Manual Olt s5 Gepon Cianet

Edition: 0003
Distribution: 4/2008
Corecess Scalable Broadband Service Platform
Corecess S5 System
User's Guide
| Copyright |
Copyright ©2007 by Corecess Inc. All rights reserved.
No Part of this book shall be reproduced, stored in a retrieval system, or

transmitted by any means, electronic, mechanical, photocopying,
recording, or otherwise, without written permission from the publisher.
The specifications and information regarding the products in this manual

are subject to changed without notice.
| Trademark Credit |
Corecess S5 System is registered trademark of Corecess Inc.
Other product names or company names mentioned in this manual are

registered trademarks of the appropriate company.
Corecess Inc.
500-2, Sangdaewon-dong, Jungwon-ku, Sungnam-city, Kyungki-do, Korea, 462-120
TEL:+82-31-739-6600 FAX: :+82-31-739-6622
http://www.corecess.com
Manual Contents
Manual Contents
This instruction consists of following materials about Corecess S5 series which is multi-
functional broadband platform from Corecess Inc.
y Introduction to functions and features
y Name and function of each part
y How to install on a rack and connect cable to each port
y How to configure the Corecess S5 System
Careful reading of this manual before using the Corecess S5 System will alleviate the
complexity of manipulating the system. The user should read the chapters 1~3 to become
acquainted with the functions of the product, name and function of each part, and the
precautions before installation. Understanding chapters 1~3 will help a great deal for safety in
installing and using the product.
Note: Corecess S5 series provides for the flexibility for operator to deploy chassis, SCM board and LIM borad
adapted to its access network. Basic command is the same as it was. There might be additiional command
according to module.
9 If you have any problems or questions during installation or while using the product,
contact your equipment provider or visit our website at www.corecess.com and leave
a message in Q&A.
Audience
This manual is designed for the users with basic knowledge in Ethernet and FTTH. Thus, this
manual assumes that the reader is knowledgeable of basic concepts and terminology about
Ethernet and FTTH and does not provide separate explanations for these topics. If you feel that
the contents of this manual are difficult and require more detailed explanations, refer to other
network related books.
Revison History
Edition Date Description
0002 4/2008 Second Edition
III
Notations
Notations
This manual uses the notations explained below for assisting readers in understanding the
contents of this manual.
Notations in Console Screen

When indicating text displayed on the console screen, the following indications are used:
y Text displayed on console screen is shown in Courier New.
y Values entered by user are displayed in bold Courier New.
Notations in Command Syntax

In this manual, the following indications are used to explain the syntax of console commands:
y Console commands are indicated in bold Courier New.
y Parameters that need to be entered are indicated in Courier New.
y Parameters in [ ] are parameters that can be ignored.
y { A | B | C } means that one entry among A, B, and C must be selected and entered.
y [A | B | C] means that one entry among A, B, and C may or may not be selected and
entered.
Acronyms & Terminology

GigabitEhternet : GbE
GE-PON, EPON : E-PON
IV Corecess S5 System User's Guide

Notations
Conventions
This manual uses the following conventions:
Recommendation: Introduces recommendatory item for the use of product.
Note: Introduces useful item for the use of product, reference, and its related materials.
Caution: Explains possible situations or conditions of improper operation and possibility of losing data and
provides suggestions how to deal with those cases.
Warning: Explains situtations in which product can be damaged or danger can be imposed to users physically,
and informs you how to respond to those situations.
V
Organization
Organization
The chapters of this manual are organized as follows:
Chapter 1 Overview
This chapter introduces the Corecess S5 System functions and features and describes several kinds of
network examples configurable with the Corecess S5 System.
Chapter 2 Hardware Description

This chapter introduces the structures of the front and rear side of the Corecess S5 System and describes
the function and appearance of the modules provided for the Corecess S5 System.
Chapter 3 Before Installation

This chapter describes the precautions for the Corecess S5 System installation and installation environment
for the normal operation. It also describes the way to unpack the Corecess S5 System box and verify the
contents.
Chapter 4 Installation
This chapter describes how to mount the Corecess S5 System on a rack, connect the cables to the ports,
and connect the power.
Chapter 5 Configuring Basic Features

This chapter describes how to configure basic features to operate the Corecess S5 System.
Chapter 6 Configuring Ports and Links

This chapter describes how to configure Gigabit Ethernet ports and Gigabit Ethernet PON ports in SCM/LIM
module. This chapter also describes how to configure logical links of Gigabit Ethernet and ONU connected
with Gigabit Ethernet PON ports.
Chapter 7 Configuring VLAN

This chapter describes how to configure the VLAN and VLAN interface on the Corecess S5 System.
Chapter 8 Configuring SNMP and RMON

This chapter describes how to configure SNMP and RMON on the Corecess S5 System.
VI Corecess S5 System User's Guide

Organization
Chapter 9 Configuring QoS

This chapter describes how to configure Quality of Service (QoS) features on the Corecess S5 System.
Chapter 10 Configuring DHCP

This chapter describes how to configure DHCP server or DHCP Relay Agent on the Corecess S5 System.
Chapter 11 Configuring NetSnoop

This chapter describes how to configure NetSnoop features on the Corecess S5 System.
Chapter 12 Configuring Security

This chapter describes how to configure security features on the Corecess S5 System
Chapter 13 Configuring Multicast

.This chapter describes how to manage multicast group information using IGMP to process multicast traffic
on the Corecess S5 System. It also describes how to configure multicast routing protocols such as PIM-SM,
PIM-DM and DVMRP.
Chapter 14 Configuring Routing Protocol

This chapter describes how to configure the routing protocols - BGP, OSPF, and RIP, supported by the
Corecess S5 System.
Chapter 15 Configuring LACP

This chapter describes how to configure a trunking group by using Link Aggregation Control Protocol
(LACP).
Chapter 16 Configuring STP and RSTP

This chapter describes how to configure STP and RSTP to avoid a loop on the network of the Corecess S5
System.
Chapter 17 Configuring VRRP

This chapter describes how to configure VRRP (Virtual Router Redundancy Protocol) on the Corecess S5
System.
Chapter 18 Redundancy Configuration

This chapter describes how to configure Redundancy on the Corecess S5 System.
VII
Organization
Chapter 19 M5 SuperPON MUX Platform

This chapter introduces the Corecess M5 SuperPON MUX Platform functions and features and installation.
Appendix A Product Specifications

Appendix A describes (the) hardware and software specifications of the Corecess S5 System.
Appendix B Connector and Cable Specifications

Appendix B describes the SCM/LIM port specifications and the cables specifications needed for the
connection of each port.
Appendix C Operation and Maintenance

Appendix C describes how to replace the broken module and fan with new one. This chapter also describes
how to clean the fan filter.
VIII Corecess S5 System User's Guide

Table of Contents
Table of Contents
Manual Contents ..................................................................................................III

Audience .................................................................................................................................... III
Revison History ........................................................................................................................ III
Notations ............................................................................................................. IV
Notations in Console Screen................................................................................................... IV
Notations in Command Syntax.............................................................................................. IV
Acronyms & Terminology ...................................................................................................... IV
Organization........................................................................................................ VI
Table of Contents ................................................................................................ IX
List of Tables..................................................................................................... XIX
Chapter 1 Overview 1-1

Introduction ........................................................................................................1-2
Hardware Features ............................................................................................1-4
Slot Configuration ................................................................................................................... 1-4
Chassis....................................................................................................................................... 1-4
Switching & Control Module ................................................................................................ 1-5
Line Interface Module............................................................................................................. 1-5
Software Features ..............................................................................................1-7
Applications......................................................................................................1-11
All Fiber Network with S5 System ..................................................................................... 1-11
Deep Fiber Network with S5 System ................................................................................. 1-12
WDM PON Solution with S5 Series ................................................................................... 1-12
Chapter 2 Hardware Description 2-1

System Chassises..............................................................................................2-2
S511 Chassis ............................................................................................................................. 2-2
S518 Chassis ............................................................................................................................. 2-4
S506(S505) Chassis................................................................................................................... 2-6
Chassis Common Items .......................................................................................................... 2-8
System Modules...............................................................................................2-10
Slot Configuration ................................................................................................................. 2-10
SCM Module ....................................................................................................2-11
SCM Slot Capacity................................................................................................................. 2-11
Performance of Switching and Routing............................................................................. 2-12
Memory................................................................................................................................... 2-12
System Status LED (Run, Master)....................................................................................... 2-12
IX
Table of Contents
Reset Switch (Reset) .............................................................................................................. 2-13

Port Type................................................................................................................................. 2-13
SCM-B72G .............................................................................................................................. 2-16
SCM-B24G .............................................................................................................................. 2-16
SCM-20G ................................................................................................................................. 2-17
LIM Module ......................................................................................................2-18
Run LED.................................................................................................................................. 2-18
Port LED.................................................................................................................................. 2-19
Port Type................................................................................................................................. 2-19
LIM-D16GT(LIM-D8GT) ...................................................................................................... 2-22
LIM-D16GF(LIM-D8GF,LIM-D4GF) .................................................................................. 2-22
LIM-EP4G-GR ........................................................................................................................ 2-23
LIM-GW16GF......................................................................................................................... 2-23
Support Devices ...............................................................................................2-24
E-PON Splitter ....................................................................................................................... 2-24
WDM Filter............................................................................................................................. 2-24
L1-SLS16 Supported GW-PON Network .......................................................................... 2-25
Cable Connecting .................................................................................................................. 2-25
M5 SuperPon Mux Platform................................................................................................ 2-26
Cable Connecting .................................................................................................................. 2-27
Chapter 3 Before Installation 3-1

Precautions ........................................................................................................3-2
General Precautions ................................................................................................................ 3-2
Power Considerations............................................................................................................. 3-2
Preventing ESD........................................................................................................................ 3-4
Installing and Servicing the System ..................................................................................... 3-4
Rack-Mounting the System.................................................................................................... 3-7
Lifting the System.................................................................................................................... 3-8
Disposing of the System ......................................................................................................... 3-8
Installation Place ................................................................................................3-9
Environmental Requirements ............................................................................................... 3-9
Power Supply........................................................................................................................... 3-9
Unpacking ........................................................................................................3-10
Chapter 4 Installation 4-1

Installation Procedure.........................................................................................4-2
Rack-Mounting ...................................................................................................4-3
Checking the Rack-Mount Space .......................................................................................... 4-3
Mounting the System on a Rack ........................................................................................... 4-4
Installing Modules ..............................................................................................4-5
Switching & Control Module ................................................................................................ 4-5
X Corecess S5 System User's Guide

Table of Contents
Line Interface Module............................................................................................................. 4-5

Installing modules in slots ..................................................................................................... 4-6
Installing / Removing SFP module...................................................................................... 4-7
Connecting Network Devices ...........................................................................4-10
Connecting Gigabit Ethernet Uplink Port ......................................................................... 4-11
Connecting Gigabit Ethernet PON Line Port.................................................................... 4-13
Connecting Gigabit Ethernet Line Port.............................................................................. 4-14
Connecting the System Management Device ..................................................4-15
Connecting the Console Port ............................................................................................... 4-16
Connecting Ethernet Management Port ............................................................................ 4-17
Connecting Power ............................................................................................4-18
Connecting DC Power .......................................................................................................... 4-18
Connecting AC Power .......................................................................................................... 4-21
Starting the System ..........................................................................................4-22
Chapter 5 Configuring Basic Features 5-1

Before Configuration ..........................................................................................5-2
Accessing the CLI .................................................................................................................... 5-2
Command Modes .................................................................................................................... 5-4
Prompt....................................................................................................................................... 5-8
Getting Help............................................................................................................................. 5-9
CLI Command Usage Basics ............................................................................................... 5-11
Configuring Basic System Parameters.............................................................5-13
Setting an IP Address for management ............................................................................. 5-13
User Management ................................................................................................................. 5-15
Specifying System Name and System Time...................................................................... 5-18
Configuration File Management .......................................................................5-23
Displaying the Current Running Configuration.............................................................. 5-24
Saving the Current Running Configuration ..................................................................... 5-26
Restoring Default Configuration ........................................................................................ 5-27
Monitoring and Maintaining the System ...........................................................5-28
Monitoring Network Connectivity..................................................................................... 5-28
Displaying CPU Utilization ................................................................................................. 5-32
Displaying Memory Usage .................................................................................................. 5-33
Displaying System Module Information ........................................................................... 5-35
Displaying System Module Status...................................................................................... 5-36
Managing System Log......................................................................................5-38
Specifying Event Level ......................................................................................................... 5-38
Specifying Screen to Display Log ....................................................................................... 5-41
Saving Log Message in Log File.......................................................................................... 5-43
Displaying Contents of Log File ......................................................................................... 5-44
Clearing System Log ............................................................................................................. 5-45
Upgrading Software..........................................................................................5-46
XI
Table of Contents
Chapter 6 Configuring Ports and Links 6-1

Configuring Gigabit Ethernet port.......................................................................6-2
Basic Configuration of Gigabit Ethernet Port ..................................................................... 6-2
Configuring Gigabit Ethernet port ....................................................................................... 6-3
Display the Gigabit Ethernet Port Information .................................................................. 6-8
Configuring the Gigabit Ethernet PON Port......................................................6-11
Basic Configuration of the Gigabit Ethernet PON Port .................................................. 6-11
Configuring Gigabit Ethernet PON Port ........................................................................... 6-12
Monitoring the Gigabit Ethernet PON Port ...................................................................... 6-21
Configuring the Link of the Gigabit Ethernet PON Port ....................................6-25
Basic Configuration of the Gigabit Ethernet PON Link.................................................. 6-25
Configuring Gigabit Ethernet PON Link .......................................................................... 6-26
Configuring Bridging Mode of Link .................................................................................. 6-32
Monitoring Link Information .............................................................................................. 6-55
Configuring ONU ..............................................................................................6-59
Basic Configuration of ONU ............................................................................................... 6-59
Configuring ONU ................................................................................................................. 6-60
Monitoring ONU ................................................................................................................... 6-75
Profile ...............................................................................................................6-78
General LLID profile Creation ............................................................................................ 6-78
Default LLID profile.............................................................................................................. 6-80
General ONU profile............................................................................................................. 6-82
Default ONU profile ............................................................................................................. 6-84
Chapter 7 Configuring VLAN 7-1

