets sent out by Is-IS have the
maximum sized data payload.
To enable hello padding for IS-IS hello packets, enter the isis hello padding command in
Interface configuration mode as follows:
To configure the time delay between successive IS-IS link state packet transmissions, enter the
isis lsp-interval command in Interface configuration mode.
Command Description
isis lsp-interval y <milliseconds>: Time delay between successive link state packets.
<milliseconds> Valid values are 1 ~ 4294967295.
The default LSP interval is 33 milliseconds. The following example configures the LSP interval
to 100 milliseconds (10 packets per second) on the VLAN interface:
To configure the amount of time between retransmission of each IS-IS LSP on a point-to-point
link, enter the isis retransmit-interval command in Interface configuration mode.
Command Description
The following example shows how to configure the LSP retransmit interval to 60 seconds:
A mesh group is a set of routers that are fully connected; that is, they have a fully meshed
topology. When LSP packets are being flooded throughout an area, each router within a mesh
group receives only a single copy of an LSP packet instead of receiving one copy from each
neighbor, thus minimizing the overhead associated with the flooding of LSP packets.
To create a mesh group and designate that an interface is part of the group, enter the isis
mesh-group command in Interface configuration mode.
Command Description
In the following example show how to configure the VLAN interfaces to be a member of the
mesh group 3:
You can prevent unauthorized routers from forming adjacencies with the Corecess S5 System,
and thus protects the network from intruders.
To configure the authentication password for an interface, enter the isis password
command in Interface configuration mode.
Command Description
y <string>: Authentication password you assign for an interface.
isis password y level-1: Configures the authentication password for Level 1
<string> [level-1 | independently.
level-2] y level-2: Configures the authentication password for Level 2
independently.
The priority is used to determine which router on a LAN will be the designated router (DR) or
Designated Intermediate System (DIS). The priorities are advertised in the hellos. The router
with the highest priority will become the DIS. In the case of equal priorities, the highest MAC
address breaks the tie.
To configure the priority of DR, enter the isis priority command in Interface configuration
mode.
Command Description
isis priority y <priority> The priority of a router and is a number from 0 to 127.
<priority> y level-1 Sets the priority for Level 1 independently.
[level-1 | level-2] y level-2 Sets the priority for Level 2 independently.
The following example shows how to set the priority level to 80:
Parameters Description
RIP supports two methods of authentication for each interface— simple password
and MD5. Only one method of authentication can be active on an interface at a time.
• The simple password method of authentication requires you to configure an
alphanumeric password on an interface. The simple password setting takes effect
immediately. All OSPF packets transmitted on the interface contain this password.
authentication
Any OSPF packet received on the interface is checked for this password. If the
mode
password is not present, then the packet is dropped. The password can be up to
eight characters long.
• The MD5 method of authentication requires you to configure a key ID and an MD5
Key. The key ID is a number from 1 – 255 and identifies the MD5 key that is being
used. The MD5 key can be up to sixteen alphanumeric characters long.
Split Horizon function is that the same route information can not be transmitted to
Split Horizon
the interface if route information is received form a particular interface.
RIP version 2 provides authentication function to check receiving routing information is secure.
RIP does not add a new field to packets for authentication, but uses the first entry of message as
authentication key. RIP specifies key chain as the key to be used for authentication. Key chain is
a group of keys. If key chain is specified for each interface, the key of key chain is used when
authentication proceeds.
There are two authentication mode-Simple password and MD5. By default, simple password
mode is used. In Simple password mode, the key is transmitted without any encryption. Thus,
if authentication is used for security, the mode is inappropriate. In MD5 authentication mode,
the key is encrypted to “message digest” using MD5 algorithm, then the message digest is
transmitted instead of the key.
Command Task
ip rip authentication
4. Specify MD5 authentication mode.
mode md5
To authenticate RIP packets with MD5 authentication mode, specify the type of key to use for
authentication using ip rip authentication key-chain command. Then, specify which
authentication mode will used between simple password and MD5. By default, simple
password authentication mode is specified.
# configure terminal
(config)# key chain corecess
(config-keychain)# key 1
(config-keychain-key)# key-string 234
(config-keychain-key)# exit
(config-keychain)# exit
(config)# interface vlan id 1
(config-if)# ip rip authentication key-chain corecess
(config-if)# ip rip authentication mode md5
If you cancel the specified authentication mode and back to the default, use no ip rip
authentication mode command. And, if you cancel the key chain that is used for
authentication, use no ip rip authentication key-chain command.
Command Task
ip rip authentication
4. Specify simple password authentication mode.
mode text
The following example shows how to set simple password authentication method.
To remove the key of the specified simple password authentication method, use no ip rip
authentication-key command.
To specify a Routing Information Protocol (RIP) version on an interface basis, use the following
commands in Interface configuration mode:
Command Task
configure terminal 1. Enter Global configuration mode.
The following example configures the interface to receive both RIP Version 1 and Version 2
packets:
# configure terminal
(config)# interface vlan id 1
(config-if)# ip rip receive version 1 2
The following example configures the interface to send both RIP Version 1 and Version 2
packets out the interface:
# configure terminal
(config)# interface vlan id 2
(config-if)# ip rip send version 2
Enabling Split-Horizon
RIP can use the “split-horizon” to prevent routing loops. The split horizon is the function that
the router does not advertise a route on the same interface as the one on which the router
learned the route.
Command Task
# configure terminal
(config)# interface vlan id 1
(config)# ip split-horizon
(config)#
To disable the split horizon mechanism, use the no ip split-horizon command in Interface
configuration mode.
Command Task
The multicast packet forward on the interface is enabled by default. To disable the multicast
packet forward, use the no multicast command.
The following is an example of disabling the multicast packet forward of the interface vlan1:
Command Task
This example shows how to shut down the interface vlan1 and re-enable the interface:
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18181, bytes 1094835, dropped 0, multicast packets 6759
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#
Configuring IP Parameters
Table below lists the IP global parameters for the VLAN interface on the Corecess S5 System:
Parameters Description
To configure the parameters above for the VLAN interface, use the following commands in
interface configuration mode:
Command Task
arp <ip-address>
4. Adds a static ARP (Address Resolution Protocol) entry.
<hw-address>
This chapter describes how to configure SNMP and RMON on the Corecess S5 System.
Configuring SNMP
y Managed Device
y SNMP Manager
SNMP
Manager
Managed Device
A managed device is a network node that contains an SNMP agent and that resides on a
managed network. Managed devices collect and store management information and make this
information available to NMSs using SNMP. Managed devices, sometimes called network
elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or
printers.
y Get a MIB variable: The SNMP agent initiates this function in response to a request from
the NMS. The agent retrieves the value of the requested MIB variable and responds to
the NMS with that value.
y Set a MIB variable: The SNMP agent initiates this function in response to a message from
the NMS. The SNMP agent changes the value of the MIB variable to the value requested
by the NMS.
The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event
has occurred on the agent. Examples of traps conditions include, but are not limited to, when a
port or module goes up or down, when spanning-tree topology changes occur, and when
authentication failures occur.
The MIB is the information base, the SNMP agent must keep available for the managers. This
information base contains objects whose values provide information on the status of the
checked system or objects whose values can be modified by a manager to control the system.
Each object is identified by an Object ID (OID). There are two kinds of MIBs, standard MIB
and enterprise-specific MIB.
SNMP Manager
SNMP Manager is an integrated management module which collects information from SNMP
agent and sometimes sends warning messages depending on the each SNMP agent relations. In
other words, the actual data is collected from SNMP agent and this data will be processed by
management module and saved. To request information or configuration changes, respond to
requests, and send unsolicited alerts, the SNMP manger and SNMP agent use the four messages
(Get, GetNext, Set, and trap). For more information on these messages, refer to the following
section.
SNMP Messages
The SNMP manger and SNMP agent use the following SNMP messages to request information
or configuration changes, respond to requests, and send unsolicited alerts.
Get-Request Message
Get-Request Message is the basic SNMP request message. Sent by an SNMP manager, it
requests information about a single MIB entry on an SNMP agent. For example, the amount of
free drive space.
GetNext-Request Message
GetNext-Request Message is an extended type of request message that can be used to browse
the entire tree of management objects. When processing a Get-next request for a particular
object, the agent returns the identity and value of the object which logically follows the object
from the request. The Get-next request is useful for dynamic tables, such as an internal IP route
table.
Set-Request Message
If write access is permitted, Set-Request message can be used to send and assign an updated
MIB value to the agent.
Trap Message
An unsolicited message sent by an SNMP agent to an SNMP manager when the agent detects
that a certain type of event has occurred locally on the managed device. For example, a trap
message might be sent on a system restart event.
SNMP Community
SNMP community authenticates access to MIB objects and function as embedded passwords. In
order for the NMS to access the system, the community definitions on the NMS must match at
least one of the two community definitions on the system.
A community can have one of the following attributes:
Gives read access to authorized management stations to all objects in the MIB except the
Read-only
community strings, but does not allow write access
Gives read and write access to authorized management stations to all objects in the MIB,
Read-write
but does not allow access to the community strings
Trap
Trap is a defined status of event or system. For example, event generated when port
configuration is changed or a host having not-allowed IP address accesses can be defined as a
trap. You can configure the level of trap according to the kind of events.
If a trap occurs on the system, the SNMP agent send SNMP trap message to the registered trap
host.
Configuring SNMP
The default SNMP configuration of the Corecess S5 System is as follows:
RMON Enabled
In the system group of MIB-II (Public MIB) supported by the Corecess S5 System has System
Contact variable and System Location variable displaying the system contact information and
system location information.
The values of these variables can be browsed or modified via ViewlinX, NMS of the Corecess or
NMS of other companies.
Command Task
The following is an example of setting the system contact information and system location
information:
# configure terminal
(config)# snmp-server contact Dial System Administrator at phone #2734
(config)# snmp-server location 1st_floor lab
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
Configuring Community
You use the SNMP community to define the relationship between the SNMP manager and the
agent. The community acts like a password to permit access to the agent on the system. One
thing to be aware of is that in case of adding new community using the Corecess S5 System CLI
command, this community must be added in NMS in order to connect to the system using this
community. To define SNMP community, use the following commands in Privileged mode:
Command Task
# configure terminal
(config)# snmp-server community corecess rw
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
Community-Access Community-String
---------------- ----------------
read-only public
read-write private
read-write corecess
.
.
#
Configuring Trap
Traps are system alerts that the Corecess S5 System generates when certain events occur.
bridge Sends a trap message when there is spanning tree topology changes.
Sends a trap message when Ethernet hub repeater state is changed. This trap doesn’t
repeater
happen in the Corecess S5 system.
ip_permit Sends a trap message when there are access attempts with unauthorized IP address.
sysconfig Sends a trap message when the system backup configuration is changed.
Sends a trap message when there is Entity Management Information Base (MIB) change.
entity
This trap doesn’t happen in the Corecess S5 system.
cpuload Sends a trap message when CPU load limitations are exceeded.
auth Sends a trap message when there are access attempts with unauthorized community.
sysauth Sends a trap message when user login or log-out to the system through Telnet or CLI.
bgp Sends a trap message when Border Gateway Protocol (BGP) state is changed.
Sends a trap message when Dynamic Host Configuration Protocol (DHCP) state is
dhcp
changed.
When a trap is enabled, if an error occurs in the device where corresponding trap is enabled or
if problem occurs in the part defined by the trap, such error status (trap message) are
transmitted to the trap receiving host and NMS, the SNMP agent. By default, all trap types are
disabled. To send traps to the trap hosts, the trap types should be enabled.
Command Task
# configure terminal
(config)# snmp-server enable traps port
(config)# snmp-server enable traps auth
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
.
.
Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port enabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth enabled
sysauth disabled
bgp disabled
dhcp disabled
atm disabled
adslAtuc disabled
adslAtur disabled
mac-flood disabled
#
Trap host is the host to receive traps from an SNMP agent. Trap is message sent by an SNMP
agent to an NMS, a console, or a terminal to indicate the occurrence of a significant event, such
as a specifically defined condition or a threshold that was reached. By default, no trap host is
configured. To receive the trap generated on your managed device using NMS, you must add
the NMS as a trap host. You can specify up to twenty trap hosts on the Corecess S5 System.
To add or modify trap hosts, use the following commands in Privileged mode:
Command Task
When a trap host is added, the community of the host should be specified. The type of trap
message, which the host receives, is decided by the specified community.
# configure terminal
(config)# snmp-server host 172.168.2.23 corecess port default
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
.
.
Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
udp:172.168.2.23:162 corecess
.
.
#
The Corecess S5 System can restrict hosts that attempt to access to the Corecess S5 System with
SNMP using access list. Only hosts that are satisfied with the access list condition can be access
the system with SNMP.
To restrict host by using access lists, use the following commands in Global configuration mode:
Command Description
The following example shows how to define the access list to restrict host access and apply the
access list.
# show snmp-server
RMON: Disabled
Extended RMON: Extended RMON module is not present
sysContact support@corecess.com
sysLocation Unknown
Community-Access Community-String
---------------- ----------------
read-only public
read-write private
Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
udp:172.27.2.36:162
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port disabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth disabled
sysauth disabled
bgp disabled
dhcp disabled
atm disabled
adslAtuc disabled
adslAtur disabled
mac-flood disabled
#
The table below describes the fields shown by the show snmp-server command:
Field Description
RMON Status of whether RMON is enabled or disabled.
Extended RMON Status of whether extended RMON is enabled or disabled.
sysContact SNMP system operator information
sysLocation SNMP system location information string
SNMP access authority
Community-Access - read-only
community - read-write
SNMP community strings associated with each SNMP
Community-String
community
IP address of trap receiver hosts and UDP port number for
Trap-Rec-Address
sending trap messages.
TrapReceiver
SNMP community string used for trap messages to the trap
Trap-Rec-Community
receiver.
Traps Trap types
The table below describes the fields shown by the show snmp-server community-list
command output:
Field Description
The following is sample output from the show snmp-server statistics command:
The table below describes the fields shown by the show snmp-server statistics
command output:
Field Description
Bad SNMP version errors Number of packets with an invalid SNMP version.
Unknown community name Number of SNMP packets with an unknown community name
Illegal operation for Number of packets requesting an operation not allowed for that
community name supplied community
Number of requested
Number of variables requested by SNMP managers
variables
SNMP packet output Total number of SNMP packets sent by the router
General errors Number of SNMP set requests that failed due to some other error.
To display the list of the trap receiver hosts, use the show snmp-server traphost
command in Privileged mode.
The following example shows how to display the list of the trap receiver hosts:
The table below describes the fields shown by the show snmp-server traphost command
output:
Field Description
host Protocol : IP address of a trap receiver host: port number.
Configuring RMON
The RMON provides alarm function and event function that monitor the distributed LAN
environment and report changed status to users. Network problems can be easily solved by
network status report of RMON before network problem becomes worse.
RMON MIB groups consist of nine groups (1. Statistics 2. History 3. Alarm 4. Host 5. Host Top
N 6. Matrix 7. Filter 8. Packet Capture 9. Event), and the Corecess S5 System supports four
groups as follows:
Configuring RMON
The configuration procedure of RMON is as follows:
y Enabling RMON
Enabling RMON
Command Task
This example shows how to enable the RMON on the Corecess S5 System and how to verify
that RMON is enabled:
# configure terminal
(config)# snmp-server enable rmon
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
sysContact TEL:+82-2-3016-6900
sysLocation Daechi-dong Seoul Korea
.
.
The RMON Statistics group monitors traffic of the specified interface and records basic statistic
information in the form of a table. The user can specify the interface to collect and save data in
the RMON Statistics group, and the user also gives authority to a user to use the statistic
information.
By default, the RMON Statistics group is defined that all port interfaces of the Corecess S5
System save statistics information. To configure the RMON Statistic group, use the following
commands.
Command Task
The following example shows how to display the RMON Statistics group.
# show rmon
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
3 valid ifIndex.6 (Gi 1/3)
4 valid ifIndex.5 (Gi 1/4)
5 valid ifIndex.4 (Gi 5/1)
6 valid ifIndex.3 (Gi 5/2)
7 valid ifIndex.2 (Gi 5/3)
[history]
index status dataSource
----- -------------- -----------------------------
.
.
#
To show the detail configuration information, specify the number of the statistics information
using show rmon statistics command.
To delete the configured RMON statistics group, use no rmon historycontrol command
in Global configuration mode:
The RMON History group contains a control and data collection function. The RMON History
group provides the control function and the history function to collect traffic data periodically.
The control function retrieves statistics data periodically from network and sets control
parameters such as retrieve interval. The history function records statistics data periodically
such as number of packet and period start time.
The RMON History group has statistics information of the specified interface in history table
and adds new entry in the history table when new data is collected. Users can perceive overall
information of the interface with information of the RMON History group, and if an error
occurs, information of the RMON history group helps users to detect problems easily and solve
problems.
The RMON History group collects and stores statistics information, which is the same as the
RMON Statistics group, from a particular interface for a certain amount of time. It means that
the statistics group has immediate statistics information, but in the other hand, the History
group stores the sequent statistic information continuously.
By default, the History group is defined that all port interfaces store history information. To
configure the RMON History group, use the following commands in Global configuration
mode.
Command Task
The following example shows how to configure the RMON History group.
# configure terminal
(config)# rmon historycontrol 10 gigabitethernet 5/1 owner aaa 50 30
(config)#
The following example shows how to display the RMON History group.
# show rmon
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- ------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
3 valid ifIndex.6 (Gi 1/3)
4 valid ifIndex.5 (Gi 1/4)
5 valid ifIndex.4 (Gi 5/1)
6 valid ifIndex.3 (Gi 5/2)
7 valid ifIndex.2 (Gi 5/3)
8 valid ifIndex.1 (Gi 5/4)
[history]
index status dataSource
----- ------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
3 valid ifIndex.6 (Gi 1/3)
4 valid ifIndex.5 (Gi 1/4)
5 valid ifIndex.4 (Gi 5/1)
6 valid ifIndex.3 (Gi 5/2)
7 valid ifIndex.2 (Gi 5/3)
8 valid ifIndex.1 (Gi 5/4)
10 valid ifIndex.4 (Gi 5/1)
.
.
#
To display the detail information on a history group, enter the show rmon history
command with the history number:
The alarm group periodically takes statistical samples from variables and compares them to
previously configured thresholds. The Alarm Table stores configuration entries that define a
variable, a polling period, and threshold parameters.
Each alarm is linked to an event in the event group. An event defines an action that will be
triggered when the alarm threshold is exceeded. The event generated when a RMON alarm
occurs should specify one of the RMON event entry and be configured. To configure the RMON
event, use rmon event command.
The alarm group retrieves variables periodically and compares variables to threshold. The
variable type, retrieval interval and threshold are consisted of an entry, and the entry is stored
in the alarm table.
To configure the RMON Alarm group, use the following message in Global configuration
group.
Command Task
The following example shows how to configure RMON alarm group and check the result:
# configure terminal
(config)# rmon alarm 1 10 pkts 1 absolute both threshold 1000 100 event-index 1
1 owner aaa
(config)#
Before configure RMON alarm group, you should verify that the statistics group
(<StatisticsIndex>) is defined.
(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 100 event-
index 1 1 owner kimka
Can't fetch the MIB values
(config)#
If you specify undefined statistics group, the ‘Can't fetch the MIB values’
message will be displayed:
To display the information on an alarm group, enter the show rmon command with the alarm
number:
# show rmon
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.
[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.
[alarm]
index status sample
[event]
index status type
----- -------------- ---------------
#
To display the detail information on an alarm group, enter the show rmon alarm command
with the alarm number:
To delete a RMON alarm group, enter the no rmon alarm command in Global configuration
mode:
To configure the RMON Event group, use the following command in Global configuration
mode.
Command Task
This example shows how to configure an event group on the Corecess S5 System and how to
verify that they are configured:
Parameter Value
Event index 10
Event description Event to create log entry and SNMP notification
Event type log, trap
Community public
Owner help_desk
# configure terminal
(config)# rmon event 10 description “Event to create log entry and SNMP
notification” log trap public owner help_desk
To display the information on an event group, enter the show rmon command:
# show rmon
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.
[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.
[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
.
.
#
To display the detail information on an event group, enter the show rmon events command
with the event number:
To delete an event group, enter the no rmon event command in Global configuration mode:
In the Corecess S5 System, bandwidth information of traffic can be collected by RMON through
a particular port with a certain cycle (five seconds, one minute and ten minutes). To collect
bandwidth information communicated through the specified port, use the following
commands.
Command Task
The following example shows how to collect the bandwidth information of traffic and verify it.
# configure terminal
(config)# rmon port gigabitethernet 5/1 utilization
(config)# end
# show rmon port gigabitethernet 5/1 utilization
Rx-avg: bits/s bytes/s pkts/s utilization
Tx-avg: bits/s bytes/s pkts/s
------------ ------------ ------------ -------------
Port 5/1
5 sec: 0 0 0 0
0 0 0
1 min: 0 0 0 0
0 0 0
10 min: 0 0 0 0
0 0 0
#
If you do not specify any option, the contents of the RMON alarm table, event table, history table, and
statistics table are displayed. The following is a sample output of the show rmon command:
# show rmon
RMON: Enabled
Extended RMON: Extended RMON module is not present
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.
[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.
[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
The table below describes the fields in the show rmon command output:
Field Description
The following example shows how to display the bandwidth information of traffic.
Command Description
show snmp-server
Display SNMP community list defined the system.
community-list
Limits hosts which can access to the system through SNMP based
snmp-server group access
on the access list.
This chapter describes how to configure QoS (Quality of Service) on the Corecess S5 System.
QoS Overview
This section describes QoS (Quality of Service) and QoS features supported by the Corecess S5
System.
QoS consists of the Classifier and the Traffic manager. The Classifier classifies traffic, and the
Traffic Manager processes the classified traffic as follows:
Packet Buffer Queue Packet
Classifier Marker Policer
In Manager Scheduler Out
Traffic Manager
The Classifier refers to a header of a received packet, and then decides the QoS level. The traffic
manager marks the QoS level to the packet header or processes a packet that is in permitted
bandwidth. The Traffic Manager also chooses which packet drop when congestion occurs or
prefers which packet transmits first.
The following section describes parameters to classify packets and how to classify packet.
Classifier
Classification Standard
The classifier uses the following values to decide the packet level.
y Layer 2 : Source/Destination MAC Address, EtherType Field, DSAP Field, 802.1P Field, VLAN ID
802.1P field in Layer 2 packet is a three bit field that marks the packet priority, and a number
from zero to seven is stuffed in the three bit field.
The following values are set in the eight bit of TOS field - also called DSCP field - in the
header of Layer 3 packet.
bits bits 0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
DSCP C
IP-Prec TOS MRZ U
Class Selector
D T R C
The classifier can classify the following types of category with the classification standard.
y Subscriber and Application Classification: Who send the packet? And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address
and TCP/UDP Port Number
y Subscriber and Destination Classification: Who send the packet. And, who receive the packet?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address,
Output Port Number, Destination MAC Address and Destination IP Address
y Subscriber, Destination and Application Classification; Who send the packet?, Who receive the packet? And, what
kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address,
Output Port Number, Destination MAC Address and Destination IP Address and
TCP/UDP Port Number
Classification Table
The classifier has two types. One is MF (Multi Field) classifier that refers several fields of a
packet simultaneously and decides QoS service level. The other is BA (Behavior Aggregate)
classifier that recognizes the packet decided QoS level.
MF classifier uses the following table to decide QoS level and to recognize a QoS profile.
Source Destination
Input Output Source Destination VLAN Source Destination Protocol TCP QoS
Rule# 802.1P TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID IP IP ID Flag Profile
Port # Port #
1
2
3
4
5
6
7
.
.
.
A QoS profile has information what actions (marking, policing and assigning queue) should be
done to the packet decided QoS level through classification standard. The traffic manager
actually applies the actions to the packet.
BO
Source Destination
Input Output Source Destination VLAN Protocol TCP QoS
Rule# 802.1P Source IP Destination IP TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID ID Flag Profile
Port # Port #
1
2
3
4 * * * * 0x0800 * 1.1.1.0/24 20.1.1.0/24 6 * * 80 *
5
6
The BA classifier recognizes the QoS profile, which is applied to the packet, using the tables of
802.1p or ToS field that are only used for QoS. In the table of 802.1p or ToS field, the following
field values are defined. One of the profiles is applied to the packet by the field values.
TOS/DSCP/IP-Prec
802.1p Table
Table
802.1p Field Value QoS Profile ToS Field Value QoS Profile
0 0
1 1
2 2
3 3
4 4
5 5
6 …
7 255
Packet Marker
Packet marker marks 802.1P field or ToS field with QoS level. QoS level of a packet can use the
value decided by the classifier or be changed by QoS profiles. It is called “remarking” that the
first decided level is changed and marked by QoS profiles.
Policer
Policer can limit bandwidth to make users only use engaged traffic. Policer measures traffic
flow rate by traffic flow, which classified by classifier, and limits traffic not to use over engaged
bandwidth.
Policer consists of metering and action block. Metering measures traffic flow rate and compares
the result of traffic flow rate to engaged bandwidth, then informs the comparing result to action
block. Action block decide how to process traffic depending on the result.
Policer Variables
EBS
time
Token Bucket
There are several implementation of policer function, and the typical implementation is the
token bucket. The token bucket contains tokens, each of which can represent a unit of bytes.
Token is filled up in the token bucket for a certain rate. When packets are arrived, the same
amount of tokens is removed from the token bucket.
Packet
Token Bucket
Bucket Size
Token Rate
Token
The variables of policer can be substituted for the element of token bucket as follows:
If tokens are full in the token bucket, no token is provided. When packets are received, the same
amount of token are removed. If the number of tokens is less than size of a packet, the packet is
specified as non-conforming packet. And, if the number of tokens is more than size of a packet
or is the same as the size of packet, the packet is specified as conforming packet. The packet
specified as non-conforming packet is processed by QoS profile of the packet.
There are two method of token bucket - single token bucket, dual token bucket. Single token
method uses only one bucket, and dual token method uses two bucket.
In dual token bucket method (RFC 2698 tr-TCM algorithm), the first bucket receives tokens at PIR
rate and the second bucket receives tokens at CIR rate. The first bucket size also is PBS and the
second bucket size is CIR. A packet that is specified as non-conforming in the first bucket finally
becomes the non-conforming packet. If a packet that is specified as conforming in the first bucket
becomes non-conforming in the second bucket, the packet is specified as loosely non-conforming
packet.
Dual token bucket method can control the packet with detailed classification above.
The following graph shows the dual token bucket method.
Queue Scheduler
The output port is generally slower than the input port because the output port transmits
packets that are received from the several input ports. In the output port, at least one queue is
assigned, and packets that have to be processed by the output port are saved. When saved
packets in a queue are more than bandwidth that can transmit packets - it means congestion,
what packets are transmitted first should be defined in the output port. This is called queue
scheduling.
There are various queues scheduling method, and the following methods are generally used.
In this method, each queue has assigned priorities (high, medium, low), and packets in the high
priority queue are transmitted first. After packets in the high priority are transmitted
completely, packets in the next priority queue are transmitted.
400B 500B 500B 400B 300B 600B 400B 500B 500B 200B 300B 400B 100B 300B
This method is easy to implement, but if there are plenty of packets that flows into the high
priority queue, packets in the low priority queue can not be transmitted at all. This is called
starvation.
WRR method processed every queue in sequence to remove starvation that happens in SPQ
(Strict Priority Queuing). The packet size that process packets each time can be set for each
queue instead. A value, called weight, is used to set the packet size. The weight represents the
ratio of packets that is serviced through the queues.
[Q1] Weight: 2
200B 300B 400B 100B 300B
If weight values (2, 1, 1) are assigned to each queue as above, the ratio of packets are 2:1:1. It
means that two packets are transmitted through the first queue (Q1), and a packet is
transmitted through the second queue (Q2), then a packet is transmitted through the third
queue (Q3).
WRR method can specify priority to each queue and prohibit starvation as above. The
disadvantage of WRR is not useful in IP network that packet size is variable because weight is
ratio of packets. For example, there are two packets. One is 64byte VoIP packet, and the other is
1500byte data packet. The packets are serviced through two queues that weight is 2:1. Even
though the VoIP packet is serviced through high weight queue, 128bytes are sent each time, but
the 1500byte data packet can be sent through the low weight queue.
WFQ method divides whole packet in queue into bit unit to solve the problem of WRR and
transmits the bits at weight ratio of queues, then reassembles the bits.
Packet Segmentation
Last bit of Last bit of Last bit of
400B Pkt 300B Pkt 500B Pkt
[Q2] Weight: 1
Packet
400B 500B 500B
Reassembler
Bit-by-Bit WRR
[Q3] Weight: 1 Scheduler Last bit of Last bit of Last bit of
300B Pkt 400B Pkt 300B Pkt
Bit-by-Bit Service Ratio Last bit of
400B 300B 600B
= Q1:Q2:Q3 = 2:1:1 200B Pkt Last bit of
100B Pkt
400B 400B 500B 300B 200B 600B 300B 500B 400B 100B 300B
Output Port
This method can transmit packets without the packet size at the ratio that is specified in the
queue, but it is complicated to implement.
DWRR method enhances disadvantage of WRR and WFQ. DWRR defines weight, quantum and
deficit counter to each queue. Quantum is the maximum packet size that is processed by weight
ratio. Deficit counter is set to ‘0’ by default. Deficit counter is merged with quantum when data
of a queue is serviced. The packet of queue can be serviced up to deficit counter. After the
packet is serviced, deficit counter is decreased to the packet size.
For example, there is a queue that quantum value is 1000bytes. If 500byte packet, 300byte
packet, and 300byte packet are in a queue, only 500byte packet and 300byte packet can be
processed because the queue can process up to 1000bytes. Then, deficit counter becomes 200.
After other queues process their packet, the queue become in the order. The deficit counter
value becomes 1200, and the queue can process up to 1200byte.
Deficit counter memorizes the size of packet that was not transmitted as the ratio of weight, and
transmits the packet next time.
Let’s look at the operation principal of DWRR. There are three queues in an output port as
below. In each queue, 2:1:1 of weight is assigned. The quantum values of each queue are set as
1000byte, 500byte and 500byte. The deficit counter values are set as ‘0’ (Picture 1).
[Picture 1] [Picture 2]
The DWRR scheduler visits the number 1 of queue, then deficit counter value becomes
1000bytes. 300byte, 100byte and 400byte packets are transmitted through output port. After the
transmission, the deficit counter value becomes 200 (Picture 2).
The DWRR scheduler visits the number 2 of queue. The number 2 of deficit counter set the
value as 500byte, then 500byte packet is transmitted. After the transmission, the deficit counter
value becomes 0. The next time the number 3 of queue should be processed, but the first packet
in the number 3 of queue is 600byte and is bigger than deficit counter of 500byte. In this case,
deficit counter is not changed, and no packet is transmitted.
The DWRR scheduler visits the number 1 of queue again, then the quantum value is added to
the current deficit counter value. In this time, the deficit counter value becomes 1200bytes, and
the number 1 of queue can transmit packets up to 1200byte. 300byte and 200byte packets can be
transmitted, then deficit counter becomes 700 (Picture 3).
[Q1] Weight: 2
1200B - 300B - 200B [Q1] Weight: 2
Quantum=1000, DeficiCounter=700B Quantum=1000, DeficiCounter=0B
[Picture 3] [Picture 4]
There is no packet in the number 1 of queue, so the DWRR scheduler visits the number 2 of
queue. The deficit counter is set as 500byte, and 500byte packet is transmitted in the number 2
of queue, then deficit counter becomes 0. In the num 3 of queue that could not transmit packets
previous time, the deficit count becomes 1000byte, and 600byte and 300byte packet are
transmitted. After the transmission, the deficit counter becomes 100 (Picture 4). The rest of
packets are processed as above.
Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue.
The traffic that is more than target traffic rate is stored into the buffer. If there is enough
bandwidth to transmit, the stored traffic is transmitted.
Bandwidth(bps) Bandwidth(bps)
Offered Traffic Buffered
This method is more flexible than policing, but is not useful in real-time traffic such as voice
traffic because transfer delay occurs.
WC scheduler can use whole bandwidth of output port until congestion occurs. SPQ, WRR,
DWRR and WFQ are WC method. On the other hand, even if there is no congestion, NWC
scheduler does not service more than bandwidth that is assigned queue. Shaping is this method.
Buffer Manager
Queues of an output port have fixed size. If a queue is full of packets, and other packets flow
into the queue, the packets are discarded as a particular rule. Buffer manager is the function
that discards received packets selectively to solve the congestion of the queue.
This section introduces that buffer manager methods.
Tail Drop
Output
Q0 port #1 TC #1
Q1 TC #1
.
.
TC #1
Q6
Classifier
Input port #1 Q7
match
match
. .
. match .
. . .
.
. .
.
Input port #n . .
.
Output
Q0 port #n
Q1
.
. TC #216
Q6 TC #217
Q7 TC #218
The Corecess S5 System classifies the packets from ingress (incoming) port according to the
criteria defined the class map, stores the classified packets to each transmit queue (0 ~ 7), and
transmits packets via TC (Traffic Class) applied the QoS action defied the policy map.
Packet Classification
The Corecess S5 System uses the values in the following fields of the layer 1 ~ layer 4 IP packet
header as a criterion to classify packets:
y Layer 2: Source/destination MAC address, EtherType field, DSAP field, 802.1P filed, VLAN ID
The Corecess S5 System supports marking based on the following bits in the CoS (Class of
Service) filed for the packet:
y DSCP
y CoS
y VLAN priority
The Corecess S5 System can recognize packets from a particular VLAN or port and configure
packets to set the specified values to the CoS field of packets.
Policing
The Corecess 5242 supports Policing. Policing is the process by which the system limits the
bandwidth consumed by a flow of traffic. You can limit the bandwidth of a specific traffic flow
by using a policy map or limit the full bandwidth of a port.
Transmit Queue
The Corecess S5 System provides eight transmit queues for each egress port. These transmit
queues are scheduled by the Strict Priority Queuing (SPQ) mechanism. The priority of queues
decides which queue transmits packets. The following values can be used as the priority, and
the user can specify which value uses as the priority.
y VLAN Priority
y Class Priority
When the transmit queue is full, frames at the end of the queue are dropped (tail drop)
Shaping
The first task for configuring QoS service policy is defining class maps.
X Defining Class Map Class map defines a standard to classfy a particular traffic and execute
the role of QoS classifier.
The second step for configuring QoS service policy is defining policy
Y Defining Policy Map maps. Policy map defines QoS action that is applied to classified traffi
c and execute the role of traffoc manager.
The last step of configuring the QoS Service policy is defining service
Z Applying
policies. A service policy consists of a policy-map and ingress/egress
Service Policy
ports which the policy map will be applied to.
You can classify packets and assign them to specific queues based on the following criteria:
CoS field cannot be included with DSCP or IP precedence in the same class-map. To make the
CoS field available, enable IEEE 802.1p using 802.1p classification enable command.
If IEEE 802.1p is enabled, DSCP and IP precedence criteria in class-maps are not available.
To use the DSCP or IP precedence instead of CoS, disable the IEEE 802.1p using 802.1p
classification disable command. By default, IEEE 802.1p is disabled.
After creating class-maps, system checks the inbound or outbound packets by the criteria in
class-maps. QoS actions defined in the policy-map for the class will be applied to the classified
packets into classes.
To create a class map and specify the way in which the Corecess S5 System should classify
traffic, enter the following commands in Global configuration mode:
Command Task
The following example shows how to create a class map and define a classification criterion by
using the source IP address:
(config)# qos
(config-qos)# class-map class1
(config-cmap)# match ip-sa 172.27.2.16 0.0.255.255
(config-cmap)# end
# show classmap
ClassMap
--------------------------------------------------
Name : class1
Match Content : ip-sa 172.27.2.16/0.0.255.255
Total Entries = 1
The following example shows how to create a class map and define the criteria by using the
destination IP address and the destination TCP port number:
(config)# qos
(config-qos)# class-map class2
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255
(config-cmap)# match tcp-dpn 25
(config-cmap)# end
# show classmap class2
ClassMap
--------------------------------------------------
Name : class2
Match Content : ip-da 10.10.10.1/0.0.0.255
: tcp-dpn 25
Total Entries = 2
#
To apply multiple QoS actions to a traffic class, multiple QoS actions can be included in a
policy-map.
Creating a Policy-map
To create a policy-map and configure QoS actions for a traffic class, perform this task:
Command Task
bandwidth <value>
filter {deny|permit|to-proc}
4. Configures QoS actions for the class. Refer to the
mark {cos|dscp|ip-prec} <value>
following sections for configuring QoS actions in the
priority <value>
policy-map class configuration mode.
rate-limit rate <value>
weight <value>
The following example shows how to create a policy map and specify a class map to which the
policy map applies:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class1
(config-pmap-c)# priority 7
(config-pmap-c)# end
# show policymap policy1
PolicyMap
--------------------------------------------------
Name : policy1
Linked ClassMap : class1
Policy : priority 7
Total Entries = 1
#
The QoS fields such as the Layer 2 CoS (802.1p field) or Layer 3 IP precedence, ToS, or DSCP
fields are used for classifying the traffic class. Depending on the network state or QoS policy,
user can set these fields to the specified values which can change the priority of traffic.
To set the QoS fields of packets, which belong to the policy-map class to the specified values,
perform this task in the Policy map class configuration mode.
Table 9-5 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map
Command Task
3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.
This example configure remarking feature to set the CoS field to “7” of the traffic class class3 in
the policy map polmap6:
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# mark cos 7
(config-pmap-c)#
In a policy-map, you can add criteria for filtering a traffic class or forwarding it to the internal
system processor.
To add a criterion for deciding whether filtering packets or forwarding, perform this task.
Command Task
3. Specify the class to which the policy map applies and enter
policy-map-class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy
map applies.
This example configures to discard the traffic class class2 in the policy map polmap6:.
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# filter deny
(config-pmap-c)#
The Corecess S5 System can specify the minimum transmission bandwidth which should be
guaranteed for a specific traffic class when congestion occurs. You can set this minimum
transmission bandwidth to either speed or ratio. Beyond the guaranteed bandwidth, the traffic
will be dropped in the event of congestion.
To configure the minimum transmission bandwidth for a traffic class in a policy-map, perform
this task.
Command Task
3. Specify the class to which the policy map applies and enter policy-
map-class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.
5. Specify the bandwidth ratio of the transmission queue for the traffic
class.
weight <percentage>
y <percentage>: Percentage of available bandwidth to be assigned
to the class (0 ~ 100)
This example configures the bandwidth of the transmission queue for the traffic class class1 in
the policy map class polmap6:
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class1
(config-pmap-c)# bandwidth 10000
(config-pmap-c)#
This example designates 25% for the bandwidth ratio of the transmission queue for the traffic
class class1 in the policy map class polmap6:
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class1
(config-pmap-c)# weight 25
(config-pmap-c)#
The priority command in the policy-map configuration mode can assign the user-defined
priority to a traffic class. This user-defined priority is used for selecting one of eight
transmission queues in an output port for buffering packets. It is also used as the value for CoS
field. By default, a transmission queue is select by this user-defined priority. However, you can
use the CoS, DSCP, or VLAN ID when selecting a transmission queue. To do this, use the
queue-precedence command in the QoS configuration mode.
The following is a procedure for specifying the user-defined priority for a traffic class:
Command Task
3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.
This example assigns the queue with the priority of 7 to the traffic class class4 in the policy map
polmap6:
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class4
(config-pmap-c)# priority 7
(config-pmap-c)#
In a policy map, you can configure the rate limiting feature which discards the packets that
exceed the bandwidth limits.
Rate limiting is the process by limiting the bandwidth consumed by a flow of traffic. After a
packet is classified, the rate limiting process can begin. The rate limiting involves creating a
policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are
dropped.
To configure the rate limiting feature in a policy map, perform this task in the Global
configuration mode:
Command Task
3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.
Note: Policing can be applied to a specific port as well as a specific traffic class. Entering the rate-limit
command in the QoS configuration mode specifies the target bandwidth to be applied to both incoming and
outgoing traffic through a port. How to configure policing for a port will be described later in this chapter.
This example specifies the target bandwidth of the traffic class class5 to apply the rate limiting in
the policy map polmap6:
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# rate-limit rate 640
(config-pmap-c)#
Defining class map and policy map is a process to make rules for QoS. On the other hand,
defining service policy is a process to select which rule is applied and which port uses the rule.
Command Task
qos 1. Enter the QoS configuration mode.
show service-policy
4. Verify the service policy configuration.
[<service-policy-name>]
This example applies the policy map named ‘polmap6’ to the Gigabit Ethernet port 5/1 and
verifies the configuration:
(config)# qos
(config-qos)# service-policy service1 policy-map polmap6 input-port gigabitethernet 5/1
(config-qos)# end
# show service-policy
ServicePolicy
--------------------------------------------------
Name : service1
Linked PolicyMap : polmap6
Port(In ) : 5/1
Port(Out) : 5/1
Total Entries = 1
#
To specify user priority of a packet that is transmitted from a particular port, use the following
commands.
Command Task
8021p user-priority 2. Assigns the priority to the specific VLAN interface or port.
<priority> vlan <vlan- y <priority> The priority (0 ~ 7)
id>[port gigabitethernet y <vlan-id> VLAN ID (1~4094)
<slot>/<port>] y<slot>/<port> Slot number and port number of the port
Note: If you do not specify the port, assigned priority are applied to all ports in the specified VLAN.
The following example shows how to assign a priority of “6” to the Gigabit Ethernet port 5/1
which belongs to the default VLAN:
(config)# qos
(config-qos)# 8021p user-priority 6 vlan 1 port gigabitethernet 5/1
(config-qos)# 8021p enable
8021p is enabled
(config-qos)# end
# show user-priority
To configure policing to traffic from the specified port, use the following commands.
Command Task
(config)# qos
(config-qos)# rate-limit input-port gigabitethernet 5/1 output-port
gigabitethernet 5/1 rate 24000
(config-qos)# end
# show rate-limit
RateLimit
--------------------------------------------------
Rate : 24000
Port(In ) : 5/1
Port(Out) : 5/1
Total Entries = 1
#
To fill the value to CoS filed when the packet is transmitted, use the following commands.
Command Task
2. Input the values (tos, user, vlan) in the order of high priority.
y <value1>: Specify the highest priority value to be used in CoS field.
8021p-precedence
<value1> <value2> y <value2>: Specify the second-highest priority value. This value is
<value3> used when the <vlaue1> can not be used.
y <value3>: Specify the third-highest priority value. This value is
used when the <vlaue1> and <vlaue2> can not be used.
The following example shows how to configure the precedence of the values for the CoS field to
the order of priority Î ToS Î CoS:
(config)# qos
(config-qos)# 8021p-precedence vlan tos user
(config-qos)# end
# show 8021p-precedence
8021p precedence odering
vlan tos user
#
The following is a procedure for specifying a value used as the packet priority for choosing a
packet transmission queue:
Command Task
2. Input the values (tos, user, vlan, or class) in the order of high priority.
y <value1> Specify the highest priority value.
y <value2>: Specify the second-highest priority value. This value is
queue-precedence
used when the <vlaue1> can not be used.
<value1> <value2>
<value3> <value4> y <value3>: Specify the third-highest priority value. This value is
used when the <vlaue1> and <vlaue2> can not be used.
y <value4>: Specify the lowest priority value. This value is used
when the <vlaue1>, <vlaue2>, and <vlaue3> can not be used.
The following example shows how to configure the precedence of the values used for
transmission queue priority to the order of VLAN priority Î User’s priority Î Class Î ToS:
(config)# qos
(config-qos)# queue-precedence vlan user class tos
(config-qos)# end
# show queue-precedence
queue precedence odering
vlan user class tos
#
Configuring Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue. The traffic that is more than target traffic rate is stored into
the buffer. If there is enough bandwidth to transmit, the stored traffic is transmitted.
Command Task
shaping output-port 2. Configure shaping for traffic that transmits through the specified output
gigabitethernet port.
<slot>/<port> y<slot>/<port> Slot number and port number
rate <target-rate> y <targe-rate> Target bandwidth (1~1000000Kbps, in 64Kbps step)
The following example shows how to configure shaping for the traffic that is transmitted
through the Gigabit Ethernet port 5/1.
Shaping : 128000
Port(In ) :
Port(Out) : 5/1
Total Entries = 1
#
Command Task
The following example shows how to discard excess packets when broadcast packet is received
more than 256 per a second.
(config)# qos
(config-qos)# broadcast-storm-control vlan id 1 pps 256
(config-qos)#
Packet Filtering
If a host who is connecting to a Corecess S5 System runs a private DHCP server, other
subscribes connected with the Corecess S5 System may receive an invalid IP address from that
private DHCP server. To prevent this, you can filter DHCP Offer packets received from a host.
Internet or LAN
Corecess S5 System
Filter DHCP Offer packets received
from the DHCP server of ONU
Command Task
The following example configures to discard all the DHCP OFFER packets received from the all
the ports:
(config)# qos
(config-qos)# dhcp-offer filter discard
(config-qos)# end
# show dhcp-offer-filter
Dhcp Offer Filter Ports
--------------------------------------------------
Accept :
Discard : All Ports
#
To prevent hosts that are connected on the same VLAN from sharing files and resources, the
Corecess S5 System can filter protocols as follows:
Corecess S5 System
ONU
ONU
호스트 호스트
Host Host
To filter the packet of file and resource sharing protocol, use the following commands.
Command Task
upnp filter discard 2-4. Refuse UPnP packets. This command is applied to all ports.
The following example shows how to filter the file and resource sharing protocols received to
all ports.
(config)# qos
(config-qos)# apple-filesharing-protocol filter discard
(config-qos)# netbios filter discard
(config-qos)# rendezvous filter discard
(config-qos)# upnp filter discard
(config-qos)# end
# show running-config
.
.
!
qos
default traffic deny
shaping output-port gigabitethernet 5/1 rate 128000
netbios filter discard
rendezvous filter discard
apple-filesharing-protocol filter discard
upnp filter discard
!
.
.
Default traffic is traffic that is not classified with defined class map in the Corecess S5 System. If
default traffic is filtered, traffic that is not specified by network operators is discarded, so it can
prevent traffic that is not permitted from receiving.
Command Task
The following example shows how to refuse default traffic that is not classified with class map.
(config)# qos
(config-qos)# default traffic deny
(config-qos)# end
# show default-traffic-policy
Default QoS Traffic Policy
--------------------------------------------------
Deny
#
The Corecess S5 System can filter broadcast packets that are transmitted from a paricular port. It
prevents unnecessary broadband packets from transmitting.
Command Task
egress-filter broadcast 2. Discard broadcast packets from a particular port on the specified
vid <vlan-id> port VLAN.
gigabitethernet y <vlan-id> VLAN ID (1 ~ 4094)
<slot>/<port> y <slot>/<port> Slot number and port number
end 3. Return to Privileged mode.
The following example shows how to filter broadcast packet on the Gigabit Ethernet port 5/1.
(config)# qos
(config-qos)# egress-filter broadcast vid 1 port gigabitethernet 5/1
(config-qos)#
apple-filesharing-
Refuse Apple FileSharing packet.
protocol filter discard
rendezvous filter
Set to refuse Rendezvous packet.
discard
Define service policy that specifies policy map and a
service-policy
port.
(Continued)
Add the entry that compares CoS value of the packet to class
match cos
map.
Add the entry that compares TCP port number for receiving
match tcp-dpn
packets to class map.
Add the entry that compares TCP port number for
match tcp-spn
transmitting packets to class map.
Add the entry that compares UDP port number for receiving
match udp-dpn
packets to class map.
This chapter describes how to configure DHCP server or DHCP relay agent.
DHCP Server
DHCP has client-server architecture. A DHCP server is generally located in central place, and is
operated by network operators. DHCP server can receive reliable and appropriate information
for the current network status because of network operators.
Most of network consists of several subnets called VLAN. Each VLAN should basically have a
DHCP server because packets are only broadcasted in internal VLAN. If a VLAN has not a
DHCP server, it should be configured that the VLAN supports the DHCP relay agent feature.
DHCP clients and DHCP servers request and transmit information using DHCP messages. The
following figure shows the basic steps that occur when a DHCP client requests an IP address
from a DHCP server.
1. DHCPDISCOVER
2. DHCPOFFER
3. DHCPREQUEST
4. DHCPACK
1. DHCPDISCOVER
A DHCP Client broadcasts the DHCPDISCPVER message to local network for searching a
DHCP server.
2. DHCPOFFER
If there is a DHCP server in the local network, the DHCP server, which receives the
DHCPDISCOVER message, transmits the DHCPOFFER message with DHCP configuration
parameters (IP address, MAC address, domain name and assigned time of IP address).
3. DHCPREQUEST
When the DHCP client, which transmitted DHCPDISCOVER message, receives the
DHCPOFFER message, the DHCP client transmits the DHCPREQUEST message to requests
that the client uses the received parameters.
4. DHCPACK
When the DHCP server receives the DHCOREQUEST message, the DHCP server transmits
the DHCPACK message to approve that the client can use the assigned IP address.
5. DHCPRELEASE
When lease time of IP address that the DHCP client uses is over, or the DHCP client is shut
down, the DHCPRELEASE message is transmitted.
y Configuring the global DHCP server parameters (default gateway, DNS and IP address lease time). These
values are used in all DHCP subnets.
y (Optional) Changing parameter values of the DHCP server on each subnet if necessary
y Setting the maximum/minimum number of IP address that is assigned to the DHCP client on the subnet
Field Description
IP Address of DHCP server IP Address of a VLAN that is configured to the DHCP server.
After you decide the above parameter values, you can configure the DHCP server as following
section.
Commands Task
# configure terminal
(config)# dhcpserver enable
DHCP Server Enabled.
(config)#
To disable the DHCP server, enter the no dhcpserver command in the Global configuration
mode.
Default Gateway IP address of the default gateway for DHCP clients. 0.0.0.0
Path name of a file to which the DHCP client's core image should
*Merit Dump
be dumped in the event the client crashes.
(Continued)
Parameter Description Default
*Root Path Path name that contains the client's root disk.
By default, these DHCP server parameters are applied to all DHCP subnets. If necessary, these
parameter values can be changed for each DHCP subnet. To configure the global DHCP server
parameters which are used for all DHCP subnets, use the following commands.
Command Task
dhcpserver bootp 5. Allow for the DHCP server to respond to the BOOTP queries.
dhcpserver root-path 9. Specify the path name that contains the client's root disk.
<path-name> y <path-name>: Path name that contains the client's root disk.
You don’t need to configure all DHCP server parameters. Regardless of the order in the above
table, you can set parameters needed.
To NOT allow the DHCP server respond to the BOOTP request, use the no dhcpserver
bootp command in Global configuration mode.
The maximum of three default DNSs can be assigned. To remove the specified DNS, use the no
dhcpserver defaultdns command.
To remove the default gateway list, use the no dhcpserver defaultgateway command.
The default lease time is set to 43200 seconds. To restore the default lease time, use the no
dhcpserver defaultleasetime command in Global configuration mode
The default max lease time is set to 86400 seconds. To restore the default max lease time, use the
no dhcpserver maxleasetime command.
You can specify up to three log servers. The first entered log server is the most preferred server.
To remove a log server, use the no dhcpserver logserver command.
To remove the path name of a merit dump file, use the no dhcpserver merit-dump
command.
To remove the path name that contains the client's root disk, use the no dhcpserver root-
path command.
If you enable the DHCP server security feature, the Corecess S5 System stores the IP address
assigned to a DHCP client (host A) and the client’s MAC address. If any other host access to the
system with the host A’ IP address, the Corecess S5 System regards the packets as spoofing
packet and discard the packet. To disable DHCP server security feature, use the no
dhcprelay security command.
Command Task
show dhcpserver subnet all 2. Display the configuration information of all DHCP subnet.
| | | default | Max |
Name| IP Address| Netmask| Lease time| Lease time| Interface
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
SUB1| 172.168.20.0| 255.255.255.0| 43200| 86400| none
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan2| 172.20.2.0| 255.255.255.0| 43200| 86400| vlan2
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan1| 172.10.1.0| 255.255.255.0| 43200| 86400| vlan1
--------------- ---------------- ---------------- ----------- ----------- ---------
Command Task
dhcpserver subnet 8. Specify the path name that contains the client's root disk.
<subnet-name> root-path y <subnet-name>: Subnet name to configure.
<path-name> y <path-name>: Path name that contains the client's root disk.
You don’t need to configure all DHCP server parameters on each subnet. Regardless of the
order in the above table, you can set parameters needed. If you don’t specify parameters on
each subnet, the system uses the values of global DHCP parameters for the values.
This example shows how to configure the DHCP server parameters for the DHCP subnets:
Commands Task
This example shows how to specify the IP address pools for DHCP clients of the interfaces
sub_vlan1 and sub_vlan2:
-----+----------------+-----------------
1 | 10.1.1.2 | 10.1.1.253
--------------------------------------
#
To delete the IP address pool for DHCP clients of each subnet, use the no dhcpserver
subnet iprange <range-id> command. <range-id> is the ID of the IP range to delete.
You can see the ID of the IP range by using the show dhcpserver subnet command. To
delete all IP address ranges in the subnet, use the no dhcpserver subnet iprange all
command.
This example shows how to delete the IP address pools for DHCP clients of the interfaces
sub_vlan1 and check the result:
The following is an example of defining a DHCP subnet subnet_r for DHCP relay and check the
result:
To check the result, use the show dhcpserver subnet all command in Privileged mode.
In case of the DHCP subnet defined by the user, ‘none’ is displayed in the Interface field.
# show dhcpserver subnet all
Command Task
This example shows how to add a static host ‘kka’ and verify the configuration:
To remove a static host, use the no dhcpserver host command. To remove all static hosts,
no dhcpserver host all command.
The default maximum number of IP addresses is 5000 and the default minimum number of IP
addresses is 1.
To configure the maximum and minimum number of IP addresses for a subnet, perform this
task in privileged mode:
Table 10-9 Configuring the maximum and minimum number of IP addresses for a subnet
Command Task
dhcpserver subnet 2. Set the maximum number of IP addresses to be assigned to DHCP clients
<subnet-name> of the specific subnet.
highthreshold y <subnet-name>: Subnet name to configure.
<max-value> y<max-value>: The maximum number of IP addresses (2 ~ 5000)
dhcpserver subnet 3. Set the minimum number of IP addresses to be assigned to DHCP clients
<subnet-name> of the specific subnet.
lowthreshold y <subnet-name>: Subnet name to configure.
<min-value> y <min-value>: The minimum number of IP addresses (1 ~ 4999)
The following example shows how to configure the maximum and minimum number of IP
addresses for the sub1 subnet:
DHCP Relay
Client A DHCP Server Agent Clinet B
If the client a broadcasts the DHCPDISCOVER message to assign an IP address, the DHCP server,
which is in the same network, receives the message and assigns the IP address to the client A.
If the client B broadcasts the DHCPDISCOVER message to assign an IP address, the DHCP
server, which is in other network, can not receive the message. Therefore, the DHCP server can
not assign the IP address to the client B. In this case, you should configure the VLAN that the
client B is included to the DHCP relay agent. If the DHCP relay agent receives the
DHCPDISCOVER message, the DHCP relay agent transmits the message to the specified DHCP
server. The DHCP server, which receives the DHCPDISCOVER message, transmits the IP
address that is for the client B to the DHCP relay agent. The DHCP relay agent transmits the
assigned IP address to the client B.
Communication with the DHCP Server, the Relay Agent and the Client
When a DHCP client communicates with a DHCP server through a DHPC relay agent, IP
address is assigned to the DHCP client as follows:
unicast
DHCP Relay
Client 1. DHCPDISCOVER Agent 2. DHCPDISCOVER DHCP Server
4. DHCPOFFER 3. DHCPOFFER
5. DHCPDISCOVER 6. DHCPDISCOVER
8. DHCPACK 7. DHCPACK
9. DHCPRELEASE
1. The client sends a DHCPDISCOVER broadcast message to find out DHCP server.
3. DHCP server received DHCPDISCOVER message from DHCP relay agent offers
configuration parameters (such as an IP address, a MAC address, a domain name, and a
lease for the IP address) to the DHCP relay agent in a DHCPOFFER unicast message.
4. DHCP relay agent sends configuration parameters (such as an IP address, a MAC address, a
domain name, and a lease for the IP address) offered from the DHCP server to the client in a
DHCPOFFER unicast message.
6. The DHCP relay agent received DHCPDISCOVER message from the client forwards
DHCPREQUEST message to DHCP server.
7. After the DHCP server receives the DHCPREQUEST from DHCP relay agent, it
acknowledges the request with a DHCPACK message, thus completing the initialization
process.
8. After the DHCP relay agent receives the DHCPACK from DHCP server, it sends the
DHCPACK to the client.
9. A DHCP client may choose to relinquish its lease on a network address by sending a
DHCPRELEASE message to the DHCP server. The client identifies the lease to be released
by the use of the client identifier field and network address in the DHCPRELEASE message.
To enable DHCP relay on the Corecess S5 System, use the following command:
Commands Task
The following example shows how to enable DHCP relay on the Corecess S5 System:
# configure terminal
(config)# dhcprelay enable
DHCP Relay Enabled.
#
If you enter the dhcprelay enable when the DHCP server is enabled, the following message
will be displayed:
(config)# dhcprelay
Already running in DHCP server
Fail to enable DHCP Relay agent.
Before enabling the DHCP relay, disable the DHCP server using dhcpserver disable
command:
(config)#
To disable the DHCP relay, enter the dhcprelay disable command in the Global
configuration mode.
To add the DHCP servers which will assign the IP address to the DHCP relay, use the following
command in Privileged mode:
Command Task
This example shows how to add a DHCP server for DHCP relay:
To delete a DHCP server which will assign the IP address to the DHCP relay, use the no
dhcprelay serverlist command in Global configuration mode. To delete all DHCP
servers, use the no dhcprelay serverlist all command.
If you enable the DHCP relay security feature, the Corecess S5 System stores the IP address
assigned to a DHCP client (host A) and its MAC address. If any other host access to the system
with the host A’ IP address, the Corecess S5 System regards the packets as spoofing packet and
discard the packet.
By default, the DHCP relay security feature is disabled. To enable the DHCP relay security
feature, perform this task:
Command Task
To disable the DHCP relay security feature, use the no dhcprelay security command in
Global configuration mode.
When an interface of the system enabled DHCP relay agent has the primary IP address and the
secondary IP address, the Corecess S5 System decides which range of IP address (Primary IP,
Secondary IP 1, Secondary IP 2 and so on…) should be assigned to the interface by using the
weight assigned to the secondary IP address.
For example, when the following IP addresses are set to the vlan1 interface:
If the DHCP relay receives a DHCP request ten times, the DHCP relay assigns IP address of the
primary IP range five times, IP address of the secondary IP 1 range two times, and IP address of
the secondary IP 2 range three times via the DHCP server.
By default, the weight assigned to the primary IP is 100 and the weight assigned to the
secondary IP is 0. This allows the Corecess S5 System to assign a DHCP client an IP address of
the primary IP range via the DHCP server.
To configure the weight to be assigned the secondary IP address, perform this task:
Command Description
The following example shows how to assign the weight, 40%, to the secondary IP address,
172.2.2.2 and check the result:
To display the global DHCP server configuration, use the show dhcpserver command:
# show dhcpserver
The table below describes the fields in the show dhcpserver command output:
Field Description
*Default DNS #1, #2, #3 IP address of the DNS to be assigned to the DHCP clients
Path name of a file to which the DHCP client's core image should be
*Merit Dump
dumped in the event the client crashes.
*Root Path Path name that contains the client's root disk
(Continued)
Field Description
Allow BOOTP requests Whether to allow for the DHCP server to respond to the BOOTP queries.
Allow Unknown Clients Whether to allow for the DHCP server to respond to the BOOTP queries.
*: this indicates that the fields are displayed when users set the field value.
If the DHCP server is disabled on the Corecess S5 System, the following message will be
displayed:
# show dhcpserver
DHCP Server is not running.
#
To display the configuration of a DHCP subnet on the Corecess S5 System, use the show
dhcpserver subnet command.
The following example displays the configuration of all DHCP subnets by using the show
dhcpserver subnet all command:
| | | default | Max |
Name| IP Address| Netmask| Lease time| Lease time| Interface
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
SUB1| 172.168.20.0| 255.255.255.0| 43200| 86400| none
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan2| 172.20.2.0| 255.255.255.0| 43200| 86400| vlan2
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan1| 172.10.1.0| 255.255.255.0| 43200| 86400| vlan1
--------------- ---------------- ---------------- ----------- ----------- ---------
The following example displays the information of the specified DHCP subnets by using the
show dhcpserver subnet command:
Subnet IP : 172.168.20.0
Interface Name : none
Netmask : 255.255.255.0
default lease time : 43200 seconds
max lease time : 86400 seconds
HighThreshold : 5000
LowThreshold : 1
CurrentLeaseCount : 0
Default Gateway : 172.168.20.1
Log Server #1 : 120.1.1.1
#
The following example displays the IP address ranges of the specified subnet by using the show
dhcpserver subnet iprange command:
The table below describes the fields in the show dhcpserver subnet all command output:
Field Description
Default Lease time The default lease time for in the subnet
Max Lease time The maximum lease time for the hosts in the subnet
The table below describes the fields in the show dhcpserver subnet command output:
Field Description
default lease time The default lease time for in the subnet
maximum lease time The maximum lease time for the hosts in the subnet
The table below describes the fields in the show dhcpserver subnet <subnet-name>
iprange command output:
Field Description
To display the information of the IP addresses assigned to the DHCP clients, use the show
dhcpserver lease [summary] command.
The following example shows how to display the IP addresses assigned to the DHCP clients:
The following example displays the summary information of the IP addresses assigned to the
DHCP clients:
The table below describes the fields in the show dhcpserver lease command output:
Field Description
Remain Remaining time of the lease for an IP address that is assigned (in minutes)
The table below describes the fields in the show dhcpserver lease summary command
output:
Field Description
Assigned Lease The number of IP addresses that have been assigned to DHCP clients
The number of remaining IP addresses that have not been assigned to DHCP
Free Lease
clients yet
To display the list of the static hosts who can get the fixed IP addresses, use the show
dhcpserver host command.
The following example shows how to display the static DHCP hosts:
The table below describes the fields in the show dhcpserver host command output:
Field Description
leasetime Duration of the lease for an IP address that is assigned to the host
To display the DHCP relay configuration information, use the show dhcprelay command.
The following example shows how to display the DHCP relay configuration information on the
Corecess S5 System:
# show dhcprelay
The table below describes the fields in the show dhcprelay command output:
Field Description
Status The DHCP relay agent state on the system (Enabled or Disabled).
Security The DHCP relay security state on the system (On or Off)
Relay Interface The name of the VLAN interfaces that the DHCP relay is enabled
If the DHCP relay agent is disabled on the system, the ‘DHCP relay agent is not
running.’ message is displayed as follows:
# show dhcprelay
DHCP relay agent is not running
#
To display the list of the DHCP servers which assign the IP addresses to the clients of the DHCP
relay agent, use the show dhcprelay serverlist command.
The following example displays the DHCP servers used for the DHCP relay agent:
Field Description
To displays the weight to be assigned to secondary IP address of the system interface, use the
show dhcprelay weight command.
-----------------------------------------------------------------
rxBootpRequest : 4530 txBootpRequest : 0
rxBootpReply : 0 txBootpReply : 0
-----------------------------------------------------------------
The table below describes the fields shown by the show dhcp statistics command:
Field Description
Command Function
Adds the DHCP servers which will assign the IP address to the DHCP
dhcprelay serverlist
relay.
dhcpserver bootp Allows for the DHCP server to respond to the BOOTP queries.
Specifies the global default Domain Name System (DNS) server which
dhcpserver defaultdns
applies to all the DHCP subnets.
dhcpserver
Specifies the global default gateway list for all the DHCP subnets.
defaultgateway
dhcpserver Specifies the duration of the lease for an IP address that is assigned from
defaultleasetime a DHCP server to a DHCP client.
dhcpserver host Specifies the IP address for a manual binding to a DHCP client.
dhcpserver
Specifies the upper limit of the default lease time.
maxleasetime
Specifies the path name of the merit dump file to which the client's core
dhcpserver merit-dump
image should be placed in the event the client crashes.
dhcpserver root-path Specifies the path name that contains the client's root disk.
Adds a DHCP subnet. The clients in the DHCP subnet can be assigned
dhcpserver subnet
the IP addresses from the DHCP server.
dhcpserver subnet
Specifies the default Domain Name System (DNS) server for a subnet.
defaultdns
dhcpserver subnet
Specifies the default gateway list for a subnet.
defaultgateway
Specifies the duration of the lease for an IP address that is assigned to the
dhcpserver subnet
DHCP clients in a subnet. This value will apply to the specified DHCP
defaultleasetime
subnet.
(Continued)
Command Function
dhcpserver subnet
Specifies the high-threshold of the number of the leased IP addresses.
highthreshold
dhcpserver subnet Sets the range of addresses (or address pool) for DHCP clients in the
iprange specified subnet.
dhcpserver subnet Specifies a log server to which logging information DHCP clients are sent
log-server for a subnet.
dhcpserver subnet
Specifies the low-threshold of the number of the leased IP addresses.
lowthreshold
dhcpserver subnet
Specifies the upper limit of the default lease time for a subnet.
maxleasetime
dhcpserver subnet Specifies the path name of the merit dump file to which the client's core
merit-dump image should be placed in the event the client crashes for a subnet.
dhcpserver subnet
Specifies the path name that contains the client's root disk for a subnet.
root-path
dhcpserver unicast Allows for the DHCP server to send unicast reply.
dhcpserver
Allows for the DHCP server to assign IP addresses to the unknown hosts.
unknownclients
show dhcprelay Shows the list of the DHCP servers which assign the IP addresses to the
serverlist clients of the DHCP relay agent.
show dhcpserver host Shows the list of the static hosts who can get the fixed IP addresses.
Shows the current usage of the IP addresses available for the DHCP
show dhcpserver lease
clients.
show dhcpserver
Shows the DHCP subnet configuration.
subnet
y Configure DHCP Server Parameter to be allocated when allocating the IP of corresponding Pool in IP Pool; and
Values to be identified
Corecess S518 configures DHCP Server by VLAN unit. To configure DHCP Server, below-listed
values should be identified in advance:
y Range of IP to be allocated;
y Various network information including the gateway address to be used by the Host to which IP was
allocated; and
y IP lease time.
Command Work
Configure terminal Enter into Configuration mode.
Interface vlan id [ID] Enter into Interface mode.
Ip dhcp server Activate DHCP Server.
End Return to Privileged mode.
Show ip dhcp Check the activation of DHCP
interface Server.
To inactivate DHCP Server so as not to act anymore, run no ip dhcp server command in
Interface Mode.
Below-shown are the kinds and default values of parameters supplied by DHCP in Corecess:
Default
Parameter Description
Value
Default lease time IP lease time allocated to Client 43200
Default gateway Default gateway address of client
Dns server DNS Server address
Log server LOG Server address
Wins server WIN Server address
Path of Merit dump file where Core image of client is
Merit dump
saved
Root
Path where Root disk of client exists
path
These DHCP Parameters may set distinguishing into Global mode applied to all the subnet and
IP Pool mode applied to only one subnet.
If the setting is done to both Global mode and IP Pool mode, the value set in IP Pool mode is
firstly applied in corresponding subnet.
The method to designate the parameter as the prior Global mode as shown below:
Command Work
Configure terminal Enter into Global Configuration mode.
Ip dhcp leasetime <time> Designate Default lease allocation time.
Ip dhcp default-gateway <ip-address> Designate default gateway.
Ip dhcp dns-server <ip-address> Designate the address of Dns-Server.
Ip dhcp log-server <ip-address> Designate the address of Log-Server.
Ip dhcp wins-server <ip-address> Designate the address of Wins-Server.
Ip dhcp merit-dump-file <string> Designate the route of Merit-dump-file.
Ip dhcp root-path <string> Designate the path of Root disk.
To return the default lease time to default setting value, 43200, execute no ip dhcp leasetime
command.
To delete set WINS Server address, execute no ip dhcp WINS server command.
Setting root-path
The path of root disk may be set as shown below:
Creating IP Pool
In IP Pool, IPs allocated to clients in DHCP Server and related parameters may be set. To do so,
IP Pool should be created in advance.
To create IP Pool, execute below-shown command.
Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create IP Pool named <string>.
End Return to Privileged mode.
Show service-manager ip pool config Check created IP Pool.
Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Network <ip-address/mask> Set subnet.
Ip range dhcp <start-ip> <end-ip> or
IP range to be allocated is set.
Ip range dhcp <ip-address/mask>
end Return to Privileged mode.
Show service-manager ip pool config Check pool setting.
The next is the example to set the IP range to be allocated to subnet in IP Pool.
localhost#
To delete subnet and IP address range set in IP Pool, execute below-shown commands:
When deleting:
localhost(config-ippool)# ip range dhcp 50.1.1.3 50.1.1.254 (X)
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.250 (X)
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254 (O)
When creating:
localhost(config-ippool)# ip range dhcp 50.1.1.0/24
When deleting:
localhost(config-ippool)# no ip range dhcp 50.1.1.0/26 (X)
localhost(config-ippool)# no ip range dhcp 50.1.1.0/24 (O)
To exclude specific IP range from the allocation range, use below-shown commands:
Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Ip range excluded-address <start-ip> <end-ip> Set the IP Range to be excluded from allocation range.
End Return to Privileged mode.
Show service-manager ip pool config Check pool setting.
Below-shown is the example to set the IP Range to be excluded from the allocation range in IP
Pool.
localhost#
Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Ip dhcp leasetime <time> Designate Basic lease allocation time.
Ip dhcp default-gateway <ip-address> Designate basic gateway.
Ip dhcp dns-server <ip-address> Designate the address of Dns-Server.
Ip dhcp log-server <ip-address> Designate the address of Log-Server.
Ip dhcp wins-server <ip-address> Designate the address of Wins-Server.
Ip dhcp merit-dump-file <string> Designate the route of Merit-dump-file.
Ip dhcp root-pathname <string> Designate the path of Root disk.
localhost(config)#
To delete set WINS Server address, execute no ip dhcp WINS server command.
Setting root-path
The path of root disk may be set as shown below:
Five pools are connected to a single direction list by Pool Chaining method and Pool #1 at the
front is connected with interface.
When IP request is received from a client, IP is firstly allocated to Pool #1 at the left and then in
the order of Pool #2, Pool #3...
Below-shown is the commands to configure Pool Chaining.