VLAN Configuration............................................................................................7-2
Default Configuration............................................................................................................. 7-2
Basic VLAN Configuration.................................................................................................... 7-3
Configuring 802.1Q Trunk..................................................................................................... 7-9
Configuring VLAN Interface..............................................................................7-11
Entering Interface Configuration Mode ............................................................................ 7-11
Configuring OSPF on the VLAN Interface ....................................................................... 7-12
Configuring IS-IS on the VLAN Interface ......................................................................... 7-19
Configuring RIP on the VLAN Interface........................................................................... 7-27
Enabling Multicasting on the VLAN Interface................................................................. 7-32
Shutting Down the VLAN Interface................................................................................... 7-33
Configuring IP Parameters .................................................................................................. 7-34
Chapter 8 Configuring SNMP and RMON 8-1

Configuring SNMP .............................................................................................8-2
SNMP(Simple Network Management Protocol) Overview ............................................. 8-2
XII Corecess S5 System User's Guide

Table of Contents
Configuring SNMP ................................................................................................................. 8-6

Displaying SNMP Information ........................................................................................... 8-13
Configuring RMON ...........................................................................................8-18
RMON (Remote MONitoring) Overview.......................................................................... 8-18
Configuring RMON .............................................................................................................. 8-19
Displaying RMON Information .......................................................................................... 8-32
SNMP and RMON Configuration Commands ..................................................8-34
Chapter 9 Configuring QoS 9-1

QoS Overview ....................................................................................................9-2
QoS (Quality of Service) ......................................................................................................... 9-2
Classifier ................................................................................................................................... 9-3
Packet Marker .......................................................................................................................... 9-6
Policer........................................................................................................................................ 9-6
Queue Scheduler ..................................................................................................................... 9-9
Buffer Manager ...................................................................................................................... 9-14
QoS of the Corecess S5 System............................................................................................ 9-15
Configuring QoS Service Policy Map ...............................................................9-17
Configuring QoS Service Policy.......................................................................................... 9-17
Configuring a Class Map ..................................................................................................... 9-18
Configuring a Policy Map.................................................................................................... 9-21
Configuring Service Policy .................................................................................................. 9-28
Configuring Non-Class-map QoS Features......................................................9-29
Specifying Priority for VLAN or Port ................................................................................ 9-29
Applying Policing to a Port ................................................................................................. 9-31
Specifying Priority for CoS Field ........................................................................................ 9-32
Specifying Priority for a Transmission Queue ................................................................. 9-33
Configuring Shaping ............................................................................................................ 9-34
Controlling Broadcast Storm ............................................................................................... 9-35
Configuring Packet Filtering ............................................................................................... 9-36
QoS Configuration Commands ........................................................................9-42
Chapter 10 Configuring DHCP 10-1

DHCP (Dynamic Host Configuration Protocol) Overview .................................10-2
Configuring DHCP Server ................................................................................10-4
Procedure of DHCP Server Configuration........................................................................ 10-4
Parameter Values for Configuration DHCP Server......................................................... 10-4
Enabling DHCP Server......................................................................................................... 10-5
Configuring the Global DHCP Server Parameters .......................................................... 10-5
Verifying the DHCP Subnet for the Interface ................................................................. 10-11
Configuring DHCP Server Parameters for Each Subnet............................................... 10-12
Specifying IP Address Pool for DHCP Clients ............................................................... 10-13
XIII
Table of Contents
Defining Subnet for DHCP Relay Configuration........................................................... 10-15

Configuring Static Host...................................................................................................... 10-16
Configuring the Maximum and Minimum Number of IP Address for a Subnet..... 10-17
Configuring DHCP Relay Agent .....................................................................10-18
DHCP Relay Agent Overview........................................................................................... 10-18
Configuring DHCP Relay .................................................................................................. 10-21
Displaying DHCP Configuration .....................................................................10-26
Displaying DHCP Server Configuration ......................................................................... 10-26
Displaying DHCP Relay Configuration .......................................................................... 10-33
DHCP Configuration Commands ...................................................................10-37
Configuring DHCP Server(Only S518) ...........................................................10-39
Sequence to configure DHCP Server................................................................................ 10-39
Values to be identified ........................................................................................................ 10-39
Activating DHCP Server .................................................................................................... 10-40
Configuring GLOBAL DHCP Parameters ...................................................................... 10-41
Creating IP Pool................................................................................................................... 10-44
Setting IP Pool Parameters................................................................................................. 10-48
Configuring Pool Chaining................................................................................................ 10-51
IP allocation by DHCP option ........................................................................................... 10-52
Configuring DHCP Relay Agent(Only S518) ..................................................10-54
Activating DHCP Relay ..................................................................................................... 10-54
Designating DHCP Server ................................................................................................. 10-55
Designating DHCP Secondary weight............................................................................. 10-56
Configuring DHCP Proxy Server(Only S518) .................................................10-57
Designating DHCP Server ................................................................................................. 10-58
Displaying DHCP Configuration information(Only S518)................................10-59
Displaying DHCP Activation information...................................................................... 10-59
Displaying IP Pool Configuration information .............................................................. 10-60
Displaying allocated lease information ........................................................................... 10-62
Displaying DHCP Packet statistics information ............................................................ 10-65
Chapter 11 Configuring Netsnoop 11-1

Understanding NetSnoop .................................................................................11-2
Understanding NetSnoop .................................................................................................... 11-2
Configuring DHCP Snoop ................................................................................................... 11-4
Configuring ARP Snoop .................................................................................11-15
Chapter 12 Configuring Security 12-1

Managing Password and Session ....................................................................12-2
Configuring Password.......................................................................................................... 12-2
Configuring Telnet Session Timeouts ................................................................................ 12-5
Configuring Access Lists ..................................................................................12-6
XIV Corecess S5 System User's Guide

Table of Contents
Access Lists............................................................................................................................. 12-6

Security Configuration Commands.................................................................12-11
Chapter 13 Configuring Multicast 13-1

Multicast Routing Overview..............................................................................13-2
IGMP (Internet Group Management Protocol) ................................................................ 13-4
DVMRP (Distance-Vector Multicast Routing Protocol).................................................. 13-5
PIM (Protocol Independent Multicast) .............................................................................. 13-6
Configuring IP Multicast Routing ....................................................................13-10
Enabling Multicast Routing ............................................................................................... 13-10
Configuring a Static Multicast Route ............................................................................... 13-16
Configuring PIM.................................................................................................................. 13-17
Configuring PIM-SM .......................................................................................................... 13-19
Configuring PIM-DM ......................................................................................................... 13-30
Configuring DVMRP .......................................................................................................... 13-31
Configure IGMP .................................................................................................................. 13-32
Configuring IGMP Snooping ............................................................................................ 13-38
Monitoring IP Multicast Routing......................................................................13-44
Displaying the Contents of IP Multicast Routing Table ............................................... 13-44
Displaying PIM Information ............................................................................................. 13-47
Displaying DVMRP Information ...................................................................................... 13-54
Displaying IGMP Information .......................................................................................... 13-58
IP Multicast Routing Commands ....................................................................13-64
Chapter 14 Configuring Routing Protocol 14-1

Configuring Static Route ..................................................................................14-2
Type of Static Route .............................................................................................................. 14-2
Configuring the Standard Route......................................................................................... 14-3
Configuring the VLAN Interface Route ............................................................................ 14-4
Configure the Loopback Route ........................................................................................... 14-5
Configuring the Null Route................................................................................................. 14-6
Configuring the Default Gateway ...................................................................................... 14-7
Configuring BGP ..............................................................................................14-8
BGP(Border Gateway Protocol) Overview........................................................................ 14-8
Basic BGP Configuration.................................................................................................... 14-11
Displaying BGP Configuration Information................................................................... 14-39
BGP Commands .................................................................................................................. 14-54
Configuring OSPF ..........................................................................................14-57
OSPF (Open Shortest Path First) Overview .................................................................... 14-57
Configuring OSPF ............................................................................................................... 14-59
Displaying OSPF Configuration Information................................................................. 14-73
OSPF Commands ................................................................................................................ 14-80
XV
Table of Contents
Configuring IS-IS............................................................................................14-82
IS-IS Overview ..................................................................................................................... 14-82
Configuring IS-IS................................................................................................................. 14-86
Displaying IS-IS Configuration Information .................................................................. 14-98
IS-IS Commands ................................................................................................................14-103
Configuration RIP.........................................................................................14-105
RIP (Routing Information Protocol) Overview ............................................................14-105
Configuring RIP.................................................................................................................14-110
Displaying RIP Configuration Information ..................................................................14-118
RIP Commands ..................................................................................................................14-121
Chapter 15 Configuring LACP 15-1

Port Trunking Overview....................................................................................15-2
Notes for LACP Trunk Configuration ............................................................................... 15-3
QoS of Trunk Group ............................................................................................................. 15-3
Configuring LACP Trunk ..................................................................................15-4
Setting LACP Key and Operation Mode ........................................................................... 15-4
Setting LACP Partner Key ................................................................................................... 15-7
LACP Configuration Example ............................................................................................ 15-9
Chapter 16 Configuring STP and RSTP 16-1

Understanding STP and RSTP ........................................................................16-2
STP Overview ........................................................................................................................ 16-2
RSTP (Rapid Spanning Tree Protocol) ............................................................................... 16-7
Default STP Configuration .................................................................................................. 16-8
Configuring STP...............................................................................................16-9
Procedures for STP Configuration...................................................................................... 16-9
Enabling STP .......................................................................................................................... 16-9
Enabling or Disabling STP on a Port................................................................................ 16-11
Setting the Bridge ID (Priority) ......................................................................................... 16-12
Configuring the Path Cost ................................................................................................. 16-13
Configuring STP Encoding ................................................................................................ 16-15
Configuring the Port Priority ............................................................................................ 16-16
Setting Spanning Tree Timers ........................................................................................... 16-17
Configure RSTP .............................................................................................16-20
Configuration Procedure of RSTP .................................................................................... 16-20
Enabling RSTP on a VLAN ................................................................................................ 16-20
Configuring the Path Cost ................................................................................................. 16-22
Configuring RSTP Encoding ............................................................................................. 16-24
Configuring Spanning Tree Protocol Type ..................................................................... 16-25
Configuring an Edge Port .................................................................................................. 16-26
STP and RSTP Configuration Commands .....................................................16-28
XVI Corecess S5 System User's Guide

Table of Contents
Chapter 17 Configuring VRRP 17-1

Configuring VRRP ............................................................................................17-2
VRRP (Virtual Router Redundancy Protocol) Overview ............................................... 17-2
Configuring VRRP ................................................................................................................ 17-4
VRRP Configuration Example .......................................................................................... 17-12
Displaying VRRP Configuration Information...................................................17-14
Displaying VRRP Configuration Information ................................................................ 17-14
VRRP Commands ..........................................................................................17-15
Chapter 18 Redundancy Configurating 18-1

Redundancy Configurating...............................................................................18-2
Redundancy ........................................................................................................................... 18-2
Redundant Configuration Information Outputting ...........................................18-14
Redundant Configurtion Information Outputting ........................................................ 18-14
Instructions of Redundancy............................................................................18-16
Chapter 19 M5 SuperPON MUX Platform 19-1

Overview ..........................................................................................................19-2
SuperPON Operation Principles......................................................................................... 19-3
M5 Platform Operating Environmental Characteristics ................................................. 19-4
SuperPON (S5 & M5) Platform Key Applications ........................................................... 19-4
M5 SuperPON MUX Chassis............................................................................................... 19-6
Product Ordering & Specifications..................................................................................... 19-6
Hardware description .......................................................................................19-8
System Chassis....................................................................................................................... 19-8
Front ........................................................................................................................................ 19-8
System Module .................................................................................................................... 19-13
M5-SLU-16CH...................................................................................................................... 19-14
M5-SLU-8CH........................................................................................................................ 19-14
M5-OLU-WE16CH .............................................................................................................. 19-17
M5-OLU-WE8CH ................................................................................................................ 19-17
M5-OLU-GW16CH ............................................................................................................. 19-20
M5-OLU-GW8CH ............................................................................................................... 19-20
Before Installing .............................................................................................19-22
Precautions related to Static Electricity ........................................................................... 19-24
Precautions for Installation and Services ........................................................................ 19-24
Precautions related to Installation .................................................................................... 19-26
Precautions when transporting the product ................................................................... 19-26
Precautions when disposing product .............................................................................. 19-27
Installation Location ........................................................................................................... 19-28
Installation ......................................................................................................19-29
XVII
Table of Contents
Installation Process.............................................................................................................. 19-29

Installing on Rack ................................................................................................................ 19-30
Mounting the Module......................................................................................................... 19-31
Connecting to S5 and WDM system................................................................................. 19-33
Connecting Power ............................................................................................................... 19-40
Running the System ............................................................................................................ 19-42
Appendix A Product Specifications A-1

Hardware Specifications.................................................................................... A-2
Software Specifications ..................................................................................... A-4
Optical Splitter Specifications............................................................................ A-7
Appendix B Connector and Cable Specifications B-1

Connector Specifications................................................................................... B-2
RJ-45 Connector .......................................................................................................................B-2
LC Connector ...........................................................................................................................B-4
SC Connector............................................................................................................................B-4
Cable Specifications.......................................................................................... B-5
Twisted Pair Cable ..................................................................................................................B-5
Fiber Optic Cable.....................................................................................................................B-6
Console Cable for SCM-20G ..................................................................................................B-8
Console Cable for SCM-B24G,SCM-B72G...........................................................................B-9
Appendix C Maintaining C-1

Replacing Module ............................................................................................. C-2
Location of Module Installation........................................................................................... C-2
Required Tool.......................................................................................................................... C-3
Replacing Modules................................................................................................................. C-3
Replacing Fan Tray ........................................................................................... C-4
Cleaning Fan Filter ............................................................................................ C-5
XVIII Corecess S5 System User's Guide

List of Tables
List of Tables
Table 2-1 Corecess S5 System Slot ..................................................................................................... 2-8

Table 2-2 Slot configuration of Corecess S5 system.......................................................................... 2-11
Table 2-3 System Status LED Functions on the SCM Module ........................................................... 2-12
Table 2-4 LED Functions of Ethernet Management Port on the SCM Module................................... 2-13
Table 2-5 Gigabit Ethernet Port Specification for SCM Module ......................................................... 2-14
Table 2-6 10/100/1000Base-T Port LED Function of SCM Module.................................................... 2-15
Table 2-7 Port LED Function of SCM Module..................................................................................... 2-15
Table 2-8 Gigabit Ethernet Port Specification for SCM Module ......................................................... 2-15
Table 2-9 Corecess S5 LIM Module.................................................................................................... 2-18
Table 2-10 Run LED Functions on the LIM-EP4G-GR Module .......................................................... 2-18
Table 2-11 LED Functions of 1000Base-PX SFP E-PON Port........................................................... 2-19
Table 2-12 Specifications of 1000Base-PX SFP E-PON Port ............................................................ 2-20
Table 2-13 Specifications of SFP GbE Port........................................................................................ 2-20
Table 2-14 Specifications of 1000Base-T Port ................................................................................... 2-20
Table 3-1 Power condition .................................................................................................................... 3-9
Table 4-1 Kinds of Module and Slot Number installed in each slot ...................................................... 4-5
Table 5-1 CLI modes............................................................................................................................. 5-4
Table 5-2 Command mode access method .......................................................................................... 5-5
Table 5-3 Prompt of the main command modes................................................................................... 5-8
Table 5-4 CLI Edititng command......................................................................................................... 5-12
Table 5-5 Setting the IP address......................................................................................................... 5-13
Table 5-6 Adding a new user .............................................................................................................. 5-15
Table 5-7 Changing a user password ................................................................................................. 5-16
Table 5-8 Deleting a user .................................................................................................................... 5-17
Table 5-9 Changing system name ...................................................................................................... 5-18
Table 5-10 Adjusting system time ....................................................................................................... 5-19
Table 5-11 Configuring NTP ............................................................................................................... 5-20
Table 5-12 Set the time zone .............................................................................................................. 5-21
Table 5-13 Show the current running configuration............................................................................ 5-24
Table 5-14 Commands for saving the current running configuration.................................................. 5-26
Table 5-15 Restoring default configuration ......................................................................................... 5-27
Table 5-16 Checking network connectivity ......................................................................................... 5-28
Table 5-17 PING field descriptions ..................................................................................................... 5-29
Table 5-18 traceroute field descriptions.............................................................................................. 5-30
Table 5-19 show cpuinfo field descriptions ......................................................................................... 5-32
Table 5-20 show meminfo field descriptions....................................................................................... 5-33
Table 5-21 show module field descriptions......................................................................................... 5-35
Table 5-22 show system field descriptions ......................................................................................... 5-37
Table 5-23 Changing the event level .................................................................................................. 5-39
Table 5-24 Configuring log messages to display on the console ....................................................... 5-41
Table 5-25 Configuring log messages to display on a remote host.................................................... 5-42
Table 5-26 Configuring log messages to display on a Telnet session ............................................... 5-43
Table 5-27 Downloading software from a remote TFTP server.......................................................... 5-46
XIX
List of Tables
Table 6-1 Type of the Gigabit Ethernet port.......................................................................................... 6-2

Table 6-2 Basic Configuration of the Gigabit Ethernet Port.................................................................. 6-2
Table 6-3 Enabling or Disabling the Gigabit Ethernet Port ................................................................... 6-3
Table 6-4 Link State and Auto Sensing Function.................................................................................. 6-4
Table 6-5 Configuring auto sensing function ........................................................................................ 6-4
Table 6-6 Changing the Port and the transfer mode ............................................................................ 6-5
Table 6-7 Configuring Flow Control Function ....................................................................................... 6-6
Table 6-8 Setting the Port Name........................................................................................................... 6-6
Table 6-9 Setting the port trap .............................................................................................................. 6-7
Table 6-10 show port field descriptions ................................................................................................ 6-8
Table 6-11 show port with port argument field descriptions ................................................................. 6-9
Table 6-12 Basic Configuration of the Gigabit Ethernet PON Port..................................................... 6-11
Table 6-13 Enabling or Disabling the Gigabit Ethernet PON Port ...................................................... 6-12
Table 6-14 Setting the Maximum Bandwidth ...................................................................................... 6-13
Table 6-15 Setting the Polling Interval of the Bandwidth Group......................................................... 6-14
Table 6-16 IGMP Configuring the Maximum Number of IGMP Groups ............................................. 6-15
Table 6-17 Configuring Loopback Parameters ................................................................................... 6-16
Table 6-18 Clearing the MAC Address ............................................................................................... 6-17
Table 6-19 Resetting the Gigabit Ethernet PON Port ......................................................................... 6-17
Table 6-20 Restoring the Default Configuration.................................................................................. 6-18
Table 6-21 Clearing the Statistics Information .................................................................................... 6-18
Table 6-22 Upgrading Firm ware ........................................................................................................ 6-19
Table 6-23 Displaying the Chip Information........................................................................................ 6-21
Table 6-24 show port epon information field description .................................................................... 6-21
Table 6-25 Displaying the Link Information......................................................................................... 6-22
Table 6-26 Displaying the Statistics Information................................................................................. 6-23
Table 6-27 show port epon counter field description .......................................................................... 6-23
Table 6-28 Displaying Register Information of ONU........................................................................... 6-24
Table 6-29 show port epon discovery field description....................................................................... 6-24
Table 6-30 Basic Configuration of the Gigabit Ethernet PON Link..................................................... 6-25
Table 6-31 Type of SLA Parameter .................................................................................................... 6-26
Table 6-32 Configuring SLA Parameters ............................................................................................ 6-27
Table 6-33 Setting Encryption Key Exchange Timer .......................................................................... 6-28
Table 6-34 Adding MAC Address........................................................................................................ 6-29
Table 6-35 Controlling Link Registration............................................................................................. 6-30
Table 6-36 Rediscovering Links.......................................................................................................... 6-31
Table 6-37 Clearing Link Configuration .............................................................................................. 6-31
Table 6-38 Configure Simple bridge Mode ......................................................................................... 6-34
Table 6-39 Configuring Transparent VLAN mode............................................................................... 6-36
Table 6-40 Configuring Single VLAN .................................................................................................. 6-38
Table 6-41 Configuring Double VLAN................................................................................................. 6-40
Table 6-42 Configuring Shared VLAN................................................................................................. 6-42
Table 6-43 Configuring Translated VLAN ........................................................................................... 6-45
Table 6-44 Configuring Priority VLAN ................................................................................................. 6-47
Table 6-45 Configuring Priority Shared VLAN .................................................................................... 6-51
Table 6-46 Connecting two links ......................................................................................................... 6-53
Table 6-47 Displaying Bridging Mode Information.............................................................................. 6-55
Table 6-48 Displaying VLAN Tag Information..................................................................................... 6-56
XX Corecess S5 System User's Guide

List of Tables
Table 6-49 show show port epon link-id tag-map field decryption...................................................... 6-56
Table 6-50 Displaying Bandwidth Information .................................................................................... 6-57
Table 6-51 show show port epon link-id field description ................................................................... 6-57
Table 6-52 Displaying Statistics Information....................................................................................... 6-58
Table 6-53 show show port epon link-id counter field description ...................................................... 6-58
Table 6-54 Basic Configuration of ONU.............................................................................................. 6-59
Table 6-55 Setting Enable Status ....................................................................................................... 6-60
Table 6-56 Configuring Permission Mode........................................................................................... 6-61
Table 6-57 Configuring Upstream Queue ........................................................................................... 6-62
Table 6-58 Configuring Downstream Queue ...................................................................................... 6-64
Table 6-59 Specifying Packet Classification and Forward Queue...................................................... 6-65
Table 6-60 Configuring Ethernet port.................................................................................................. 6-68
Table 6-61 Specifying Number of Maximum MAC Address ............................................................... 6-70
Table 6-62 Clearing MAC address...................................................................................................... 6-71
Table 6-63 Restoring Configuration .................................................................................................... 6-71
Table 6-64 Resetting ONU.................................................................................................................. 6-72
Table 6-65 Clearing Statistics Information .......................................................................................... 6-72
Table 6-66 Upgrading Firmware ......................................................................................................... 6-73
Table 6-67 Displaying Index Number and MAC Address ................................................................... 6-75
Table 6-68 Displaying Configuration Information................................................................................ 6-75
Table 6-69 show port epon onu information field description ............................................................. 6-76
Table 6-70 Displaying Statistic Information......................................................................................... 6-77
Table 6-71 show port epon onu counter field description ................................................................... 6-77
Table 7-1 Default VLAN configuration .................................................................................................. 7-2
Table 7-2 Creating VLAN ...................................................................................................................... 7-4
Table 7-3 Assigning ports to a VLAN .................................................................................................... 7-5
Table 7-4 Assigning IP address to a VLAN........................................................................................... 7-6
Table 7-5 Assigning secondary IP address to a VLAN......................................................................... 7-7
Table 7-6 802.1 Configuring trunk port ................................................................................................. 7-9
Table 7-7 Configuring OSPF on the VLAN Interface .......................................................................... 7-12
Table 7-8 Setting Simple Password Authentication Method............................................................... 7-13
Table 7-9 IS-IS interface parameters .................................................................................................. 7-19
Table 7-10 RIP interface parameters .................................................................................................. 7-27
Table 7-11 Setting MD5 Authentication Mode .................................................................................... 7-28
Table 7-12 Setting Simple Password Authentication Mode................................................................ 7-29
Table 7-13 Specifying RIP Version ..................................................................................................... 7-30
Table 7-14 Enabling Split-Horizon ...................................................................................................... 7-31
Table 7-15 Enabling Multicasting on the VLAN Interface ................................................................... 7-32
Table 7-16 Shutting Down the VLAN Interface ................................................................................... 7-33
Table 7-17 Type and Function of IP Parameter.................................................................................. 7-34
Table 7-18 Configuring IP Parameters................................................................................................ 7-34
Table 8-1 Types of community.............................................................................................................. 8-5
Table 8-2 Default SNMP configuration.................................................................................................. 8-6
Table 8-3 Setting the system contact and location information ............................................................ 8-6
Table 8-4 Configuring SNMP community.............................................................................................. 8-7
Table 8-6 Enabling a trap type ............................................................................................................ 8-10
Table 8-7 Configuring a trap host........................................................................................................ 8-11
Table 8-8 Restrict Host Access........................................................................................................... 8-12
XXI
List of Tables
Table 8-9 show snmp-server field descriptions................................................................................... 8-14

Table 8-10 show snmp-server community-list field descriptions ........................................................ 8-15
Table 8-11 show snmp-server statistics field descriptions.................................................................. 8-16
Table 8-12 show snmp-server traphost field descriptions .................................................................. 8-17
Table 8-13 Enabling RMON ................................................................................................................ 8-19
Table 8-14 Configuring RMON statistics group .................................................................................. 8-20
Table 8-15 Configuring RMON history group...................................................................................... 8-22
Table 8-16 Configuring Alarm Groups ................................................................................................ 8-26
Table 8-17 Configuring RMON event group ....................................................................................... 8-29
Table 8-18 Collecting Bandwidth Information of Traffic ...................................................................... 8-31
Table 8-19 show rmon field descriptions ............................................................................................ 8-33
Table 8-20 SNMP & RMON Configuration Commands ...................................................................... 8-34
Table 9-1 Criteria for packet classification .......................................................................................... 9-18
Table 9-2 Creating a class map .......................................................................................................... 9-19
Table 9-3 QoS action supported by the Corecess S5 System ........................................................... 9-21
Table 9-4 Creating a policy map ......................................................................................................... 9-22
Table 9-5 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map ............. 9-23
Table 9-6 Configuring packet filtering of a traffic class in a policy map.............................................. 9-24
Table 9-7 Configuring a transmission queue for a traffic class........................................................... 9-25
Table 9-8 Specifying a priority of a traffic class in a policy map ......................................................... 9-26
Table 9-9 Configuring rate-limit of a traffic class in a policy map ....................................................... 9-27
Table 9-10 Applying QoS service policy ............................................................................................. 9-28
Table 9-11 Specifying User Priority..................................................................................................... 9-29
Table 9-12 Applying Policing to a Port................................................................................................ 9-31
Table 9-13 Specifying Priority for CoS Field ....................................................................................... 9-32
Table 9-14 Specifying priority for transmission queue........................................................................ 9-33
Table 9-15 Configuring Shaping ......................................................................................................... 9-34
Table 9-16 Controlling Broadcast Storm............................................................................................. 9-35
Table 9-17 Filtering DHCP Offer Packet............................................................................................. 9-37
Table 9-18 Filtering File and Resource Sharing Protocol ................................................................... 9-39
Table 9-19 Filtering Default Traffic...................................................................................................... 9-40
Table 9-20 Filtering Broadcast Packet................................................................................................ 9-41
Table 9-21 QoS Configuration Commands......................................................................................... 9-42
Table 10-1 Parameters for Configuration DHCP Server..................................................................... 10-4
Table 10-2 Enabling DHCP server...................................................................................................... 10-5
Table 10-3 Global DHCP server parameters ...................................................................................... 10-5
Table 10-4 Configuring the global DHCP server parameters ............................................................. 10-6
Table 10-5 Verifying the DHCP subnet for the Interface .................................................................. 10-11
Table 10-6 Configuring DHCP server parameters for each subnet.................................................. 10-12
Table 10-7 Specifying IP address pool for DHCP clients ................................................................. 10-13
Table 10-8 Configuring Static Host ................................................................................................... 10-16
Table 10-10 Enabling DHCP relay .................................................................................................... 10-21
Table 10-11 Adding DHCP server for the DHCP relay ..................................................................... 10-22
Table 10-12 Enabling DHCP relay security ...................................................................................... 10-23
Table 10-13 Assigning the weight to the secondary IP address....................................................... 10-24
Table 10-14 show dhcpserver Field Description............................................................................... 10-26
Table 10-15 show dhcpserver subnet all field descriptions .............................................................. 10-29
Table 10-16 show dhcpserver subnet field descriptions................................................................... 10-29
XXII Corecess S5 System User's Guide