Command Work
Configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Command Work
Configure terminal Enter into Global Configuration mode.
Dhcp option <name> id
<option number> value Create and Enter into <string> pool.
<string value>
Dhcp option <option name> Assign the IP address from the address pool defined in <pool name>
address-pool local <pool based on the value in DHCPDISCOVER packets referring to its
name> registered <option name>.
End Return to Privileged mode.
Show service-manager ip pool
Check pool setting.
config
Below-shown is the example setting that DHCP Option 60 allocates IP only to the Packet that is
‘MSFT 5.0’.
localhost(config)#
localhost(config)# dhcp option test id 1 value "MSFT 5.0"
Command Work
In case of DHCP Relay also, like DHCP Server, activation by interface unit is possible. The
interface to be activated is the one that belongs to the network where the client to receive IP
through DHCP exists.
Command Work
Configure terminal Enter into Global Configuration mode.
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp helper-address <ip-address> Set External DHCP Server Address.
End Return to Privileged mode.
Below-shown is the example to designate DHCP Server to send/receive Packets to/from DHCP
Relay.
DHCP Relay unicasts Packets to DHCP Server designated by above-shown commands every
time when the DHCP packet broadcasted by client is received.
However, sometimes DHCP Server cannot allocate IP to multiple subnets of an interface. The
purpose of DHCP Secondary weight function is to support IP allocation connected with such
DHCP Server.
To allocate corresponding IP to each subnet, weight should be given to the interface IPs
(secondary IPs) corresponding to each subnet excluding the first subnet.
To give weight to secondary IPs, execute below-shown commands:
Command Work
Configure terminal Enter into Global Configuration mode.
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp secondary weight
<ip-address> <weight> <total> Set weight to secondary IPs.
End Return to Privileged mode.
In the commands to give weight to secondary IPs, <total> means the whole ratio of IPs for
allocation and <weight> means the ratio of IP allocated to the subnet corresponding to
secondary IP.
Below-shown is the example of such command.
Command Work
Configure terminal Enter into Global Configuration mode.
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp proxy-server Activate DHCP Proxy Server in interface.
End Return to Privileged mode.
localhost#
localhost# configure terminal
localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp proxy-server
Sep 28 15:51:30 localhost DHCP-7-INFO: DHCP Proxy Server serviced on interface
v
lan50.
localhost(config-if)# end
localhost# show ip dhcp interface
Command Work
Configure terminal Enter into Global Configuration mode.
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp proxy helper-address <ip-address> Set External DHCP Server Address.
End Return to Privileged mode.
localhost#
localhost#
localhost#
In this chapter, the method to use the Netsnoop functions of Corecess S5 System is described.
Understanding NetSnoop
In this chapter, the specific features of NetSnoop and the method to use are described.
Understanding NetSnoop
NetSnoop is the function to manage user's profile and to protect users and equipment from
various wrong network attack with use of DHCP and ARP.
It consists of two modules: DHCP Snoop and ARP Snoop.
In general, this function is available when using L3 Gateway or L2 Switch.
DHCP Snoop
Differently from DHCP Server or Relay, it manage DHCP state machine to snoop DHCP Packet
and supports with security function for basic DHCP Packet. Also, when it interworks with ARP
Snoop, it may prevent illegal use of IP by the method to pass only the ARP Packet towhich IP
was assigned through DHCP.
This is the filtering rule of whole S5 equipment. Two modes – Permit and Deny – are provided;
in case of Permit mode, control such as communication blocking is not perfomed. In contrast, in
case of Deny mode, the subscribers who were assigned with IPs through DHCP may only
communicate.
network, Uplink is designated as the Server Port. When the equipment does not drive DHCP
Server, Server Port is not separately designated.
Client Port means the Port connected with Subscriber Client. The DHCP Packet sent by client is
received by this Port and the Packets sent from Server are blocked. Also, if Base Rule is in Deny
status, the clients received IPs through DHCP may only communicate.
Transparent Port acts as a common port. In this port, all the hosts may communicate regardless
of Base Rule.
The thing to be done for the first time to configurate DHCP Snoop is to activate DHCP Snoop in
the Corecess S5 Sysem by the method shown below:
Command Work
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop 2. Activate DHCP snoop.
This is the basic value to permit communication to the users with assignment of IPs through
licensed DHCP and converts the System Base Rule set as Permit mode to Deny mode.
Command Work
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop base- 2. System Base Rule of DHCP snoop is
rule deny converted into Deny mode.
The next is the example to set Base Rule of Corecess S5 System as Deny mode.
localhost(config)# ip dhcp snoop base-rule deny
localhost(config)# end
localhost# show ip dhcp snoop
ip dhcp snoop : $Revision: 1.22 $
ip dhcp snoop is enable
system's base rule : deny
base-rule timeout : none
enforced deny rule : applied
information policy : replace
secure-unicast : off
suppression : off
client-aging time(sec): 300
option82 insertion mode : disable
uptime : 26s
localhost#
Command Work
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop port <port info> 2. Set corresponding port as Server Port. The port
server connected with DHCP Server is set as this one.
3. Set corresponding port as Transparent Port
Ip dhcp snoop port <port info>
transparent (basic value). In case of ports that do not need to or
should not manage hosts are set as theses ports.
4. Set corresponding port as Client Port. The ports
Ip dhcp snoop port <port info> that intend to permit the communication to the
client subscribers with assignment of IPs through
licensed DHCP are set as these ports.
Ip dhcp snoop port <port info> 5. Number of clients of corresponding port is
client-limit <num> limited to <num>.
Ip dhcp snoop port <port info> 6. The Circuit-ID of corresponding port is set as
circuit-id <str> <str>.
Ip dhcp snoop port <port info> 7. The Base-Rule of corresponding port is set as
base-rule <permit|deny> Deny mode.
8. A host is set as static type so that a specific host
Ip dhcp snoop port <port info>
static <MAC> <IP> may always communicate in the corresponding
port.
9. Corresponding port should not use Netsnoop
No ip dhcp snoop port <port info>
function.
In case of #1~#4, setting is different depending upon the situation that which kinds of hosts exist
in each port. Each port has one strategy – Severe, Transparent, or Client – and the port with no
setting is set as Transparent.
In case of#5~#7, setting is performed only when there is the DHCP Server that manages
subscribers through web authentication and allocate temporary IPs.
In case of #8~#11, setting is performed in needed cases only. If no setting is performed,
corresponding function is used.
localhost(config)#
When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#
Default
Parameter Desctiption
value
When inputted Packet is not same with saved information,
Information policy Replace
whether to update is decided.
Inspection Appropriateness of inputted Packet is inspected. None
Broadcast is converted into Unicast with use of saved
Secure-unicast None
informationl.
Suppression Burst packet attack is blocked with use of DHCP Packet. None
The method to set the values of such DHCP snoop parameters are as follows:
Command Work
To set so as to update saved information to the client information of newly inputted Packet,
execute ip dhcp snoop information policy replace command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# ip dhcp snoop information policy replace
localhost(config)#
duplicated. If you do not want to use inspection function, execute no ip dhcp snoop inspection
command.
Below-shown is the example to execute the command.
localhost# configure terminal
localhost(config)# no ip dhcp snoop inspection
localhost(config)#
Setting Option82
Below-shown is the command to add DHCP Option82 in DHCP Snoop.
Command Work
If you intend not to use Option82 function anymore, execute no ip dhcp snoop opt82 command.
Below-shown is the example to execute the command.
ARP Snoop
In case of existing LAN switch, the arp request used in linking ip address and mac address in
IPv4 is basically broadcasted. In this case, malicious user may easily obtain the ip/mac
information of other hosts of nodes on the LAN by sniffing the Packet with substitution of own
network device for promicuous mode. Based on such information, the arp information of router
may be poisoned and the traffic of other hosts may be monitored. Also, by producing wrong
arp reply/request, proper users become ip conflict status and cannot receive network service.
To solve such problem, ARPsnoop blocks inputting of improper arp packet by inspecting all the
arp request/reply inputted into the switch and manages the ip/mac in the table to reduce the
quantity of broadcasted arp request .
When interworking with DHCPsnoop, arp request/reply is permitted only to the subscribers
using the ip-pool allocated through proper dhcp action and it can be prevented that malicious
user receives service by producing improper arp request or setting static IP.
Command Desctiption
When the user communicates with use of proper IP, the entry is created and maintained in the
table managed by ARP snoop. Also, the users using static IPs set by group access list have static
entries. If you want to maintain the table of static IP users by maintaining the entries until the
users’ terminals are turned off, you may set ARP snoop active-probing and then ARP snoop
periodically transfers ARP request message to maintain the entries.
Command Desctiption
Command Desctiption
ip arp snoop arp-move restricted y ARP snoop table entries are maintained.
When performing arp secured with use of dhcp binding information, Deny and Permit may be
performed with referring to access-list only with no secure checking of IP existing in
corresponding acces-list to manage the lower layer equipment using static IP.
Command Desctiption
As improper ARP Snoop table may be configured when arp poisoning is detected by the
equipment where ARP Snoop is set, ARP Snoop table may be reconfigured by sending the
GARP of proper ip/mac to the port where poisoning is detected.
Command Desctiption
ip arp snoop guard arp-poisoning y < sec > : Cycle to send GARP
<sec> <packets> y < packets > : Number of GARP Packets
Below-shown is the command to send 5 GARPs in a second. < sec > may be set in the range of 1
~ 10 and < packets >may be set in the range of 5 ~ 60.
localhost(config)#ip arp snoop groop guard arp-poisoning 1 5
ARP Snoop provides with ARP Snoop inspection function to drop Packet when modified ARP
Packet is sent for poisoning attack. Inspection function is available as two types: mac-match and
unsolicited-reply. Mac-match function is the one to drop improper ARP Packet judged when
source mac address of Ethernet header part and source mac address part of ARP packet are not
same. Unsolicited-reply function is the one to judge and drop ARP poisoning attack when multi
ARP reply packets are received in a short time.
Command Desctiption
ip arp snoop inspection <mac- y < mac-match > : Source mac address inspection
match/unsolicited-reply> y < unsolicited-reply > Reply packet inspection
Both mac-match and unsolicited-reply may be used at the same time and only one mode may
also be used.
localhost(config)#ip arp snoop inspection mac-match
localhost(config)#ip arp snoop inspection unsolicited-reply
To inactivate the activated ARP Snoop inspection function, execute below-shown command. It
is not impossible to inactivate one of Mac-match mode or unsolicited-reply mode; if inactivation
is performed when two modes are set, both two are inactivated.
localhost(config)#no ip arp snoop inspection
This is the function to drop the ARP packet to which proper IP is not allocated through DHCP
server, by referring the dhcp binding information in arp source address and target address.
Three modes are available and default mode is All: Target, Source, and All.
Command Desctiption
y < all > : Both source and target are inspected.
ip arp snoop reply < all, soruce, target >
y < source/target > : Either target or source is inspected.
ARP Snoop unicasts reply message to the port received request for the ARP request message
already registered in ARP Snoop table to reduce the quantity of ARP packets.
Command Desctiption
To inactivate the activated ARP Snoop reply cache function, execute below-shown command.
localhost(config)#no ip arp snoop reply-cache
ARP Snoop may set whether to broadcast or unicast ARP request message.
Four request modes are available: broadcast, protected-broadcast, restricted-broadcast, and
secure-broadcast. Default mode is broadcast. In the broadcast mode, if there is no target
information, ARP request message is transferred to all the server port, transparent port, and
client port in the port types set in DHCP snoop.
Command Desctiption
ip arp snoop request <broadcast,
protected-broadcast, restrict-broadcast, y ARP Snoop request message setting
secure-broadcast>
When the mode is set as Restrict-broadcast, if the IP information was not properly allocated by
DHCP to source IP, ARP request packet is dropped. At this time, DHCP snoop base-rule should
be set as Deny. ARP request message is transferred to the port to which target belongs to when
there is the information on target; if there is no information on target and the request message is
sent from client port, it is broadcasted to server port and transparent port; if request message is
sent from server port, it is broadcasted to all ports.
The basic action is same in the secure-broadcast mode and restrict-broadcast mode but, if there
is the information on target, the ARP request packet is unicasted to the physical address of
target IP.
In protected-broadcast mode, ARP request packet is broadcasted to server port/router port only.
Therefore, action is possible only when local proxy arp is set in the router and ip dhcp snoop
base-rule deny is set. This setting is performed so that lower layer switch sends all the arp
requests to router to be processed when local-proxy-arp is drived in the router to perform user
isolation.
If arp sticky command is activated, MAC move is not produced in the users or equipments
using static IPs.
Command Desctiption
This chapter describes how to configure security features on the Corecess S5 System.
Configuring Password
Console is a terminal to connect the system directly through a console port, and virtual terminal
is a terminal to connect the system through Telnet. In the Corecess S5 System, users who access
the system through console or virtual terminal require a password. It can enhance the system
security.
By default, the Corecess S5 System requires a login password. The default login password is
‘corecess’. To change the default login password, use passwd command.
> passwd
Changing password for corecess
(current) UNIX password: ******** Enter the current password.
New UNIX password: ******** Enter the new password.
Retype new UNIX password: ******** Enter the new password again.
passwd: all authentication tokens updated successfully
>
After setting the CLI login password, you should enter the login password at the login prompt
that is shown when you connect the system.
You can set the Privileged mode password that controls access to privilege mode. By default,
the Corecess S5 System does not require the Privileged mode password for entering the
Privileged mode.
You can specify the password for the Privileged mode using enable passwd command. The
following example shows how to set the Privileged mode password to ‘corecess’ by the enable
passwd command.
After setting the Privileged mode password, you should enter the password to go to the
Privileged mode from user mode as follows:
> enable
Password: corecess
Privileged mode is signified by the # prompt. In the Privileged mode, you can enter all
commands to view statistics and configure the system.
Password Encryption
All IDs and passwords on the system can be shown by using the write terminal command.
In the Corecess S5 System, user passwords are stored and displayed by the password
encryption. Even if the writer terminal command is executed, only system administrator can see
the user password.
The following example shows how to add a CLI user who ID and password are ‘guest’ using
the username command and how to display the user using the write terminal command.
# configure terminal
(config)# username guest passwd guest
(config)# end
# write terminal
Building configuration...
Current configuration:
banner incoming "welcome\n"
username recover passwd 8 $1$$nlCC0vP6YG0ZB0Mp685Fy0
username guest passwd 8 $1$$ysap7EeB9ODCrO46Psdbq/
.
.
The default timeout for an unattended telnet session is 10 minutes. To change the login timeout,
enter the following commands:
Command Task
Access Lists
Access lists filter network traffic by controlling whether routed packets are forwarded or
blocked at the system's interfaces. Your system examines each packet to determine whether to
forward or drop the packet, based on the criteria you specified within the access lists.
Access list criteria could be the source address of the traffic, the destination address of the traffic,
the upper layer protocol, or other information. Note that sophisticated users can sometimes
successfully evade or fool basic access lists because no authentication is required.
You can use standard access lists to control the Telnet or SNMP access methods to management
functions on the Corecess S5 System.
Internet or LAN
Router 인터넷이나 LAN Server A
Server B
Corecess S5 System
Access List
x Source Address : 172.20.128.64
x Permit/Deny : Permit
x Flow : Out
Host A Host B
IP: 172.20.128.10 IP: 172.20.128.64
In the above example, the access list allows access from the 172.20.128 64 host. Therefore the
host B connected to the Corecess S5 System can access to the Server A or Server B and the host
A can’t access to the Servers.
The Corecess S5 System is basically set to be connected to all networks. Therefore, you should
limit addresses not to access the system using access list for safety if possible.
To define access lists, use the following commands on the Corecess S5 System:
Command Task
access-list <list-number>
3. Permit/Deny packets from the specified source host address.
{permit| deny} host
y <host-addr> IP Address of the host
<host-addr>
access-list <list-number>
4. Permit/Deny packets from all network or host.
{permit| deny} any
Note:
x The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros.
Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value
matches. For example, the <source-ip> and <wild-card> values 209.157.22.26 0.0.0.255 mean that all
hosts in the Class C sub-net 209.157.22.x match the policy.
x The packets that do not match any entries in an access list are denied.
The following example shows how to define an access list which permits the access from hosts
in the specified network:
# configure terminal
(config)# access-list 1 permit 192.5.34.0 0.0.0.255
(config)# access-list 1 permit 128.88.0.0 0.0.255.255
(config)# access-list 1 permit 36.0.0.0 0.255.255.255
(config)# end
# show access-list
Standard IP access list 1
permit 192.5.34.0, wildcard bits 0.0.0.255
permit 128.88.0.0, wildcard bits 0.0.255.255
permit 36.0.0.0, wildcard bits 0.255.255.255
The following example shows how to define an access list which denies the access from the
specified host:
# configure terminal
(config)# access-list 2 deny host 171.69.198.102
(config)# access-list 2 permit any
(config)# end
# show access-list
Standard IP access list 2
deny 171.69.198.102
permit any
After you create an access list, you can apply it to terminal line. In this case, access lists can be
applied on both outbound and inbound flows. To restrict terminal line access to the system
using access lists, enter commands such as the following:
Command Task
The following example shows how to apply the access list to terminal line. The Corecess S5
System allows Telnet access to all IP addresses except the hosts listed in access list 2.
The following example shows how to apply the access list to terminal line. The Corecess S5
System denies connections to networks other than network 192.89.55.0:
# configure terminal
(config)# access-list 12 permit 192.89.55.0 0.0.0.255
(config)# line vty 0 5
(config-line)# access-class 12 out
(config-line)#
Note: To remove access restrictions, use the no access-class <list-number> {in | out}
command.
After you create an access list, you can apply it to SNMP access. In this case, access lists can be
applied on inbound flow.
To restrict SNMP access to the system using access lists, enter commands such as the following:
Command Description
The following example shows how to apply the access list to SNMP access. The Corecess S5
System allows SNMP access to all IP addresses except the hosts listed in access list 2.
Command Function
access-list Defines a standard IP access list using source addresses for filtering packets
(Standard) received/transmitted through the specific interface.
Sets the interval that the EXEC command interpreter waits until user input is
exec-timeout
detected.
snmp-server group Limits hosts which can access to the system through SNMP based on the
access access list.
This chapter describes how to configure the Corecess S5 System for multicast routing protocols.
Unicast transmission mode transmits data from one source to one destination. It is used in
general Internet application program such as Telnet or ftp.
Broadcast transmission mode is the transmission of the copy of packet to all receivers in the same
network from one transmitter.
Multicast transmission mode is used in application programs of Internet image conference and
etc, as a mode of more than one transmitters transmitting data to more than one certain
receivers. When a transmitter transmits the pack to a multicast group address, only the
receivers belonging to that multicast group can receive the copy of the packet transmitted by
the transmitter.
The following example shows the difference between unicast transmission mode and multicast
transmission mode.
300K 300K
Multicast transmission mode minimizes the network resource loss due to repetitive
transmission of the data like the broadcast transmission mode and thus can save network
bandwidth, and can save transmission time since there is no need to transmit the packet to all
receivers separately like the unicast transmission mode.
There is the receiver address displayed on the packet header in unicast transmission, but in the
multicast transmission, marking the multicast group address where receivers belong other than
the receiver address on the header, it transmits the packet.
D class IP address is used for multicast group address. The range of D class is 224.0.0.0 ~
239.255.255.255, and IP address 224.0.0.0 ~ 224.0.0.255 among this range is assigned for other
uses and cannot be used.
Multicast routing is that routers exchange messages for multicast transmission and make routing
trees, then decide the path from source to destination (group members of multicast). The
Corecess S5 System supports the following multicast routing protocols.
IGMP snooping manages multicast traffic at Layer 2 on the Corecess S5 System by allowing
directed switching of IP multicast traffic. Switches can use IGMP snooping to configure Layer 2
interfaces dynamically so that IP multicast traffic is forwarded only to those interfaces
associated with IP multicast devices.
When IGMP snooping is enabled on the Corecess S5 System, the route processor sends out
periodic general queries to all VLANs. The switch processor responds to the route processor’s
queries with only one join request per MAC multicast group. The switch processor creates one
entry per VLAN in the Layer 2 forwarding table for each MAC group from which it receives an
IGMP join request. All hosts interested in this multicast traffic send join requests and are added
to the port mask of this forwarding table entry.
DVMRP consists the multicast tree that the root is one source. If the DVMAP source transmits
multicast packets to the DVMRP network, the routers that does not want to receive the packets
of the multicast group transmits the prune message to upstream routers. Then, the routers that
transmit the prune message are removed from the multicast tree, and finally the multicast tree
is completed with the routers who want to receive multicast packets. The prune state is released
after a certain time, and the source transmits the multicast packet to the DVMRP network again.
DVMRP uses RPF (Reverse Path Forwarding) algorithm to maintain a multicast tree that has the
minimum branch. If DVMRP is enabled, the multicast tree is made to transmit multicast packets
to a downstream interface. When the interface receives multicast packets, the interface checks
its DVMRP routing table to find the shortest path. If the interface has the shortest path, the
interface transmits multicast packets to adjacent DVMRP router. If the interface does not have
the shortest path, the interface ignores multicast packets and transmits the prune message to the
upstream router.
After the multicast tree is constructed, pruning of the tree will occur after IP multicast packets
begin to traverse the tree. As multicast packets reach leaf networks (sub-nets with no
downstream interfaces), the local IGMP database checks for the recently arrived IP multicast
packet address. If the local database does not contain the address (the address has not been
learned), the router prunes (removes) the address from the multicast tree and no longer receives
multicasts until the prune age expires.
A DVMRP router restores pruned branches to a multicast tree by sending graft messages
towards the upstream router. Graft messages start at the leaf node and travel up the tree, first
sending the message to its neighbor upstream router. You do not need to perform any
configuration to maintain the multicast delivery tree. The prune and graft messages
automatically maintain the tree.
There are two modes in which PIM operates: Dense and Sparse. The Dense Mode is suitable for
densely populated multicast groups, primarily in the LAN environment. The Sparse Mode is
suitable for sparsely populated multicast groups with the focus on WAN. PIM primarily differs
from DVMRP by using the IP routing table instead of maintaining its own, thereby being
routing protocol independent.
Once PIM is enabled on each router, when a multicast packet is received on a PIM-capable
router interface, the interface checks its IP routing table to determine whether the interface that
received the message provides the shortest path back to the source. If the interface does provide
the shortest path back to the source, the multicast packet is then forwarded to all neighboring
PIM routers. Otherwise, the multicast packet is discarded and a prune message is sent back
upstream.
PIM-SM searches the point where various transmitting places (sources) converges into one
route and set up a tree to where point becomes the route. This type of tree that makes up PIM-
SM is called Shared Tree and the route for Shared Tree is called RP(Rendezvous Point). First,
data are transmitted to RP and then they are transmitted to receivers in each group.
Shared Tree shares one tree per each multicast group. It means that multicast group can use
only one router as RP whereas PIM-SM domain can have multiple RP. At default, Shared Tree
automatically selects RP to be built itself but user customized versions can also be used. User-
defined version of RP is called static RP. Since Shared Tree must pass RP it goes through
different path than optimized SPT (Shortest Path Tree).
BSR is a router that receives candidate RP messages with prioritization information and its own
IP address and transmits information to multicast router for RP selection. When RP is selected
RP router transmits information about its domain to BSR by unicast. Then, BSR include this
message in its Bootstrap message and transmits them to all the PIM-SM routers in its domain.
Based on this information, all the routers can map the multicast group to a RP.
• BSR – The Bootstrap Router (BSR) distributes RP information to the other PIM-SM routers
within the domain. Each PIM-SM domain has one active BSR. For redundancy, you can
configure ports on multiple routers as candidate BSRs. The PIM-SM protocol uses an election
process to select one of the candidate BSRs as the BSR for the domain. The BSR with the
highest BSR priority (a user-configurable parameter) is elected. If the priorities result in a tie,
then the candidate BSR interface with the highest IP address is elected.
• RP – The Rendezvous Point (RP) is the meeting point for PIM-SM sources and receivers. A
PIM-SM domain can have multiple RPs, but each PIM-SM multicast group address can have
only one active RP. PIM-SM routers learn the addresses of RPs and the groups for which they
are responsible from messages that the BSR sends to each of the PIM-SM routers.
Note: We recommends that you configure the same interfaces as candidate BSRs and RPs.
PIM-DM(dense mode) assumes that the downstream networks want to receive the datagram
forwarded to them. The PIM-DM router forwards all packets on all outgoing interfaces until
pruning and truncating occurs. Thus, interfaces with PIM-DM enabled receive the multicast
data stream until it times out. PIM-DM is most useful under these conditions:
In the figure below, the root node (RTA) is forwarding multicast packets for group 229.225.0.1,
which it receives from the server, to its downstream nodes, RTB, RTC, and RTD. Router RTD is
an intermediate router with RTE and RTF as its downstream routers. Because RTE and RTF
have no downstream interfaces, they are leaf nodes. The receivers in this example are those
workstations that are resident on routers RTB, RTC, and RTF.
Server
RTA
229.225.0.1
229.225.0.1
RTB RTC
Group members
RTD
Group members ....
....
RTE RTF
Group members
....
229.225.0.1
As multicast packets reach these leaf routers, the routers check their IGMP databases for the
group. If the group is not in a router’s IGMP database, the router discards the packet and sends
a prune message to the upstream router. The router that discarded the packet also maintains the
prune state for the source, group (S,G) pair. The branch is then pruned (removed) from the
multicast tree. No further multicast packets for that specific (S,G) pair will be received from that
upstream router until the prune state expires. You can configure the PIM Prune Timer (the
length of time that a prune state is considered valid).
For example, in the figure above the sender with address 207.95.5.1 is sending multicast packets
to the group 229.225.0.1. If a PIM router receives any groups other than that group, the router
discards the group and sends a prune message to the upstream PIM router.
Router RTD is a leaf node with no group members in its IGMP database. Therefore, the router
must be pruned from the multicast tree. RTE sends a prune message upstream to its neighbor
router RTD to remove itself from the multicast delivery tree and install a prune state, as seen in
the figure RTE will not receive any further multicast traffic until the prune age interval expires.
When a node on the multicast delivery tree has all of its downstream branches (downstream
interfaces) in the prune state, a prune message is sent upstream. In the case of RTD, if both RTE
and RTF are in a prune state at the same time, RTD becomes a leaf node with no downstream
interfaces and sends a prune message to RTA. With RTD in a prune state, the resulting
multicast delivery tree would consist only of leaf nodes RTB and RTC.
Enabling PIM-SM
To configure PIM-SM network using the Corecess S5 System, enable PIM globally on the switch
and enable PIM-SM locally on VLAN interfaces. To enable PIM-SM, use the following
command in Privileged mode:
Command Task
configure terminal 1. Enter Global configuration mode.
ip multicast-routing 2. Enable PIM on the Corecess S5 System.
3. Enter Interface configuration mode for the VLAN
interface vlan interface that will use PIM-SM.
{id <id> | name <name>} y <id> VLAN ID (1 ~ 4094)
y <name> VLAN name
4. Configuring IP address of the VLAN interface.
ip address
<ip-address>/<M> y <ip-address>: IP address of the VLAN interface
y <M>: Subnet mask
ip pim sparse-mode 5. Enable PIM-SM on the VLAN interface.
end 6. Return to Privileged mode.
show running-config 7. Verify the result.
Note: PIM-SM use IGMP to dynamically manage multicast group members. Enabling PIM-SM on an interface
also enables IGMP operation on that interface.
The following example enables PIM-SM on the Corecess S5 System and on the VLAN interface:
# configure terminal
(config)# ip multicast-routing
(config)# interface vlan id 10
(config)# ip address 10.10.10.20/24
(config-if)# ip pim sparse-mode
(config-if)# end
localhost# show running-config
Building configuration...
Current configuration:
!
!
ip multicast-routing
!
interface management
!
interface vlan id 1
!
interface vlan id 10
ip address 10.10.10.20/24
ip pim sparse-mode
!
#
Note: To disable PIM-SM on a VLAN interface, use the no ip pim sparse-mode command in
Interface configuration mode and to disable PIM on the switch, use the no ip multicast-routing
pim command in Global configuration mode.
If you enable PIM-SM, PIM-SM will run on the switch with default values for all global and
interface parameters. IGMP is also automatically enabled. Therefore you do not need to
configure all PIM-SM parameters. To change PIM-SM and IGMP parameters according to your
network environment, refer to the following sections:
y To configure PIM-SM parameters, see the Configuring PIM and Configuring PIM-SM section in this chapter.
y To configure IGMP parameters, see the Configuring IGMP section in this chapter.
y To enable IGMP snooping and configure IGMP snooping parameters, see the Configuring IGMP Snooping
section in this chapter.
Enabling PIM-DM
To configure PIM-DM network using the Corecess S5 System, enable PIM globally on the switch
and enable PIM-DM locally on VLAN interfaces. To enable PIM-DM, use the following
command in Privileged mode:
Command Task
Note: PIM-DM use IGMP to dynamically manage multicast group members. Enabling PIM-DM on an interface
also enables IGMP operation on that interface.
The following example enables PIM-DM on the Corecess S5 System and on the VLAN interface:
# configure terminal
(config)# ip multicast-routing
(config)# interface vlan id 10
(config)# ip address 10.10.10.20/24
(config-if)# ip pim dense-mode
(config-if)# end
# show running-config
Building configuration...
Current configuration:
!
!
ip multicast-routing
!
interface management
!
interface vlan id 1
!
interface vlan id 10
ip address 10.10.10.20/24
ip pim dense-mode
!
#
Note: To disable PIM-DM on a VLAN interface, use the no ip pim dense-mode command in
Interface configuration mode and to disable PIM on the switch, use the no ip multicast-routing
pim command in Global configuration mode.
If you enable PIM-DM, PIM-DM will run on the switch with default values for all global and
interface parameters. IGMP is also automatically enabled. Therefore you do not need to
configure all PIM-DM parameters. To change PIM-DM and IGMP parameters according to
your network environment, refer to the following sections:
y To configure PIM-DM parameters, see the Configuring PIM and Configuring PIM-DM section in this chapter.
y To configure IGMP parameters, see the Configuring IGMP section in this chapter.
y To enable IGMP snooping and configure IGMP snooping parameters, see the Configuring IGMP Snooping
section in this chapter.
Enabling DVMRP
To configure DVMRP network using the Corecess S5 System, enable DVMRP globally on the
switch and locally on VLAN interfaces. To enable DVMRP, use the following command in
Privileged mode:
Command Task
(Continued)
Command Task
4. Configuring IP address of the VLAN interface.
ip address
<ip-address>/<M> y <ip-address>: IP address of the VLAN interface
y <M>: Subnet mask
ip dvmrp 5. Enable DVMRP on the VLAN interface.
Note: DVMRP use IGMP to dynamically manage multicast group members. Enabling DVMRP on an interface
also enables IGMP operation on that interface.
The following example enables DVMRP on the Corecess S5 System and on the VLAN interface:
# configure terminal
(config)# ip multicast-routing
(config)# interface vlan id 10
(config)# ip address 10.10.10.20/24
(config-if)# ip dvmrp
(config-if)# end
localhost# show running-config
Building configuration...
Current configuration:
!
ip multicast-routing
!
interface management
!
interface vlan id 1
!
interface vlan id 10
ip address 10.10.10.20/24
ip dvmrp
#
Note: To disable DVMRP on a VLAN interface, use the ip dvmrp command in Interface configuration mode and
to disable DVMRP on the switch, use the no ip multicast-routing dvmrp command in Global configuration mode.
If you enable DVMRP, DVMRP will run on the switch with default values for all global and
interface parameters. IGMP is also automatically enabled. Therefore you do not need to
configure all DVMRP parameters. To change DVMRP and IGMP parameters according to your
network environment, refer to the following sections:
y To configure DVMRP parameters, see the Configuring DVMRP section in this chapter.
y To configure IGMP parameters, see the Configuring IGMP section in this chapter.
y To enable IGMP snooping and configure IGMP snooping parameters, see the Configuring IGMP Snooping
section in this chapter.
In the above figure, MR1-UR1-UR2-MR2 path is used to forward unicast packets and the MR1-
MR2 tunnel is used to forward multicast packets.
You can configure more than one static multicast route. The Corecess S5 System always uses the
most specific route that matches a multicast source address. Thus, if you want to configure a
multicast static route for a specific multicast source and also configure another multicast static
route for all other sources, you can configure two static routes as shown in the examples below.
To add a multicast static route, use the following command in global configuration mode:
Command Description
y <source>: IP address of the multicast source
ip pim sparse-
y <M>: Mask on the IP address of the multicast source( Bit number that has value
mode mroute
of ‘1’)
<source>/<M>
y <rpf-address>: IP address of PIM neighbor. PIM Joins, Grafts, and Prunes
<rpf-address>
are sent to this address.
Note: ip mroute command does not apply to DVMRP route but applies to the multicast routing protocol
that use unicast routing information.
The following example configures the specified sources within the network number 172.16.0.0
are reachable through 172.30.10.13 and all other sources are reachable through 172.30.10.14:
Configuring PIM
This section describes how to configure the following PIM parameters that apply to PIM-SM
and PIM-DM.
The Hello interval specifies how often the local router sends PIM hello messages on this PIM
interface to neighboring routers in the PIM domain. PIM routers periodically send hello
messages so that PIM neighbors can discover each other. Hello messages are multicast using
address 224.0.0.13 (all PIM routers group) and are sent on all communication links.
The default hello interval is 30 seconds and the default hello hold time is 105 (hello interval
times×3.5). To modifying the hello interval and hold time, use the following commands in
Interface configuration mode:
Command Description
ip pim hello-holdtime y <seconds> PIM Hello hold time. Valid range are 1 ~ 65535
<seconds> seconds.
ip pim hello-interval
y <seconds> PIM Hello interval. Valid range are 1 ~ 65535 seconds.
<seconds>
The following example shows how to configure PIM hello message interval and hold time for
the VLAN interface:
The Join/Prune interval is the interval at which each PIM interface on the router sends periodic
join/prune messages to its upstream neighbor.
The default Join/Prune message interval is 60 seconds. To change this interval, use the
command in Interface configuration mode.
Command Description
ip pim jp-timer
y <seconds>: Join/Prune message interval (1 ~ 65535 seconds)
<seconds>
The following example shows how to set the PIM Join/Prune message interval to 30 seconds for
the VLAN interface:
To prevent the Corecess S5 System from participating in PIM, use the following command in
Interface configuration mode:
Command Description
Note: ip pim neighbor-filter command filters all PIM control messages based on the given
access-list. It can be used to administratively deny a misconfigured PIM neighbor from participating in PIM. This
command does not filter Auto-RP announcements and is only intended to filter neighbor-to-neighbor packets.
The following example denies PIM packets form the source address 10.0.0.1:
Configuring PIM-SM
You can configure the following PIM-SM features:
• Configuring candidate RP
You can configure the Corecess S5 System as a candidate BSR. To configure the Corecess S5
System as a candidate BSR, use the command in Global configuration mode:
Command Description
Note : The first value to be considered for BSR descision is priority and, if they have same values, then IP
addresses are compared.
To remove the VLAN interface as a candidate BSR, use the no ip pim bsr-candidate
command in Global configuration mode.
Configuring Candidate RP
If you configure PIM-SM, you must also choose one or more routers to be RP (Rendezvous
Point). An RP acts as the meeting place for sources and receivers of multicast data.