List of Tables
Table 10-17 show dhcpserver subnet <subnet-name> iprange field description ............................. 10-29
Table 10-18 show dhcpserver lease field descriptions ..................................................................... 10-31
Table 10-19 show dhcpserver lease field descriptions ..................................................................... 10-31
Table 10-20 show dhcpserver host field descriptions....................................................................... 10-32
Table 10-21 show dhcprealy field descriptions ................................................................................. 10-33
Table 10-22 show dhcprealy serverlist field descriptions ................................................................. 10-34
Table 10-23 show dhcp statistics field descriptions .......................................................................... 10-36
Table 10-24 DHCP configuration commands ................................................................................... 10-37
Table 11-1 Kinds of Global DHCP snoop Packet Control Parameters ...................................... 11-11
Table 12-1 Configuring Telnet Session Timeouts............................................................................... 12-5
Table 12-2 Defining Access Lists........................................................................................................ 12-7
Table 12-3 Applying the access list to terminal line............................................................................ 12-9
Table 12-4 Applying the Access List to SNMP Access..................................................................... 12-10
Table 12-5 Security configuration commands................................................................................... 12-11
Table 13-1 Enabling PIM-SM ............................................................................................................ 13-10
Table 13-2 Enabling PIM-DM............................................................................................................ 13-12
Table 13-3 Enabling DVMRP ............................................................................................................ 13-13
Table 13-4 Configuring a Static Multicast Route............................................................................... 13-16
Table 13-5 Enabling router compatibility with RFC 2362.................................................................. 13-28
Table 13-6 show ip mroute Field Description.................................................................................... 13-46
Table 13-7 show ip pim configuration field descriptions ................................................................... 13-48
Table 13-8 show ip pim interface field descriptions .......................................................................... 13-49
Table 13-9 show ip pim interface detail field descriptions ................................................................ 13-50
Table 13-10 show ip pim neighbor field descriptions........................................................................ 13-51
Table 13-11 show ip pim bsr-router field descriptions ...................................................................... 13-52
Table 13-12 show ip pim rp mapping Field Description.................................................................... 13-53
Table 13-13 show ip dvmrp configuration filed descriptions ............................................................. 13-54
Table 13-14 show ip dvmrp interface field descriptions.................................................................... 13-55
Table 13-15 show ip dvmrp neighbor field descriptions.................................................................... 13-56
Table 13-16 show ip dvmrp route field descriptions ......................................................................... 13-57
Table 13-17 show ip dvmrp prune field descriptions ........................................................................ 13-57
Table 13-18 show ip igmp configuration field descriptions ............................................................... 13-58
Table 13-19 show ip igmp group field descriptions........................................................................... 13-60
Table 14-1 Configuring the Standard Route ....................................................................................... 14-3
Table 14-2 Configuring the VLAN Interface Route ............................................................................. 14-4
Table 14-3 Configure the Loopback Route ......................................................................................... 14-5
Table 14-4 Configuring the Null Route................................................................................................ 14-6
Table 14-5 Configuring the Default Gateway...................................................................................... 14-7
Table 14-6 Enabling BGP ................................................................................................................. 14-11
Table 14-7 Specifying Router ID ....................................................................................................... 14-12
Table 14-8 BGP neighbor Parameters.............................................................................................. 14-18
Table 14-9 BGP neighbor Timer ....................................................................................................... 14-30
Table 14-10 BGP Parameters........................................................................................................... 14-34
Table 14-11 show ip bgp field description......................................................................................... 14-39
Table 14-12 show ip bgp attribute-info Field Description.................................................................. 14-41
Table 14-13 show ip bgp cidr-only Field Description ........................................................................ 14-42
Table 14-14 show ip bgp community-info Field Description ............................................................. 14-43
Table 14-15 show ip bgp community Field Description .................................................................... 14-44
XXIII
List of Tables
Table 14-16 show ip bgp community-list Field Descriptions............................................................. 14-45

Table 14-17 show ip bgp filter-list Field Descriptions ....................................................................... 14-47
Table 14-18 show ip bgp neighbors Field Description...................................................................... 14-48
Table 14-19 show ip bgp neighbors path Filed Descriptions ............................................................ 14-50
Table 14-20 show ip bgp regexp Field Descriptions......................................................................... 14-51
Table 14-21 show ip bgp scan Field Description .............................................................................. 14-52
Table 14-22 show ip bgp summary Field Descriptions ..................................................................... 14-53
Table 14-23 BGP Commands ........................................................................................................... 14-54
Table 14-24 OSPF Parameters......................................................................................................... 14-66
Table 14-25 SPF Timer ..................................................................................................................... 14-70
Table 14-26 show ip ospf command Field Description ..................................................................... 14-74
Table 14-27 show ip ospf border-routers Field Description .............................................................. 14-75
Table 14-28 show ip ospf database Command Option..................................................................... 14-75
Table 14-29 show ip ospf interface Filed Description ....................................................................... 14-76
Table 14-30 show ip ospf neighbor Field Description....................................................................... 14-78
Table 14-31 show ip ospf route Field Description............................................................................. 14-79
Table 14-32 OSPF Commands......................................................................................................... 14-80
Table 14-33 IS-IS NET Structure ...................................................................................................... 14-84
Table 14-34 Enabling IS-IS ............................................................................................................... 14-86
Table 14-35 IS-IS Parameters .......................................................................................................... 14-88
Table 14-36 show isis counter Field Description .............................................................................. 14-99
Table 14-37 show isis database Field Description ......................................................................... 14-100
Table 14-38 show isis interface Field Description........................................................................... 14-101
Table 14-39 show isis topology Field Description........................................................................... 14-102
Table 14-40 IS-IS Commands......................................................................................................... 14-103
Table 14-41 Differences of RIPv1 and RIPv2 ................................................................................. 14-106
Table 14-42 Fields of RIP Route Entry ........................................................................................... 14-106
Table 14-43 Timers for RIP............................................................................................................. 14-108
Table 14-44 RIP Parameters .......................................................................................................... 14-111
Table 14-45 RIP Timers .................................................................................................................. 14-116
Table 14-46 show ip rip Field Description....................................................................................... 14-118
Table 14-47 show ip rip interface Field Description........................................................................ 14-120
Table 14-48 RIP Commands........................................................................................................... 14-121
Table 15-1 Setting LACP Operation Mode ......................................................................................... 15-5
Table 15-2 Setting LACP Partner key ................................................................................................. 15-7
Table 16-1 STP Timers ....................................................................................................................... 16-4
Table 16-2 Comparison of STP and RSTP port states....................................................................... 16-7
Table 16-3 Default STP Configuration ................................................................................................ 16-8
Table 16-4 Enabling STP on a VLAN.................................................................................................. 16-9
Table 16-5 Enabling STP on a port................................................................................................... 16-11
Table 16-6 Setting the Bridge ID....................................................................................................... 16-12
Table 16-7 Configuring the path cost ................................................................................................ 16-13
Table 16-8 Configuring STP encoding mode.................................................................................... 16-15
Table 16-9 Configuring the port priority ............................................................................................ 16-16
Table 16-10 Setting spanning tree timers ......................................................................................... 16-17
Table 16-11 Enabling RSTP on a VLAN........................................................................................... 16-21
Table 16-12 Configuring the path cost .............................................................................................. 16-22
Table 16-13 Configuring RSTP encoding mode ............................................................................... 16-24
XXIV Corecess S5 System User's Guide

List of Tables
Table 16-14 Configuring Spanning Tree Protocol Type ................................................................... 16-25

Table 16-15 Configuring an Edge Port ............................................................................................. 16-26
Table 16-16 STP and RSTP Configuration Commands ................................................................... 16-28
Table 17-1 Configuring the IP interface .............................................................................................. 17-5
Table 17-2 Creating a virtual router .................................................................................................... 17-6
Table 17-3 Enabling the virtual router ............................................................................................... 17-10
Table 17-4 show vrrp Field Description ............................................................................................ 17-14
Table 17-5 VRRP commands ........................................................................................................... 17-15
Table 19-1 Corecess M5 System Slot Composition ........................................................................... 19-6
Table 19-2 Corecess M5 System Slot............................................................................................... 19-10
Table 19-3 Corecess M5 System SLU Module................................................................................. 19-13
Table 19-4 Corecess M5 System OLU Module ................................................................................ 19-13
Table 19-5 M5-SLU-16CH and M5-SLU-16CH module system status LED .................................... 19-15
Table 19-6 M5-SLU-16CH and M5-SLU-8CH module Ethernet Management Port LED functions . 19-16
Table 19-7 M5-OLU-WE16CH and M5-OLU-WE8CH module Run LED functions.......................... 19-18
Table 19-8 Required manpower according to product weight .......................................................... 19-27
Table 19-9 System Use Environment ............................................................................................... 19-28
Table 19-10 System Power Specs.................................................................................................... 19-28
Table 19-11 Types of modules that can be attached to each system slot ....................................... 19-31
Table A-1 Corecess S5 System hardware specifications .....................................................................A-2
Table A-2 Corecess S5 System software specifications ......................................................................A-4
Table A-3 Corecess 4500 Optical Splitter Specification .......................................................................A-7
Table B-1 Pin Configuration of 10/100/1000Base-T Port .....................................................................B-2
Table B-2 Pin Configuration of Ethernet Management Port .................................................................B-2
Table B-3 Pin Configuration of Console Port ........................................................................................B-3
Table B-4 Pin Configuration of Console Port ........................................................................................B-3
Table B-5 System Modules with Fiber Optic Ports Duplex LC Fiber Optic Cable ................................B-6
XXV
List of Tables
XXVI Corecess S5 System User's Guide

Chapter 1 Overview
This chapter introduces the Corecess S5 System functions and features and describes several kinds of
network examples configurable with the Corecess S5 System.
9 Introduction 1-2
9 Applications 1-8
Introduction
Introduction
The Corecess S5 System is multi-functional platform used as AON switch, E-PON OLT and WDM-
PON OLT on Ethernet-based fiber optic network. The Corecess S5 System provides TPS (Triple Play
Service) solution that integrates broadband Internet, Broadcasting and telephone service.
y AON Switch : Active Optical Network Switch
y E-PON OLT : Passive Optical Network OLT (Optical Line Terminal)
y WDM-PON OLT : GW-PON( Gigabit Ethernet WDM PON) OLT , WE-PON (WDM E-PON) OLT
The S5 platform is high performance switch router that acts as PON OLT and Ethernet
Aggregation Switch. It provides various optical links while generating and controlling the
services. It offers the optical links of GEPON, Gigabit Ethernet and also acts as OLT for WDM
PON and Super PON if it combines with WDM multiplexer. The S5 platform makes access
network simple by integrating multiple functions into a single scalable platform. With its high
functionalities and scalability, it enables both of residential and commercial services with a
single platform.
1-2 Corecess S5 System User's Guide

Introduction
The S5 consists of 3 different types of chassis, various Switching & Control Module(SCM) and
Line Interface Module(LIM). The capacity of back plane, SCM and LIM are scalable in terms of
throughput and density. The 10 Gigabit Ethernet is ready for the service of today and future.
SCM and LIM are compatible between chassis to implement a system with mix and match. With
this modular designs, it provides the great flexibility for operators to have wide ranges of
options depending on their services and density while keeping simplicity with same function
and performance.
The Corecess S5 System supports the high performance QoS. Thus, the user can control several
kinds of traffic (voice, video and other important data) efficiently. The Corecess S5 System
provides reliable service that gives important packets high priority and processes the packet
faster than others .
The Corecess S5 System is easy to use and can be easily installed as well. And LEDs on the front
panel of the Corecess S5 System make it easy to manage the product and networks through
notifying the operation status, port conditions and fault occurrence.
Overview 1-3
Hardware Features
Hardware Features
Slot Configuration
Slot composition according to Corecess S5 series chassis is as follows:
Item S511CH S518CH S506CH
Number of total slot 10 18 5
Number of SCM slot 2 2 1
Location of SCM slot Top Center Top
Maximum backplane capacity 64G 64G 32G
Maximum slot capacity 8G 4G 8G
Chassis
S518 - 2 SCM slots, 16 LIM slots, 12 RU, DC only
S511 - 2 SCM slots, 8 LIM slots, 7 RU, DC/AC
S506 - 1 SCM slots, 4 LIM slots, 4 RU, DC/AC

Hardware Features
Switching & Control Module

Slot (Numner) Module Description
y 4 uplink ports for Gigabit Ethernet (SFP)
y 4 uplink ports for Gigabit Ethernet (RJ-45, Optional)
SCM-B72G y 2 uplink ports for 10G Ethernet (XFP,Optional)
y 1 Console Ports (RJ-45)
y 1 Ethernet Management Port (RJ-45)
SCM Slot y 4 uplink ports for Gigabit Ethernet (RJ-45, Optional)
SCM-24G
y 4 uplink ports for Gigabit Ethernet (RJ-45 or SFP)

SCM-20G y 1 Console Ports (RJ-45)
Line Interface Module

Slot Module Description
LIM-GW16GF y 16 WDM-PON Ports (SC/APC)
LIM-D16GF y 16 Gigabit Ethernet Ports (SFP)
LIM Slot
LIM-D16GT y 16 Gigabit Ethernet Ports (1000Base-T, UTP)
LIM-EP4G-GR y Gigabit Ethernet PON Ports (1000Base-PX SFP)
Overview 1-5
Hardware Features
High performance OLT platform
y Future proofed optical links : GEPON, Gigabit Ethernet, WDM PON and Super PON
y Multiple function including control of services and management of subscribers
y Common platform for both of residential and commercial service
y Common platform for both of all-fiber network and deep-fiber network
Scalable and flexible architecture
y Capacity of back plane and SCM, throughput speed of interface and port density are scalable
y SCM and LIM are common and compatible for 3 different types of chassis
y Supports multiple topology of network including star, ring and tree
Easy deployment and maintenance
y Full front access and compliance on ETSI standard form factor
y Hot swappable SCM and LIM
y Integrated management including ONU and ONT
Superior performance of GEPON
y Supports multiple Logical Link Identifier
y Hardware based high speed Dynamic Bandwidth Allocation
High reliability and availability
y System redundancy : power and SCM
y Network redundancy : uplink and line link including GEPON
y Graceful restart
y H/W upgrade without service discontinuity

Software Features
Software Features
Layer 2 Switching
The Corecess S5 System provides the Layer 2 Switching function as follows:
y Supports IEEE 802.3x Flow control
y Supports IEEE 802.1p Traffic Priority (eight priority queues)
y Supports Port based VLAN and IEEE 802.1q tagged VLAN (maximum: 4,096)
y VLAN processing including 802.1Q and Q-in-Q
y Supports Link aggregation using trunk and IEEE802.3ad
y Supports STP(Spanning Tree Protocol) and RSTP(Rapid STP)
Layer 3 Switching and Routing
The Corecess S5 System supports Layer 3 switching. Because Layer 2 switches don’t support the
Layer 3 communication between VLANs, a separate router is needed to link the VLANs. But the
Corecess S5 System supporting Layer 3 switching can process all incoming packets without a
separate router.
The Corecess S5 System supports the following IP routing protocols:
y RIPv1 and RIPv2
y OSPF
y IS-IS
y BGPv4
y VRRP
Packet processing functionalities
y multiple priority queue support, congestion control, traffic shaping & policing and modification
y ACL based filtering
y DHCP server and relay
Overview 1-7
Software Features
QoS (Quality of Service)
The Corecess S5 System supports the following QoS functions:
y Packet classification and marking
y Class - based packet scheduling
Item SCM-20G SCM-24G SCM-72G
ACL table size 128 per port 2,048 2,048
Yes (Based on Yes (Based on Yes (Based on