To elect an RP, a BSR uses candidate RP messages advertised from candidate RPs. The
candidate RP message has the IP address and priority used for selecting an RP. You can
configure the Corecess S5 System as a candidate RP for the PIM domain. The Corecess S5
System configured as a candidate RP then advertises itself as a candidate RP to the BSR.
To configure the Corecess S5 System as a candidate RP, use the following command in Global
configuration mode:
Command Description
The following example configures the VLAN interface as a candidate RP with a priority of 100:
To remove the Corecess S5 System as a candidate RP, use the no ip pim rp-candidate
command in Global configuration mode.
RP for multicast group is required to set up PIM-SM. As explained above, RP can be manually
set by the user and can be set automatically. When selecting RP among the candidate RP no
additional steps are needed for the selection. In automatic option, even if the selected router is
not working properly, the router can automatically be selected. Hence, it is better to have it set
in this way for the selection whenever possible.
In case that RP is not desired to be set automatically, the PR can be set manually. This is called
static RP. Static IP may be convenient in small network but not suitable for large-scaled
network.
To set the RP router manually next line should be input in Global Setup Mode.
Command Description
ip pim rp-address
y <ip-address> IP address to be used for RP
<ip-address>
The following example shows how to set the router interface of which IP address is 30.10.10.1 as
static RP.
You can prevent unauthorized sources from registering with the RP. If an unauthorized source
sends a register message to the RP, the RP will immediately send back a register-stop message.
To configure a candidate RP router to filter PIM register messages, use the following command
in Global configuration mode:
Command Description
The following example shows how to restrict the RP from allowing sources in the specified
access list range of addresses to with the specified access list address range to register with the
RP:
You can take a defensive measure to prevent a misconfigured leaf router from interrupting PIM
service to the remainder of a network. To do so, configure the local router to accept Join/Prune
messages only when the group is in the group range specified by the access list.
To configure this feature, use the following command in Global configuration mode:
Command Description
y Interface for Candidate RP among interfaces
that are set up for <if-name> Corecess
ip pim accept-rp list
S5 system, with enabled PIM-SM, must be used.
<access-list-number>
y <access-list-number>: The standard access-
list number (1 ~ 99, 1300 ~ 1999)
y <ip-address> Specific RP Address
ip pim rp-address
y <access-list-number> Access List
<ip-address>
Number (1 ~ 99,
<access-list-number>
1300 ~ 1999
The following example shows how to configure the router to accept Join/Prune messages only
when the multicast group is 224.2.2.2 about static RP 10.1.1.1:
You should specify the IP source address of register message only when the IP source address
of a register message is not a uniquely routed address to which the RP can send packets. This
situation may occur if the source address is filtered such that packets sent to it will not be
forwarded or if the source address is not unique to the network. In these cases, the replies sent
from the RP to the source address will fail to reach the DR, resulting in PIM-SM protocol
failures.
To configure the IP source address of a register message to an interface address other than the
outgoing interface address of the DR leading toward RP, use the following command in Global
configuration mode:
Command Description
The following example shows how to configure the IP source address of the register message to
the loopback 3 interface of a DR:
The Corecess S5 System can limit the number of register messages that the DR will allow for
each (S, G) entry.
To set a limit on the maximum number of PIM-SM register messages sent per second for each (S,
G) routing entry, use the following command in Global configuration mode:
Command Description
ip pim register-rate y <rate>: Maximum number of register messages sent per second by the
limit <rate> router. Valid range are 1 ~ 65535.
The following example shows how to configure the maximum number of PIM-SM register
messages sent per second to 2:
The RP sends a register-stop message when it receives native multicast packets from the DR and
there are no downstream routers (receivers) to forward these packets to. The source’s DR stops
the outgoing interface from sending further register packets and sets its register suppression
timer. The register suppression timer determines how long the DR waits before sending register
messages back to the RP.
The default register suppression timer is 60 seconds. To set the register suppression timer, use
the following command in Global configuration mode:
Command Description
ip pim register- y <seconds> Register suppression timer. Valid range are 1 ~ 65535
suppression <seconds> seconds.
The following example sets the register suppression timer to 120 seconds:
RP reachability messages are generated by RPs periodically and distributed down the (*, G) tree
established for the group. This allows downstream routers to detect when their current RP has
become unreachable and triggers joining toward an alternate RP.
By default, the Corecess S5 System is set to not generate RP reachability message. To generate
and distribute a periodic RP reachability message, enter the ip pim register-rp-
reachability command in Global configuration mode:
In a typical PIM-SM domain, there may be two or more paths from a DR for a multicast source
to a PIM group receiver. One is path through the RP and the other is Shortest Path (STP).
By default, the Corecess S5 System switches from the RP to the SPT when a source sends at a
rate greater than or equal to 1000bps rate. To configure the Corecess S5 System to send
multicast packets using the RP indefinitely and does not switch over to the SPT, use the ip pim
spt-threshold infinity command in Global configuration mode.
# configure terminal
To configure the Corecess S5 System to send multicast packets using the STP when a source
sends at a rate greater than or equal to 1000bps rate, use the no ip pim spt-threshold
infinity infinity command in Global configuration mode:
If you configure an interface to be the PIM domain border, no PIM Version 2 BSR messages will
be sent or received through the interface. Configure an interface bordering another PIM domain
to avoid BSR messages from being exchanged between the two domains. BSR messages should
not be exchanged between different domains, because routers in one domain may elect RPs in
the other domain, resulting in protocol malfunction or loss of isolation between the domains.
To prevent BSR messages from being sent or received through an interface, enter the ip pim
bsr-border command in Interface configuration mode.
The following example configures the VLAN interface to be the PIM domain border:
Note: ip pim bsr-border command does not set up multicast boundaries. It sets up only a PIM
domain BSR message border.
The DR priority indicates the priority level for a DR on the LAN. The higher the number, the
higher the priority. A PIM-SM router configured with a DR election priority sends to its PIM
neighbors a Hello message that contains its priority level. The PIM-SM router with the highest
priority level is elected the DR for the LAN. Local routers not configured with a DR election
priority level elect a DR based on the highest IP address.
The default DR priority is 1. To specify the DR priority, use the following command in Interface
configuration mode:
Command Description
ip pim dr-priority
y <seconds>: DR priority. Valid range are 0 ~ 4294967294.
<priority>
The following example shows how to set the DR priority for the VLAN interface to 200:
By default, the Corecess S5 System is compatible with the standard PIM-SM specification
defined in RFC 2362. However, you can enable the Corecess S5 System to interoperate with
routers configured with nonstandard PIM implementations that do not comply with RFC 2362.
To enable router compatibility with RFC 2362, use the following commands:
Command Task
ip pim ignore-rp-set- 4. Enable the PIM-SM router to use the hash mask length instead of
priority priority to elect RP.
The following example shows how to enable router compatibility with RFC 2362:
Note: Use the ip pim-sm cisco-rp-prefix-count command only when the Cisco router that
does not support RFC 2362 is elected as the BSR.
Corecess S5 system supports distribution of multicast traffic load via ECMP (Equal-Cost-Multi-
Path) routing path. To use distribution of multicast traffic load PIM-SM must be enabled for the
interface in which ECMP routing path exsits.
Distribution of multicast traffic load is done in the following process. At the router that
performs PIM Join, for (*, G) Join, each group, using different routing path, transmits by
applying hash function of which the keys are used as group address, to ECMO routing path.
For (S, G) Join, similar ways are used and it transmits Join to the traffic sources through
different routing paths
To apply distribution of multicast traffic load, following commands should be used. In this
example, basic PIM-SM setup is assumed.
Command Task
The following is example of setting distribution of multicast traffic load in Corecess S5 system.
Note : In the hash distribution of multicast traffic load, the traffic may be distributed exactly into 1/n over
ECMP paths.
Configuring PIM-DM
This section describes how to configure the PIM-DM state refresh control message interval.
PIM-DM builds source-based multicast distribution trees that operate on a flood and prune
principle. Multicast packets from a source are flooded to all areas of a PIM-DM network. PIM
routers that receive multicast packets and have no directly connected multicast group members
or PIM neighbors send a prune message back up the source-based distribution tree toward the
source of the packets. As a result, subsequent multicast packets are not flooded to prune
branches of the distribution tree. However, the pruned state in PIM-DM times out
approximately every 3 minutes and the entire PIM-DM network is reflooded with multicast
packets and prune messages. This reflooding of unwanted traffic throughout the PIM-DM
network consumes network bandwidth.
The PIM-DM State Refresh feature keeps the pruned state in PIM-DM from timing out, which
saves network bandwidth by greatly reducing the reflooding of unwanted multicast traffic to
pruned branches of the PIM-DM network. This feature also enables PIM-DM routers to
recognize topology changes (sources joining or leaving a multicast group) before the state
refresh timeout period.
If you enable PIM-DM on the Corecess S5 System, the state refresh feature is automatically
enabled. To disable the state refresh feature, use the ip pim state-refresh disable
command.
To configure the origination interval for the state refresh control message, use the following
command:
Command Description
Note: The origination interval for the state refresh control message must be the same for all PIM routers on the
same LAN. Specifically, the same origination interval must be configured on each router interface that is directly
connected to the LAN
The following example shows how to configure the origination interval for the state refresh
control message to 60 seconds.
Configuring DVMRP
This section describes how to configure a metric for DVMRP interface.
The DVMRP router uses the metric when establishing reverse paths to some networks on
directly attached interfaces.
The default DVMRP metric is 1. To modify a DVMRP interface’s metric, use the following
command in Interface configuration mode:
Command Description
ip dvmrp metric
y <ip-address>: The metric for this interface. Valid range are 1 ~ 32.
<metric>
The following example shows how to set a metric of 5 for the VLAN interface:
Configure IGMP
You can use the Corecess S5 System without additional configuration of the IGMP. If necessary,
you may configure the following IGMP features.
To control the multicast groups that hosts on the subnet serviced by a VLAN interface can join,
use the following command in Interface configuration mode:
Command Description
ip igmp access-group
y <seconds> Number of a standard IP access list (1 ~ 99)
<access-list-number>
In the following example, hosts serviced by the VLAN interface can join the group 225.2.2.2
only:
By default, IGMP querier is selected by the automatic IGMP querier selection mechanism.
However, you can configure the specified interface to act as IGMP querier using ip igmp
querier command in interface configuration mode.
To configure IGMP static querier on a VLAN interface, use the ip igmp querier command in
Interface configuration mode.
The following example enables IGMP static querier on the VLAN whose id is ‘1’:
Note: Enabling IGMP static querier may severly affect multicast forwarding. We recommend using automatic
IGMP querier selection mechanism.
To disable IGMP static querier on a VLAN interface, use no ip igmp querier command in
the interface configuration mode.
You can configure statistically the router based on priority using ip igmp non-querier and
ip igmp querier IGMP commands. Any router port can be statically configured as IGMP
querier or non-querier without changing the IP address of the router port.
Multicast routers send IGMP host-query messages to discover which multicast groups are
present on attached networks. These messages are sent to the all-systems group address of
224.0.0.1 with a TTL of 1. The IGMP query interval period defines how often a router will query
an interface for group membership. Possible values are 10 ~ 43200 seconds and the default
value is 125 seconds.
To modify the IGMP query interval, use the following command in Interface configuration
mode:
Command Description
y <seconds>: Frequency, in seconds, at which to send IGMP host-
ip igmp query-interval
query messages (10 ~ 43200, seconds). Default setting is 125
<seconds>
seconds.
The following example changes the frequency at which the designated router sends IGMP host-
query messages to 120 seconds:
To restore the default IGMP query interval, use the no igmp query-interval command in
interface configuration mode.
Note: IGMP intervals come with preset values. The defaults work well in most networks, we recommend that
you use the default interval value.
You can specify the period of time before the Corecess S5 System takes over as the querier for
the interface, after the previous querier has stopped doing so. By default, the router waits twice
the query interval specified by the ip igmp query-interval command. After that time, if
the Corecess S5 System has received no queries, it becomes the querier.
By default, the IGMP query timeout value is set to 255 seconds. To change the IGMP query
timeout, use the following command in Global configuration mode:
Command Description
y <seconds>: Number of seconds that the router waits after the
ip igmp querier-timeout
previous querier has stopped querying and before it takes over as
<seconds>
the querier. Valid range are 30 ~ 1200 seconds.
The following example changes the IGMP query timeout value to 300 seconds:
To reset the IGMP query timeout value, use the no ip igmp query-timeout command.
By default, the maximum query response time advertised in IGMP queries is 10 seconds. If the
router is using IGMP Version 2, you can change this value. The maximum query response time
allows a router to quickly detect that there are no more directly connected group members on a
LAN.
To change the maximum query response time, use the following command in Interface
configuration mode:
Command Description
ip igmp
query-max-response-time y <seconds>: The maximum query response time advertised in
<seconds> IGMP queries. Valid range are 1 ~ 20 seconds.
The following example changes the maximum query response time value to 15 seconds:
To restore the default value, use the no ip igmp query-max-response time command.
Normally a router sends an IGMP group-specific query message upon receipt of an IGMPv2
group leave message. The router will stop forwarding traffic for that group only if no host
replies to the query within the timeout period. The timeout period is determined by the ip
igmp last-member-query-interval command and the IGMP robustness variable, which
is defined by the IGMP specification.
If IGMP immediate leave feature is enabled, the router assumes that only one host has joined
the group and stops forwarding the group's traffic immediately upon receipt of an IGMPv2
group leave message.
By default, IGMP immediate leave feature is disabled. To minimize the leave latency of IGMP
memberships and only one receiver host is connected to each interface, use the following
command in Interface configuration mode:
Command Description
ip igmp immediate-leave
y <access-list-number>: Access list number (1 ~ 99, 1300 ~
group-list
1999)
<access-list-number>
The following example shows how to enable the immediate leave feature on the VLAN
interfaces for the multicast groups 255.2.2.2:
When a router receives an IGMP Version 2 leave group message on an interface, it waits twice
the query interval; after which, if no receiver has responded, the router drops the group
membership on that interface.
By default, the Corecess S5 System sends the Group-Specific Queries message twice every 1000
milliseconds to the group being left.
To configure the count to which the router sends IGMP group-specific host query messages and
the frequency at which the router sends IGMP group-specific host query messages, use the
following commands in Interface configuration mode:
Command Description
ip igmp last-member-query- y <count>: The count to which the router sends IGMP group-
count <count> specific host query messages.
ip igmp last-member-query- y <interval>: The frequency at which the router sends IGMP
interval <interval> group-specific host query messages.
Specifies in tenths of a second how long the system waits after receiving an IGMP leave
message before it sends another query.
The following example shows how to modify the last member query count and interval for the
VLAN interface:
By default, IGMP snooping is globally disabled on the Corecess S5 System. When globally
enabled or disabled, it is also enabled or disabled in all existing VLAN interfaces. IGMP
snooping is by default disabled on all VLANs, but can be enabled and disabled on a per-VLAN
basis. Global IGMP snooping override the VLAN IGMP snooping. If global snooping is
disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or
disable VLAN snooping.
To globally enable IGMP snooping on the Corecess S5 System and enable VLAN IGMP
snooping, use the following command in Global configuration mode:
Command Description
ip igmp snoop
y <vlan-id>: ID of a VLAN to enable IGMP snooping.
[vlan id <vlan-id>]
First, execute ip igmp snoop command to enable igmp snooping so that igmp snooping is
applied on vlan interface. After the excution of ip igmp snoop, enable igmp snooping for each
of vlan interface.
If ip igmp snoop is not executed you cannot enable igmp snooping on vlan interface.
The following is example of eabling igmp snooping on vlan id for 2 person interface.
(config)# ip igmp snoop
(config)# ip igmp snoop vlan id 2
Execute no ip igmp snoop vlan id number to disable igmp snoop on the interface where igmp
snooping is enabled.
If you do not want to use igmp snooping on the equipment regardless of vlan interface, excute
no ip igmp snoop command. Then igmp snooping is disabled for all vlan interfaces.
(config)# no ip igmp snoop
(config)# no ip igmp snoop vlan id 2
If membership query messages are forwarded from the Corecess S5 System to a multicast router,
there is a possibility that the router may not operate normally. According to IGMP rules, if there
are two or more IGMP querier in one LAN, the IGMP querist with the smaller IP address
operates as the IGMP querier. This is because if two or more multicast routers are connected to
one LAN, the two routers both receive multicast traffic from outside the network, and transfer
the traffic to inside the network, resulting in the same data redundantly received and
transferred.
However, if a multicast router receives a membership query message from the Corecess S5
System, which is not a multicast route, but a system that provides IGMP snooping functions,
and recognizes it as a multicast router, it may stop its role as the IGMP querier (if the IP address
of the Corecess S5 System is smaller than the IP address of the multicast router). If this happens,
a problem may occur in which the multicast router stops forwarding multicast traffic from
outside the network into the LAN. Therefore, membership query messages must not be sent
from the Corecess S5 System to the multicast router. In order to do so, the port connected to the
multicast router must be manually set as a router port.
To configure a static router port, use the command in the Global configuration mode:
Command Description
The following example adds the Gigabit Ethernet port 5/1 as a router port:
To remove a multicast router, use the no ip igmp snooping mrouter command in Global
configuration mode.
Note: Multicast routers that support only IGMPv1 cannot process host membership report messages received
from devices that support IGMPv2. In addition, multicast routers which support only IGMPv1 can not understand
Leave messages, which are sent by hosts leaving multicast groups. Since there is no way for IGMP snooping
devices, such as the Corecess S5 System, to automatically recognize ports connected to these IGMPv1 multicast
routers, the user must manually specify them.
When you enable IGMP immediately leave feature, the Corecess S5 System immediately
removes a port when it detects an IGMP version 2 leave messages on that port.
To enable IGMP immediately leave feature on a port interface, use the following command in
Global configuration mode:
Command Description
This example shows how to enable IGMP fast-leave processing on the Gigabit Ethernet port 5/1:
Hosts normally join multicast groups dynamically, but you can also configure a host statically
on an interface.
To add a port as a member of a multicast group, use the following command in Global
configuration mode:
Command Task
This example shows how to add the Gigabit Ethernet port 5/1 as a member of the group
01:00:5e:00:02:03:
To remove the port from the multicast group, use the no ip igmp snooping mgroup
command.
IGMP group membership time defines how long a group will remain active on an interface in
the absence of a group report. You can specify how many seconds an IP Multicast group can
remain on a Corecess S5 System interface in the absence of a group report.
To change IGMP group membership time, use the following command in Global configuration
mode:
Command Description
ip igmp snoop membership y <seconds> The IGMP group membership time in seconds
timeout <seconds> from 1 to 1200 seconds.
By default, each port of the Corecess S5 System can belong to up to 1024 multicast groups. To
configure the maximum number of multicast groups that a port can belong to, use the following
command in Global configuration mode:
Command Description
The following example shows how to specify the number of multicast groups for the Gigabit
Ethernet port 5/1 to 2048:
Command Description
The following example shows how to display the IP multicast routing table written down to the
device for all groups.
# show ip mroute
To see information other than the information on the multicast routing table that was
maintained by multicast routing protocol device, and to see the information on multicast
routing table of Corecess S5, execute show ip mroute <protocol> command in the privilege
mode.
Command Description
The following example shows how to display the IP multicast routing table which is maintained
by the multicast protocols for all groups.
The following table describes the fields in the show ip mroute <protocol>command output:
Field Description
Information about the entry:
- D Entry is operating in PIM-DM
- S Entry is operating in PIM-SM
- V Entry is operating in DVMRP
- C A member of the multicast group is present on the directly connected
interface
- L The router itself is a member of the multicast group
Flags: - P Route has been pruned
- G Route has been graft
- R Indicates that the (S,G) entry is pointing towards the RP.
- T Indicates that packets have been received on the shortest path source tree.
- F Indicates that the software is Registering for a multicast source
- J For (*, G) entries, indicates that the rate of traffic flowing down the shared
tree is exceeding the SPT-Threshold set for the group. For (S, G) entries,
indicates that the entry was created because the SPT-Threshold for the group
was exceeded.
How long in hours, minutes, and seconds the entry has been in the IP multicast
Timers::
routing table / How long in hours, minutes, and seconds until the entry will be
Uptime/Expires
removed from the IP multicast routing table on the outgoing interface
IP multicast routing table. The entry consists of the IP address of the source
(10.0.0.1, 224.1.1.1)
router followed by IP address of the multicast group.
Expected interface for a multicast packet from the source. If the packet is not
Incoming interface:
received on this interface, it is discarded.
y PIM-SM RP information
To display basic configuration information for PIM, use the show ip pim configuration
command in Privileged mode.
The following example shows how to display basic configuration information for PIM on the
Corecess S5 System:
The following table describes the fields in the show ip pim configuration command output:
Field Description
PIM Daemon Start Time How many seconds have passed since the router is started
PIM Daemon Up Time How many seconds have passed since the PIM is enabled
The interval at which each PIM interface on the router sends periodic
PIM Default Hello Interval
hello messages to its PIM neighbor
How many seconds the local router will wait for a hello message from
PIM Default Hello Holdtime a neighbor before determining that the neighbor is no longer present
and removing cached PIM forwarding entries for the neighbor.
The interval at which the local router sends PIM-SM Join/Prune
PIM Join/Prune Interval
messages for the multicast groups it is forwarding.
The amount of time a receiver must keep the Join/Prune state alive, in
PIM Join/Prune Holdtime
seconds.
The interval at which the BSR sends the RP set to the RPs within the
PIM-SM Bootstrap Interval
PIM-SM domain.
To display information about interfaces configured for PIM, use the show ip pim
interface [detail] command in Privileged mode.
The following is sample output from the show ip pim interface command:
The following table describes the fields in the show ip pim interface command output:
Field Description
The following is sample output from the show ip pim interface detail command:
The following table describes the fields in the show ip pim interface detail command
output:
Field Description
DR IP address of the DR
Hello period Interval for the origination of the PIM hello messages
Indicates how many seconds will pass before the local router sends its next
Next Hello
hello message.
To display information about neighbor configured for PIM, use the show ip pim neighbor
[detail] command in Privileged mode.
The following is sample output from the show ip pim neighbor command:
The following table describes the fields in the show ip pim neighbor command output:
Field Description
Neighbor Address Address of Neighbor
Interface Interface connected to Neighbor
Uptime Time that discovers Neighbor
Expires Time that lease connection when the Neighbor does not response
Version PIM version of Neighbor
DR Priority DR priority of Neighbor
Mode PIM mode of Neighbor
To display the PIM-SM bootstrap router (BSR) information, use the show ip pim bsr-
router command in Privileged mode.
The following table describes the fields in the show ip pim bsr-router command output:
Field Description
Uptime Length of time that this router has been up (in hours, minutes, and seconds
Next Time (in hours, minutes, and seconds) in which the next candidate RP
Cand_RP_advertisement advertisement will be sent
To display all group-to-RP mappings of which the router is aware, use the show ip pim rp
mapping command in Privileged mode.
The following is sample output from the show ip pim rp mapping command:
# show ip pim rp mapping
PIM Group-to-RP Mappings
This system is the Bootstrap Router (v2)
Group(s): 224.0.0.0/4
RP: 2.2.2.2
Info source: 2.2.2.2, via bootstrap, priority 192
Uptime: 00:02:23, expires: 00:02:10
Dynamic mapping : 1
Static mapping : 0
Total mapping : 1
#
The following table describes the fields in the show ip pim rp mapping command output:
Field Description
Length of time the RP has been up (in days and hours). If less than 1 day, time is
Uptime
shown in hours, minutes, and seconds.
To display which rendezvous point (RP) is being selected for a specified group, use the show
ip pim rp-hash <group-address> command in Privileged mode.
The following is sample output from the show ip pim rp-hash command with the group
address 224.0.0.0 specified.
To display DVMRP information for the Corecess S5 System, use the show ip pim
configuration command in Privileged mode.
The following is sample output from the show ip pim configuration command:
The following table describes the fields in the show ip dvmrp configuration
command output:
Filed Description
DVMRP Daemon Start Time How many seconds have passed since the router is started
DVMRP Daemon Up Time How many seconds have passed since the PIM is enabled
DVMRP Default Metric The metric (or cost) of all DVMRP interfaces on the router.
(Continued)
Filed Description
DVMRP Probe Interval The interval between the transmissions of probe messages.
DVMRP Neighbor Timeout If no message is received from a DVMRP neighbor during this time
Interval period, the neighbor is considered “down.”
DVMRP Route Expiration Time A route expires if it has not been refreshed within this time period.
DVMRP Route Discard Time The period of time before a route is deleted on a DVMRP router.
To display the status of a VLAN interface running DVMRP, use the show ip dvmrp
interface command in Privileged mode.
The following table describes the fields in the show ip dvmrp interface command output:
Filed Description
To display information about DVMRP neighbors, use the show ip dvmrp neighbor
command in Privileged mode.
The following table describes the fields in the show ip dvmrp neighbor command output:
Filed Description
IP address of the DVMRP neighbor from which the interface has received Probe
Neighbor Address
messages.
To display information about DVMRP routes, use the show ip dvmrp route command in
Privileged mode.
The following table describes the fields in the show ip dvmrp route command output:
Filed Description
The amount of time the route has been saved in the DVMRP routing table /
Uptime/Expires
The amount of time before the route is removed from the DVMRP routing table
To display the prunes that were received, use the show ip dvmrp prune command in
Privileged mode.
The following table describes the fields in the show ip dvmrp prune command output:
Field Description
Prune Snd Interface The interface that the local router sends the Prune message.
Prune Rcv If Counts The number of interface that receives Prune messages
Prune Exptime The amount of time before the prune message expires
To display IGMP information for interfaces configured on the Corecess S5 System, enter the
show ip igmp interface command in Privileged mode.
The following is sample output from the show ip igmp interface command:
The following table describes the fields in the show ip igmp configuration command output:
Field Description
IGMP querier timeout The timeout time before the system takes over as the querier for the interface.
IGMP max query The maximum amount of time within which a host must send a membership
response time report after it receives a query.
To display the multicast groups that are directly connected to the Corecess S5 System and that
were learned via IGMP snooping, use the show ip igmp snooping command in Privileged
mode.
Command Description
y <address>: Address of the multicast group for which to display
show ip igmp group host memberships.
[<address> | <if-name>] y <if-name>: Name of the interface for which to display host
memberships.
The following example displays the multicast groups that are directly connected to the Corecess
S5 System:
The following example shows how to display the information about the multicast group
224.3.3.2 by using the show ip igmp group <address> command:
The following example shows how to display the information about the multicast groups on the
default VLAN interface by using the show ip igmp group <if-name> command:
The following table describes the fields in the show ip igmp group command output:
Field Description
Uptime The amount of time that the interface has been a member of the group.
Expires The amount of time left before membership to the group expires.
Last Reporter The interface on which a membership report for the group was last received.
To display IGMP snooping, use the show ip igmp snoop command in Privileged mode.
Command Description
The following example displays the IGMP snooping information on the Corecess S5 System.
The following example displays the IGMP snooping of the default VLAN using the show ip
igmp snoop vlan command.
The following example displays the multicast groups that were learned via IGMP snooping:
The following table describes the fields in the show ip igmp snooping command output:
Filed Description
group ip IP Address of the multicast group. In case of a static multicast group, 0.0.0.0 is displayed.
How long in seconds until the entry is removed from the IGMP groups table. In case of a
timeout left
static multicast group, 0 is displayed.
The following example shows how to display information on multicast router interfaces on the
Corecess S5 System:
The following table describes the fields in the show ip igmp snoop mrouter command
output:
Filed Description
port Slot number and port number of the multicast router port
vlan ID of the VLAN that the multicast router port belongs to.
router ip IP address of multicast router that the multicast port is connected to.
Total Number The number of multicast router ports that are registered to the system.
To display the list of the VLANs and ports which IGMP immediately leave feature is enabled on,
use the show ip igmp snoop fast-leave command in Privileged mode. If you enable
IGMP immediately leave feature, the system immediately removes a port when it detects an
IGMP version 2 leave messages on that VLAN or port.
The following is the sample output from show ip igmp snoop fast-leave command:
To display IGMP group membership time which defines how long a group will remain active
on an interface in the absence of a group report, use the show ip igmp snooping
membership timeout command in Privileged mode.
Command Description
ip igmp immediate- Minimizes the leave latency of IGMP memberships and only one receiver
leave host is connected to each interface
ip igmp last-member- Configures the count to which the router sends IGMP group-specific host
query-count query messages.
ip igmp last-member- Configures the frequency at which the software sends IGMP group
query-interval specific host query messages.
ip igmp querier- Configures the timeout time before the router takes over as the querier for
timeout the interface.
ip igmp query- Configures the frequency at which the software sends IGMP host query
interval messages.
ip igmp query-max-
Configures the maximum response time advertised in IGMP queries.
response-time
ip igmp static-non- Configures an interface as IGMP non-querier which will not send IGMP
querier query messages and thus will not be able to manage the IGMP hosts.
ip igmp static- Configures an interface as IGMP querier which will send IGMP query
querier messages and thus will be able to manage the IGMP hosts.
ip igmp snoop group- Configure the maximum number of multicast groups that a port can
number-limit belong to.
ip igmp snoop Specifies IGMP group membership time which defines how long a group
membership timeout will remain active on an interface in the absence of a group report.
Command Description
ip pim cisco- Enables the PIM-SM router to computes checksum on the PIM header
register-checksum and data portion of the register packet.
ip pim crp-cisco- Enables the PIM-SM router to send non-zero prefix count in RP
prefix advertisement messages.
ip pim neighbor-
Prevent a router from participating in PIM.
filter
ip pim ignore-rp-set- Enable the PIM-SM router to use the hash mask length instead of
priority priority to elect RP.
ip pim register-rate Sets a limit on the maximum number of PIM-SM register messages sent
limit per second for each (S, G) routing entry.
ip pim register-rp-
To generate and distribute a periodic RP reachability message.
reachability
ip pim register-
Specifies the IP source address of PIM-SM Register message.
source
ip pim register-
Configures PIM-SM Register suppression timers.
suppression
(Continued)
Command Description
ip pim rp-register-
Set keepalive timer value to monitor PIM register message.
kat
ip pim spt-threshold
Causes all sources for the specified group to use the shared-tree.
infinity
ip pim state-refresh
Disables PIM-DM the state refresh feature.
disable
ip pim state-refresh
Configures the origination interval for the state refresh control message.
origination-interval
show ip dvmrp
Displays DVMRP global parameters.
configuration
show ip dvmrp
Displays DVMRP interface information.
interface
show ip dvmrp
Displays DVMRP-neighbor information on a per-interface basis.
neighbor
Displays IGMP host members for a particular multicast group or for all
show ip igmp group
multicast groups
show ip igmp
Displays IGMP related information about an interface.
interface
Displays the multicast groups with receivers that are directly connected
show ip igmp snoop
to the router, and that were learned through IGMP snooping.
show ip igmp snoop display the list of the VLANs and ports which IGMP immediately leave
fast-leave feature is enabled on
show ip igmp snoop Displays information on dynamically learned and manually configured
mrouter multicast router interfaces
show ip pim
Display the PIM-SM bootstrap router (BSR) information
bsr-router
show ip pim
Displays basic configuration information for PIM
configuration
show ip pim interface Displays information about interfaces configured for PIM
Command Description
show ip pim rp
Displays all group-to-RP mappings of which the router is aware
mapping
show ip pim rp-hash Displays which RP is being selected for a specified group
This chapter describes how to configure the following routing protocols supported by the Corecess S5
System:
y Standard Route
The standard route consists of a network address of a destination, a network mask and an IP
address of next hop gateway. The standard route transmits packets that destination is a
particular network or host to the specified next hop router.
y Loopback route
The loopback route consists of a network address of a destination, a network mask and an
index number of a loopback interface. The loopback route transmits packets that destination
is a particular network or host to the specified loopback interface. The loopback route is used
for testing of the loopback path.
y Null Route
The null route consists of a network address of a destination, a network mask and an index
number of the null interface. If the null route can not use the standard route, the null route is
used as a backup route for discarding traffic.
Command Task
The following example shows how to add the static route. The destination address is 192.0.0.0/8,
and the IP address of the next hop router is 195.1.1.1:
Command Task
Note: When you configure the VLAN interface route, the VLAN interface that is used as the next hop should be
enabled. If the VLAN interface is not enabled, the message of ‘% Malformed gateway or
interface not found.’ is displayed on the console terminal. To enable the VLAN interface, use
interface vlan id <vlan-id> command in Global configuration mode.
The following example shows how to configure the static route that uses the VLAN as the next
hop:
Command Task
Note: When you configure the loopback route, the loopback interface should be enabled. If the loopback
interface is not enabled, the message of ‘% Malformed gateway or interface not
found.’ is displayed on the console terminal. To enable the loopback interface, use interface
loopback id <index> command in Global configuration mode.
The following example shows how to configure the static route that transmits the packet to the
loopback interface.
Command Task
Note: When you configure the null route, the null interface should be enabled. If the null interface is not
enabled, the message of ‘% Malformed gateway or interface not found.’ is displayed
on the console terminal. To enable the null interface, use interface null id <index> command in
Global configuration mode.
The following example shows how to configure the static route that discards packets.
Command Task
Configuring BGP
BGP Introduction
The BGP (Border Gateway Protocol) is an external gateway protocol to exchange routing
information among IP routers that are in the different AS (Autonomous System). The BGP is
defined in RFC 1105, and the current version is BGP4 which is defined in RFC 1771. The BGP is
generally used for ISP (Internet Service Provider). The BGP is used not only in huge commerce
networks but also in multi home networks.
An AS is a set of network under the same routing policy and management policy, and an
enterprise intranet that consists of several networks with the same policy is an example of AS.
Routers in the same AS can use internal gateway protocols, such as RIP or OSPF, to exchange
routing information. But if the routers exchange information with routers that are in the
different AS, the routers should use external gateway protocols such as BGP4.
The following picture shows the example of BGP-4 AS. Each AS has three BGP-4 routers. BGP-4
routers of the same AS exchange information using IBGP, and BGP-4 routers of the different AS
exchange information using EBGP. Each router also uses internal gateway protocols. Routers of
AS 1 are OSPF routers, and routers of AS 2 are RIP routers. You can configure the Corecess S5
System to redistribute routes among BGP4, RIP and OSPF, and also to redistribute static routes.
AS1 AS2
OSPF RIP
EBGP
IBGP IBGP
OSPF OSPF RIP RIP
The BGP4 route table of the Corecess S5 System can have several routes for the same
destination, and these routes are received from other BGP4 neighbors. The BGP4 neighbor is a
router that is executing BGP4 routing. The BGP neighbor uses TCP port 179 to transmit
information. If the Corecess S5 System is configured to the BGP router, the network
administrator should define BGP4 neighbors first.
Even the BGP4 routing table of routers can have several routes, but the BGP4 protocol evaluates
each route and chooses an optimal route to transmit the IP route table. If a problem occurs in
the route, the BGP4 protocol updates route information of the IP route table.
y Network number (Prefix): This value consists of the network mask bit and the IP address and
is displayed as the form of ‘address/mask’. For example, ‘192.215.129.0/18’ means that the
network mask of eighteen bit is applied to the IP address of ‘192.215.129.0’. When the BGP4
router transmits routes to neighbor routers, the routes are expressed with the form.
y AS Path: The AS path of a list of AS that routes are passed. The BGP4 router can use the AS
path to detect or remove the routing loop. For example, if the route that is received from the
BGP4 router includes the AS number of the current router, the router detects the loop and
does not add the route to its BGP4 table.
y Path Attribute: The path attribute is the list of parameters that displays the attribute of route
(ORIGIN, AS-PATH, NEXT-HOP, MED, local- pref. and, aggregator, etc.).