S MFC support
L2/L3/L4~L7 fields) L2/L3/L4~L7 fields) L2/L3/L4~L7 fields)
e Marking & Yes Yes Yes
(CoS, DSCP or IP (CoS, DSCP or IP (CoS, DSCP or IP
c remarking support precedence, ToS) precedence, ToS) precedence, ToS)
No.
u Hierarchical No. (Only 1 stage queue No. (Only 1 stage queue
(Only 1 stage queue
queuing support support) support)
r support)
i No. of queues 8 per port 8 per port 8 per port
t Strict Priority
Yes Yes Yes
y (SP) support
Weight Fair Queue
No Yes Yes
T (WFQ) support
h Weight Round
e Robin (WRR) Yes Yes Yes
support
C Deficit Weighted
o Round Robin No Yes Yes
r (DWRR) support
e
128 per port 2,048 2,048
c ACL table size
e Maximum slot
4G 8G 8G
s capacity

Software Features
Multicasting
The Corecess S5 System supports the following multicasting protocols for the high quality
broadcasting service:
y IGMPv2 and IGMP snooping
y PIM-SM and PIM-DM
y DVMRP
y SLA using multiple LLID of GEPON
Security
S5 System provides the following security function:
y Supports system access control using access lists
y Supports DHCP filtering to prevent unauthorized operation of private DHCP Server
y Supports NetBIOS filtering to prevent file sharing among subscribers
y Supports CIFS filtering using MAC address, IP address and TCP/UDP port number
y Secured network from bad users’ threats
y Protection from IP/ARP spoofing, packet storming & TCP sync flooding
Network Management
The Corecess S5 System supports SNMP (Simple Network Management Protocol), RMON
(Rmote MONitoring) and port mirroring for network management. You can monitor and
control the Corecess S5 System network via the console port, Telnet session, or the Corecess
NMS, ViewlinX.
y CLI (Command Line Interface) Command

CLI is system control command to operate the Corecess S5 System through Telnet or the terminal
connected to console port. You can monitor the system status and configure the system. By default, 10
Telnet sessions can be opened at the same time to connect the Corecess S5 System.
y ViewlinX Manager / EMS

The ViewlinX Manager and ViewlinX EMS (Element Management System) are Corecess NMS (Network
Management System). The ViewlinX Manager and Viewlinx EMS have easy user interface and intuitive
screen configuration, so that users can manage a network easily and conveniently. And, because the
real pictures of devices presented the operating status and configuration are displayed, users can find
out and set devices at a glance.
Overview 1-9
Software Features
y Port Mirroring
The Corecess S5 System allows you to use the port mirroring function without affecting the switching
performance.
y RMON
The Corecess S5 System provides four RMON groups (history, statistics, alarms, and events) in each
port as traffic management, monitoring and analysis tools.
y Remote Software Update

The Corecess S5 System provides easy-to-upgrade using FTP and TFTP in a remote place.

Applications
Applications
This section describes example applications for the Corecess S5 System.
All Fiber Network with S5 System
Overview 1-11
Applications
Deep Fiber Network with S5 System
WDM PON Solution with S5 Series
GW-PON Network with S511-CH

Applications
SuperPon Network with M5 Mux Platform
Overview 1-13
Applications

Chapter 2 Hardware Description
This chapter introduces the structures of the front and rear side of the Corecess S5 System and describes
the function and appearance of the modules provided for the Corecess S5 System. This chapter also briefs
the devices connected to the Corecess S5 System.
9 System Chassis 2-1
9 System Module 2-6
9 Devices Connecting 2-14

System Chassises
System Chassises
This section describes the external features of the Corecess S5 System chassises.
Corecess S5 series consists of various chassises and SCM(Switching Control Module), LIM(Line
interface Module). Those help operator with flexible and economical configuration environment
enough to achieve the aimed network.
S511 Chassis
View
There are ten slots, rack blaket, fan tray and fan filter in front of Corecess S511 system. The SCM
and LIM module are equiped in the slots, and a back-plane board inside the chassis makes SCM
and LIM module communicate each other. Three power moudules supplies the Corecess S5
system with the ensured power. The default state of two of them is running and that of the
other is under earmark for stand-by. In the emergent event of a failure of source power to one

System Chassises
supply, or the failure of one power supply, the redundant power option guarantees stable and
uninterrupted opertion.
The view above displays that LIM-GW16GF, designed to be equipped in only S511, occupies
double slots. LIM module can be installed up to 8 from bottom.
Slot
SCM Slot (10)
SCM Slot (9)
LIM Slot (8)
LIM Slot (7)
LIM Slot (6)
LIM Slot (5)
LIM Slot (4)
LIM Slot (3)
LIM Slot (2)
LIM Slot (1)
S511 Features
Power is supplied in the form of module with DC -48V. Three power moudules supplies the
Corecess S5 system with the ensured power. The default state of two of them is running and
that of the other is under earmark for stand-by.
The function of hot swapping provided by Corecess S5 system allows operator to add, replace
or remove any modules without interrupting or shutting down the system power or interfaces.
The 9 and 10 number of SCM modules are under control of redundancy.
Hardware Description 2-3

System Chassises
S518 Chassis
There are 18 slots, rack bracket, fan tray and fan filter in font of Corecess S518 System. The SCM
and LIM module are equipped in the slots, and a back-plane board inside the chassis makes
SCM and LIM module communicate each other.
View
DC Power
Rack blaket
Fan filter
<Corecess S518>
Slot (S518)
System slot of Coreecess S5 518 may be equipped with 2 SCM modules for switching and
system control and 16 Lim modules that can be used for Gigabit Ethernet or Gigabit Ethernet
PON Interface. Type and slot numbers for Corecess S5 system slot are as follows. Slot numbers
are used when performing system setup or monitoring via CLI command.
LIM Slot 01
LIM Slot 02
LIM Slot 03
LIM Slot 04
LIM Slot 05
LIM Slot 06
LIM Slot 07
LIM Slot 08
LIM Slot 09
LIM Slot 10
LIM Slot 11
LIM Slot 12
LIM Slot 13
LIM Slot 14
LIM Slot 15
LIM Slot 16
SCM Slot 1
SCM Slot 2

System Chassises
S518 Features
Power is supplied in the form of power line duplication with DC -48V.

The function of hot swapping provided by Corecess S5 system allows operator to add, replace
or remove any modules without interrupting or shutting down the system power or interfaces.

System Chassises
S506(S505) Chassis
There are five slots, rack bracket, fan tray and fan filter in font of Corecess S5 System. The SCM
and LIM module are equipped in the slots, and a back-plane board inside the chassis makes
SCM and LIM module communicate each other. Unlike the Corecess S505, the Corecess S506
provides maximum two AC power modules.
View
<Corecess S505>
Rack Braket Fan Tray Fan Filter Rack Braket
<Corecess S506>
AC Power Module AC Power Module

System Chassises
Slot(S505,S506)
The Corecess S506 has five slots in which one SCM module and four LIM modules can be
installed. The SCM module takes charge of switching and system control, and the LIM modules
provide Gigabit Ethernet PON interface. When you execute CLI commands for system
configuration or monitoring, use the slot number. Each slot’s type and number is as follows:
SCM Slot (5)

LIM Slot (4)
LIM Slot (3)
LIM Slot (2)
LIM Slot (1)
S506 Feature
The AC power modules supplies AC power (100V~220V) to the Corecess S5 System. The
Corecess S506 supports redundant AC-input power supplies. In the event of a failure of source
power to one supply, or the failure of one power supply, the redundant power option ensures
uninterrupted operation.
S505 Feature
The terminal block is used to connect external DC power supplies of –48VDC or rectifiers. There
are 3 terminals in the terminal block: FG, GND, and -48VDC. The Corecess S505 supports
redundant DC-input power supplies. In the event of a failure of source power to one supply, or
the failure of one power supply, the redundant power option ensures uninterrupted operation.
the Corecess S505 provides two terminal blocks on the rear of chassis

System Chassises
Chassis Common Items
Table 2-1 Corecess S5 System Slot
Slot Rear of S505

Description
SCM Slot Installation of SCM modules that control overall performance of system and provide
switching functions
LIM Slot Installation of LIM modules that provides Gigabia Ethernet or PON interface for Gigabit
Ethernet
The Corecess S5 System’s slots support hot-swap function, and you can install a module into the
slot without turning the system off.
Note : For more information of modules, ports and LEDs, refer to System Modules in this chapter.
Rack Bracket
The rack bracket is used when equipping the Corecess S5 System to install it on a 19-inch rack.
Chapter 4 Installation describes how to mount the Corecess S5 System with a rack bracket on a 19-
inch rack.
Fan Tray
The system fan comes with cooling fan that maintain proper temperatures inside the chassis.
The LED on the fan tray denotes power supply and operating status. During the fan module
operates normally, the LED is lit on green. When a user stops operating the cooling fan, the LED
is lit on orange. When the cooling fan has a problem, the LED is lit on red.
Fan Filter
The fan filter filters dust which comes into the system through the ventilation holes. The fan
filter should be checked depend on cleanliness of the location, and replaced or cleaned if
necessary.

System Chassises
Ground Terminal
The ground terminal is a terminal for the system ground. Connect the ground terminal to the
external ground using ground for preventing an electric shock or the system damage .
A ground terminal is generally on the rear of chassises, but S518 chassis is not.
<Corecess S505>
Ground Terminal
<Corecess S506> <Corecess S518>
Ventilation Holes
The ventilation holes are where heat, which is generated while the Corecess S5 System is
operating, comes out and external cold air is taken in. If the ventilation holes are blocked when
using the Corecess S5 System, the product may overheat because the internal hot air and
external cold air cannot circulate properly.
<Corecess S505> Ventilation Holes <Corecess S506>

System Modules
System Modules
Slot Configuration
Operator can make his or her easier way to configure the aimed network with the help of
various chassis and module in Corecess S5 series.
The various modules can be installed as follows.
Item S511CH S518CH S505CH-GR S506CH-GR
Number of total slot 10 18 5 5
8 2 1 1
Location of SCM slot Top Center Top Top
Maximum backplane
capacity 64G 64G 32G 32G
Maximum slot capacity 8G 4G 8G 8G

SCM Module
SCM Module
The Corecess S5 system provides the following SCM module:
Table 2-2 Slot configuration of Corecess S5 system

SCM Slot
SCM-24G
SCM Slot Capacity

Slot capacity SCM20G SCM-B24G SCM-B72G
S511 2G per slot 2G per slot 8G per slot

SCM Module
Performance of Switching and Routing

Item SCM20G SCM-B24G SCM-B72G
20G full duplex 24G full duplex 72G full duplex

Switching fabric capacity
(40G aggregate) (48G aggregate) (144G aggregate)
MAC address
16K entry 16K entry 16K entry
table size
VLAN table size 4K entry 4K entry 4K entry
IPv4 routing
Max. 64K entry 12288 12288
table size
Memory
Item SCM20G SCM-B24G SCM-B72G
Main Memory size 256Mbytes
Boot ROM size 512Kbytes
Packet buffer size
(per switching chip) 1Mbytes 2Mbytes 2Mbytes
System Status LED (Run, Master)

System Status LED displays the status of the Corecess S5 System and SCM module.
Table 2-3 System Status LED Functions on the SCM Module
LED Color State Description
On The system is being initialized.
Green Flashing The processor is operating normally after system initialization.

Run
Off Power is not being supplied to the system.
Red On The system is not operating normally.
On The module is operating as master mode.

Master Green
Off The module is operating as slave mode.
Note: Master LED is only operated when two SCM modules are installed in the system for redundancy.

SCM Module
Reset Switch (Reset)

The reset switch is used to reboot the Corecess S5 System. When the reset switch is pressed, all
configuration information that has not been saved is deleted, and the connections between each
port and other devices are disconnected. Use pointed objects like a ball-point pen when
pressing the reset switch.
Port Type
Console Port (Console)
The console port is used to connect a console terminal for monitoring and configuring the
Corecess S5 System. To connect the console port to a console terminal, use the included console
cable. A PC or a workstation installed with a terminal emulation program or VT-100 terminal
can be used as a console terminal.
Ethernet Management Port (Ethernet)
The Ethernet Management port is used for connecting the Corecess S5 System to the network to
manage the system by the NMS (Network Management System) or Telnet. The Ethernet
Management port is a 10/100Base-TX port. In connection with 10/100Base-TX port, the speed
(10Mbps or 100Mbps) and the transmission mode (full-duplex or half-duplex) are automatically
configured in accordance with the speed and transmission mode of the connected device. The
cables for connecting to the Ethernet Management port are twisted-pair category 3, 4 and 5 with
RJ-45 connectors at both ends.
The following table describes the information indicated by the Ethernet Management port
LEDs:
Table 2-4 LED Functions of Ethernet Management Port on the SCM Module
On The Port is operating and being connected to the device.

Link/
Green Flashing Data is being transmitted/received through the port.
Act
Off The port is not operating or not connected to the device.
10/100 Yellow On The port is operating at 100Mbps.

SCM Module
Off The port is operating at 10Mbps.
GbE(Gigabit Ethernet) Port

The Gigabit Ethernet port is an uplink port connected the Corecess S5 System to core network.
The SCM-Module has two types of Gigabit Ethernet port, and each Gigabit port has four ports.
y 10/100/1000Base-T Port (RJ-45 connector)
y SFP GbE Port
The couple of ports can be combined for its use. Therefore the one port is surely "off" in the case
of the 'on" status of the other.
10/100/1000Base-T Port SFP GbE Port
O O O X X X X O
The following table is the specifications of the Gigabit Ethernet port:
Table 2-5 Gigabit Ethernet Port Specification for SCM Module
Feature 10/100/1000Base-T Port SFP GbE Port

Full-duplex mode or Half-duplex mode
Transfer Mode Full-duplex mode
(Auto sensing)
Transfer Speed 10/100/1000Mbps 1000Mbps
Connector Type RJ-45 Optional
Port Number 4 4
Maximum
100m Optional
Transfer Distance
Transfer Media Twisted-pair category-5+, 6 cable Fiber(Optic)

SCM Module
The following table describes the information indicated by the 10/100/1000Base-T port LEDs:
Table 2-6 10/100/1000Base-T Port LED Function of SCM Module

Link/
Act
1000 On The port is operating at 1000Mbps.

Yellow
10/100
Off The port is operating at 10/100Mbps.
The following table describes the information indicated by the port LEDs:
Table 2-7 Port LED Function of SCM Module

Link/
Act
10G Ethernet Port
The Gigabit Ethernet port is an uplink port connected the Corecess S5 System to core network.
XFP 10GBaseR upilnk port requires additional 10GbE XFP transciver.
y 10 Gigabit Ethernet uplink interface (10GBase-R XFP)
The following table lists the specifications of the Gigabit Ethernet port on the SCMmodule:
Table 2-8 Gigabit Ethernet Port Specification for SCM Module
Feature 10GBase-R XFP Port
Transfer Speed 10Gbps
Connector Type SFP
Port Number 2

SCM Module
SCM-B72G
SCM-B72G is switching control module that privide system control function and Layer 3
swithching. SCM-B72G module provides 4 Gigabit Ethernet uplink ports (SFP type), optional
two 10G Ethernet uplink ports(XFP type), optional 4 Gigabit Ethernet uplink ports (RJ-45),
console port and ethernet port.
SFP GbE Port SFP GbE Port LED
Reset Switch
System Status LED Console Port 10G XFP port
Ethernet Management Port
SCM-B24G
SCM-B24G is switching control module that privide system control function and Layer 3
swithching . SCM-B24G module provides 4 Gigabit Ethernet uplink ports (SFP type), optional 4
Gigabit Ethernet uplink ports (RJ-45), console port, and ethernet port.
10/100/1000Base-T SFP GbE Port SFP GbE Port LED
Reset Switch Port LED
System Status LED Console Port 10/100/1000Base-T Port

SCM Module
SCM-20G
SCM-20G is switching control module that privide system control function and Layer 3
swithching. The SCM-20G has four Gigabit Ethernet uplink ports (RJ-45 or SFP), the Console
port and the Ethernet port.
The function of parts, the front panel of SCM-20G module, is as follows:
10/100/1000Base-T SFP GbE Port SFP GbE Port LED
Reset Switch Port LED
System Status LED Console Port 10/100/1000Base-T Port

LIM Module
LIM Module
The Corecess S5 system provides the following LIM module:
Table 2-9 Corecess S5 LIM Module
LIM Slot
Run LED
Run LED displays the status of the LIM module.
Table 2-10 Run LED Functions on the LIM-EP4G-GR Module
On The module is being initialized.
Green Flashing The processor is operating normally after system initialization.

Run
Off Power is not being supplied to the system.
Red On The system is not operating normally.

LIM Module
Port LED
The following table describes the information indicated by port LEDs:
Table 2-11 LED Functions of 1000Base-PX SFP E-PON Port.

Link/
Act
Port Type
GW-PON Port(Optical Link)
GW-PON port(optical link) in S5-LIM-GW16GF can transport the electric signal to the
multiplexed 16 channel in one fiber in one time.
Feature Specification
Forwarding capacity 16 Gbps full duplex
WDN-PON Optical link port connector 1 SC/APC
Seed light source input connector 2 SC/APC (with redundancy)
No.of Channel 16
Operation Wavelength C-band

ITU-T CH23~53, 200GHz Spacing
Center Wavelength
CH23= 1558.98nm, CH53=1535.04nm
1000Base-PX SFP E-PON Port
The 1000Base-PX SFP E-PON Port is connected to the maximum number of 32 ONT(Optical
Network Terminal) through a splitter.
The following table lists the specifications of the 1000Base-PX SFP E-PON Port.

LIM Module
Table 2-12 Specifications of 1000Base-PX SFP E-PON Port
Transfer Speed 1000Mbps
Connector Type Simplex SC/PC
Port Number 4
Branch Number per
32
Port
Maximum Transfer 1000Base-PX10 10Km

Distance 1000Base-PX20 20Km
1000Base-PX10 y Rx : 1310nm Single mode fiber optic cable

Transfer Media
1000Base-PX20 y Tx : 1490nm Single mode fiber optic cable
SFP GbE Port
The SFP GbE Port is used as downlink port connected to other Gigabit Ethernet devices.
The following table lists the specifications of the SFP GbE Port on the LIM module.
Table 2-13 Specifications of SFP GbE Port
Transfer Speed 1000Mbps
Connector Type Optional
1000Base-T port
The 1000Base-T Port is used as downlink port connected to other Gigabit Ethernet devices.
The following table lists the specifications of the 1000Base-T Port on the LIM module.
Table 2-14 Specifications of 1000Base-T Port
Transfer Mode Full-duplex mode or Half-duplex mode (Auto sensing)
Transfer Speed 10/100/1000Mbps
Connector Type RJ-45

LIM Module
Maximum Transfer
100m
Distance
Transfer Media Twisted-pair category-5+, 6 cable
Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the
aperture of the port when no fiber cable is connected. Thus, if you don’t use the fiber optic port for a long time
during the system operation, Close the port with a cap or Connect the port with a fiber optic cable.

LIM Module
LIM-D16GT(LIM-D8GT)
LIM-D16GT module is a Gigabit Ethernet interface module. LIM-D16GT module can provide
10/100/1000Base-T Ports.
The function of parts, the front panel of LIM-D16GT(LIM-D8GT) module, is as follows:
10/100/1000Base-T Ports Port LED
Run LED
LIM-D16GF(LIM-D8GF,LIM-D4GF)
LIM-D16GF module is a Gigabit Ethernet interface module. LIM-D16GF module can provide
SFP GbE Ports.
The function of parts, the front panel of LIM-D16GF module, is as follows:
GbE Ports Port LED
Run LED

LIM Module
LIM-EP4G-GR
LIM-EP4G-GR module is a Gigabit Ethernet PON interface module. LIM-EP4G-GR module can
provide four 1000Base-PX SFP E-PON Ports.
The function of parts, the front panel of LIM-EP4G-GR module, is as follows:
1000Base-PX SFP E-PON Ports
Run LED 1000Base-PX SFP Port LED
LIM-GW16GF
LIM-GW16GF is marked by its only use for S511 chassis. It, along with L1-BLS-16CH, send
through optical link to 1 core fiber the multiplexed 16-channel GbE in accordance with wave-
length.
The function of each part comprising front-panel is as follows:
Port LED
Light Source port 2
Run LED Optical Link

Light Source port 1

Support Devices
Support Devices
E-PON Splitter
The Corecess 4500 is an optical splitter connected to ONTs (Optical Network Terminal). The
Corecess 4500 provides the maximum number of 32 connections.
There are one OLT port connected to the Corecess S5 System and 32 ONT ports connected to
ONTs in front of the Corecess 4500 Optic Splitter.
ONT Port
OLT Port
WDM Filter
M5-GWDMX-16CH is characterized as the dimultiplexing device that receives GW-PON signal
from multiplexed 1 core and filter it to 16 CH.
16CH GbE Ports
GW-PON Port

Support Devices
L1-SLS16 Supported GW-PON Network

L1-SLS16 support seed light sorce to GW-PON network. It, along with LIM-GW16GF, sends to 1
core fiber the 16-channel GbE multiplexed in accordance with wave-length.
Cable Connecting

Support Devices
M5 SuperPon Mux Platform
The M5 SuperPON MUX Platform is combined with S5 system to construct Corecess’ SuperPON service.
The M5 platform utilizes different types of OLU board, one for GW-PON, and the other for WE-PON,
to provide both services in a single common chassis.
The M5 chassis provides two slots for SLU (Seed Light source Unit), eight slots for OLU (Optical Link
Unit), and two slots for power modules. It also offers an additional slot for the fan module. The SLU
may be configured for 1+1 redundancy or each SLU may provide seed light for its side of four OLUs.
The power slots are redundant, and each slot is designed to power the whole system. The fan module is
removable and hot-swappable.

Support Devices
Cable Connecting
Splitter
ONT
RN
10Km
Down Up
1 2 3 4 5 6 7
1 2 3 4 5 6 7 8
8
RX TX
The chapter 19 M5 SuperPon Mux Platform will give you more detailed description as its
reference.

Support Devices

Chapter 3 Before Installation
This chapter describes the precautions for the Corecess S5 installation and installation environment for the
normal operation. It also describes the way to unpack the Corecess S5 box and verify the contents.
9 Precautions 3-2
9 Installation Place 3-9
9 Unpacking 3-10
Precautions
Precautions
Warning: Before you install the Corecess S5 system, read this section. This section contains important safety
information you should know before working with the system.
General Precautions
y While or after installing the equipment, keep the equipment clean and free from dust all the
time.
y After removing the cover of the equipment, keep the cover in safe place.
y Any tool or cable should not be left on the way of passage for better safety.
y When installing the equipment, the installer should not wear baggy clothing so that tie, scarf,
and sleeves should not be caught in the equipment. Keep tie and scarf from getting slack,
and roll up the sleeves.
y Avoid any harmful action that damages the people or the equipment.
y In case that opening the case for repairing or test is required, contact the sales agency where
you purchased this equipment, or directly contact Corecess Inc. for professional help.
Power Considerations
y Be careful when connecting the system to the supply circuit so that wiring is not overloaded.
y When plugging in a power socket or handling any power source, avoid ring, necklace, metal
watch for better safety. If these materials touch the power socket or ground of the product,
the parts can be burnt out.
y Always verify whether there is any possible danger in the workshop. Wet floor, ungrounded
extension, rubbed-off power code, or unsafe (or ungrounded) floor might be dangerous.

Precautions
DC Power
y Connect DC-input power supplies only to a DC power source that complies with the safety
extra-low voltage (SELV) requirements in the UL 1950, CSA 950, EN 60950, and IEC 60950
standards.
y Incorporate a readily accessible two-poled disconnect device in the fixed wiring.
y Ensure that power is removed from the DC circuit before installing or removing power
supplies. Tape the switch handle of the DC circuit breaker in the off position.
y Use approved wiring terminations, such as closed-loop or spade-type with upturned lugs,
when stranded wiring is required. These terminations should be the appropriate size for the
wires and should clamp both the insulation and the conductor.
y Ensure that no exposed portion of the DC-input power source wire extends from the
terminal block plug. An exposed wire can conduct a harmful level of electricity.
AC Power
y The system is designed for connection to TN power systems. A TN power system is a power
distribution system with one point connected directly to earth (ground). The exposed
conductive parts of the installation are connected to that point by protective earth conductors.
y Ensure that the plug-socket combination is accessible at all times, because it serves as the
main disconnecting device.
Spare Power
If you purchase the product whose a spare power supply is installed, two power supplies are
connected to each input power. Then, if one of the power supplies is not working, the system
can be operating continuously.
Before Installation 3-3

Precautions
Preventing ESD
Electrostatic discharge (ESD) damage occurs when electronic cards or components are
mishandled and can result in complete or intermittent failures. Note the following guidelines
before you install or service the system:
y Always wear an ESD-preventive wrist or ankle strap when handling electronic components.
Connect one end of the strap to an ESD jack or an unpainted metal component on the system
(such as a captive installation screw).
y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.
y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.
y Avoid contact between the cards and clothing. The wrist strap only protects the card from
ESD voltages on the body; ESD voltages on clothing can still cause damage.
y For safety, periodically check the resistance value of the antistatic strap. The measurement
should be between 1 and 10 Mohms.
Installing and Servicing the System

y Before installation, the power switch of the system should be turned OFF and disconnect all
power and external cables.
y Remove all jewelry (including rings and chains) or other items that could get caught in the
system or heat up and cause serious burns.
y Do not touch the backplane or midplane with your hand or metal tools.
y Do not work alone under potentially hazardous conditions.
y Do not perform any action that creates a potential hazard to people or makes the equipment
unsafe.

Precautions
Disconnecting Power
When disconnecting power, note the following guidelines.
y Locate the emergency power-off switch for the room before working with the system.
y Turn off the power and disconnect the power from the circuit when working with
components that are not hot-swappable or when working near the system backplane or
midplane. If the system does not have an on/off switch, unplug the power cord.
y To completely de-energize the system, disconnect the power connection to all power supplies.
y For DC power supplies, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the off position, and tape the switch handle of the circuit
breaker in the off position.
y Do not touch the power supply when the power cord is connected. Line voltages are present
within the power supply even when the power switch is off and the power cord is connected.
Grounding the System
y Connect AC-powered systems to grounded power outlets.
y Do not defeat the ground conductor on an AC plug.
y Connect the system to earth (ground).
Connecting Cables
When you connect cables, note the following guidelines.
y Use caution when installing or modifying telephone lines to prevent electric shock.
y Do not work on the system or connect or disconnect cables during periods of lightning activity.
y Do not touch uninsulated telephone wires or terminals unless the telephone line has been
disconnected at the network interface.
y Hazardous network voltages are present in WAN ports regardless of whether power to the
system is off or on. When you detach cables, detach the end away from the system first.
y Do not use a telephone to report a gas leak in the vicinity of the leak.
y Do not install telephone jacks in wet locations unless the jack is specifically designed for wet
locations.

Precautions
Working with Lasers
If your system includes a fiber-optic port, note the following guidelines.
y To avoid exposure to radiation, do not stare into the aperture of a fiber-optic port. Invisible
radiation might be emitted from the aperture of the port when no fiber cable is connected.
y Always keep unused fiber-optic ports capped with a clean dust cap.
Preventing EMI
When you run wires for any significant distance in an electromagnetic field, electromagnetic
interference (EMI) can occur between the field and the signals on the wires.
y Bad plant wiring can result in radio frequency interference (RFI).
y Strong EMI, especially when it is caused by lightning or radio transmitters, can destroy the
signal drivers and receivers in the system, and can even create an electrical hazard by
conducting power surges through lines and into the system.
y If Strong EMI occurs in the installation place, consult RFI experts to get rid of it.
Covering Blank Slots
Ensure that all cards, faceplates, and covers are in place. Blank faceplates and cover panels are
used to:
y Prevent exposure to hazardous voltages and currents inside the chassis
y Help contain electromagnetic interference (EMI) that might disrupt other equipment
y Direct the flow of cooling air through the chassis

Precautions
Rack-Mounting the System

The following explanations should be noticed when installing the system into the 19-inch rack.
y Install the system in an open rack whenever possible. If installation in an enclosed rack is
unavoidable, ensure that the rack has adequate ventilation.
y Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted,
or if the intake air is too warm, an over temperature condition can occur.
y Avoid placing the system in an overly congested rack or directly next to another equipment
rack. Heat exhaust from other equipment can enter the inlet air vents and cause an over
temperature condition.
y Equipment near the bottom of a rack might generate excessive heat that is drawn upward
and into the intake ports of the equipment above. The warm air can cause an over
temperature condition in the equipment above.
y Ensure that cables from other equipment do not obstruct the airflow through the chassis or
impair access to the power supplies or cards.
y Bolt the rack to the floor for stability.
y Load the rack from the bottom to the top, with the heaviest system at the bottom.
y If there is equipment already installed in the rack, select the location for the system carefully
considering the size of the system:

Precautions
Lifting the System

When you lift the product to move or change the installation place, note the following
guidelines.
y Disconnect all power and external cables before lifting the system.
y Ensure that your footing is solid and the weight of the system is evenly distributed between
your feet.
y Lift the system slowly, keeping your back straight. Lift with your legs, not with your back.
Bend at the knees, not at the waist.
y Do not attempt to lift the system with the handles on the power supplies or on any of the
cards. These handles are not designed to support the weight of the system.
y To lift and move the system, following number of people or a crane should be needed
depends on weight of the system:
Weight of the system The Number of required persons
Below 18Kg 1
18~32Kg 2
32~55Kg 3
Above 55Kg Crane
Disposing of the System

Dispose of the system and its components (including batteries) as specified by all national laws
and regulations.