When the Corecess S5 System connects a BGP session with neighbor routers (BGP peer)
successfully, the Corecess S5 System exchanges the BGP routing table to the neighbor. After this
initial exchange of information, the Corecess S5 System only exchanges the UPDATE message
to inform new routes, changed routes and unavailable routes.
The BGP router transmits the KEEPALIVE message periodically to maintain the BGP session
with neighbor routers.
BGP selects only one path as the best path. When the path is selected, BGP puts the selected
path in its routing table and propagates the path to its neighbors. BGP uses the following
criteria, in the order presented, to select a path for a destination:
1. If the path specifies a next hop that is inaccessible, drop the update.
3. If the weights are the same, prefer the path with the largest local preference.
4. If the local preferences are the same, prefer the path that was originated by BGP running on
this router.
5. If no route was originated, prefer the route that has the shortest AS-path.
6. If all paths have the same AS-path length, prefer the path with the lowest origin type (where
IGP is lower than EGP, and EGP is lower than Incomplete).
7. If the origin codes are the same, prefer the path with the lowest MED attribute.
8. If the paths have the same MED, prefer the external path over the internal path.
9. If the paths are still the same, prefer the path through the closest IGP neighbor.
Generally, the important element is the length of AS_path because the elements about the BGP
path such as weight or the local preference are same.
Enabling BGP
To enable the BGP protocol on the Corecess S5 System, execute the following tasks :
1. Enabling BGP Protocol
2. Specifying Local AS Number
3. Specifying BGP Network
To enable the BGP protocol and specify the BGP network, use the following commands.
Command Task
The following example enables BGP process for autonomous system 100 and sets up network
200.10.10.0 to be included in the BGP updates:
# configure terminal
To remove a routing process, use the no router bgp command in Global configuration mode.
The BGP and OSPF routing protocol should use a router ID to identify each router on the
network. Therefore, the router ID should be unique. By default, the Corecess S5 System uses the
IP address of the loopback interface that has the lowest index number for the router ID. If the
loopback interface is not defined in the Corecess S5 System, the lowest number of the interface
IP address that is defined in the Corecess S5 System is used for the router ID.
The Corecess S5 System uses the same router ID as the one of BGP and OSPF. Therefore, if
OSPF is already configured in the Corecess S5 System, the router ID of OSPF is used. If OSPF is
not configured in the system, the default router ID or the static router ID can be assigned.
To specify the router ID in the Corecess S5 System, use the following commands.
Command Task
The following example shows how to specify the static router ID.
# configure terminal
(config)# router bgp 100
(config-router)# bgp router-id 1.1.1.1
(config-router)#
If you change the router ID of the BGP network that is already operating, the new ID is applied
after system rebooting or BGP process restarting. To restart BGP process manually, use the
clear ip bgp command.
Two BGP routers become neighbors once they establish a TCP connection between each other.
You should specify the IP address and AS number of the neighbor because the BGP protocol
does not search neighbors automatically to exchange routing information.
To specify a BGP neighbor, use the following command in BGP configuration mode:
Command Description
The following example adds BGP neighbors to exchange BGP routing information in each
router (RTA, RTB, RTC, and RTD):
AS100 AS300
IBGP
AS200
RTA
(config)# router bgp 100
(config-router)# neighbor 170.16.1.2 remote-as 200
RTB
(config)# router bgp 200
(config-router)# neighbor 170.16.1.1 remote-as 100
(config-router)# neighbor 120.10.1.2 remote-as 200
RTC
(config)# router bgp 200
(config-router)# neighbor 190.10.1.2 remote-as 300
(config-router)# neighbor 120.10.1.1 remote-as 200
RTD
(config)# router bgp 300
(config-router)# neighbor 190.10.1.1 remote-as 200
There may be a lot of neighbors that should consist of the same update policy such as route
map, distribute list, filter list and update source. The neighbor can group together for the simple
configuration and efficiency, and the group is called ‘peer group.
With the BGP peer group, you can set the same parameters of BGP neighbors once. Also, you
can save flash memory because the fewer configuration commands are saved into the backup
configuration file.
All parameters of BGP neighbor can be set in the peer group. When a neighbor is added in the
peer group, the neighbor has the same parameter attribute that is set in the peer group. If a
parameter value is not set in the peer group, or each neighbor is not set a parameter, the
neighbor uses the default parameter value.
y You should configure the peer group before a neighbor is added in the peer group.
y When the parameter values that are applied to the peer group are removed, if the parameter values
are not set to each neighbor, the default values are set to the neighbor. In this case, the values that
are set to each router are applied to the router, and the default values are applied to other routers.
y When you add a neighbor to the peer group, you can not configure the following parameters in the
neighbor.
- Default-information-originate
- Next-hop-self
- route map (Outbound)
- filter list (Outbound)
- distribute list (Outbound)
- prefix list (Outbound)
- Remote AS
- Route reflector client
- Send community, Timers
- Update source
y If you change the outbound parameter of each neighbor, remove neighbors from the peer group. In
this case, you can not add the neighbors to the same peer group again and can add the neighbors to
the different peer group. Neighbors in the peer group should have the same value of outbound
parameters. If you change the outbound parameter values of all neighbors to the same values in the
peer group, change the parameters of the peer group. In this case, you do not need to remove
neighbors and change each parameter.
y If you set the outbound parameter for the peer group, the parameter is applied to all neighbors in
peer group automatically.
y When you add a neighbor to the peer group, the system software removes all outbound parameters
of the neighbor from the current configuration. Thus, if you save the current system configuration to
the backup configuration file, the backup configuration file does not include outbound parameters
for each neighbor in the peer group. The only outbound parameters that are included in the backup
configuration file are related to the peer group. But the current configuration file and the backup
configuration file can have not only each of outbound parameter but also the parameter of
neighbors in the peer group.
The following example shows how to define the EBGP peer group named ‘external’. Each
member of the peer group is in the different AS (AS 200, 300, 400).
(config-router)#
After the configuration of the BGP neighbor or the BGP peer group, you can set the following
BGP neighbor parameters.
Parameter Description
capability route-
Set the router to request route refresh dynamically with BGP neighbor.
refresh
Specify the maximum number of prefix that can be received from the BGP
maximum-prefix
neighbor.
Change the next hop of the route to its IP address when the route is transmitted to
next-hop-self
the specified BGP neighbor.
Set a TCP port that is used when connection between the BGP neighbor and the
port
BGP session.
Filter route that is transmitted or received to the BGP neighbor using the route
route-map map or change the attribute of the route (weight, community, local preference,
metric, next hop, etc.)
route-reflector- Set a local router to the BGP route reflector of the specified neighbor. The route
client reflector transmits the route that is learned from other router to other routers.
Transmit the community attribute together when the route is transmitted to the
send-community
specified BGP router.
shutdown Remove all sessions and routing information for the BGP neighbor.
Allow to specify the BGP neighbor using the loopback interface instead of
update-source
physical interface from the other BGP router.
version Specify the BGP version for the communication to the BGP neighbor.
weight Specify the value of weight to the received route that is from the BGP neighbor.
The following section explains how to configure the BGP neighbor parameters.
Command Task
neighbor {<ip-address> |
y <ip-address> IP address of the BGP neighbor
<peer-group-name>}
capability route-refresh y <peer-group-name> Name of the BGP peer group
When the routing policy of a particular node is changed, the node requests the latest route
information to BGP neighbor. If you use this command, you can set the local router to renew the
route information dynamically with the specified BGP neighbor.
The BGP router, which supports the route refresh, requests the route refresh with the OPEN
message. The BGP router only transmits the route refresh information to the BGP neighbor that
requested the route information. If a BGP router does not support the route refresh, the request
is ignored, but a BGP router that supports the route refresh transmits its RIB (Routing
Information Base) to response the request.
The following example shows how to set the routers to request the route refresh.
Command Task
The following example shows how to set the BGP router to transmit the default route entry .
Command Task
y <ip-address> IP address of the BGP neighbor
neighbor {<ip-address> |
y <peer-group-name> Name of the BGP peer group
<peer-group-name>}
y <string> Explanation for the BGP neighbor (Maximum 80
description <string>
character)
The following example shows how to add an explanation to the BGP neighbor.
You can not apply filtering lists of the access list and IP prefix to the same BGP neighbor.
Command Task
y <ip-address> IP address of the BGP neighbor
y <access-list-number> Number of an access list to apply (500 ~
neighbor <ip-address>
999)
distribute-list
y in Apply the access list when receiving the routing information
<access-list-number>
from the specified BGP neighbor.
{in | out}
y out Apply the access list when transmitting the routing information
from the specified BGP neighbor.
The following example shows how to set filtering with access list. When the BGP router in AS
100 receives routing information from the BGP neighbor that IP address is 163.130.0.1, the
information is filtered depending on the condition of the access list (500).
The following example shows how to set filtering with access list. When the BGP router in AS
100 transmits routing information from the BGP neighbor that IP address is 163.130.0.1, the
information is filtered depending on the condition of the access list (500).
Command Task
You can filter a particular route or the attribute of the route with the route map.
AS 100 AS 200
RTA RTB
170.10.1.1 170.10.1.2
180.10.1.2
180.10.1.1
RTC
AS 300
On the network configuration as above, RTA receives information for the local network of AS
200 and the network of AS 300 through RTB. If you want RTA to receive information only for
the local network of AS 200 and want to set the weight value of the received route to 20, use the
neighbor route-map command.
First, define the route map (map1) and the AS-path access list (path1) as follows:
Command Task
The following example shows how to filter the route using the AS-path access list.
Command Task
You can configure the maximum number of 1000 IP prefix list filters in the Corecess S5 System.
To configure the IP prefix list, use the ip prefix-list command in Global configuration
mode.
The following example applies the prefix list named prefix ii to incoming advertisements to
neighbor 120.10.1.1:
Specifying Multihop
If you specify an external node to the BGP neighbor for the EBGP connection, use neighbor
ebgp-multihop command in BGP configuration mode.
Command Task
When executing the neighbor ebgp-multihop command, you can specify the number of hop (1 ~
255) between the specified neighbor and external nodes that allow the EBGP connection. The
number of hop is called TTL. If you set TTL to 1, you can not specify the node that over two
routers is in the connection to the EBGP neighbor.
The following example shows that two interface set the TCP connection for the BGP routing.
AS 100 AS 300
RTA RTB
172.16.1.2 172.16.1.3
180.25.1.1
RTA
(config)# router bgp 100
(config-router)# neighbor 180.225.1.1 remote-as 300
(config-router)# neighbor 180.225.1.1 ebgp-multihop
(config-router)#
RTB
(config)# router bgp 300
(config-router)# neighbor 172.16.1.2 remote-as 100
(config-router)#
Command Task
The following example shows how to set the maximum number of prefix.
Command Task
neighbor {<ip-address> |
y <ip-address> IP address of the BGP neighbor
<peer-group-name}
next-hop-self y <peer-group-name> Name of the BGP peer group
For an example of the network as follows, network information of 60.1.1.0 is transmitted to RTB
and RTC through RTA. At this time, the next hop of 60.1.1.0 is specified to 50.1.1.1. After RTB
receives network information of 60.1.1.0 from RTA, RTB transmits network information to RTC
with next hop information.
AS 100 RTA
AS 200
RTB
60.1.1.0/24
6 4
(nextt-hop: 50.1
1.1.1)
60.1.1.0/24 10.1.1.1
60.1.1.0/24
(ne
ext-hop: 50.1.1.1) IBGP
10.1.1.2
RTC
AS 300
When the network of 20.1.1.0 transmits a packet to the network of 60.1.1.0, RTC try to connect to
50.1.1.1, which is the next hop of 60.1.1.0. Since RTC can not be connected to the network of
50.1.1.1, the packet is dropped. To prevent above situation, use the neighbor next-hop-
self command. If the neighbor 10.1.1.2 next-hop-self command is executed in RTB,
when network information of 60.1.1.0 is transmitted from RTB to RTC, RTB changes the next
hop to 10.1.1.1, which is its own IP address. Then, when the packet is transmitted from RTC to
the network of 60.1.1.0, RTC is connected to 10.1.1.1, and the packet can be transmitted to the
network of 60.1.1.0.
When the neighbor next-hop-self command is executed, if the BGP peer group is set as a
parameter, the command is applied to all members of the BGP peer group. However, the value
by IP address of the BGP neighbor is prior than the value by the BGP peer group.
The following example shows how to change the next hop to its own IP address.
Command Task
In normal cases, all Interior Border Gateway Protocol (IBGP) speakers in an autonomous system
must be fully meshed. By utilizing the route reflector concept, not all IBGP speakers need be
fully meshed. In the route reflector model, an internal BGP peer is configured to be a route
reflector responsible for passing IBGP learned routes to IBGP neighbors. This scheme eliminates
the need for each router to talk to every other router.
To configure the local router as the route reflector and the specified neighbor as one of its clients,
use the following command in BGP configuration mode:
Command Task
In the following example, the local router that belongs to autonomous system 100 is a route
reflector. It passes learned IBGP routes to the neighbor at 192.20.16.1:
Command Task
y <ip-address> IP address of the BGP neighbor
neighbor {<ip-address> | y <peer-group-name> Name of the BGP peer group
<peer-group-name} y both Transmit the extend community and standard community
send-community [both | of the BGP route
extended | standard] y extended Transmit the extend community of the BGP route
y standard Transmit the standard community of the BGP route.
The following example shows how to use the neighbor send-community command:
To shut down the neighbor, use the neighbor shut down command in BGP configuration mode.
Command Task
neighbor {<ip-address> |
y <ip-address> IP address of the BGP neighbor
<peer-group-name}
shutdown y <peer-group-name> Name of the BGP peer group
After the configuration of the BGP neighbor parameters, use the no neighbor shutdown
command to connect the session with the neighbor again.
The following example shows how to shut down the connected session or routing information.
The soft reconfiguration stores all BGP tables from the BGP neighbor into the memory. When
applying new policy, the soft reconfiguration uses tables which are in the memory instead the
session reset or receiving tables from the BGP neighbor.
If the soft reconfiguration is set in the Corecess S5 System, and the BGP neighbor supports the
dynamic refresh, the Corecess S5 System transmits the refresh message to neighbors. But, if the
BGP neighbor does not support the dynamic refresh, the Corecess S5 System resets the session
of neighbors.
This is a process to confirm that the Corecess S5 System has complete tables, and this process
occurs once when you set the soft reconfiguration feature to operate.
Command Task
neighbor {<ip-address> |
<peer-group-name} y <ip-address> IP address of the BGP neighbor
soft-reconfiguration y <peer-group-name> Name of the BGP peer group
inbound
The following example shows how to set the soft reconfiguration feature to operate.
To apply new policy, use the clear ip bgp command in Privileged mode. Then, the Corecess S5
System updates tables dynamically comparing to the stored table and route policy.
Setting Timer
There are three timer of the BGP neighbor as follows:
Waiting time that the Corecess S5 System tries to reconnect with the BGP 60
connect
neighbor after disconnection of BGP neighbor (0 ~ 65535 seconds) seconds
To set the timers of the BGP neighbor, use the following commands in BGP configuration mode.
Command Task
y <ip-address> IP address of the BGP neighbor
neighbor {<ip-address> |
y <peer-group-name> Name of the BGP peer group
<peer-group-name>}
y <keepalive-timer> Value of the keepalive timer (0 ~ 65535
timer <keepalive-timer>
seconds)
<hold-timer>
y <hold-timer> Value of the Hold timer (0 ~ 65535 seconds)
neighbor <ip-address> y <ip-address> IP address of the BGP neighbor
timers connect <connet- y <connet-timer> Value of the Connect timer (0 ~ 65535
timer> seconds)
The following example shows how to set timers of the BGP neighbor.
(config)# router bgp 100
(config-router)# neighbor 190.10.1.14 timers 50 150
(config-router)# neighbor 190.10.1.14 timers connect 100
Command Task
The loopback interface is an interface that IP address is assigned, and is not related to a physical
port. Since the physical port is not assigned, the loopback interface can not transmit and receive
a packet.
If the loopback is used when a neighbor is specified using the neighbor remote-as
command, the neighbor should allow to use its loopback interface using the neighbor
update-source command.
The following example shows how to set a neighbor using the loopback interface.
AS 100
RTA RTB
172.16.1.2
loopback: 192.10.1.1
(vlan-1)
RTA
(config)# router bgp 100
(config-router)# neighbor 192.10.1.1 remote-as 100
RTB
(config)# router bgp 100
(config-router)# neighbor 172.16.1.2 remote-as 100
(config-router)# neighbor 172.16.1.2 update-source vlan id 1
Command Task
The weight is an attribute that is set to the route that is registered in a local router, and is not
transferred to other routers. If the router learns several routes for the same destination, the
route that has higher weight value is chosen.
The default weight that is learnt from other BGP neighbors is ‘0’, and the default weight that is
learnt from local routers is ‘32768’.
The following example shows how to configure routes to set weight.
Command Task
y <ip-address> IP address of the BGP neighbor
y <peer-group-name> Name of the BGP peer group
neighbor {<ip-address> |
y <version> BGP version (4, 4-)
<peer-group-name>}
- 4 : BGP version 4
version <version>
- 4- : Multi protocol extension version of BGP version 4
(previous version)
The following example shows how to set the BGP protocol to BGP version 4.
BGP considers values of parameters such as MED (Multi Exit Discriminator), the length of AS-
path or router ID, and chooses the best path. Users can set how to use values of parameters
when the selection of path.
To allow the comparison of the MED for paths from neighbors in different AS, use the bgp
always-compare-med command in BGP configuration mode.
The following example shows how to set the BGP router to compare paths from the different AS
when selecting the path.
The following example shows that the BGP router regards missing MED as assigning the
infinity value so that the BGP router does not choose the path.
By default, the Corecess S5 System considers the as-path length when selecting a route.
The following example shows how to configure the route to ignore as-path length in selecting a
route.
The following example shows how to compare similar routes and chose the best path that has
the lowest ID.
Parameter Description
When routes are redistributed to other routing protocols, you can set route
redistribution metric
metric values to be changed.
bgp client-to-client
Set BGP neighbors not to be operated as route reflectors.
reflection
Cluster-id Configure the cluster ID if the BGP cluster has more than one route reflector.
default ipv4-unicast Enable the IP version 4 unicast address family on all neighbors
Default local-preference Change default local preference value when selecting exit point.
Scan time Configure scanning interval of BGP routers for next hop validation
Setting Distance
Distance is a value to compare routes of different routing protocols for the same destination.
The lower value is preferred . To change the distance value for topology or retribution, use the
distance command in BGP configuration mode.
Command Task
Command Task
The following example shows how to change metric of RIP route that is satisfied to the
condition of route map (rip-map) to 200.
The following example shows how to set the route reflector not to operate.
Setting Cluster ID
To configure the cluster ID if the BGP cluster has more than one route reflector, use the bgp
cluster-id command.
The following example shows how to enable IP version 4 unicast address family on all neighbor.
To change the default local preference value, use the bgp default local-preference
command in BGP configuration mode.
Command Task
bgp default local- y <value> Value of default local preference (0 ~ 4294967295). The higher
preference <value> value is more preferred.
Setting enforce-first-as
To configure a router to deny an update received from an external BGP router that does not list
its AS number at the beginning of the AS_SEQUENCE in the incoming update, use the bgp
enforce-first-as command in BGP configuration mode.
The following example shows how to configure a router to receive update message.
Command Task
bgp scan-time
y <interval> Time interval (5 ~ 60 seconds)
<interval>
By default, the default scanning interval is 60 seconds in the Corecess S5 System. The following
example shows how to set the scanning interval.
The following example show how BGP routers execute load balancing by the Equal Cost
Multipath Routing Protocol
To display the route entry of the BGP routing table, use the show ip bgp command in
Privileged mode.
# show ip bg
When executing the show ip bgp command, the following entry information of the BGP
route:
Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
Status codes y s – The table entry is suppressed.
y * - The table entry is valid.
y > - The table entry is the chosen path (the shortest distance)
Origin of the entry. The origin code is placed at the end of each line in the table. It
can be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was
registered with a network command in BGP configuration mode.
Origin codes
y e – Path originated from an EBGP neighbor
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.
y = – ECMP(Equal Cost Multi Path)
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.
To display information of the BGP route attribute, use the show ip bgp attribute-info
command in Privileged mode.
When executing the show ip bgp attribute-info command, the following information of
the BGP route attribute is displayed.
Field Description
Origin of the entry. The origin code is placed at the end of each line in the table. It can
be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was registered
with a network command in BGP configuration mode.
Origin codes
y e – Path originated from an EBGP neighbor
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP from an
IGP.
y = – ECMP(Equal Cost Multi Path)
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Local preference value of the route (default: 100). This value is specified with the bgp
LocPrf
default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each AS
Path
in the path.
To display CIDR (Classless Interdomain Routing) routes, use the show ip bgp cidr-only
command in Privileged mode.
When executing the show ip bgp cidr-only command, the following information of the CIDR
route is displayed.
Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
Status of the table entry. The status is displayed at the beginning of each line in the
table. It can be one of the following value:
y s – The table entry is suppressed.
Status codes y * - The table entry is valid.
y > - The table entry is the chosen path (the shortest distance)
y i – The table entry was learned via an IBGP session.
y = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It can
be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
y e – Path originated from an EBGP neighbor
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP from
an IGP.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.
To display information of all BGP community, use the show ip bgp community-info
command.
When executing the show ip bgp community-info command, the following information of the
BGP community is displayed.
Field Description
To display routes that belong to specified BGP communities, use the show ip bgp
community local-AS command in Privileged mode.
When executing the show ip bgp community local-AS command, the following
information of BGP routes that belong to specified communities is displayed:
Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
y s – The table entry is suppressed.
Status codes y * - The table entry is valid.
y > - The table entry is the chosen path (the shortest distance)
y i – The table entry was learned via an IBGP session.
y = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It
can be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
y e – Path originated from an EBGP neighbor
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.
To display routes that are permitted by the BGP community list, use the show ip bgp
community-list command in Privileged mode.
The following example shows how to display information of the route that is in the community
list of 20.
NetworkNext HopMetricLocPrfWeightPath
*> 10.10.10.0/242.2.2.10100i
*> 20.20.20.0/242.2.2.10100i
When executing the show ip bgp community-list command, the following information is
displayed:
Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
y s – The table entry is suppressed.
Status codes y * - The table entry is valid.
y > - The table entry is the chosen path (the shortest distance)
y i – The table entry was learned via an IBGP session.
y = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It
can be one of the following values:
Origin codes y i – Path originated from an IGP(Interior Gateway Protocol) and was
registered with a network command in BGP configuration mode.
y e – Path originated from an EBGP neighbor
Field Description
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.
To display routes that are matched with condition of access list, use the show ip bgp
filter-list command in Privileged mode.
The following example shows how to display routes that is filtered with condition of as-path
access list named 2 in the BGP routing table.
NetworkNext HopMetricLocPrfWeightPath
*> 2.2.2.0/240.0.0.032768i
*> 3.3.3.0/240.0.0.032768i
*> 140.10.0.00.0.0.032768i
When executing the show ip bgp filter-list command, the following information is
displayed:
Field Description
BGP table Version number of the BGP routing table. This number is incremented whenever
version the table changes. The default value is 0.
Status of the table entry. The status is displayed at the beginning of each line in the
table. It can be one of the following value:
y s – The table entry is suppressed.
Status codes y * - The table entry is valid.
y > - The table entry is the chosen path (the shortest distance)
y i – The table entry was learned via an IBGP session.
y = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It can
be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
y e – Path originated from an EBGP neighbor
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP from
an IGP.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.
To display route information that is transmitted and received from the BGP neighbor, use the
show ip bgp neighbors command in Privileged mode.
The following example shows how to display routes that is transmitted to the neighbor of
172.16.232.178 using the show ip bgp neighbors advertised-routes command.
When executing the show ip bgp neighbors command, the following route information is
displayed.
Field Description
BGP table Version number of the BGP routing table. This number is incremented whenever
version the table changes. The default value is 0.
Status of the table entry. The status is displayed at the beginning of each line in the
table. It can be one of the following value:
y s – The table entry is suppressed.
Status codes y * - The table entry is valid.
y > - The table entry is the chosen path (the shortest distance)
y i – The table entry was learned via an IBGP session.
y = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It can
Origin codes be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was
Field Description
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.
To display information of all BGP paths that stored in the database, use the show ip bgp paths
command in Privileged mode.
When executing the show ip bgp paths command, the following information is displayed.
Field Description
Path AS number path for this route, followed by the origin code for that route.
You can retrieve BGP routes, which a particular string is included in AS paths, using BGP
regular expression as follows:
y. : Matches any single character.
y* : Matches zero or more sequences of the character preceding the asterisk.
y+ : Matches one or more sequence of the character preceding the plus sign.
y? : Matches zero or one occurrence of the pattern.
y^ : Matches the character null string at the beginning of an input string.
y$ : Matches the character or null string at the end of an input string.
y| : Matches one of the characters or character patterns on either side of the vertical bar.
y space : Matches two of the characters or character patterns on both side of the space.
To display routes matching the AS path regular expression, use the show ip bgp regexp
command in Privileged mode.
NetworkNext HopMetricLocPrfWeightPath
*> 30.30.30.0/242.2.2.20200 300i
*> 150.10.0.02.2.2.20200 300i
Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
Field Description
Origin of the entry. The origin code is placed at the end of each line in the table. It
can be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
y e – Path originated from an EBGP neighbor
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.
To display information of scan time, use the show ip bgp scan command in Privileged mode.
The scan time is time interval that BGP routers check valid next hop.
When executing the show ip bgp scan command, the following information is displayed.
Field Description
BGP Instance Status of Current BGP setting
BGP scan interval Time interval that the BGP router check valid next hop
Current BGP nexthop cache Cache for list that is registered as next hop
BGP connected route Network information that local interface of the BGP router is included.
To display the status of all BGP connections, use the show ip bgp summary command in
Privileged mode.
When executing the show ip bgp summary command, the following information is
displayed.
Field Description
BGP router
BGP router ID. The router identifier is specified by the bgp router-id command.
identifier
V BGP version
AS AS Number
TblVer Last version of the BGP database that was sent to the neighbor
The length of time that the BGP session has been in the Established state, or the
Up/Down
current status if not in the Established state.
Current state of the BGP session, and number of prefixes that have been received
from a neighbor or peer group. When the maximum number is reached, the string
State/PfxRcd
‘PrxRcd’ appears in the entry, the neighbor is shut down, and the connection is set to
Idle.
BGP Commands
The BGP commands in the Corecess S5 System are as follows:
Command Description
bgp always-compare- Allow the comparison of the MED (Multi Exit Discriminator) for paths from
med neighbors in different AS.
bgp bestpath
Ignore the AS path length when calculating preferred paths.
as-path ignore
bgp bestpath Compare identical routes received from external BGP peers during the best
compare-routerid path selection process and select the route with the lowest router ID.
bgp client-to-
Enable reflection of routes between route-reflection via a BGP route reflector.
client reflection
bgp cluster-id Configure the cluster ID if the BGP cluster has more than one route reflector.
bgp default
Enable the IP version 4 unicast address family on all neighbors
ipv4-unicast
bgp deterministic- Allow the comparison of the MED variable when choosing routes advertised by
med different peers in the same AS.
bgp equal-cost- Configuration for the purpose of load balancing for the traffic with Equal Cost
multipath Multipath BGP Routing
bgp scan-time Configure scanning interval of BGP routers for next hop validation
bgp soft-restart-
Apply the changed BGP configuration to the system directly.
auto
distance bgp Specify administrative distance of external route, internal routes and
Command Description
local routes.
neighbor activate Allow exchanging routing information to the specified BGP neighbor.
neighbor capability
Allow requesting route refresh dynamically with the specified BGP neighbor.
route-refresh
neighbor Allow a BGP speaker to send the default route 0.0.0.0 to a neighbor for use as a
default-originate default route.
neighbor
Add a simple explanation of a BGP neighbor.
description
neighbor Filter the route information for the specified neighbor with the condition of the
distribute-list access list
neighbor Accept and attempt BGP connections to external peers residing on networks
ebgp-multihop that are not directly connected.
neighbor
Define BGP filter using access list.
filter-list
neighbor maximum- Specify the maximum number of prefix that a local router can be received from
prefix BGP neighbors.
neighbor Configure the router as the next hop for a BGP-speaking neighbor or peer
next-hop-self group.
neighbor
Configure BGP peer group.
peer-group
Set TCP port for the connection between the specified BGP neighbor and the
neighbor port
BGP session.
neighbor Apply routes that are received and sent from the specified BGP neighbor to the
prefix-list specified prefix list.
neighbor route-
Configure the router as a BGP route reflector.
reflector-client
neighbor send-
Send the community attribute with the route to the BGP neighbor.
community
Remove all operating sessions and routing information for the specified BGP
neighbor shutdown
neighbor.
neighbor soft-
Apply the changed configuration to the system for the specified BGP neighbor.
reconfiguration
neighbor timers Set timer values for the specified BGP neighbor.
neighbor timers
Set the connect timer value for the specified BGP neighbor.
connect
Command Description
neighbor Allow other BGP routers to specify the BGP neighbor using the loopback
update-source interface instead of their physical interface.
neighbor version Specify the BGP version for the communication of BGP neighbors.
Set the weight value to the route that is received from the specified BGP
neighbor weight
neighbor.
show ip bgp
Display information of BGP route attributes.
attribute-info
show ip bgp
Display the CIDR(Classless Interdomain Routing) route.
cidr-only
show ip bgp
Display information of routes that is included in the specified BGP community.
community
show ip bgp
Display information of all BGP communities.
community-info
show ip bgp
Display routes that are permitted by the BGP community list.
community-list
show ip bgp Display route information that is transmitted and received from the BGP
neighbors neighbor
show ip bgp paths Display information of all BGP paths that stored in the database.
show ip bgp regexp Display routes matching the AS path regular expression.
Configuring OSPF
Introduction
OSPF (Open Shortest Path First) protocol is an internal gateway protocol that sends and
receives routing information in AS (Autonomous System). The Corecess S5 System supports
OSPF version 2.0 defined in RFC 2328.
OSPF protocol provides equal cost multipath routing that can transmit packets simultaneously
to a particular destination through more than one interface. Thus, OFPF is appropriate for
complicated networks.
OSPF protocol uses SPF (Shortest Path First) algorithm to select the shortest path. SPF algorithm
calculates status of network interface and path cost that is used in the interface and connected
network, and selects a path that has the lowest cost. SPF algorithm only delivers routing
information when the network is changed. Thus, unnecessary traffic is not delivered. Also, SPF
algorithm can control the complicated and sophisticated network.
OSPF protocol can divide a network to several regions and can communicate link status
information in limited regions. The limited region is called ‘area’. OSPF can limit appropriate
number of routers in the area to maintain the link status database.
OSPF protocol supports VLSM (Variable Length Subnet Mask). Thus, OSPF protocol can assign
and use IP address efficiently. OSPF protocol can save the router memory and bandwidth and
can improve performance because of communicating summarized information.
OSPF protocol has a topology to apply routing algorithm different from RIP protocol. The
largest topology is an AS (Autonomous System), and an AS is a group of networks that shares
the common routing policy and managed by one structure. An AS is divided to several areas,
and an area is a group of sequential networks and connected hosts. The network that connects
areas in an AS is called ‘backbone’.
The following picture shows the typical network structure of OSPF topology.
RTA RTB
ABR
Virtu
rtual link
area 192.5.1.0 area 200.5.0.0
a area 192.5.0.0
RTC RTD RTH
RTG
RTI RTJ
ABR
RTE RTF
ASBR
y IR (Internal Router)
Routers connected directly to a network in a particular area (RTC, RTE)
y BR (Backbone Router)
Routers connected to a backbone network. ABRs and routers that are included in a backbone
network are BRs (RTA, RTB, RTG).
Configuring OSPF
The following procedure describes how to configure OSPF routing protocol in the Corecess S5
System.
2. Setting Router ID
Set the router ID of the Corecess S5 System. The router ID is used to identify each router in
OSPF.
Set the Corecess S5 System to operate OSPF protocol, use the router ospf command in Global
configuration mode.
# configure terminal
(config)# router ospf
(config-router)#
When executing the above command, OSPF routing protocol operates and enter OSPF
configuration mode.
Set Router ID
A router ID is used to classify each router in OSPF. A router ID is needed to set the relation of
adjacent router or to control messages between copies of SPF algorithm.
To set a router ID in OSPF, use the router-id command in OSPF configuration mode.
Command Description
If the fixed router ID is not assigned to the Corecess S5 System, the largest number of IP address
of loopback interface is used as the router ID. If a loopback interface is not assigned to the
Corecess S5 System, the largest number of IP address of an interface that is defined in the
system is used as the router ID. When changing a router ID, the OSPF router transmits its all
LSA to adjacent routers. In the Corecess S5 System, after assigning the fixed router ID, the
router ID is not changed even if all interfaces are down.
When the router ID of OSPF network that is already operating is changed, the new router ID is
applied directly to the system and is reconnected to adjacent routers. If you restart OSPF
process manually, use the clear ip ospf command.
If networks are increased, the size of link state database is increased, and required time is also
increased for calculating of the shortest path tree. Thus, it affects performance of total network.
To solve above problems, a network can be divided to several areas in OSPF protocol, and link
state information can be exchanged in the limited area.
Area 1 Area 2
Area 6 Area 3
Area 0 (Backbone)
Area 5 Area 4
The area 0 is a central area that receives link state information from each area and sends link
state information to each area again. The area 0 is called ‘backbone area’, and other areas are
called ‘leaf area’. The backbone area includes all ABR (Area Border Router). In the Corecess S5
System, several OSPF areas can be configured, but at least one area must be configured as
backbone.
There are stub area and NSSA except backbone area and leaf area in OSPF area. Features of stub
area and NSSA are as follows:
y Stub area
Stub area does not receive LSA that notifies external network information, the traffic is
transmitted through the interface that is specified to the default route to external networks.
The area that is specified to the stub area can reduce size of topology database and memory
that is for the database.
selectively. NSSA is generally used to deliver external routing information to other areas.
This section describes how to configure OSPF area including stub areas and NSSAs.
Configuring Area
To define the interfaces on which OSPF runs and to define the area ID for those interfaces, use
the network area command in OSPF configuration mode.
Command Task
y <network-address> IP address to operate OSPF routing
protocol.
network <network-
y <area-id> Area that is to be associated with the OSPF address
address> area <area-id>
range. It can be specified as either a decimal value or as an IP
address.
The following example shows how to set the network of 172.16.1.1/32 and the network of
172.162.1/32 to operate OSPF protocol and how to specify interfaces of the two networks to be
included in the area 0.
# configure terminal
(config)# router ospf
(config-router)# network 172.16.1.1/32 area 0
(config-router)# network 172.16.2.1/32 area 0
For example, the area of 0.0.0.1 can be specified as the stub area in the following picture.
area 0.0.0.1
192.168.4.10/24
RTA
192.168.3.10/24
192.168.3.9/24 (eth0)
RTB
area 0.0.0.0
172.16.1.3/24
RTC
172.16.1.2/24 (vlan1)
172.16.1.2/24 (vlan2)
To define an OSPF stub area, use the following command in OSPF configuration mode.
Command Task
The following example shows how to specify the area of 0.0.0.1 as the stub area.