Installation Place
Installation Place
Environmental Requirements
For the safe installation and use of the Corecess S5, the place for installation should satisfy the
following requirements:
y While or after installing the product, keep the product clean all the time.
y The system should be installed in a cool place where has no direct ray of sunlight. Any tool
or equipment should not be place on the way of passage.
y The following ambience condition for temperature and humidity should always be kept.
Table 3-1 Temperature and humidity condition
Operating temperature 0 ~ 40℃
Storage temperature -40 ~ 80℃
Operating humidity 10 ~ 95% (40℃, non-condensing)
Power Supply
y The Corecess S5 should be installed in the place where power supply satisfying the following
condition is provided.
Table 3-1 Power condition
Feature DC Power AC Power

Input Voltage
-48 VDC 100 ~ 240 VAC
Rating
Operating Range -36 ~ -72VDC 88 ~ 264 VAC
Frequency N/A 50/60Hz
y Power is supplied in the form of power line duplication with DC -48V
y Verify the power (source) be clean. If there is too much noise or spark, it is better to have the power
control equipment.
y Locate an electric outlet near the system for easy installation of power cable.
y Be careful with connecting power supply equipment and avoiding overload wiring.

Unpacking
Unpacking
As the following instructions, unpack the shipping carton and inspecting contents of the
shipping carton.
1. Open the shipping carton of the Corecess S5. There is this manual, desiccant, a power
cable(s), and a console cable on the cushion inserted- Corecess S5 system.
2. Without taking off the cushions, pick out the equipment with two hands, and put it in a safe
place.
3. And then, verify whether there is a plastic bag that contains rack brackets and screws under
the shipping carton.
Corecess S5 System
Four binder-head screws
User’s Guide Console cable (RJ45-DB9)
Recommendation: After unpacking, do not throw away the box including cushions and keep them in a safe
place in case the product is relocated, it is better to move the product after packing with the box including
cushions.
Note: If there are some missing contents or damaged components, contact the sales agency where you
purchased this product to replace them with new ones.

Chapter 4 Installation
This chapter describes how mount the Corecess S5 System on a rack, install the SCM/LIM module and
connect the cables to the ports.
9 Installation Procedure 4-2
9 Rack-Mounting 4-3
9 Installing the Option Modules 4-5
9 Connecting Network Devices 4-10
9 Connecting the System Management Device 4-15
9 Connecting Power 4-17
9 Starting the System 4-20

Installation Procedure
Installation Procedure
Caution: Before starting the installation

y Be sure that the installation place is satisfied the requirements referred to the Chapter 3 Before
Installation.
yBe sure that the power switch is in the OFF (O) position and disconnect all connected cables.
The following summarizes the installation procedure for the Corecess S5. The next section will
describe in detail the step-by-step procedures for each step.
1. Rack-mount
The design allows the Corecess S5 System to be mounted on a 19-inch rack. The screws
needed for rack mounting are enclosed with the product.
2. Installing modules
Install SCM/LIM modules in the slots of the Corecess S5 system.
3. Connect network devices

Connect Gigabit Ethernet ports or Gigabit Ethernet PON ports on the SCM/LIM modules
with other network devices using appropriate network cables.
4. Connect a console terminal

Connect a console terminal/Ethernet LAN with Console port/Ethernet management port
to manage the Corecess S5 System.
5. Connect power to the system

Connect adjacent power after installing the Corecess S5 System.
6. Start the system

Turn the Corecess S5 System on and verify that the system is correctly installed by checking
that certain LEDs are lit.

Rack-Mounting
Rack-Mounting
The design allows the Corecess S5 System to be mounted on any kind of standard 19-inch racks.
This section describes how to install the Corecess S5 System on a 19-inch rack.
Caution: Before installing the system in a rack, read the Rack-Mounting the System section in the Chapter 3
Before Installation to familiarize yourself with the proper site and environmental conditions.
Checking the Rack-Mount Space

Before installing the Corecess S5 System in a 19-inch rack, check the rack-mount space as
follows:
y Make sure that the 19-inch rack is placed on a convenient location for the Corecess S5 System
installation. At least, the space of 550 x 750 (width x length)mm is needed to install the 19-inch rack.
y Check to see if there is a vertical space of around rack units in the rack because of the Corecess S5
System and air flow space (1U).
Air Flow Space (1U) Air Flow Space (1U)
Coreces S506 (3U)
Air Flow Space (1U)
Coreces S518 (12U)
Coreces S511 (7U)
Air Flow Space (1U) Air Flow Space (1U)
Installation 4-3
Rack-Mounting
Mounting the System on a Rack

To mount the Corecess S5 on a 19-inch rack, you need the following tools and equipment:
y A Philips screwdriver
y Electrostatic discharge (ESD) grounding strap
y Four (4) binder-head screws (M5, 8mm) (provided along with the product)
Note: For more information about ESD, refer to the Chapter 3/ Before Installation.
Once all the tools and equipment are prepared, mount the Corecess S5 on a 19-inch rack
according to the following procedure:
1. Place the Corecess S5 on a spacious floor or a sturdy table near the rack. And check the
tools and materials.
2. Lift up the Corecess S5 as high as the available space in the 19-inch rack.
3. Place the rack brackets installed on the Corecess S5 to the holes of the 19-inch rack. And fix
the brackets using four (4) binder-head screws.
Caution: The following explanations should be noticed when installing the Corecess S5 into the 19-inch rack:
y Locate the heavy things at the bottom of the rack. If there is another equipment already installed in the rack,
select the location for the Corecess S5 carefully considering the size of the Corecess S5.
y If the rack is empty, you should install the Corecess S5 System at the bottom of the rack.

Installing Modules
Installing Modules
The Corecess S5 System has five slots, and the following types of module can be installed.
Table 4-1 Kinds of Module and Slot Number installed in each slot
Switching & Control Module

SCM Slot SCM-24G

Line Interface Module

LIM Slot
Installation 4-5
Installing Modules
This section describes how to install modules in the Corecess S5 System slots.
Installing modules in slots

The installation procedure of SCM module and LIM module is the same. The following shows
the procedure of installing a module into the slot:
1. Select a slot compatible with the type of module.

2. If there is a module already installed in the slot where you want to install a module,
disconnect all the cables on the module. And loosen the screws on the module using a
Philips screwdriver.
Note: Place the removed module where there is no static electricity or keep it in an anti-static envelop.
3. When installing a module in an empty slot, loosen the screws on the blank bracket that
blocks the empty slot. And remove the blank bracket.
Note: When LIM module’s installation, it is convenient that installation proceed from the number 1 slot in
order.
4. Prepare a module that is to be installed. Check to see if there is any defect by examining the
exterior of the module.
5. Place module to the guide rail that is located in the both sides of the slot. Then, insert the
module carefully until it gets installed in the connector of the back plane. And push the
ejectors located in the both sides of the module.
6. Fasten the module firmly by tightening the two screws using a Philips screwdriver.
7. If the module is installed successfully, the Run LED on the module is turned on with green,
and then it is flashing. Connect cables to ports of the module, and configure the ports using
CLI commands if necessary.
Note: Since the Corecess S5 System provides the hot-swap functions, the system power doesn’t have to be
turned off.

Installing Modules
Installing / Removing SFP module

The SCM/LIM module of the Corecess S5 System has SFP module slots to install SFP modules.
This section describes how to install and remove the SFP module.
The SFP module should support the following interface as follows:
Note: 1000Base-PX module is included with LIM-EP4G-GR, but 1000Base-SX/LX SFP module is optional. For
more information, refer the manual or document.
Installation 4-7
Installing Modules
Installing SFP Module
The procedure to install a SFP module in a slot is as follows:
1. Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface on the
chassis.
2. Take the SFP modules out of the packing and check carefully to see if there is any defect.
Dust plug
Actuator Button
3. Align a GBIC module in front of the GBIC module slot facing the letter-printed side
upward.
4. Insert the SFP module into the slot until you feel the connector on the module snap into
place in the rear of the slot.
Face letter-printed side

upward
5. If needed, configure the installed SFP module using CLI commands.
Caution: Do not remove the dust plugs from the fiber-optic SFP module port or the rubber caps from the fiber-
optic cable until you are ready to connect the cable. The plugs and caps protect the SFP module portsand cables
from contamination and ambient light.

Installing Modules
Removing SFP module
The procedure to install a SFP module in a slot is as follows:
1. Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface on the
chassis.
2. Disconnect the fiber-optic cable from the SFP module and insert a dust plug into the optical
ports of the SFP module to keep the optical interfaces clean.
3. Press the actuator button to release the SFP module from the slot. Grasp the SFP module
between your thumb and index finger and carefully remove it from the module slot.
Actuator Button
4. Place the removed SFP module in an antistatic bag or other protective environment.
Installation 4-9
Connecting Network Devices

This chapter describes how to connect the ports on the SCM/LIM modules to other network
devices.
y Gigabit Ethernet Uplink Port (RJ-45, SFP)
y Gigabit Ethernet PON Line Port (1000Base-PX SFP)
y Gigabit Ethernet Line Port (SFP)
For the information of cables connected to each port, refer to Appendix B Connector and Cable
Specifications.
Caution: If the distance of two devices connected with a cable is farther than the distance described in this
manual, data can be lost during the transmission.

Connecting Gigabit Ethernet Uplink Port

The Corecess S5 System provides four Gigabit Ethernet uplink port. Each Gigabit Ethernet
uplink port is connected to the core network using a RJ-45 connector or a LC connector of SFP
module. This section describes how to connect Gigabit Ethernet uplink port depend on the type
of cables.
Caution: The RJ-45 connector and the LC connector of SFP module cannot be used at the same time. Only one
connector type should be used for each port.
Connecting RJ-45 Connector
The four RJ-45 ports on the SCM module support 10/100/1000Base-T interface, and the RJ-45
ports can be connected with the Gigabit Ethernet device that support the transmission speed up
to 1000Mbps.
Using the twisted-pair cable, connect the 10/100/1000Base-T port to the Gigabit Ethernet device.
Gigabit Ethernet Switch or Router

Twisted pair Cable
y 10Mbps : Category-3, 4
y 100Mbps : Category-5
y 1000Mbps : Category-5+, 6
y Max. cable length : 100m Corecess S506
Note: The 10/100/1000Base-T port on the SCM module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.
Note: Connecting the 10/100/1000Base-T port is the same, regardless of the Corecess chassis type. This
manual describes system installation based on the Corecess S506 chassis.
Installation 4-11
Connecting LC Connector on SFP Module
The 1000Base-SX/LX SFP module can be installed in the SFP slot of the SCM module, and the
Corecess S5 System can be connected to the core network using the 1000Base-SX/LX SFP
module. Depends on the type of SFP modules, connect cables as follows:
1000Base-SX SFP Module

When the 1000Base-SX SFP module is installed in the SFP module slot, use the 850nm Multi-
mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, then connect to the
Gigabit Ethernet network.
1000Base-LX SFP Module

When the 1000Base-LX SFP module is installed in the SFP module slot, use the 1310nm Single
Corecess S506
Single Mode Fiber Optic Cable Multi-Mode Fiber Optic Cable

y Connector : Duplex LC y Connector : Duplex LC
y Wavelength : 1310nm (Rx, Tx) y Wavelength : 850nm (Rx, Tx)
y Max. cable length : 10Km y Max. cable length : 550m
Note: Connecting the 1000Base-SX/LX SFP module on the SCM is the same, regardless of the Corecess chassis
type. This manual describes system installation based on the Corecess S506 chassis.

Connecting Gigabit Ethernet PON Line Port

When the LIM-EP4G-GR module that supports Gigabit Ethernet PON interface is installed in
the Corecess S5 System, the Optical splitter can be connected to the 1000Base-PX SFP port on the
LIM-EP4G-GR.
Prepare the single mode fiber optic cable (Rx: 1310nm, Tx: 1490nm), then connect the cable to
the 1000Base-PX SFP port of the EP4G-GR module and the optical splitter. The optical splitter
can be connected to the maximum number of 32 ONT (Optical Network Terminal).
Corecess S506
Single Mode Fiber Optic Cable
y Connector : Simplex SC/APC
y Wavelength : 1310nm (Rx), 1490nm (Tx)
y Max. cable length : 10/20Km
Corecess 4500 Optical Splitter
Single Mode Fiber Optic Cable

y Connector : Simplex SC/APC
y Wavelength :1490nm (Rx),1310nm (Tx)
y Max. cable length : 20Km
Corecess 3804T ONT
Note: Connecting the 1000Base-PX SFP module on the LIM-EP4G-GR is the same, regardless of the Corecess
chassis type. This manual describes system installation based on the Corecess S506 chassis.
Installation 4-13
Connecting Gigabit Ethernet Line Port

When the LIM-D4GF module is installed in the Corecess S5 System, the 1000Base-Sx/LX SFP
module can be installed in the SFP slot and be connected to the Gigabit Ethernet network.
Depends on the type of SFP modules, connect cables as follows:

When the 1000Base-SX SFP module is installed in the SFP module slot, use the 850nm Multi-

When the 1000Base-LX SFP module is installed in the SFP module slot, use the 1310nm Single
Corecess S506
Single Mode Fiber Optic Cable Multi-Mode Fiber Optic Cable

y Connector : Duplex LC y Connector : Duplex LC
y Wavelength : 1310nm (Rx, Tx) y Wavelength : 850nm (Rx, Tx)
y Max. cable length : 10Km y Max. cable length : 550m
Note: Connecting the 1000Base-SX/LX SFP module on the LIM-D4GF is the same, regardless of the Corecess
chassis type. This manual describes system installation based on the Corecess S506 chassis.