# configure terminal
(config)# router ospf
(config-router)# network 192.168.3.0/24 area 0.0.0.1
(config-router)# area 0.0.0.1 stub
Configuring NSSA
NSSA has the feature of stub area and allow incoming external routing information selectively.
NSSA is generally used to deliver external routing information to other areas.
For the following example, external routing information from RIP cloud must be passed
through the area of 0.0.0.5 to be delivered to other network in the domain. At this time, the area
of 0.0.0.5 becomes NSSA.
area 0.0.0.4
192.168.4.10/24
RTA
192.168.3.10/24
192.168.3.9/24 (eth0)
RTB
area 0.0.0.5
172.16.1.3/24
RTC
RIP
RIP Cloud
172.16.1.2/24 (vlan1)
172.16.1.2/24 (vlan2)
The following example shows how to set the area of 0.0.0.5 to the NSSA.
To use route summarization in the Corecess S5 System, use the area range command in
OSPF configuration mode. The area range command can be only used in ABR.
Command Task
The following example shows how to summarize the host information of network from 160.10.8.0 to
160.10.15.0 in area 2. To specify one range of networks from 160.10.8.0 to 160.10.15.0, subnet mask
should be 255.255.248.0 which has twenty one of number 1.
Parameter Description
Command Task
The following example shows how to configure a router to advertise a default route of an OSPF
routing domain to neighbor routers.
Setting Distance
Distance is a value that is used for comparing routes of different routing protocols that have the
same destination. The default value of the distance is 110 in the Corecess S5 System.
To change the specified OSPF distance value for topology property or redistribution, use the
distance command in OSPF configuration mode.
Command Task
The following example shows how to specify the OSPF route distance of the OSPF router to 100
in area 1.
The default metric value of OSPF route is 10. To change the default metric value, use the
default-metric command in OSPF configuration mode.
Command Task
The following example shows how to change the default metric value of OSPF route to 4.
Command Task
There are two types of methods (type 1, type 2) to calculate cost in an external route. Type 1 of
an external route adds external cost and internal cost to calculate cost. Type 2 of an external
route only uses external cost. If there are two external routes that have the same destination,
OFPF chooses type 1 of the external route.
There are an example that the external route E1 (Type 1) and E2 (Type 2) area 0
is redistributed as the right network. The cost of E1 and E2 are
calculated as follows: C
Cost of E1 = a + b + c c
Cost of E2 = a
B
E1 E2
The following example shows how to change the metric value that is
advertised from BGP network to ‘10’, and how to set the route type to type 1.
Command Task
The following example shows how to filter routes matched the condition of access list 550.
Command Task
The following example shows how to specify the VLAN interface that ID is 2 as the passive
interface.
Command Task
The following example shows how to set the refresh period of OSPF LSA database to sixty
seconds.
Default
Timer Description
Value
Waiting time until calculating SPF after an OSPF router receives information of
5
delay changed topology. If the timer is set to ‘0’, calculation of SPF is immediately
Seconds
started when receiving the information.
Waiting time until calculation the next SPF after a SPF is calculated. If the timer
10
holdtime is set to ‘0’, calculation of the next SPF is immediately started after calculating
Seconds
the SPF.
To change values of the OSPF timers, use the timers spf command in OSPF configuration
mode.
Command Task
# configure terminal
All ABR must be connected to the OSPF backbone area either directly or indirectly. If an ABR is
not connected to the backbone area physically, the ABR can configure a virtual link with other
ABR that is connected to the backbone area physically in the same area.
RTA is an ABR that is not physically connected to the backbone area (area 0) as follows. To
connect RTA to the backbone, a virtual link should be configured between ATA and ARC using
area 1 (transit area). The virtual link should be defined in routers that are located in the end of
the link, and routers that are in transit area do not need any configuration about the virtual link.
area 0
0.0.0.0
RTC
(209.157.22.1)
area 1 area 2
(transit area) 0.0.0.0
0.0.0.2
RTB
RTA
(10.0.0.1)
To define the virtual link, use the area virtual-link command in OSPF configuration mode.
Command Task
y <area-id> Area ID assigned to the transit area for the virtual link.
area <area-id>
This can be either a decimal value or a valid IP address.
virtual-link <router-
y <router-id> Router ID that is connected to the virtual link.
id> [authentication-
y authentication-key <key> Set simple password method to be
key <key> | message-
used when authenticating with neighbors, and specify the password.
digest-key <key-id>
y message-digest-key <key-id> md5 <key> Set MD5
md5 <key>]
authentication method to be used when authenticating with
Command Task
RTA
RTA(config)# router ospf
RTA(config-router)# area 0.0.0.2 virtual-link 209.157.22.1
RTC
RTC(config)# router ospf
RTC(config-router)# area 0.0.0.2 virtual-link 10.0.0.1
Command Task
y <area-id> Area ID assigned to the transit area for the virtual link.
area <area-id>
This can be either a decimal value or a valid IP address.
virtual-link <router-
y <router-id> Router ID that is connected to the virtual link.
id>
y dead-interval Time that hello packets are not seen before a
{dead-interval|
neighbor declares the router down. This value must be the same for all
hello-interval|
routers.
retransmit-interval|
y hello-interval Time between the hello packets. This value must
transmit-delay}
be the same for all routers.
<seconds>
y retransmit-interval Time between link-state advertisement
[{dead-nterval|
(LSA) retransmissions for adjacencies belonging to the interface. The
hello-interval|
value must be greater then the expected round-trip delay
retransmit-interval|
y transmit-delay Estimated time required to send a link-state
transmit-delay}
update packet on the interface.
<seconds> ...]
y <seconds> Time interval (1 ~ 65535 seconds)
To display OSPF configuration information, use the show ip ospf command in Privileged
mode.
# show ip ospf
When executing the show ip ospf command, the following information is displayed.
Field Description
Hold time between two SPFs Waiting time until calculation the next SPF after a SPF is calculated.
SPF algorithm executed Number of calculation of SPF in the router of the Area
This field is displayed when the area does not use authentication
Area has no authentication
method.
To display the routing table of ABR and ASBR, use the show ip ospf border-routers
command in Privileged mode.
Field Description
Area The area ID of the area from which this route is learned
SPF No Information of area in which the router is included such as number and address
To display OSPF database information, use the show ip ospf database command in
Privileged mode. You can specify several options with the show ip ospf database command,
and different database information is displayed depending on each option
Option Description
To display OSPF interface information, use the show ip ospf interface command in
Privileged mode.
When executing the show ip ospf interface command, the following information about
OSPF interface is displayed.
Field Description
Interface name, line protocol Physical status of the interfaces and status of the protocol
Router Id Router ID
Hello Number of seconds until next hello packet is sent out the interface
To display OSPF routing information, use the show ip ospf neighbor command in
Privileged mode.
When executing the show ip ospf neighbor command, the following information about OSPF
neighbors is displayed.
Field Description
Neighbor ID Neighbor ID
Dead Time Waiting time until the router infers that the neighbor is down
To display OSPF route information, use the show ip ospf route command in Privileged
mode.
When executing the show ip ospf route command, the following information is displayed.
Low of
Description
Routing Table
3 Area ID
OSPF Commands
OSPF commands supported in the Corecess S5 System are as follows:
Command Description
area
Enable authentication for an OSPF area.
authentication
area default-cost Specify a cost for the default summary route sent into a stub or NSSA.
Limit routing information that is transmitted from the specified area to other
area export-list
areas.
area import-list Limit particular routing information that is received from other areas.
Define the specified area as the stub area not to receive information about the
area stub
external network.
default-information
Generate a default external route into an OSPF routing domain.
originate
distribute-list Specify the route filtering to be applied when transmitting route entries.
Specify the network that operates OSPF routing protocol, and specify area in
network
which the interface connected to the network is included.
redistribute Redistribute routes from other routing domain into OSPF routing domain.
ip ospf Assign a password to be used by neighboring routers that are using the OSPF
authentication-key simple password authentication.
ip ospf Set the interval during which at least one hello packet must be received from a
dead-interval neighbor before the router declare that neighbor down.
Command Description
ip ospf
Specify the interval between hello packets that are sent on the interface.
hello-interval
ip ospf message-
Specify a ID and a password when enabling OSPF MD5 authentication
digest-key
ip ospf priority Set the router priority, which helps determine the DR for this network.
ip ospf retransmit- Specify the time between LSA retransmissions for adjacencies belonging to the
interval interface.
ip ospf transmit- Set the estimated time required to send a link-state update packet on the
delay interface.
show ip ospf Display the internal OSPF routing table entries to an ABR (Area Border
border-routers Router) and ASBR (Autonomous System Boundary Router).
show ip ospf
Display information about OSPF database of the router.
database
show ip ospf Display OSPF configuration information for interfaces that are defined in the
interface system.
show ip ospf
Display OSPF neighbor information on a per-interface basis.
neighbor
show ip ospf route Display information of OSPF network, routers and external routing tables.
Configuring IS-IS
IS-IS Overview
Introduction
IS-IS (Intermediate System to Intermediate System) protocol is the same type of link-state
routing protocol as OSPF. IS-IS can exchange routing information among routers in a particular
domain. IS-IS is defined in RFC 1195 and is usually used for exchanging routing information
among multi-protocol stack such as IP and OSI.
IS-IS network consist of ES (End System) and IS (Intermediate System). ES is an object that
sends and transmits packet as a host. IS is such a router that sends, transmits packets.
IS-IS can be configured to exchange link-state information in limited region because a domain
can be divided to several regions. The limited region is called ‘area’. Routing among areas is
consisted hierarchically, and a domain is divided to small areas and is managed. Level 1 routers
and level 2 routers can be configured for the hierarchical structure. Level 1 routers take charge
of routing in an area. If destination of packets is external area, level 1 routers route packets to
level 2 router. Level 2 router take charge of routing among areas or other domains.
IS-IS protocol selects the shortest path using SPF (Shortest Path First) algorithm. SPF algorithm
calculates status of network interface and path cost that is used in the interface and connected
network, and selects a path that has the lowest cost. SPF algorithm only delivers routing
information when the network is changed. Thus, unnecessary traffic is not delivered. Also, SPF
algorithm can control the complicated and sophisticated network.
y Level 1 / Level 2 Router : A router that can be connected to Level 1 routers and Level 2 routers.
- Maintains additional link status for connection of level 1 and level 2.
- Operates the same as an OSPF ABR.
area 49.0001
L1
Level-1
Area
L1 / L2
Level-2
area 49.0002 Backbone area 49.0003
L1 / L2 L1 / L2
Level-1 Level-1
Area Area
L1 L1
IS-IS uses an ISO network address. Each network address plays a role as NSAP (Network
Service Access Point) to distinguish network connection point.
ES can have several NSAP addresses that value of last byte (n-selector) is different. Each NASP
indicates services that can be used on a node. Therefore, ES can have several services, and a
node can be included in several areas.
A IS has specific network address called NET (Network Entity Title). NET is a NSAP address
that last byte (n-selector) is 0x00. Most IS has one NET. However, IS that is configured by
several areas can have several NETs.
49.0001.00a0.c96b.c490. 00
n o p q
n AFI 1 Area ID. The area ID is used for level 1 routing, and each router
o Area address Variable (1~12) can define three of area ID.
System ID. The system ID is used for level 2 routing. The system
p System ID 6 ID must be unique. The system ID generally uses type of MAC
address.
y All routers that are in the same area should use the same area ID.
y All nodes that are in the same area should use the same system ID.
y System ID length of all nodes that are in the same domain should be the same.
The following types of packets are used in IS-IS for exchanging routing information.
Hello Packet
The Hello packet establishes and maintains relation of adjacent IS-IS systems. There are three
types of hello packet as follows:
y Level 1 LAN IS-IS Hello Packet: Used by level 1 routers on a broadcast LAN.
y Level 2 LAN IS-IS Hello Packet: Used by level 2 routers on a broadcast LAN.
y Point-to-point Hello Packet: Used by medias that do not have broadcasting feature such as a Point-to-Point
link.
Level 1 routers transmit Level 1 LSPs. However, level 2 routers transmit both level 1 LSPs and
level 2 LSPs.
Configuring IS-IS
1. Enabling IS-IS
Enable IS-IS protocol in the Corecess S5 System.
Enable IS-IS
To enable IS-IS protocol in the Corecess S5 System, the following tasks should be executed.
By default, IS-IS is set not to be operated in the Corecess S5 System. To enable IS-IS protocol in
the Corecess S5 System, use the following commands.
Command Task
Command Task
The following example shows how to configure IS-IS protocol and IS-IS NET and how to enable
the IS-IS process in the default VLAN interface.
The following example shows how to set the area tag to classify each process when creating
over two IS-IS process in the system.
Parameter Description
adjacency-check performs consistency checks on hello packets
Set overload bit not to use the local router as an intermediate router in their
set-overload-bit
SPF calculations.
Command Description
The following example shows how to set the Corecess S5 System to the level 1 (intra-area)
router.
To performs consistency checks on hello packets, use the adjacency-check command in IS-IS
configuration mode.
The following example shows how to configure IPv4 IS-IS router to form an adjacency with
IPv4 or IPv6 routers.
Command Description
The following example shows how to IS-IS LSP generation interval to 6 seconds.
Command Description
The following example shows how to IS-IS LSP refresh interval to 800 seconds.
To set maximum LSP lifetime, use the following command in IS-IS configuration mode.
Command Description
max-lsp-lifetime
y <seconds> maximum LSP lifetime (1 ~ 65535 seconds)
<seconds>
The following example shows how to set maximum LSP lifetime to 1000 seconds.
The following example shows how to ignore LSP that include checksum errors.
Command Description
max-area-addresses
y <number> Maximum number of IS-IS static area (3 ~ 254)
<number>
The following example shows how to set the maximum number of IS-IS static area to 10.
Command Description
area-password
y <string> Authentication password of IS-IS area
<string>
The following example shows how to set the authentication password to ‘corecess’.
By default, the Corecess S5 System is configured not to transfer a default route. To transfer a
default route to neighbor routers, use the default-information originate command in IS-
IS configuration mode.
The following example shows how to transfer a default route of a IS-IS routing domain
automatically to neighbor routers.
Setting Distance
Distance is a value that is used for comparing routes of different routing protocols that have the
same destination. The default value of the distance is 115 in the Corecess S5 System.
To change the specified IS-IS distance value for topology property or redistribution, use the
distance command in IS-IS configuration mode.
Command Description
distance {level-1 |
level-2} <distance>
distance level-1 y level-1 Set distance value of IS-IS level 1 route (intra-area route).
<distance> level-2 y level-2 Set distance value of IS-IS level 2 route (inter-area route).
<distance> y <distance> Distance of IS-IS route (1 ~ 255)
y <prefix> Prefix of the network in which the router is included or
distance level-2 IP address of the router
<distance> level-1 y <M> Subnet mask of <prefix>
<distance> y <access-list-number> Number of access list to be applied to
received routing information (500 ~ 999).
distance <distance>
[<prefix>/<M>
[<access-list-number>]]
The following example shows how to set IS-IS route distance of the router which is operating on
the network of 198.10.1.0 to 130. The IP address of the router is 198.10.1.3.
(config)# router rip
(config-router)# network 198.10.1.0/32
(config-router)# distance 130 198.10.1.3/32
(config-router)#
Command Description
domain-password
y <string> Authentication password of IS-IS routing domain
<string>
The following example shows how to the authentication password of IS-IS routing domain to
‘corecess’.
To use a host name or an area tag for displaying a particular node in IS-IS networks, use the
following command in IS-IS configuration mode.
Command Description
dynamic-hostname
y area-tag Use the area tag as the host name.
[area-tag]
The following example shows how to use the host name of a particular node.
The following example shows how to display mapping information for the host name and the
system ID when executing the show isis command.
To specify the passive interface, use the following command in IS-IS configuration mode.
Command Description
y loopback id Specify the loopback interface that is used as the
passive interface.
passive-interface
y <loopback-id> Loopback interface ID that is set to the passive
{loopback id
interface (1 ~ 32).
<loopback-id>|
y port Specify the port that is set to the passive interface.
port <port-type>
y <slot>/<port> Slot of the port/Number of the port
gigabitethernet |
y vlan Specify the VLAN interface that is set to the passive
vlan id <vlan-id>|
interface.
vlan name <vlan-name>}
y <vlan-id> VLAN interface ID (1 ~ 4094)
y <vlan-name> VLAN interface name
The following example shows how to specify the VLAN interface as the passive interface.
To set the overload bit, use the following command in IS-IS configuration mode.
Command Description
y on-startup <seconds> Set the overload bit only after a system
reload
- <seconds>: Period after the reload during which the overload
set-overload-bit bit is set (5 ~ 86400 seconds)
[on-startup seconds>] y suppress Set IP prefix of the specified type not to transmit when
[suppress {external| overload bit is already set.
y external Set IP prefix learnt from other protocols not to transmit
interlevel | when overload bit is already set
external interlevel | y interlevel Set IP prefix learnt from other IS-IS routing levels not
interlevel external}] to transmit when overload bit is already set.
y external interlevel, interlevel external Set IP prefix
learnt from either other protocols or other IS-IS routing levels not to
transmit when overload bit is already set.
To apply different metric values to external route, which is redistributed to IS-IS, depending on
types of protocol or the condition of route map, use the following command in IS-IS
configuration mode.
Command Description
The following example shows how to redistribute RIP routes to IS-IS level 1 routes.
Command Description
The default SPF calculation interval is 5 seconds. To change the SPF calculation interval, use the
following command in IS-IS configuration mode.
Command Description
The following example shows how to set the SPF calculation interval to 10 seconds.
To display status information of all IS-IS routing processes, use the show isis counter
command in Privileged mode.
isisSysStatSPFRuns: 0
When executing the show isis counter command, the following information is displayed.
Field Description
To display IS-IS routing database information, use the show isis database command in
Privileged mode.
The following example shows how to display the detail information of IS-IS routing database
using the show isis database detail command.
When executing the show isis database command, the following information is displayed.
Field Description
LSPID LSP ID. The first six octets form the system ID of the router that originated the LSP.
LSP sequence number. This LSP sequence number is increased whenever LSP is
LSP Seq Num
updated.
Amount of time the LSP remains valid (in seconds). If this value becomes zero, the
LSP Holdtime
LSP is removed from LSDB of all routers.
Attach bit. If this value is 1, it means that the router is connected to at least one area
ATT
through level 2 router.
P P bit. If this value is 1, it means that the router provides area partition-repair feature.
Overload bit. If this value is 1, it means the router is overloaded. Therefore, other
OL
routers can not use the router as an intermediate router when SFP calculation.
To display IS-IS routing process information of all interfaces, use the show isis interface
command in Privileged mode.
When executing the show isis interface command, the following information is
displayed.
Field Description
Routing protocol Routing Protocol that is operating on the interface (area tag)
To display the list of routers that are connected to IS area, use the show isis topology
command in Privileged mode.
Area corecess:
IS-IS paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
0000.0000.0020 --
0000.0000.000a 10 0000.0000.000a vlan1 00e0.b064.46ec
IS-IS paths to level-2 routers
System Id Metric Next-Hop Interface SNPA
0000.0000.0020 --
0000.0000.000a 10 0000.0000.000a vlan1 00e0.b064.46ec
0000.0000.000b 20 0000.0000.000b vlan1 00e0.b064.46ec
#
When executing the show isis topology command, the following information is displayed.
Field Description
IS-IS Commands
The following IS-IS commands are provided in the Corecess S5 System.
Command Description
Set a host name or an area tag to be used for displaying a particular node in
dynamic-hostname
IS-IS networks.
isis csnp-interval Set IS-IS CSNP (Complete Sequence Number PDUs) transmission interval.
isis hello-interval Set transmission interval of IS-IS hello packets on the specified interface.
isis Specify multiplier value that is used when calculating transmission interval
hello-multiplier of IS-IS hello packets.
isis mesh-group Set the specified interface to a member of the specified mesh group.
isis
Set retransmission interval of IS-IS LSPs (Link-state packet).
retransmit-interval
max-area-addresses Set the maximum number of IS-IS areas that can be configured as static area.
Set maximum LSP lifetime that IS-IS LSP(Link-state packet) persist without
max-lsp-lifetime
being refreshed.
Command Description
router isis Enable IS-IS routing protocol, and enter IS-IS routing configuration mode.
Set overload bit not to use the local router as an intermediate router in their
set-overload-bit
SPF calculations.
Display all lists of ES (End System) and IS (Intermediate System) that are
show clns neighbors
connected to the Corecess S5 System.
show isis counter Display status information of all IS-IS routing processes.
show isis interface Display IS-IS routing process information of the interface.
show isis topology Display lists of routers that are connected to the IS-IS area.
Configuration RIP
Introduction
RIP (Routing Information Protocol) is a dynamic routing protocol that exchange routing
information in internal AS (Autonomous System). RIP is used for small-scale networks.
Dynamic routing protocol exchanges messages with routers and applies changed network
status to routing tables when a topology is changed, or an error occurs. RIP transmits its routing
information (RIP message) periodically to all of connected neighbor routers through number
520 of UDP port. And, RIP receives routing information from neighbor routers and modifies its
routing table. When routing information is advertised as above, all router of internal AS can
exchange their routing information.
If there are several routes that have the same destination in the routing table, RIP selects the
shortest path using the distance-vector algorithm. The distance-vector algorithm selects the
shortest next hop and the shortest distance (or cost) of the destination as the best path. A
routing protocol can be easily configured using the algorithm, and less system memory is used.
The distance of each path is called metric in RIP. The network administrator can specify the
metric depending on path state or speed. The default metric value is 1. RIP selects the path that
has the lowest value of metrics as the best path. Therefore, the metric is the basic value to select
paths in RIP.
The disadvantage of RIP is the occurrence of a routing loop. The routing loop occurs when
routers consider that the routers can reach the destination through each other and exchange
routing information continuously. To prevent this situation, RIP limits metric value to less than
15. If there is a path that metric value is over 15, RIP considers the path unreachable, and the
path can not be transmitted to neighbors. For this reason, RIP is generally used in single AS
(Autonomous System). Split Horizon or triggered update is used to solve the routing loop.
RIP Version
The Corecess S5 System supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2). The
difference of two versions is as follows:
Authentication Does not support authentication. Support authentication for RIP messages.
By default, RIPv2 is operated in the Corecess S5 System. RIPv1 does not support subnet mask.
Thus, RIPv2 is recommended.
Each route entry in RIP routing table consist of the following fields.
Field Description
Route change flag Flag for indicating the recent change of the route entry
RIP Operation
RIP Timer
RIP uses numerous timers to regulate its performance. These include a routing-update timer, a
route-timeout timer, and a route-flush timer.
Timer Description
Interval between periodic routing updates. Generally, it is set to 30 seconds, with a small
Update random amount of time added whenever the timer is reset. This is done to help prevent
Timer congestion, which could result from all routers simultaneously attempting to update their
neighbors.
Interval in seconds during which routing information regarding better paths is suppressed.
It should be at least three times the value of update. A route enters into a holddown state
Holddown when an update packet is received that indicates the route is unreachable. The route is
Timer marked inaccessible and advertised as unreachable. However, the route is still used for
forwarding packets. When holddown expires, routes advertised by other sources are
accepted and the route is no longer inaccessible. The default is 180 seconds.
Amount of time in seconds that must pass before the route is removed from the routing
Flush table; the interval specified should be greater than the invalid value. If it is less than this
Timer sum, the proper holddown interval cannot elapse, which results in a new route being
accepted before the holddown interval expires. The default is 240 seconds.
The Split Horizon and the Triggered Update prevent the routing loop.
10.1.1.0
For example, the router A is connected to the network of 10.1.1.0 as above. The router B is
connected to the network of 10.1.1.0 through the router A, and the router C is connected to the
network of 10.1.1.0 through the router A and the router B.
Let’s assume that the link between the router A and the network of 10.1.1.0 is disconnected.
When the router A detects link disconnection, the router A removes this route entry from its
routing table. But, the router B does not realize the link disconnection and sends its routing
table to the router A using the update message. The router A finds the route entry of 10.1.1.0
from the received routing entry and increases metric value of the route entry, then adds the
route entry into its routing table. After that, the router B also receives the route entry of 10.1.1.0
from the router C and increases the metric value of the route entry, then adds the route entry
into its routing table. The router B sends its routing entry to the router A. If this situation is
continued, although the routers can not actually reach to the network of 10.1.1.0, the routers
increase the metric values and update their routing table. Finally, the entry of 10.1.1.0 becomes
the invalid route when the metric value is 16, and the network becomes unreachable destination.
The above situation is called routing loop, and the routing loop is solved when the metric value
of route entry is 16. There are two solutions to solve the routing loop.
First solution is that the router does not allow information, which is transmitted by itself, to be
transmitted to other routers. If this solution is used in the above network, because network
information of 10.1.1.0 is transmitted through the router A to the router B, the router B transmits
the rest information to router A except the route entry of 10.1.1.0 network. This solution is
called split horizon. Split horizon with poisoned reverse, which is similar to split horizon, sets
the metric value to 16 instead of removing the entry.
Second solution, triggered update, is that the router transmits changed information
immediately to other routers when the router receives new routing information or detects
change of existing routing information by a physical cause. If this solution is used in the above
network, when the router A detects the link disconnection, the router informs the router B
immediately that the network of 10.1.1.0 is unreachable.
Configuring RIP
1. Enabling RIP
Enable RIP in the Corecess S5 System.
Enable RIP
By default, RIP is disabled in the Corecess S5 System. To enable RIP, use the router rip
command in Configure configuration mode.
# configure terminal
(config)# router rip
(config-router)#
After enabling RIP in the Corecess S5 System, specify network in that RIP is operated. To
operate RIP on the specified network, use the network command in RIP configuration mode.
Command Task
The Corecess S5 System can only exchange RIP update messages with neighbor routers through
interfaces of the network that is specified using the network command.
The following example shows how to enable RIP on the network of 128.9.0.0/24 and
192.31.7.0/24.
Parameter Description
Specify default metric values that are applied when redistributing all routing entries
Default metric
to RIP networks.
Passive Interface Set the specified interface not to transmit RIP routing information to other routers.
Distribute list Filter routes that are matched with condition of the specified access list
Change metric values of RIP route entries that are matched with condition of the
Offset list
specified access list.
Setting Distance
Distance is a value that is used for comparing routes of different routing protocols that have the
same destination. The default value of the distance is 120 in the Corecess S5 System.
Lower distance value is higher priority. To change the specified RIP distance value for topology
property or redistribution, use the distance command in RIP configuration mode.
Command Task
The following example shows how to set the RIP route distance of 192.16.10.3 to 100 on the
network of 192.16.10.0.
To specify the passive interface, use the passive-interface command in RIP configuration
mode.
Command Description
The following example shows how to specify the 1/1 port as the passive interface.
When external routes are distributed to RIP, metric values of external router are change to other
values that can be used in RIP network. It is because concept of metric is different between RIP
and other protocols.
There are two methods to change metric values of external routers to metric values of RIP
network.
y Apply different metric values without types of routing protocols or condition of route map
To specify the default metric, use the default-metric command in RIP configuration mode.
Command Task
The following example shows how to set the default metric value of RIP to 10:
(config-router)# default-metric 10
(config-router)#
Apply different metric values without types of routing protocols or condition of route map
In the Corecess S5 System, different metric values can be applied to external route entries from
other types of routing protocol when redistributing external entries to RIP networks.
To apply different values to external routes that are redistributed depending on types of routing
protocol or condition of route map, use the redistribute command in RIP configuration mode.
Command Description
In the following network, if you set each router (RTA, RTB, RTC) of the RIP network to receive
routing information from OSPF network, use the following commands.
RIP RIP
RTA RTB
1/1 1/1
0/0 1/2 1/2 0/0
OSPF
1/1 1/2
RTC
0/0
RIP
Filtering Route
To filter routes that are matched with particular condition of access list, use the distribute-
list command in RIP configuration mode.
Command Description
The following example shows how to filter routes that are matched with condition of access list
500 in routing information from which port 5/1 of the system receives.
The following example shows how to filter routes that are matched with condition of access list
500 in routing information to which port 5/1 of the system transmits.
To define an offset list, use the offset-list command in RIP configuration mode.
Command Description
Command Description
The following example shows how to add 10 to metric value of route entries that are matched
with condition of access list 21 when transmitting routing information through all interfaces.
# configure terminal
(config)# router rip
(config-router)# offset-list 21 out 10
The following example shows how to add 5 to metric value of route entries that are matched
with condition of access list 22 when receiving routing information from port 5/1 of the system.
# configure terminal
(config)# router rip
(config-router)# offset-list 22 in 5 vlan id 51
Setting Timer
Routing protocols use several timers that determine such variables as the frequency of routing
updates, the length of time before a route becomes invalid, and other parameters. You can
adjust these timers to tune routing protocol performance to better suit your internetwork needs.
You can make the following timer adjustments:
Time in seconds between updates (The rate at which routing updates are 30
Update timer
sent). seconds
Holddown 180
The interval of time (in seconds) after which a route is declared invalid.
timer seconds
The amount of time (in seconds) that must pass before a route is removed 120
Flush timer
from the routing table. seconds
To change values of RIP timers, use the timers basic command in RIP configuration mode.
Command Description
# configure terminal
(config)# router rip
(config-router)# timers basic 30 100 50
To change RIP version of all interfaces that are defined in the router, use the version
command in RIP configuration mode.
Command Description
# configure terminal
(config)# router rip
(config-router)# version 1
(config-router)#
RIP ECMP Routing supports multiple equal-cost paths between routers, and distributes the
traffics among the possible paths. Maximum 4 links can working with one ECMP link and the
traffic can be shared on a basis of IP address destination session.
The following example show how RIP routers execute load balancing by the Equal Cost
Multipath Routing Protocol.
To display RIP routing tables, use the show ip rip command in Privileged mode.
# show ip rip
Codes: R - RIP, C - connected, O - OSPF, B - BGP, S - static
(n) - normal, (s) - static, (d) - default, (r) - redistribute,
(i) - interface
When executing the show ip rip command, the following information is displayed.
Field Description
Entry code, destination network address or host ip address / bit number of subnet mask
Types of entry code are as follows:
Network
R : RIP Entry C : Connected Entry
O : OSPF Entry B : BGP S : Static Entry
IP address of the next system that is used when forwarding a packet to the destination
Next
network. If the router connects directly to the destination, ‘0.0.0.0’ is displayed.
Remain time to remove the path. Holddown timer value is displayed for the first time.
Time Then, after holddown timer value becomes zero, flush timer value is displayed. After even
flush timer value becomes zero, the path is removed from the routing table.
To display RIP configuration information for all interfaces that are defined in the system, use
the show ip rip interface command in Privileged mode.
When executing the show ip rip interface command, the following information is
displayed.
Field Description
To display the current RIP version, use the show ip protocols command in Privileged
mode.
# show ip protocols
RIP Commands
The following RIP commands are provided in the Corecess S5 System.
Command Description
default-information Allow the router to advertise RIP default route information to neighbor
originate routers
Specify default metric values that are applied when redistributing all routing
default-metric
entries to RIP networks.
distribute-list Filter routes that are matched with condition of the specified access list
Change metric values of RIP route entries that are matched with condition of
offset-list
the specified access list.
Set the specified interface not to transmit RIP routing information to other
passive-interface
routers.
ip rip authentication
Enable authentication process for RIPv2, and define keys for interfaces.
key-chain
ip rip
Specify authentication method for RIPv2 packets.
authentication mode
ip rip authentic-
Specify authentication string for RIPv2 packets.
cation string
ip rip receive
Specify RIP version of packets from which the interface receives.
version
ip rip send version Specify RIP version of packets to which the interface transmits.
Configuration for the purpose of load balancing for the traffic with Equal Cost
equal-cost-multipath
Multipath Routing
show ip rip Display RIP configuration information for all interfaces that are defined in
interface the system.
This chapter describes how to configure a trunking group by using LACP (Link Aggregation Control
Protocol).
For example, the maximum bandwidth of the port that connects the system A and the system B
is 1Gbps, but the amount of data that receives and transmits between two systems can exceed
1Gbps. In this case, it is considered that several ports are connected between two systems. But,
if there are several connections (links) between systems, only one link is used automatically by
STP protocol because a loop can occur. If STP protocol is not used to prevent this situation,
communication might not operate because loops can not be detected.
Port trunking can be used in the case. Several ports act as single port, so it can be easily
managed by VLAN, STP and IGMP. Port trunking also effects stability of the system. Even if
some ports that are included in a trunking group are not operating normally, communication
can be continued by rest ports.
In the Corecess S5 System, port trunking can be implemented by 802.ad link aggregation, and
802.3ad link aggregation uses LACP (Link Aggregation Control Protocol). LACP allows ports
that have the same link aggregation key value to configure themselves into a trunking group.
y If you do not use STP, you should complete port trunking configuration to prevent loops
before connecting network cables between systems.
y All trunk group members (ports) should have the same media type (10/100Base-T, 100FX, or
Gigabit)
y All trunk group members (ports) should be set to the same port speed, duplex mode, and
operation mode.
y All trunk group members (ports) should be set to the full-duplex mode.
y If LACP operation mode is set to active on a port that is located in the end of a trunk, trunk is
set automatically.
When a QoS trunk is specified, the aggregated ID of the trunk group is used. The aggregated ID
is decided by the following rules.
y Odd number of port > Gigabit Ethernet port > Even number of port (Up Î Down)
y The same add or even number : Higher number of port (Right Î Left)
For example, if 1/1, 1/2, 1/3 and 1/4 ports aggregates, odd number of ports (1/1, 1/3) is
selected properly, then higher port (1/3) is decided to the aggregated ID.
LACP Key
LACP key is used to identify the trunk in which the port is included. All ports that are in the
single trunk have the same key value.
You can enable the feature on an individual port basis, in active, passive, or passive manual
mode.
y Passive mode
When you enable a port for passive link aggregation, the Corecess S5 System port can
exchange LACPDU messages with the port at the remote end of the link, but the Corecess S5
System port cannot search for a link aggregation port or initiate negotiation of an aggregate
link. Thus, the port at the remote end of the link must initiate the LACPDU exchange.
y Manual mode
When you enable a port for manual link aggregation, you can manually configure aggregate
links containing multiple ports
To configuring a dynamic LACP trunk, one end of ports should be configured to LACP active
mode and the other end of ports should be configured to LACP active or LACP passive mode.
Switch A Switch B
To configure a trunk manually, both ends of the ports should be configured to LACP manual
mode.
Switch A Switch B
To assign the LACP key and set LACP operation mode, use the following commands:
Command Task
2. Assign LACP key and specify the LACP operation mode for the
specific ports.
y <key-num> LACP key value (0 – 65535).
(1 ~ 65535)
lacp key <key-num>
y <slot>/<port> Slot/Port number
port gigabitethernet
y active Enable active mode. Aggregation link is created, channels are
<slot>/<port> mode
initialized in active mode. If the remote LACP mode is active of
{active | passive |
passive, aggregation link is created.
manual}
y passive Enable passive mode. Channels are not initialized in
passive mode, but LACP packets can be processed.
y manual Enable manual mode. Aggregation link can be
configured without LACP in manual mode.
The following example shows how to assign 10 of LACP key to the Gigabit Ethernet port 5/1
and how to set the LACP operation mode to active.
# configure terminal
(config)# lacp key 10 port gigabitethernet 5/1 mode active
(config)# end
# show lacp port gigabitethernet 5/1
To configure LACP partner key to be assigned to the port on the other side of the aggregation
link, perform this task in the Privileged mode:
Command Task
The following example shows how to assign 15 of LACP key value to the remote port connected
to the Gigabit Ethernet port 5/1.
# configure terminal
(config)# lacp force-partner-key 15 port gigabitethernet 5/1
(config)# end
# show lacp port gigabitethernet 5/1
System A
Trunk Group
y Port : 5/1-4 on System A
5/1-4 on System B
y LACP admin key : 33
System B
System A
The following shows how to configure the LACP trunk on the System A:
System B
The following shows how to configure the LACP trunk on the System B:
This chapter describes how to configure STP (Spanning Tree Protocol)/RSTP (Rapid Spanning Tree
Protocol) on the Corecess S5 System.
STP Overview
Introduction
A network that has several paths for one destination is fault-tolerant. It is because packets can
be transmitted through other paths even if one of paths can not be used on the network. But,
loops might occur on the network. If a loop is occurs between two nodes, when packets are
broadcasted, the packet transmission is repeated infinitely. Because of the loop, the network can
be congested, then the network becomes instable.
In the following network configuration, there are two paths from Switch A to Switch C. One of
the path is path 2 connected directly and the other path is path 1 and path 2 through Switch B.
A loop is formed in this network because multiple active paths exist between Switch A and
Switch C. In this network, end stations might receive duplicate messages. For example, if Switch
A broadcasts packets, Switch C broadcasts the received packets to Switch A, and Switch A
broadcast the packets again.
Switch A
Path 1 Path 2
Path 3
Switch B Switch C
STP (Spanning Tree Protocol) prevents the loop on the network in which several paths are
existed. STP defines a tree with a root switch. When two interfaces on a switch are part of a loop,
the spanning-tree port priority and path cost settings determine which interface is put in the
forwarding state and which is put in the blocking state. Spanning tree forces redundant data
paths into a standby (blocked) state. Therefore, when traffic is processed, packets are only
transmitted through paths of non-blocking state.
If the path 3 is blocked in the network configuration mentioned previously, you can have a
loop-free path between Switch A and Switch C as follows:
Switch A
Path 2
(Forwarding)
Path 1
(Forwarding)
Path 3
Switch B (Blocking) Switch C
Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at
regular intervals. The switches do not forward these frames, but use the frames to construct a
loop-free path.
If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree
algorithm recalculates the spanning-tree topology and activates the standby path.
Spanning tree consists of a root switch, designated switches, root port, and designated ports.
The root switch is the logical center of the spanning-tree topology in a switched network. A
designated switch is a switch used to forward packets from that LAN to the root switch. A root
port is a forwarding port elected for the spanning-tree topology. A designated port is a
forwarding port elected for every switched LAN segment.
Root Switch
Designated Designated
Switch Switch
Designated Port
Designated
Switch
When the switches in a network are powered up, each function operates as the root switch.
Each switch sends a configuration BPDU through all of its ports. The BPDUs communicate and
compute the spanning-tree topology. Each configuration BPDU contains this information:
- Unique bridge ID of the switch that the sending switch identifies as the root switch
- Spanning-tree path cost to the root
- Bridge ID of the sending switch
- Aging time of BPDU
- Interface ID that transmits BPDU
- Spanning tree timer values (Hello, Forward delay, Max-age)
Bridge ID determines the selection of the root switch. Each VLAN on the switch has a unique 8-
byte bridge ID; the two most-significant bytes are used for the switch priority, and the
remaining six bytes are derived from the switch MAC address. The switch with the highest
switch priority (the lowest numerical priority value) is elected as the root switch. If all switches
are configured with the default priority (32768), the switch with the lowest MAC address in the
VLAN becomes the root switch.
Path cost determines the selection of the root port and designated switch. The port that provides
the best path (lowest cost) when the switch forwards packets to the root switch is called the root
port. The switch that provides the lowest path cost when forwarding packets from that LAN to
the root switch is called the designated switch. The port through which the designated switch is
attached to the LAN is called the designated port.
A root port is selected for each switch (except the root switch). This port provides the best path
(lowest cost) when the switch forwards packets to the root switch.
BPDU has three spanning-tree timers (hello, forward delay, max age). The following table
describes the timers that affect the entire spanning-tree performance:
Timer Description
When this timer expires, the interface sends out a Hello message to the neighboring
Hello timer
nodes.
Forward delay Determines how long each of the listening and learning states last before the
timer interface begins forwarding.
Determines the amount of time the switch stores protocol information received on an
Max age timer
interface.
Each port on the switch using spanning tree exists in one of these states:
• Blocking: The port does not participate in frame forwarding. (Default state)
• Listening: The first transitional state after the blocking state when the spanning tree
determines that the port should participate in frame forwarding.
• Learning: The port prepares to participate in frame forwarding.
• Forwarding: The port forwards frames.
• Disabled: The port is not participating in spanning tree because of a shutdown port, no link on
the port, or no spanning-tree instance running on the port.
Blocking State
BPDU Transmission
Learning State
Forward delay
Forwarding State
A port that STP is operating always starts at the blocking state. When a switch is initialized, the
switch assumes that the switch is the root switch and transmits BPDU to connected devices
through all ports. Ports of the blocking state discards all frames except BPDU. Ports that receive
BPDU become the listening state.
Ports of the listening state exchange BPDUs with other devices and select the root switch. Then,
after forward delay time is passed, the listening state becomes the learning state.
Ports of the learning state learn MAC addresses to transmit frames. Then, after forward delay
time is passed, the learning state becomes the forwarding state. Frames that are received before
ports become the forwarding state are discarded. After the forwarding, received frames are
transmitted through ports.
Ports of the disabled state do not participate in the spanning tree. These ports neither transmit
or receive BPDUs and do not transmit frames.
Selecting Path
The STP uses a spanning-tree algorithm to select one switch of a redundantly connected
network as the root of the spanning tree. The algorithm calculates the best loop-free path
through a switched Layer 2 network by assigning a role to each port based on the role of the
port in the active topology.
When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost
settings determine which interface is put in the forwarding state and which is put in the
blocking state. The port priority value represents the location of an interface in the network
topology and how well it is located to pass traffic. The path cost value represents media speed.
Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment
in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates
the spanning-tree topology and activates the standby path.
The key difference between STP and RSTP is the transition states of a port. STP moves a port
from the blocking state to the forwarding state after the listening and the learning state. RSTP
reduces the transition steps by moving directly a port from the blocking state to the forwarding
state. This allows rapid reconfiguration capability when the topology has changed.
There are three port states - discarding, learning, forwarding - in RSTP 802.1W. The learning
state and the forwarding state are the same as the states of STP, and the discarding state
includes the disable state, the blocking state and the listening state of STP. The following table
provides a comparison of STP and RSTP port states.
10Mbps 2,000,000
10Gbps 2,000
Configuring STP
This section describes how to configure spanning-tree features on the Corecess S5 System.
y Enable STP
y Setting spanning tree timers (Hello time, Max age, Forward delay)
Enabling STP
You can enable or disable STP on a per-VLAN basis. RSTP is enabled by default on the default
VLAN and on all newly created VLANs. By default, RSTP is enabled in the Corecess S5 System.
To operate STP, enable STP first, then set protocol version to STP.
Command Task
# configure terminal
(config)# stp vlan id 1
(config)# stp protocol-version stp vlan id 1
(config)# end
# show stp vlan id 1
VLAN ID: 1
Protocol Operation: enabled
STP version: stpCompatible(0)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001020000DB
Time since topology change: 1539(s)
.
.
.
#
Disable STP only if you are sure there are no loops in the network topology . When STP is
disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance. To disable STP on a per-VLAN basis,
enter the no stp vlan command in Global configuration mode. The following example
shows how to disable STP on the VLAN whose ID is 1:
If you disable STP on a VLAN, STP is disabled on all ports belongs to the VLAN.
Command Task
The following example enables STP on the port 5/1 and 5/2:
To disable STP on a specific port, enter the no stp port command in Global configuration
mode. The following example disables STP on the Gigabit Ethernet port 5/1 ~ 5/2:
Command Task
The following example shows how to set bridge ID for a VLAN to 3000 (hexa-decimal : 0x0BB8):
# configure terminal
(config)# stp bridge-priority 3000 vlan id 2
(config)# end
# show stp vlan id 2
VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x0BB8-0001AB0DEF11
Time since topology change: 16(s)
Topology changes: 2
Designated Root BridgeID: 0x8000-0001AB0DEF11
Root Path Cost: 0
.
.
#
To restore the bridge ID for a VLAN to the default priority (32768, hexa decimal : 0x8000), enter
the no stp bridge-priority command.
VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0090A3000004
Time since topology change: 7363(s)
Topology changes: 0
.
.
.
#
If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.
To configure the path cost for the specified port, use the following commands.
Command Task
Command Task
The following example shows how to set the path cost for the Gigabit Ethernet port 5/1 to 10:
Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port State: forwarding(5)
Port Role: RootPort
Mother BridgeID: 0x8000-0090A3000003
Port Number(logical): 129
Port Priority: 0x8
Designated Root BridgeID: 0x8000-004455CCDD00
Designated Path Cost: 10
Designated BridgeID: 0x8000-0090A3040000
Designated PortID: 0x8018
AdminEdge: false
OperEdge: false
AdminPointToPoint: auto(2)
OperPointToPoint: true
#
Recommendation: We recommend that you set the path cost as follows according to the running STP
protocol version and the media speed of the port:
Command Task
stp pathcost-encoding
2. Configure the type of STP encoding mode.
stp8021d1998
The following example shows how to configure the type of STP encoding mode to 16 bits:
VLAN ID: 1
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 16bit
BridgeID: 0x8000-0090A3000003
.
.
#
Command Task
The following example shows how to configure the port priority of the Gigabit Ethernet port
5/1 to ‘1’:
Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port State: forwarding(5)
Port Role: RootPort
Mother BridgeID: 0x8000-0090A3000003
Port Number(logical): 129
Port Priority: 0x1
Designated Root BridgeID: 0x8000-004455CCDD00
Designated Path Cost: 200000
Designated BridgeID: 0x8000-0090A3040000
.
.
You can set spanning tree timers for individual VLANs. To set STP timers for a specified VLAN,
use the following commands.
Command Task
The following example shows how to set spanning tree timers for a VLAN:
VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001AB0DEF11
To return the STP hello timer value to the default value, use the no stp hello-time
command in Global configuration mode.
The following example shows how to set the STP forward delay timer to 20 seconds for the
VLAN that ID is 2.
VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
.
.
ForwardDelay: 15(s)
Bridge MaxAge: 20(s)
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 20(s)
.
.
#
To return the STP forward delay timer value to the default value, use the no stp forward-
time command in Global configuration mode.
The following example shows how to set the STP max age timer to 30 seconds for the specified
VLAN that ID is 2.
VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001AB0DEF11
Time since topology change: 106(s)
Topology changes: 2
Designated Root BridgeID: 0x8000-0001AB0DEF11
Root Path Cost: 0
Root Port Number(logical): 0
MaxAge: 20(s)
HelloTime: 2(s)
ForwardDelay: 15(s)
Bridge MaxAge: 30(s)
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 20(s)
.
.
#
To return STP max age timer value to the default value, use the no stp max-age command in
Global configuration mode.
Configure RSTP
This section describes how to configure RSTP on the Corecess S5 System.
y Setting spanning tree timers (Hello time, Max age, Forward delay)
In the configuration procedure, ‘Enable STP on a port’, ‘Setting the bridge ID’, ‘Configuring the port priority’
and ‘Setting spanning tree timers (Hello time, Max age, Forward delay)’ are explained in the previous
section.
Command Task
The following example shows how to enable RSTP on the VLAN whose ID is 2:
# configure terminal
(config)# stp vlan id 1
(config)# end
# show stp vlan id 1
VLAN ID: 1
Protocol Operation: enabled
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001020000DB
Time since topology change: 1539(s)
Topology changes: 0
.
.
#
Disable RSTP only if you are sure there are no loops in the network topology . When RSTP is
disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance. To disable RSTP on a per-VLAN basis,
enter the no stp vlan command in Global configuration mode. The following example
shows how to disable RSTP on the VLAN whose ID is 2:
If you disable RSTP on a VLAN, STP is disabled on all ports belongs to the VLAN.
If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.
To configure the path cost for the specified port, use the following commands.
Command Task
The following example shows how to set the path cost for the Gigabit Ethernet port 5/1 to
20000:
Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port State: forwarding(5)
Port Role: RootPort
Mother BridgeID: 0x8000-0090A3000003
Recommendation: We recommend that you set the path cost as follows according to the running RSTP
protocol version and the media speed of the port:
To change path cost of 16 bits to path cost of 32 bits again, use the following commands.
Command Task
stp pathcost-encoding
2. Configure the type of RSTP encoding mode.
stp8021t2001
The following example shows how to configure the type of STP encoding mode to 32 bits:
To set spanning tree protocol to STP on a particular VLAN, use the following commands.
Command Task
stp protocol-version 2. Set spanning tree protocol to STP on the specified VALN.
stp vlan id <vlan-id> y <vlan-id> VLAN ID (1 ~ 4094)
The following example shows how to set spanning tree protocol to STP on the VLAN whose ID
is 2:
Edge ports assume designated port roles. Port flapping does not cause any topology change
events on Edge ports since RSTP does not consider Edge ports in the spanning tree calculations.
However, if any incoming BPDU is received from a previously configured Edge port, RSTP
automatically makes the port as a non-edge port. This is extremely important to ensure a loop
free Layer 2 operation since a non-edge port is part of the active RSTP topology.
Command Task
The following example shows how to configure the Gigabit Ethernet port 5/1 as an Edge port:
Command Description
port pathcost Sets the spanning-tree port path cost for the specified port.
port priority Sets the spanning-tree port priority for the specified port.
show stp port Displays spanning-tree information for the specified port.
show stp vlan Displays spanning-tree information for the specified VLAN interface.
stp max-age Sets the bridge maximum aging time for a VLAN.
stp pathcost-encoding Configures the type of Spanning Tree Protocol encoding mode.
Configure the type of Spanning Tree Protocol mode to run for a specific
stp protocol-version
VLAN.
stp vlan Enables the spanning tree algorithm for a specific VLAN.
This Chapter describes how to configure VRRP (Virtual Router Redundancy Protocol) on the Corecess S5
System.
Configuring VRRP
This section overviews VRRP (Virtual Router Redundancy Protocol) and describes how to
configure VRRP on the Corecess S5 System.
The VRRP router controlling the IP addresses associated with a virtual router is called the
Master. The Master forwards packets on behalf of these IP addresses. VRRP supports one IP
address for each virtual router. VRRP provides redundant gateways without any changes to the
host's configuration while supporting standard based routing protocols. As a result, any of the
virtual router's IP addresses on a LAN can then be used as the default first hope router by end
host.
The following figure shows a basic VRRP configuration uses a single VRID (VRID 1):
Subnet 2
VRID 1
10.0.0.1
Default gateway:
Subnet 1 10.0.0.1/8
Because RTA is the address owner, it serves as the master. RTB is the backup. The three end
hosts on subnet 1 are configured to use 10.0.0.1/8 as the default router. IP address 10.0.0.1 is
associated with VRID 1.
As shown in this example, if RTA becomes unavailable, RTB takes over VRID 1 and its
associated IP addresses. Packets sent to IP destinations outside the 10.x.x.x subnet using 10.0.0.1
as the router are then forwarded by RTB. Even though RTB assumes RTA's forwarding
responsibilities, it never processes any packet with destination address (DA) 10.0.0.1. When
RTA becomes active again, it takes over as the master and RTB reverts to backup.
Configuring VRRP
This section describes how to configure VRRP on the Corecess S5 System.
When configuring VRRP on the Corecess S5 System, consider the following contents.
y The IP addresses associated with the VRID must already be configured on the router that will be
the Master router.
y The IP addresses associated with the VRID must be on only one router
y The VRRP advertisement interval must be set to the same value on both the Master and Backups
for the VRID.
1. Configuring IP interfaces
Before you configure VRRP, you must configure an IP interface and assign a primary IP address
and subnet mask. To configure an IP interface and IP address, use the following commands:
Command Task
configure terminal 1. Enter Global configuration mode.
The following example shows how to configure the VLAN interface and assign a primary IP
address and subnet mask:
To create a VRRP virtual router on the Corecess S5 System, use the following command:
Command Task
configure terminal 1. Enter Global configuration mode.
router vrrp 2. Create a VRRP virtual router and enter VRRP configuration mode.
<virtual-router-id> y <virtual-router-id>: The identifier of the virtual router to create.
(1 ~ 255)
end 3. Return to Privileged mode.
show vrrp 4. Verify the VRRP virtual router configuration.
The following example creates a virtual router with an identifier (VRID) of 1 and enters VRRP
configuration mode:
# configure terminal
(config)# router vrrp 1
(config-vrrp)# end
# show vrrp
VrId <1>
State is Initialize
Virtual IP is unset
Interface is unset
Priority is unset
Advertisement interval is unset
Preempt mode is TRUE
#
After creating a virtual router, specify the IP address and operation mode for the virtual router.
If the operation mode for the virtual router is master, you should specify the IP address for the
Master router to the real IP address configured on the Master router.
To configure the IP address and operation mode for the virtual router, use the virtual-ip
command in VRRP configuration mode:
Command Description
The following example configures the IP address for the Master router to the IP address 10.0.0.1
of the default VLAN interface:
The priority for the virtual router is used to elect the Master router. If two backup routers have
the same priority, the router that has the highest primary address becomes the master.
The default value for the Master is 255 and the default value for the Backups is 100. To
configure priority for the virtual router, use the priority command in VRRP configuration
mode.
Command Description
priority <priority> y <priority>: Priority value of the VRRP router. The range is 1 ~ 255.
The following example sets the priority for the virtual router to 254:
The advertisement interval must be the same across the set of VRRP routers that are associated
with a single VRID. Backup routers must have the same advertisement interval as the Master
router.
The default VRRP advertisement interval is 1 second. To configure the VRRP advertisement
interval time, use the advertisement-interval command in VRRP configuration mode.
Command Description
advertisement-interval
y <seconds>: VRRP advertisement period in seconds (1 ~ 10 seconds)
<seconds>
The following example Sets the interval time between sending advertisement packets to 5
seconds:
Even if the master router has already been decided, if there is a backup router that has higher
priority, preempt mode decides whether the backup router should be specified as a master
router.
Command Description
y true If there is a backup router that has higher priority, the backup router is
preempt-mode specified as a master router.
{true | false} y false Even if there is a backup router that has higher priority, the backup
router can not be specified as a master router.
The following example shows how to set the preempt mode to false:
y Simple Password : Authenticate using the specified characters (authentication key). When a
VRRP packet is transmitted and received, compare the authentication key and VRRP packet
key. If the VRRP packet has no key, or the authentication key does not match with the VRRP
packet key, the VRRP packet is discarded.
The Corecess S5 System uses Simple Password by default. To set the authentication type and
(optionally) an authentication key to be used by a VRRP virtual router, use the following
commands in Interface configuration mode:
Command Description
ip vrrp authentication y <key> : The authentication key to use when sending and
string <key> receiving VRRP packets. (1 ~ 8 character)
The following example shows how to specify simple password for VRRP authentication on the
default VLAN interface whose ID is 1.
After configure all VRRP parameters, enable the virtual router on the interface owns the IP
address of the virtual router as follows:
Command Task
The following example enables the VRRP instance 1 on the VLAN interface:
When Uplink interface of VRRP master router becomes down due to failure, VRRP backup
router should be enabled to converted to new VRRP master. For this, monitor Up/Down
function of Uplink interface by setting VRRP Track function on Uplink interface.
VRRP tracking interface sets VRRP Virtual Router Id on Uplink Interface to monitor failure, and
when interface is down, sets Priority Delta value to be decreased. When relevant interface of
VRRP master router is down, decrease priority value as much as Priority Delta value, and when
priority value of VRRP backup router is higher than mater router, backup router is converted to
Command Operation
The followings are examples of activating Tracking interface on VRRP virtual router.
(config)# interface vlan id 1
(config-if)# ip vrrp 1 tracking decrement 50
(config-if)# end
# show vrrp
VrId <1>
State is Shutdown
Virtual IP is 10.0.0.1 (IP owner)
Interface is vlan1
Priority is 255
Advertisement interval is 1 sec
Preempt mode is TRUE
Tracking Interface vlan10, Priority Delta 50, Status UP
#
The following are example of releasing setup of VRRP Tracking interface.
(config)# interface vlan id 1
(config-if)# no ip vrrp 1 tracking
(config-if)# end
Internet Internet
VRID: 1 VRID: 1
IP address: 192.53.5.1 IP address: 192.53.5.1
Priority: 255 Priority: 100
Default gateway:
192.53.5.1/16
RTA
(config)# vlan id 2 name VRRP_1
(config)# vlan id 2 port gigabitethernet 5/1
(config)# interface vlan id 2
(config-if)# ip address 192.53.5.1/32
(config-if)# exit
(config)# router vrrp 1
(config-vrrp)# virtual-ip 192.53.5.1 master
(config-vrrp)# exit
(config)# interface vlan id 2
(config-if)# ip vrrp 1
(config-if)# end
# show vrrp
VrId <1>
State is Master
Virtual IP is 192.53.5.1 (IP owner)
Interface is vlan2
Priority is 255
Advertisement interval is 1 sec
Preempt mode is TRUE
#
RTB
(config)# vlan id 3 name VRRP_2
(config)# vlan id 3 port gigabitethernet 5/1
(config)# interface vlan id 3
(config-if)# ip address 192.53.5.3/32
(config-if)# exit
(config)# router vrrp 1
(config-vrrp)# virtual-ip 192.53.5.1 backup
(config-vrrp)# exit
(config)# interface vlan id 3
(config-if)# ip vrrp 1
(config-if)# end
# show vrrp 1
VrId <1>
State is Backup
Virtual IP is 192.53.5.1 (Not IP owner)
Interface is vlan3
Priority is 100
Advertisement interval is 1 sec
Preempt mode is TRUE
#
# show vrrp 1
VrId <1>
State is Master
Virtual IP is 192.53.5.1 (IP owner)
Interface is vlan2
Priority is 255
Advertisement interval is 1 sec
Preempt mode is TRUE
Tracking Interface vlan10, Priority Delta 50, Status UP
#
The following table describes the fields in the show vrrp command output:
Field Description
The VRRP state for the VRID. The state can be one of the following:
State - Backup: This switch is a Backup for the VRID.
- Master: This switch is the Master for the VRID.
VRRP Commands
The following table lists the commands for configuring VRRP on the Corecess S5 System and
displaying VRRP configuration:
Command Description
ip vrrp authentication
Configures the authentication type for a virtual router interface.
mode
router vrrp Creates a VRRP virtual router and enter VRRP configuration mode.
virtual-ip Configures the IP address and operation mode for a virtual router
ip vrrp tracking
Activate Tracking interface of VRRP virtual router
decrement
Redundancy Configurating
This clause introduces the ‘Redundancy’ provided from Corecess S5 System, and reviews how
to configure redundancy.
Redundancy
The Control Module Redundancy of Corecess S5 System redundates the two Control
Modules between No.9 slot (A-Side SCM) and No.10 slot (B-Side SCM) of S518 in
order that the cutoff of service may not be minimized in case a Control Module fails.
To secure more stable service, the redundancy of Epon LineCard redundates two Epon
Linecards (or two Epon Ports) so that the cutoff of service may be minimized in case an
Epon LineCard (or two Epon Ports) fails.
Redundancy modes are divided into cold-startup mode and hot-start mode.
1. cold-startup mode
This mode synchronizes only startup configuration when system is rebooted, but does not
synchronize running configuration and session information so that minimal redundancy
may be operated.
2. hot-startup mode
This mode supports the redundancy of Starttup configuration and running configuration,
and supports the redundancy of Layer 2 protocol and IP Routing.
In case the redundancy mode is differently set, the equipment should be rebooted.
Instruction Job
configure terminal 1. Global Configuration Mode is set in.
Notice: In case the redundancy mode is differently set, the equipment should be rebooted.
The followings are the examples of setting the redundancy of Corecess S5 System.
(config)# system redundancy mode hot-startup
(config)# end
# show system redundancy mode
% system redundancy mode is hot-startup.
System Switchover
The followings are how to manually switch Standby Control Module over Active in Corecess S5
System.
Instructions Jobs
configure terminal 1. Global Configuration Mode is set in.
system redundancy
switchover 2. This instruction switches Standby Controle Module over new Active.
show system redundancy 3. This instruction checks the state information of redundancy.
The followings are the examples of switching over S5 System and checking results.
localhost# configure terminal
localhost (config)# system redundancy switchover
localhost#
% BEGIN CoreCMR SWITCHOVER(ACTIVE => STANDBY)
% END CoreCMR SWITCHOVER(ACTIVE => STANDBY)
My Side Info.
------------------------------------------------------
State ................................... Standby
Version ................................. $Revision: 1.1 $
localhost (sby)#
Reference: The switchover instruction can be operated only in Active Control Module. Standby Controle
Module cannot be forcibly switchover.
In case the uplink port of Active Control Module fails and so the service cannot run to the
uplink port, Redundancy on the uplink port of Control Module automatically switches Standby
Control Module over new Active Control Module.
The following instructions should be used to set the Redundancy of Uplink Port.
Instructions Jobs
configure terminal 1. Global Configuration Mode is set in.
system redundancy 2. New uplink port is redundated.
uplink port
y{fastethernet|gigibitethernet|epon|tengigabitethernet
{fastethernet|gigibitet
hernet|epon|tengigabite } Sorts of uplink port
thernet} WORD y{required|} In case a port is down, it is immediately switched
{required|} over.
show system redundancy
uplink 3. The information of the redundated uplink is checked.
The followings are the examples of setting redundancy to two ports (18/1 and 18/2) of the uplink
port of S5 System.
18/4 Disable X X
------------------------------------------------------
The above example means that the uplink port 18/1 and 18/2 were redundated and the prots of
two control modules are upped.
Reference : In case two or more redundancies are set, the required instruction is used to determine which port
to be switched over in case a special port or all uplink ports are downed. The port set to be required is
immediately switched over upon being downed.
In botting redundated system, the whole system can be booted as well as Active control Module
or Standby Control Module can be selectively booted.
1. System Rebooting
The function, which is to reboot Corecess S5 System, is just provided from Active Control
Module. In case the rebooting instruction is executed in Standby Control Module, Standby
Control Module is just rebooted.
Instruction Explanation
OPB: 66 MHz
EPB: 66 MHz
I2C: ready
DRAM: 256 MB
FLASH: 512 kB
PCI: Bus Dev VenId DevId Class Int
00 01 14e4 b504 0280 00
00 02 14e4 b504 0280 00
00 03 14e4 b502 0280 00
In: serial
Out: serial
Err: serial
IDE: Bus 0: OK
Device 0: Model: SanDisk SDCFB-128 Firm: HDC 2.13 Ser#: 009623I0304S0310
Type: Removable Hard Disk
This instruction reboots only the related Control Module. In case just Actie Control Module is
rebooted, Standby Control Module is switched over new Active Control Module.
Instruction Explanation
This instruction is used to reboot Standby Control Module in Active Control Module. In case
this instruction is used in Standby Control Module, Standby Control Module itself is rebooted.
Instruction Explanation
The following instructions are used to manage Upgrade of Standby Module Software (Image
Upgrade) and Configuration Fle.
The following instruction shows the file information of Standby Module in Active Module.
Instruciton Explnation
standby configs:
Configuration flash directory:
File Length (bytes) Name/status
----- --------------- ------------------------------------------
1 6962 config-0626
2 1407 config- 0626.cfg
3 740 startup-config
[total 9523 Kbytes, 5328 Kbytes available usages(45%)]
standby images:
System flash directory:
File Length (bytes) Name/status
----- --------------- ------------------------------------------
1 3893985 ss5-ep4g-osapp-c20070126.img
2 3157479 ss5-base-osapp-REL1.1.1.img (*)
3 4415952 ss5-base-osapp-REL1.1.2.img
[11202 blocks used, 33642 available, 44844 total, 1K-blocks]
*/# : running/updated image
The following instructions control the image of standbly module and configuration information
in Active module.
Instruction Job
standby configs:
Configuration flash directory:
File Length (bytes) Name/status
----- --------------- ------------------------------------------
1 6962 config-0626
2 1407 config- 0626.cfg
3 740 startup-config
[total 9523 Kbytes, 5328 Kbytes available usages(45%)]
standby images:
System flash directory:
File Length (bytes) Name/status
----- --------------- ------------------------------------------
1 3893985 ss5-ep4g-osapp-c20070126.img
2 3157479 ss5-base-osapp-REL1.1.1.img (*)
3 4415952 ss5-base-osapp-REL1.1.2.img
3 8561139 ss5-base-osapp-REL1.1.3.img
[11202 blocks used, 33642 available, 44844 total, 1K-blocks]
*/# : running/updated image
localhost#
The following instructions are used to manage the redundancy of Epon LineCard.
The following instructions are used to set the redundancy of Epon LineCard.
Instruction Explanation
configure terminal 1. Global configuration mode is set in
2. This instruction activates the redundancy of new Epon LineCard.
redundancy epon-module
y<active slot> Line Card Number to provide the present service
<active slot>
y<standby slot> Line Card number to be used as the
<standby slot>
backup of <active slot>
show redundancy This instruction checks the list of redundated Epon LineCards and those
epon-module state.
redundancy epon-module
※ Active/Standby roles of two Epon LineCards are changed with each
<active slot>
other.
<standby slot> switch
localhost# con t
localhost(config)# redundancy epon-module 1 6 switch
localhost(config)# exit
localhost# show redundancy epon-module
localhost#
The following are used to manage the redundancy of Epon Port. It is basically identical to the
redundancy of Epon LineCard. The two ports on the same Epon LineCard can be redundated as
well as the redundancy between different Epon LineCards can be possible.
Instruction Explanation
configure terminal 1. Global Configuration Mode is set in.
2. This instruction activates the redundancy of new Epon Port.
port epon
y<active slot/port> Epon Port number to provide the present
<active slot/port>
service
redundancy
y<standby slot/port> Epon Port number to be used as
<standby slot/port>
the backup of <active slot/port>
show redundancy 3. This instruction checks the list of redundated Epon LineCards and
epon-port those state.
port epon
<active slot/port> ※ Active/Standy roles of two Epon LineCards are changed with each
redundancy other.
<standby slot/port>
localhost# con t
localhost(config)# port epon 6/1 redundancy 6/2 switch
localhost(config)# exit
localhost# show redundancy epon-port
localhost# con t
localhost(config)# no port epon 6/2 redundancy 6/1
localhost(config)# exit
localhost# show redundancy epon-port
localhost#
FAN [ 1] Normal
FAN [ 2] Normal
FAN [ 3] Normal
FAN [ 4] Normal
FAN [ 5] Normal
FAN [ 6] Normal
FAN [ 7] Normal
FAN [ 8] Normal
Auxiliary Information
-----------------------------------------------------------------------------
Fan (`C(`F)) -
Max/Min Threshold : 33/ 25 ( 91/ 77)
Temperature (`C(`F)) -
Current Temperature : 42 (107 )
Max/Min Threshold : 90/ 80 (194/176)
-----------------------------------------------------------------------------
MIB-II: System Group
Contact: support@corecess.com
Name: Corecess S5
Location: Corecess Inc.
Descr: Switched Router
ObjectID(36): 1,3,6,1,4,1,2971,50,46
localhost#
My Side Info.
------------------------------------------------------
State ................................... Active
Version ................................. $Revision: 1.1 $
Instructions of Redundancy
The following table shows sorts of the instructions, related with the redundancy supported
from Corecess S5 System, and their functions.
Instruction Function
reset control-module This instruction reboots just the related Control Module.
copy standby flash config This instruction saves the configuration information of
startup—config Standby module into startup-config.
show system redundancy mode This instruction checks the setup of redundancy mode.
This instruction checks the state information of redundant
show system redundancy uplink
uplink.
This chapter introduces the Corecess M5 SuperPON MUX Platform functions and features and installation.
9 Overview 19-2
9 Installation 19-32
Overview
Overview
CORECESS provides a new service called SuperPON, which applies DWDM technologies to the
S5 platform. The M5 SuperPON MUX Platform is a DWDM Mux/DeMux platform that is in
charge of multi and reverse-multi transmissions through ONT and ONU of the Gigabit Ethernet
and GE-PON service through the DWDM channel provided at the S5.
SuperPON maximizes the usefulness of existing fibers in order to ensure maximum subscribers
without additional attachments of fibers.
A maximum of 512 subscribers can be accommodated using just one pair of fiber.
M5-
Power supply M5 SuperPON MUX Power, 350W, -48VDC
PPD350
Slot Composition
The Corecess M5 system chassis is composed of two SLU slots and eight OLU slots.
The below modules can be attached to these 10 slots.
SLU Slot M5 MUX Seed Light Unit,16 Channel (Include Seed Light &
M5-SLU-16CH
(SLU1, 2) Management Processor)
OLU Slot M5-OLU-WE8CH WEPON 8 Channel (Include AWG Mux/DeMux & Amplifier)
(1, 2, 3, 4 M5 MUX Optical Link Unit, WEPON 16 Channel (Include
5, 6, 7, 8) M5-OLU-GW16CH
AWG Mux/DeMux & Amplifier)
M5 MUX Optical Link Unit, WEPON 8 Channel (Include AWG
M5-OLU-GW8CH
Mux/DeMux & Amplifier)
Dual-Power Functions
The Corecess M5 system can be mounted with two power supplies in order to safely supply
power. When the two power supplies are attached, it shares the load across the two power
supplies and distributes power to the system. When problems with a power supply occur, it
supplies all power for the system from the other power supply without causing any interference
in the equipment’s operation.
Hot-swap
The Corecess M5 system offers hot swap functions for attaching or removing all modules
without having to turn off the power.
y Fan module
y DC module POWER
Convenient Expandability
The Corecess M5 system hardware is designed in a moduler system, making it easy to add or
remove modules depending on the increase/decrease of subscribers.
Hardware description
This chapter introduces the front and back composition of the Corecess M5 system chassis and also
introduce the types and functions of modules that can be attached to the Corecess S5 system.
System Chassis
This chapter introduces the names and functions of each part on the front, back and side exterior
of the Corecess M5 system.
Front
On the front of the Corecess S5 system are a total of 10 slots, two DC power slots, rack bracket,
fan tray and fan filter. SLU modules and OLU modules can be attached to the Corecess M5
system slots and there is also a (back-plane) board that connects the SLU module and OLU
module inside of the system.
Rack Bracket
The rack brackets on the two sides are the area for fixing the Corecess M5 system to the rack
using bolts when attaching Corecess M5 system to the 19 inch rack. Use the bolts provided with
the Corecess M5 system when mounting it to the rack.
Fan Tray
The Fan Tray is located in the cooling fan that adjusts the internal temperature of the Corecess
M5 system. The LED in the Fan tray displays the status of the cooling fan and when it is
operating normally a green light appears, and in the event that operations are stopped by the
user or there is a problem with the fan, a red light turns on.
Slot
In the Corecess M5 system slots, the Seed light source is connected to the two dual SLU (Seed
Light Unit) modules and the S5 that are in charge of the system control functions, or OLU
(Optical Link Unit) modules that Mux/Demux the Gigabit Ethernet or GE-PON Link in 8
channel or 16 channel units can be mounted. The types of Corecess M5 system slots and the
numbers of each slot are as seen below. The slot number is used for configuring the system or
for monitoring through CLI commands.
Slot Description
SLU Slot Provides the Seed Light Source for the WDM system and mounts the SLU modules that
(SLU1, 2) provide the M5 system management functions.
OLU Slot
Gigabit Ethernet or Gigabit Ethernet PON is mounted to the Mux/Demux OLU modules
(1, 2, 3, 4,
in 8 channel or 16 channel units.
5, 6, 7, 8)
The Corecess M5 system slots support hot-swap functions and when attaching or removing
modules from the slot, you do not have to turn the system power off.
Fan Filter
The fan filter filters out the dusts that flow into the system through the heat-resistance vent.
Depending on the cleanliness level of the location where the system is installed for inspecting
the fan filter, you should replace or clean it.
This is the module that receives DC-48V power and supplies it to the Corecess M5 system. The
dual power module safely supplies power from one module in the event that one of the power
modules has a problem. In the case that both modules are working, it performs load sharing.
F.G. Terminal
This is the terminal for grounding the system. In order to prevent electric shocks and damages
to the product caused by electric leaks, use the grounding wire and connect the ground terminal
to an external ground.
Back
There is a ground terminal on the back of the Corecess M5 system to prevent damages to the
product.
F.G. Terminal
This is the terminal for grounding the system. In order to prevent electric shocks and damages
to the product caused by electric leaks, use the grounding wire and connect the ground terminal
to an external ground.
Side
The heat-resistant vent is used for sending heat created by Corecess M5 system operations and
to bring in cold air from the outside. When the vent is clogged by dust, air cannot ventilate
properly and cause overheating.
System Module
In the 10 slots of the Corecess M5 system, two SLU modules and up to eight OLU modules can
be mounted.
SLU Module
M5-SLU-16CH M5 MUX Seed Light Unit,16 Channel (Include Seed Light & Management Processor)
M5-SLU-8CH M5 MUX Seed Light Unit,8 Channel (Include Seed Light & Management Processor)
OLU Module
This part introduce in detail the functions of each module and the front panel composition.
M5-SLU-16CH
The M5-SLU-16CH provides DWDM Seed light Source to the system and performs system
management. The seed light source provides C-Band broadband light source. It provides
console port and Ethernet port for management.
The functions of each part of the front panel of the M5-SLU-16CH are as seen below.
M5-SLU-8CH
The M5-SLU-8CH provides DWDM Seed light Source to the system and performs system
management. The seed light source provides C-Band broadband light source. It provides
console port and Ethernet ports for management.
The functions of each part of the front panel of the M5-SLU-8CH are as seen below.
The system status LED displays the Corecess M5 system and SLU module status.
On Initializing system.
This is the optical connector for supplying BLS (Broadband Light Source) to each OLU.
Reset Switch
The reset switch is used for rebooting the Corecess M5 system. When the reset switch is pressed,
all configuration data that were not saved are deleted and connection with the equipment for
each port is disconnected. Use an object with a sharp edge (i.e. ball point pen) to press the reset
switch.
Console Port
The console port is the port for connecting to the console terminal that can perform the Corecess
M5 system local management operations. To connect the console port to a console terminal, use
the included console cable. PCs, workstations or VT-100 terminals that have terminal emulator
programs can be used as console terminals.
The Ethernet management port is the port for connecting the system that manages the Corecess
M5 system to the local network from a remote location via NMS or Telnet. The Ethernet
management port is the 10/100Base-TX port and is automatically set to 10/100Mbps speed and
full-dual/half-dual mode depending on the counterparts speed and activation mode. The cables
used for connecting the Ethernet management port are the twisted pair category-3, 4 and 5
cables, which is the RJ-45 connector.
The status LED functions at the Ethernet management port are as seen below.
Table 19-6 M5-SLU-16CH and M5-SLU-8CH module Ethernet Management Port LED functions
M5-OLU-WE16CH
The M5-OLU-WE16CH is a Mux/Demux model for WE-PON and receives BLS source from the
SLU and provides seed light to each OLT Port. In addition, it is a module the DWDM
Mux/Demux 16 channel E-PON link to transmit to ONT or ONU.
The M5-OLU-WE16CH module’s front panel composition part functions are as seen below.
M5-OLU-WE8CH
The M5-OLU-WE8CH is Mux/Demux module for WE-PON and it receives a BLS source from
the SLU to provide seed light to each OLT Port. In addition, , it is a module the DWDM
Mux/Demux 8 channel E-PON link to transmit to ONT or ONU.
The functions of each part that compose the front panel of the M5-OLU-WE8CH module are as
shown below.
LED
The Run LED displays the M5-OLU-WE16CH and M5-OLU-WE8CH module status.
Down-1 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the OLT GE-PON 8 port’s downward signal to the
M5-OLU-WE16CH or M5-OLU-WE8CH. In other words, it uses the Down-1 port for the 8 port
GE-PON downward signal to be entered in the OLU board.
Down-2 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the OLT GE-PON 8 port’s downward signal to the
M5-OLU-WE16CH (It does not exist in the M5-OLU-WE8CH). In other words, it uses the Down-
2 port for the 8 port GE-PON downward signal to be entered in the OLU board.
Up-1 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the GE-PON 8 port’s upward signal from the M5-
OLU-WE16CH or M5-OLU-WE8CH to S5 OLT board. In other words, it uses the Up-1 port for
the 8 port GE-PON upward signal to be entered in the S5 OLT board.
Up-2 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the GE-PON 8 port’s upward signal from the M5-
OLU-WE16CH to S5 OLT board. In other words, it uses the Up-2 port for the 8 port GE-PON
upward signal to be entered in the S5 OLT board.
This is an SC/APC connector and is the input port that receives the seed light source entered by
the SLU. This received Seed light source is separated and uses 16 channel or 8 channel DWDM
light source.
Down Port
This is an SC/APC connector and it is used for DWDM muxing 16 channel or 8 channel GE-
PON downward signals to transmit to the ONTs/ONUs. It is connected to the RN of the
ONUs/ONTs.
Up Port
This is an SC/APC connector and is the port where the GE-PON upward data from each ONTs
or ONUs are entered to the M5-OLU. 16 channel or 8 channel DWDM data is entered.
M5-OLU-GW16CH
The M5-OLU-GW16CH is a GW-PON Mux/Demux module and provides seed light to each
OLT port. In addition, it DWDM Mux/Demux 16 channel Gigabit Ethernet links and transmits
it to the ONT or ONU.
The function of each part that composes the front panel of the M5-OLU-GW16CH module is as
seen below.
M5-OLU-GW8CH
The M5-OLU-GW8CH is a GW-PON Mux/Demux module and receives BLS source from each
SLU and provides seed light to each OLT port. In addition, it DWDM Mux/Demux 8 channel
Gigabit Ethernet links and transmits it to the ONT or ONU.
The function of each part that composes the front panel of the M5-OLU-GW8CH module is as
seen below.
The M5-OLU-GW16CH and M5-OLU-GW8CH is only composed of manual devices and it does
not sense power nor does it display it on the LED.
Down-1 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the OLT Gigabit Ethernet 8 port’s downward signal
to the M5-OLU-GW16CH or M5-OLU-GW8CH. In other words, it uses the Down-1 port for the
8 port Gigabit Ethernet downward signal to be entered in the OLU board.
Down-2 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the OLT Gigabit Ethernet 8 port’s downward signal
to the M5-OLU-GW16CH (It does not exist in the M5-OLU-GW8CH). In other words, it uses the
Down-2 port for the 8 port Gigabit Ethernet downward signal to be entered in the OLU board.
Up-1 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the Gigabit Ethernet 8 port’s upward signal from
the M5-OLU-GW16CH or M5-OLU-GW8CH to S5 OLT board. In other words, it uses the Up-1
port for the 8 port Gigabit Ethernet upward signal to be entered in the S5 OLT board.
Up-2 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the Gigabit Ethernet 8 port’s upward signal from
the M5-OLU-GW16CH to S5 OLT board. In other words, it uses the Up-2 port for the 8 port
Gigabit Ethernet upward signal to be entered in the S5 OLT board.
This is an SC/APC connector and is the input port that receives the seed light source entered by
the SLU. This received Seed light source is separated and uses 16 channel or 8 channel DWDM
light source.
This is an SC/APC connector where the 16 channel or 8 channel Gigabit Ethernet upwards two-
directional signals are DWDM muxed for transmitting between the ONTs/ONUs and OLU
board. It is connected to the RN of the ONUs/ONTs.
Before Installing
This chapter explains precautions for installation and uses as well as the installation
environment that should be well understood prior to installing the Corecess M5 system.
Precautions
Warning: This chapter explains th precautions that the user must be familiar with in order to prevent physical
injuries when installing and using the Corecess M5 system. Therefore, please read and become familiar with this
chapter before installing or using the Corecess M5 system.
General Precautions
y Make sure that the area where the product is installed is clean and free from dust during and after
installation.
y When the product cover is opened, place the cover in a safe location.
y Do not leave tools or cables in the aisles in order to prevent physical injuries.
y When installing the product, loose-fitting clothes, neckties, scarf and sleeves may be caught in the
product. Therefore, do not wear loose-fitting clothes, take care of your necktie or scarf and fold your
sleeves.
y When the product cover must be opened in order to expand the product performance or when having to
operate on the equipment while the cover is opened, always contact the place of purchase and receive
assistance from an expert.
y Make sure there is no overload on the wiring when connecting the product power.
y When connecting the product power, take off accessories such as rings, necklaces and watches. If
these come in contact with the power or ground, it may burn up the parts.
y Always check if danger may occur in the place of operation. Make sure that you check for wet floors,
power extension cables that are not grounded, power cords that are worn out and whether the floor has
safety grounding facilities.
DC Power
y The DC power supplier should be connected to an outside DC power supply or rectifier that satisfies the
SELV (Safety Extra-Low Voltage) conditions as per UL 1950, CSA 950, EN 60950 and IEC 60950.
y Connect DC stationary wiring to a bipolar (-48VDC, GND) breaker that can be immediately used when
emergencies such as fires occur.
y Before installing or removing a DC power supply, always check if power has been cut off to the DC
circuits. For the sake of safety, turn the DC circuit breaker switch OFF and tape it so that it will not be
accidentally turned ON.
y The DC power cable finishing device must fit the wiring size and the insulator and conductor must be
able to be tightened.
y Make sure that there are no exposed areas of the DC power cable that is connected to the DC terminal
block caused by wear and tear. There is a dangerous amount of electricity flowing in the exposed parts
of the cable and take special precaution not to touch it.
Reserve Power
Connect the two power supplies to different input powers. Doing this will allow you to
continue to operate the equipment even when one power supply malfunctions.
y Wear a static electricity-prevention strap and on one side of the strap connect an iron element that is not
coated such as a static discharge jack or a bolt included with the product.
y When you do not have a static electricity-prevention strap, hold a metal part of the product to ground the
user.
y Never touch the card parts or connector pins and when touching the board, use the board’s corners or
front panel.
y Do not let the card and clothing touch. Static electricity-prevention straps protect the board only against
static electricity and the static electricity occurring from clothing may cause damages to the product.
y For the sake of safety, regularly check if the static electricity-prevention strap’s resistance is between 1 ~
10Mohms.
y When installing the product turn the power switch off (0) and remove all cables connected to the cables
and ports.
y When connecting the product power, take off accessories such as rings, necklaces and watches. If
these come in contact with the power or ground, it may burn up the parts.
y Avoid doing anything that can potentially cause injuries or make the equipment unstable.
Power Off
When blocking power to the product, pay attention to the below points.
y When working with parts that cannot be immediately replaced or when working near the back-plane
board, always turn the power off and disconnect the power to the circuit. When there is no ON/OFF
switch on the product, remove the power cord before working on it.
y In order to completely remove power supplied to the product, remove all power connections for all power
supply devices.
y Do not touch the power supply when the power cable is connected. When the cable is connected even
when the power switch is turned off, there will still be a line voltage in the power supply.
Ground
Laser
Pay attention to the below when purchasing a product with optical ports.
y Never look into the system’s optical port. If there is no optical cable connected, a strong light is
discharged from the port and can cause eye injuries.
y When a certain optical port of the system in operation is not used for prolonged period of times, always
cover the port and keep it closed or connect it to the optical cable.
When wired at a certain distance from the electromagnetic field, EMI (electromagnetic
interference) between the electromagnetic field and signals can occur. Therefore, please pay
attention to the below.
y In particular, EMI from radio transmitters can destroy the system’s signal device and conduct electricity
through the wire and system to cause an electrical accident.
y If there are high EMI at the installation area, consult with an RFI expert to solve it.
Blank Slot
When using without mounting board in the slot, always mount a blank bracket in order to
prevent the below situations.
y It is recommended to use an open rack that is opened on both sides, top and bottom. When having to
install the product on a closed rack, make sure it is well ventilated.
y When using closed rack, make sure there is an appropriate ventilation device on the rack. It must have
air intakes on the side and a fan must be attached to supply cool air.
y For closed racks with vent fans on top, the heat from the system on the bottom can rise up and go into
the system. Please be aware of this.
y Adjust the position so that the equipment or cable installed on the rack does not interfere with the power
supply or cooling fan’s air flow.
y When other equipment is mounted on the rack, select the position to mount on the rack by taking into
consideration the size of the product.
y Turn power off when moving the product and remove all cables connected to the ports.
y For workers moving the product, plant your legs firmly on the floor and make sure that the product’s
weight is evenly distributed to your two legs.
y With your back straight, slowly lift the product. You can injure your back if you bend it while lifting the
product. Therefore, lift it by bending your knees.
y The board attached to the product or the handles on the power supply are not designed to withstand the
weight of the product, so do not use the handles to lift the product.
y The below number of workers are needed depending on the product weight, so work together or use a
hoist.
18Kg or less 1
18~32Kg 2
32~55Kg 3
Installation Location
The installation location must have the below conditions for the safe installation and use of the
Corecess M5 system.
y When installing or after installing the system, make sure there is no dust and is clean.
y Install the system in a cool area that is not in direct sunlight. Also, keep it away from areas where people
frequently pass by to avoid injuries.
y Location must always have a constant temperature and humidity as shown below.
Section Range
Power Supply
Frequency -
y Make sure that the power supplied to the installation location is clean. Use power adjusting device when
power that has a lot of sparks or noise is supplied.
y Have a power outlet near the system to make it easy to connect to the power cables.
y Take care when connecting power supply device so that there is no overload on the wiring.
Installation
This chapter deals with the methods for installing the Corecess M5 system on the rack and how to mount
the SLU module and OLU module on the system slot. In addition, it also describes ways to connect cables
to each network port.
Installation Process
Caution: Before installing the Corecess M5 system
y In order to avoid problems while operating the system, install the switch at an installation location that satisfies
the conditions defined in ‘Chapter 3 / Before Installing’
y Turn power switch OFF (O) and remove all cables connected to the power cables and ports.
The following is the order for installing the Corecess M5 system. How to execute each process is
explained in the next section.
Installing on Rack
The Corecess M5 system is designed to be mounted on any type of standard 19 inch rack. This
section explains how to install the Corecess M5 system on a 19” rack.
Caution: Before mounting the Corecess M5 system on a 19” rack, read the precautions for rack installation on
Chatper 3: Before Installing.
Installing on Rack
When mounting the Corecess M5 system on a 19” rack, the below tools are needed.
y Cross-tip screwdriver
Cautions: For details on the static electricity-prevention strap, see “Chapter 3 / Before Installing – Precautions for
static electricity”
When tools are prepared to mount the Corecess M5 system on a 19” rack as below.
1. Place the Corecess M5 system on top of the closest possible rack and on a floor with
sufficient work space or a sturdy table. Check for all required tools.
2. Lift the Corecess M5 system to where it will be installed on the 19” rack.
3. Fit the Corecess M5 system rack bracket on the 19” rack holes and fix it by tightening the
four bind head bolts.
Caution: When installing the Corecess M5 syste on the rack, please pay attention to the below points in order to
prevent dangers caused by the rack.
y When the rack is empty, mount the Coecess M5 system on the lower part of the rack.
y In order to make the center of the rack’s weight go towards the bottom, attach the heavier equipment on the
bottom parts.
Table 19-11 Types of modules that can be attached to each system slot
This section explains how to attach modules to the Corecess M5 system slots.
Methods for attaching both the SLU and OLU modules to the Corecess M5 system are the same.
See the below descriptions to attach modules to the Corecess M5 system slots.
2. When modules are already attached to slot, remove all cables connected to the module and
remove the bolts on the sides of the attached modules. Fold the ejectors on the sides of the
module away from the system and carefully remove ejector by pulling from module.
Caution: Place modules ejected from the slot where there is no static electricity or store it in a static electricy-
prevention envelope.
3. When attaching modules to empty slots, remove the bolts on the sides of the blank bracket
using a screwdriver and remove the blank bracket.
Caution: When mounting OLU module on the system, it is easiest for the sake of system operation and
management to remove sequentially starting from OLU slot 1.
4. After opening box and taking out the new module to be attached, carefully examine the
exterior of the module to make sure there are no damaged parts.
5. Fit the modules according to the guardrails on both sides of the slot and carefully push in
the module until it is attached to the back-plane connector. Press the ejectors on the sides of
the module to tighten the module.
6. Use a cross-tipped screwdriver to tighten the bolts on the sides of the module.
7. When the Run LED on the module turns green and blinks, it is properly attached. Connect
cables to the module port and when needed, use CLI commands to configure the attached
module ports.
Note: The Corecess M5 system offers hot-swap functions and therefore, the power does not have to be turned off
when attaching modules.
The types of cables used for connecting the ports are described in Attachment B: Connector and
Cable Specs.
Caution: In the event that the distance between the equipment connected to cables are farther than the max
distance presented in this manual, there is a risk of losing transmitted data.
This is the module for supplying the SLU and WDM seed light source to the system. This seed
light is entered to each OLU and distinguished based on the WDM wavelength to be used per
link. The SLU is dualized and the seed from the dual SLU is made single through the coupler
and passes by the 1:8 splitter to be entered to each OLU. The coupler and splitter position the
excess cable in the FDF. SLU and OLU Seed light source connectors are connected using the
SC/APC cable.
The S5 LIM is categorized into two types.. One is the LIM-EP4G-GR+ that provides GE-PON
OLT 4 ports and the other is LIM-D4GF that provide the Gigabit Ethernet 4 port. When a
Gigabit Ethernet Optic Transceiver on the LIM-D4GF module is attached it performs Gigabit
Ethernet Service, or when GW-PON optical modules are attached, it is activated with the Giga
WDM-PON (GW-PON) OLT. Likewise, when GE-PON optical modules are attached to the LIM-
EP4G-GR+, it activates via GE-PON OLT and when a WE-PON optical module is attached, it
activates through the WDM E-PON (WE-PON) OLT.
The M5-OLU and S5 OLT is connected via M5-MPO-8SA cable. One side of the M5-MPO-8SA
cable is an MPO type connector as seen in the below illustration, while the other side is compose
of eight SC/APC.
The S5 OLT port is put in a group of eight and conformed to the M5-OLU for DWDM mux and
Demux. The optical modules used by the S5 OLT provide two SC/APC connectors: the red
cable is the down (TX) port and the yellow cable is the UP (RX) port.
The MPO connector’s Down-1, Down-2, Up-1 and Up-2 ports are attached and the eight
SC/APC connectors are connected to the S5’s corresponding port optical transceiver’s Down
(TX) and Up (RX) port. The Down-1 port and Up-1 port are activated in pairs. Therefore, it must
be connected to the Up-1 port in the same order that the Down-1 port and S5 port are connected.
Furthermore, it must also be connected to the Up-2 port in the same connection order as that of
the S5 OLT port to the Down-2 port. The below illustration is an example of the connection.
Down Up
1 2 3 4 5 6 7
1 2 3 4 5 6 7 8
8
RX TX
The M5-OLU Mux/Demux the 8 channel or 16 channel GW-PON and/or WE-PON signals and
transmits to the ONUs/ONTs via two optical cables. The M5-OLU-WE16CH and M5-OLU-
WE8CH are WE-PON OLU that transmits WDM signals to the ONUs/ONTs via the Down port
and receives the signals through the Up port. The M5-OLU-GW16CH and M5-OLU-GW8CH are
GW-PON OLU, which is used by the Optical Link port to send and receive via one optical cable.
The below picture is an example of the connection.
Splitter
ONT
RN
10Km
Down Up
1 2 3 4 5 6 7
1 2 3 4 5 6 7 8
8
RX TX
The Corecess M5 system supports two types of system management methods as shown below.
Using the console cable provided with the product, the console port in the Corecess M5 system’s
SLU module and the serial port of the PC or VT-100 terminal to be used as the console terminal
is connected.
Each connector prepares the twisted pair cable, which is the RJ-45, to connect the Ethernet
management port located in the Corecess M5 system’s SLU module to the local network
(Ethernet LAN).
Note: Because the M5-SLU-16CH,8CH Ethernet management port supports automatic MDIX functions, crossover
cables or straight-through cables can be used regardless of the type of equipment.
Connecting Power
Connecting DC power to Corecess M5
There are two power modules for the Corecess M5. In order to use the dual power functions, the
two power modules must supply different power.
When looking from the front, the power on the left is called Power module A and the power on
the right is called Power Module B.
1. For the sake of safety, a clear plastic cover is placed on the terminal block at time of
shipment. Remove the cover and connect the power.
2. Connect the DC power cable to Power module A. First, remove the bolt on the terminal
block and fit a round loop for the power cable and tighten the bolt. Pay attention to the
power polarity (+,-) as shown in the illustration below and connect the cable.
-48V (-)
0V(GND, +)
F.G
3. Connect the DC power cable connected to Power module A with outside power supplies or
rectifiers.
4. Connect the DC power cable to terminal block B. First, remove the bolt on the terminal
block and fit a round loop for the power cable and tighten the bolt. Pay attention to the
power polarity (+,-) as shown in the illustration below and connect the cable.
-48V (-)
0V(GND, +)
F.G
5. Connect the DC power cable connected to terminal block B to outside power supplies or
rectifiers. In order for dual power, at step 3, connect it to a different power supply from
that of the external power supply.
y Confirm that modules are properly fitted into each system slot.
y Confirm that cables are properly connected to each system port.
y Confirm that the power cables are properly connected.
2. Turn on the console terminal power and execute the installed terminal emulator program.
3. Supply power to the Corecess M5 system. Turn the power module switch towards ON to
turn on the power.
Hardware Specifications
Switching Fabric
y Switching throughput : 40Gbps full-duplex (SCM-20G)
48Gbps full-duplex (SCM-B24G)
144Gbps full-duplex (SCM-B72G)
y MAC address : Maximum 16K (Layer 2)
y Unicast route : Maximum 8K (Layer 3)
y Multicast route : Maximum 4K (Multicast routing)
Memory
SCM Module
y SCM-20G : Four Gigabit Ethernet Uplink Port (RJ-45 or SFP)
One Console Port (RJ-45)
One Ethernet Management Port (RJ-45)
y SCM-B24G : Four Gigabit Ethernet Uplink Port (SFP)
Four Gigabit Ethernet Uplink Port(RJ45, Optional)
One Console Port (RJ-45)
One Ethernet Management Port (RJ-45)
Module y SCM-B72G : Four Gigabit Ethernet Uplink Port (SFP)
Configuration Four Gigabit Ethernet Uplink Port(RJ45, Optional)
Two 10G Ethernet Uplink Port (XFP, Optional)
One Console Port (RJ-45)
One Ethernet Management Port (RJ-45)
LIM Module
y LIM-EP4G-GR: 4 Gigabit Ethernet PON Port
y LIM-D4(8,16)GF: 4(8,16) Gigabit Ethernet Port
y LIM-D8(16)GT: 8(16) Gigabit Ethernet Port
y LIM-GW16GF: 1 Core Fiber Optical Link, 2 Seed Linght Ports(1 Redundancy Port)
Power DC Power Supply (Default specification)
y Frequency : 50/60Hz
y Input Voltage : 100 ~ 240VAC
y Input Voltage Range : 88 ~ 264VAC
Power Redundancy
Temperature
Cables
Packages y Console Cable (RJ-45 – DB-9)
y DC Power Cable (5m)
Manual
Software Specifications
VLAN Function
y Support Port based VLAN, IEEE 802.1q tagged VLAN and overlap VLAN (Maximum
4,096)
y Support Spanning Tree and Multicast per VLAN
Link aggregation Function
Routing Function
y Static
y RIP
y OSPF
y IS-IS
y BGP4
y VRRP
Multicasting Function
y IGMP v2.0
y IGMP snooping
y PIM-SM/DM
Function
y DVMRP
QoS Function
Security Function
y Access List
y MAC Filtering
y DHCP Filtering
y NetBIOS Filtering
(Continued)
Management Function
y Console
- Local : RJ-45 Console Port (Out-band)
- Remote : Telnet and Web based Console (In-band)
y CLI (In-band, Out-band)
y NMS (ViewlinX Manager/EMS)
y Port mirroring
Function
y SNMP v1/v2c
y RMON
- Group 1 (Statistics), Group 2 (History), Group 3 (Alarm), Group 9 (Events)
- Extended RMON
y System log file (configuration log)
y Remote software upgrade (FTP/TFTP)
y System fan status monitoring and control
y RFC 768 UDP
y RFC 791 IP
y RFC 792 ICMP
y RFC 826 ARP
y RFC 768 UDP
y RFC 783 TFTPv2
y RFC 793 TCP
y RFC 826 ARP
y RFC 854 Telnet
y RFC 927 TACACS+
y RFC 951 BOOTP
y RFC 1058 RIP v1
y RFC 1075 DVMRP
y RFC 1112 Host Extensions for IP Multicasting
y RFC 1157 SNMPv1
y RFC 1165 NTP
y RFC 1195 IS-IS
IETF Standard
y RFC 1245 OSPF Protocol Analysis
y RFC 1246 Experience with the OSPF Protocol
y RFC 1256 ICMP Router Discover Message
y RFC 1265 BGP Protocol Analysis
y RFC 1266 Experience with the BGP Protocol
y RFC 1349 Type of Service in the Internet Protocol Suite
y RFC 1403 BGP OSPF Interaction
y RFC 1519 CIDR: an Address Assignment and Aggregation Strategy
y RFC 1541 DHCP(Dynamic Host Configuration Protocol)
y RFC 1542 Clarifications and Extensions for the Bootstrap Protocol
y RFC 1583 OSPF v2
y RFC 1587 OSPF NSSA Option
y RFC 1656 BGP v4
y RFC 1657 Definitions of Managed Objects for BGP-4 using SMIv2
y RFC 1723 RIP v2
y RFC 1745 BGP-4/IDRP for IP and OSPF Interaction
y RFC 1765 OSPF Database Overflow
(Continued)
y RFC 1771 BGP-4
y RFC 1772 Application of BGP in the Internet
y RFC 1773 Experience with the BGP-4 Protocol
y RFC 1774 BGP-4 Protocol Analysis
y RFC 2453 RIPv2
y RFC 2519 A Framework for Inter-Domain Route Aggregation
y RFC 2573 SNMP Applications
y RFC 2796 BGP Route Reflection Alternative to full mesh IBGP
y RFC 2842 Capabilities Advertisement with BGP-4
y RFC 2858 Multi-protocol Extensions for BGP-4
y RFC 2865 Remote Authentication Dial In User Service (RADIUS)
y RFC 2866 RADIUS Accounting
y RFC 2918 Route Refresh Capability for BGP-4
y RFC 3046 DHCP Relay agent
y RFC 3065 Autonomous System Confederations for BGP
y RFC 3137 OSPF Stub Router Advertisement
IETF Standard y RFC 3195 Syslog
y RFC 1793 Extending OSPF to Support Demand Circuits
y RFC 1812 Router Requirements
y RFC 1901 SNMP v2
y RFC 1966 BGP Route Reflection Alternative to full mesh IBGP
y RFC 1997 BGP Communities Attribute
y RFC 1998 BGP Community Attribute in Multi-home Routing
y RFC 2082 RIP-2 MD5 Authentication
y RFC 2131 DHCP
y RFC 2178 OSPF
y RFC 2236 Internet Group Management Protocol, Version 2
y RFC 2328 OSPFv2
y RFC 2338 VRRP
y RFC 2362 PIM-SM
y RFC 2370 OSPF Opaque LSA Option
y RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option
y RFC 2439 BGP Flap Damping
y CORECESS-BASIC-MIB
y CORECESS-SMI
y CORECESS S5 MIB
y RFC 1213 MIB-II
y RFC 1253 OSPF-MIB
y RFC 1354 IP Forwarding MIB
y RFC 1493 BRIDGE-MIB
y RFC 1657 BGP4-MIB
MIB y RFC 1724 RIP v2 MIB
y RFC 1850 OSPF2 MIB
y RFC 1757 RMON-MIB
y RFC 1907 SNMPv2-MIB
y RFC 2011 IP-MIB
y RFC 2012 UDP-MIB
y RFC 2096 IP-FORWARD-MIB
y RFC 2233 IF-MIB
y RFC 2328 OSPF-MIB
Number of
32
Branched
y Average : 17.0 dB
y Maximum : 18.0 dB
Insertion Loss
y Uniformity : ≤ 1.9 dB
y PDL : ≤ 0.3 dB
Optical Return Loss > 55dB
Specification
Directivity > 55dB
Operating
1.26 ~ 1.60 um
wavelength
y Input : Diameter 250μm
Pigtails y Output : Ribbon fiber
y Average length: 1M
Temperature
y Operating Range : Commercial Version : 0℃ ~ 50℃
Extended Commercial Version : - 20℃ ~ 60℃
Environment Hardened version : - 40℃ ~ 65℃
y Storage Range : -40 ~ 80°C
Humidity
Appendix B describes the specifications of the ports on the Corecess S5 System. In addition,
the kinds and specifications of cables needed for the connection of each port.
Connector Specifications
RJ-45 Connector
10/100/1000Base-T Port
10/100/1000Base-T port on the SCM,LIM module has an 8-pin RJ-45 connector. The
cable used for connecting 10/100/1000Base-T port is twisted-pair cable with RJ-45
8 1 connectors at both ends.
Ethernet Management port on the SCM module has an 8-pin RJ-45 connector. The cable
used for connecting Ethernet Management port is twisted-pair cable with RJ-45
8 1 connectors at both ends.
Pin Signal
1 Rx+
2 Rx-
3 Tx+
6 Tx-
Pin Signal
2 Tx
3 Rx
5 GND
Pin Signal
3 Tx
4 GND
5 GND
6 Rx
LC Connector
1000Base-SX/LX/LH/ZX Transceiver
SC Connector
In the case that 1000BASE-PX optical transceiver is applied to the optical port for
EPON and 1000BASE-BX optical transceiver is to the optical port for GbE, the
recieving and transmitting wavelength are 1310/1490 nm in each. In that case,
Caution : When it comes to optical connection vulnerable to reflection, green-colored connector is generally
used.
- Video overlay optical connection
- Connection of WDM multiplexed or dimultiplexed port
Cable Specifications
There are two types of twisted pair cables: UTP (unshielded twisted pair) cable and STP
(shielded twisted pair) cable. The following figure shows a twisted pair cable with RJ-45
connectors at both ends.
The category of twisted pair cable to be used is determined by the speed of the devices to be
connected to RJ-45 port. In case of connecting with a device that operates at 10Mbps, category 3
and 4 cable is used. In case of connecting with a device that operates at 100Mbps, category 5
cable is used. In case of connecting with a device that operates at 1000Mbps, category 5+ or
category 6 cable is used.
Either straight-through cable or crossover cable is used according to the kinds of devices to be
connected to RJ-45 port. In case the device to be connected is such terminal (MDI) as PC
equipped with NIC (Network Interface Card), straight-through cable is used. On the other hand,
crossover cable is used for connecting the ports of network devices (MDI-X) such as hub or
switch.
Table B-5 System Modules with Fiber Optic Ports Duplex LC Fiber Optic Cable
Fiber Optic
Module Connector Interface Wave Length(nm)
Cable
1000Base-SX Multi-mode y Rx/Tx : 850nm
SCM-20G Duplex LC
1000Base-LX Single mode y Rx/Tx : 1310nm
GW-PON
LIM-GW16GF Simplex SC/APC Single mode y Rx/Tx:1535~1560nm
(16CH GbE)
The orange-colored multi-mode fiber(MMF) is used for the 1000Base-SX transceiver in the
transporting distance less than 550m.
Orange
<Pin Configuration>
Note: Before connecting the console port, ensure that console terminal is configured as follows:
Baud rate Data bit Parity Stop bit Flow control
9600 8 None 1 None
Caution: Before you install the Corecess S5 system, read ‘Chapter3 Before Installation’. ‘Chapter 3’ contains
important safety information you should know before working with the system.
Replacing Module
Replacing Module
If a module installed in a slot has a problem, the module can replace new one. This section
describes how to replace SCM modules and LIM modules on the Corecess S5 System.
Example: S506-CH
Corecess S506
LIM Slot (1 ~ 4)
Caution : Be careful not to install modules into the wrong slots when you replace several modules. Be sure to
confirm module location before installation.
Required Tool
If you replace modules installed in the Corecess S5 System, the following tools are required.
Before replacing modules, prepare the tools.
y A screwdriver
y Electrostatic discharge (ESD) grounding strap
Replacing Modules
The replacing procedure of installed module in the Corecess S5 System is as follows:
Note: Since the Corecess S5 System provides the hot-swap functions, the system power doesn’t have to be
turned off.
Warning: Do NOT put your fingers into slots if the system is not turned off. You might receive an electric shock
by the back-plain or power supply.
1. Execute the write memory command in the Telnet session which is connected to the
Corecess S5 System to store current system configuration in the backup configuration file.
4. Push the ejector levers on the both side of the module to release locked state, then pull the
ejector levers outward and extract the module carefully from the chassis.
5. Prepare a module that is to be installed. Place the module to the guide rail that is located in
the both sides of the slot. Then, insert the module carefully until it gets installed in the
connector of the back plane.
6. Push the ejector levers inward, then the module installed completely with the connector of
back plain.
7. Fasten the module firmly by tightening the two screws using a screwdriver.
8. If the module is installed successfully, the Run LED on the module is turned on with green.
Maintaining C-3
Replacing Fan Tray
Caution: Do NOT operate the system when you replace the fan tray. If the fan tray is not operating, the system
can be damaged by the overheat.
1. Check the Fan LED on the system fan tray. The Fan LED is turned on with red when the
fan tray has a problem.
3. Grasp the handle of the fan tray and gently pull it.
4. Prepare new fan tray. Slide the new fan tray into the chassis until the rear of the fan tray
plugs into the corresponding connector on the back-panel.
5. Fasten the fan tray firmly by tightening the screw using a screwdriver.
6. If the fan tray is installed successfully, the LED on the fan tray is turned on with green.
The following procedure describes how to clean the fan filter in the Corecess S5 System.
1. Grasp the handle of the fan filter, and gently pull it forward until the fan filter is
separated from the chassis. At this time, be sure not to scatter dust of the fan filter.
2. Check the fan filter state. If there is a lot of dust or dirty in the fan filter, remove dust
with a vacuum machine or wash the fan filter with a neutral detergent. When you clean
the fan filter with water, install spare fan filter in the chassis.
3. If you wash the fan filter with a neutral detergent, dry the fan filter in cool place over
eight hours.
4. After cleaning, insert the fan filter into the slot of the chassis.
Maintaining C-5