Connecting the System Management Device

The Corecess S5 System supports two kinds of system management method as follows:
Local Management (Console)

If you connect the console port on ff module to the console terminal such as a PC or VT-100
terminal, you can use CLI commands to manage the Corecess S5 System through the emulator
terminal.
Remote Management (Ethernet)

The Ethernet Management port on the SCM module can be connected to the Ethernet LAN. You
can use CLI commands to manage the Corecess S5 System using PC installed ViewlinX or
Telnet session from a remote place. To use this remote management, IP address and subnet
mask are required.
To specify IP address and subnet mask, refer The chapter 5 Configuring Basic Features.
The Corecess S5 System can manage the following tasks through local or remote connection.
y Can browse various network statistics information and the status of the switch and ports.
y Can change the switch configuration for changing the topology, improving the switch
performance or controlling the network traffic.
y Can browse the logs of various events and traps occurring at the switch.
y Can download new software from ftp server.
y Can strengthen the system security through specifying hosts that can access switches.
This section describes how to connect the console port and the Ethernet management port to the
console terminal and the Ethernet LAN.
Installation 4-15
Connecting the Console Port

Connect the console port on the SCM module to the console terminal such as a PC or VT-100
terminal using the included console cable.
Corecess S506
Console Cable (RJ-45 - DB-9) Console Teminal Configuration

y included with the product y Bit/Sec : 9600bps
y Max. cable length : 15m y Data Bit : 8bit
y Parity Bit : None
y Stop Bit : 1bit
Console Terminal
y Flow Control : None
Note: Note: Connecting the Console port on the SCM is the same, regardless of the Corecess chassis type. This
manual describes system installation based on the Corecess S506 chassis .

Connecting Ethernet Management Port

Connect the Ethernet Management port on the SCM module to the local network (Ethernet
LAN) using the twisted pair cable which both sides of the connector are RJ-45.
Corecess S506
Twisted pair Cable
y 10Mbps : Category-3,4,5
Connect to the local network (Ethernet LAN)
y 100Mbps : Category-5
y Max. cable length : 100m
Note: The Ethernet Management port in the SCM module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.
Note: Connecting the Ethernet Management port on the SCM is the same, regardless of the Corecess chassis
type. This manual describes system installation based on the Corecess S506 chassis.
Installation 4-17
Connecting Power
Connecting Power
There two connecting power type of the Corecess S5 System. The Corecess S505(S511,518)
chassis can be connected with DC power. The Corecess S506 chassis, on the other hand, can be
connected with AC power. This section describes how to connect power to the Corecess S5
System.
Connecting DC Power
There are two or three terminal blocks in the Corecess S5 series(S505-Rear, Else-Front, ). If you
want to use power redundancy function, connect each terminal block to the different external
power supply. If you connect only one terminal block to the external power supply, the power
redundancy function is disabled.
Caution: Before connecting power,

y Be sure that the power to be connected to the system is satisfy the considerations referred to the Chapter
3/ Before Installation.
y Be sure that the power switch is turned off.
1. For safety, a transparent plastic cover is attached on the terminal block. Loosen the two
screws using a screw driver, and remove the plastic cover.
Plastic Cover
Plastic Cover

Connecting Power
2. Connect the DC power cable to the terminal block A. Loosen the screws from the terminal
block A, and put the rounded roop of the power cable, then tighten the screws again. Be
aware of power polarity when connecting cables. Attach the transparent plastic cover on
the terminal block A again.
Plastic Cover
3. Connect the DC power cable, connected with the terminal block A, to the external power
supply or the rectifier.
Installation 4-19
Connecting Power
4. Connect the DC power cable to the terminal block B. Loosen the screws from the terminal
block B, and put the rounded roop of the power cable, then tighten the screws again. Be
aware of power polarity when connecting cables. Attach the transparent plastic cover on
the terminal block B again.
Plastic Cover
5. Connect the DC power cable, connected with the terminal block B, to the external power
supply or the rectifier. For the power redundancy, the DC power cable should be connected
to the different external power supply from what connected to the terminal block A.

Connecting Power
Connecting AC Power
There are two power modules in font of the Corecess S506. If you want to use power
redundancy function, connect each terminal block to the different external power supply. If you
connect only one terminal block to the external power supply, the power redundancy function
is disabled.
Caution: Before connecting power,

y Be sure that the power to be connected to the system is satisfy the considerations referred to the Chapter
3/ Before Installation.
y Be sure that the power switch is turned off.
1. Be sure that the power switch on the power module is turned off.
2. Connect the power cable, which is provided with the Corecess S5 System, to the power
input on the power module. Then, plug opposite side of the power cable into an outlet.
Corecess S506
Installation 4-21
Starting the System
Starting the System

Start the Corecess S5 System according to the following order after installation:
1. Check the followings once again before operating the Corecess S5 System:
y Make sure that modules are properly inserted in the slot of the Corecess S5 System.
y Make sure that cables are properly connected to each port.
y Make sure that the power cable is properly connected.
2. Turn on the power of the console terminal and execute the terminal emulator program.
3. Supply power to the Corecess S5 System. In case of the Corecess S505, turn on the switches
of the external power supplies. In case of the Corecess S506, turn on the swithes of the
power modules on the Corecess S5 System.
4. Check to see if the cooling fans are operating.
5. If the power is properly supplied to the Corecess S5 System without any problem, the RUN
LED turns on in green, and the following message is displayed on the console terminal.
U-Boot 1.2.1 (Tue Feb 1 19:34:09 KST 2005)

SCM20G u-Boot Temporary Version (jubarley@janu.corecess.com)
IBM PowerPC 440 GP Rev. C

Board: Corecess SCM20G
VCO: 800 MHz
CPU: 400 MHz
PLB: 133 MHz
OPB: 66 MHz
EPB: 66 MHz
I2C: ready
DRAM: 248 MB
FLASH: 512 kB
PCI: Bus Dev VenId DevId Class Int
00 01 14e4 5695 0280 00
00 02 14e4 5695 0280 00
In: serial
Out: serial

Starting the System
Err: serial
IDE: Bus 0: OK
Device 0: Model: SanDisk SDCFB-128 Firm: Rev 3.03 Ser#: X0318 20021223051815
Type: Removable Hard Disk
Capacity: 122.2 MB = 0.1 GB (250368 x 512)
Device 1: not available
BEDBUG:ready
Press CTRL-C to stop autoboot: 0
.
.
6. Once the initialization is properly completed in a short while, the RUN LED is starting to
flash green. And the following login message is displayed on the console screen.
localhost login:
Now, the Corecess S5 System is properly installed. Log in the CLI of the Corecess system, then
configure the system depend on the environment of site.
Installation 4-23
Starting the System

Chapter 5 Configuring Basic Features
This chapter briefs general configuration method of the Corecess S5. The Corecess S5 has already
configured with default upon the shipment and can immediately be used without additional configuration
explained in this chapter. If the default configuration should be changed according to user’s network
environment, refer to the contents in this chapter.
9 Before Configuration 5-2
9 Configuring Basic System Parameters 5-13
9 Configuring File Management 5-23
9 Monitoring and Maintaining the System 5-28
9 System Log Management 5-38
9 Upgrading Software 5-46

Before Configuration
This section describes how to access the Corecess S5 System CLI (Command Line Interface) and
provides information that you should know before using the Corecess S5 System CLI.
Note : Examples and pictures in this manual are explained on the basis of S505 and S506 systems. Many of
features in this manual are identical as S518 since S518 uses same protocol.
Accessing the CLI

When the Corecess S5 starts up for the first time, the only CLI access is available through the
console port. The following steps describe how to access the Corecess S5 CLI on the console
terminal connected to the console port:
1. To access the Corecess CLI on the console screen, the console port on the Corecess S5 System
should be connected to a serial port(DB-9) of the console using a console cable as the
following figure:
Corecess S506
Console cable (RJ-45 - DB-9) Console Terminal Configuration

y Console cable included y Bit/Second : 9600bps
with the system y Data Bit : 8bit
y Max. cable length : 15m y Parity Bit : None
y Stop Bit : 1bit
Console Terminal
y Flow Control : None
Note : Console port connection is identical regardless of S505, S506, and S518 types. This manual uses Corecess
S506 in the examples.

2. Make sure that you have started the emulation software program such as HyperTerminal from
your console terminal.
3. Press [Enter], then the following login message is displayed on the console terminal:
login:
4. Enter the login ID and the password, then press the [Enter]. The default login id is ‘corecess’.
If you entered the login ID and the password correctly, localhost> prompt appears.
login: corecess
Password:
localhost>
5. To configure the Corecess S5, enter the ‘Privileged’ mode by enable command. If you enter
Privileged mode, the prompt is changed from localhost> to localhost#.
localhost> enable
localhost#
Note: After specifying the IP address of the NMS port (Management interface), you can access the Corecess S5
CLI through the Telnet session or NMS.
Configuring Basic Features 5-3

Command Modes
The CLI of the Corecess S5 System supports various command modes. The CLI commands are
only executed in their command modes. The following table describes the type of command
modes and the tasks.
Table 5-1 CLI modes
Command Mode Description

In this mode, you can display information and perform basic tasks such as
User
Ping and Telnet.
In this mode, you can use the same commands as those at the User
Privileged mode plus configuration commands that do not require saving the
changes to the system-configure file.
The global mode allows you to globally configure access-lists, DHCP,
Global SNMP, and VLAN. You can also apply or modify parameters for ports
on the device.
In this mode, you can configure the BGP routing session which uses
Address-family
the standard IPv4/VPNv4 address prefix.
In this mode, you can configure the key groups used for RIP
Key-chain
authentication.
Key In this mode, you can configure the authentication key of the RIP.
The Route-map configuration mode allows you to define conditions for
Route-map redistributing the routes from a routing protocol to another routing
protocol.
The interface mode allows you to configure the features for the specific
Interface
VLAN interface.
Configuration The QoS configuration mode allows you to configure QoS (Quality of
QoS
Service) on the system.
The Class-map configuration mode allows you to configure QoS class-
Class-map
map.
The Policy-map configuration mode allows you to configure QoS
Policy-map
policy-map.
Policy-map- The Policy-map class mode allows you to assign the class map to be
class applied to QoS policy-map.
RIP In this mode, you can configure RIP routing protocol.
OSPF In this mode, you can configure OSPF routing protocol.
BGP In this mode, you can configure BGP routing protocol.
IS-IS In this mode, you can configure IS-IS routing protocol.
VRRP In this mode, you can configure VRRP.

You can enter the each command mode by entering the following command.
Table 5-2 Command mode access method
To From CLI Command
Privileged User mode enable
Global Privileged mode configure terminal
Address-family BGP configuration address-family
Key-chain Global configuration key chain
Key Key-chain key
Route-map Global configuration route-map
Interface Global configuration interface
QoS Global configuration qos
Configuration Class-map QoS configuration class-map
Policy-map QoS configuration policy-map

Policy-map-
Policy-map configuration class
class
RIP Global configuration router rip
OSPF Global configuration router ospf
BGP Global configuration router bgp
IS-IS Global configuration router isis
VRRP Global configuration router vrrp
Entering Privileged Mode
When you start a session on the Corecess S5, you begin in User mode. Only a limited subset of
the commands is available in User mode. To have access to all commands, you must enter
Privileged mode. To enter Privileged mode from User mode, enter the enable command. The
CLI prompt will be changed from > to # entering Privileged mode.
localhost> enable
localhost#

To exit from Privileged mode, enter disable command. The CLI prompt will be changed from #
to > returning to User mode from Privileged mode.
localhost# disable
localhost>
If you enter the exit command in Privileged mode, you can exit form the CLI.
localhost# exit
login:
Entering Global Configuration Mode
Global configuration mode allows you to change configuration for the Corecess S5 System. Also,
you can enter other configuration mode through Global configuration mode.
To enter Global configuration mode from Privileged mode, enter the configure terminal
command. The CLI prompt will be changed localhost(config)# entering Global configuration
mode.
localhost# configure terminal

localhost(config)#
To exit from Global configuration mode, enter end command. The CLI prompt will be changed
to localhost# returning to Privileged mode.
localhost(config)# end
localhost#

Returning to Previous Command Mode
To log out from CLI, you should return to User mode or Privileged mode. Use the exit or end
command to return to User mode or Privileged mode from other command mode:
This example shows how to return to Privileged mode from Policy-map mode by using the
exit command:
localhost(config-pmap)# exit
localhost(config-qos)# exit
localhost(config)# exit
localhost#
To return to Privileged mode directly without what mode you are in, use the end command.
This example shows how to return to Privileged mode from Policy-map mode by using the end
command:
localhost(config-pmap)# end
localhost#
Logging out From CLI
To log out from the CLI, enter the exit command in User mode or Privileged mode.
This example shows how to log out from the CLI in Privileged mode. After logging out from
the CLI, login prompt will be displayed as follow.
localhost# exit
login:

Prompt
On the Corecess S5 CLI prompt, the node name and current command mode are indicated as
follows:
localhost(config-qos)#
Node name Command mode
Node Name
The default node name is ‘localhost’. This default node name is used for the prompt until you
change it. If the proper node name is specified, it is useful to classify the product purpose or the
location.
Note: You can change the node name of the Corecess S5 System by using hostname command in global
configuration mode.
Current Command Mode
The following table describes the prompt of the main command modes.
Table 5-3 Prompt of the main command modes
Command Mode Prompt
User >
Privileged #
Global (config)#
Address-family (config-router-af)#
Key-chain (config-keychain)#
Key (config-keychain-key)#
Route-map (config-route-map)#
Configuration Interface (config-if)#
QoS (config-qos)#
Class-map (config-cmap)#
Policy-map (config-pmap)#
Policy-map-class (config-pmap-c)#
RIP, OSPF, BGP, IS-IS, VRRP (config-router)#

Getting Help
The Corecess S5 CLI provides help system that shows the list of available commands or
parameters. You can also get information about their function and brief description of usage.
y To obtain a list of commands that are available for each command mode, enter a question
mark (?) at the prompt:
# ?
calendar calendar
clear Reset functions
clock System clock
close Close the terminal
cls Clear a screen
configure Configuration from vty interface
copy Copy from one file to another
debug
delete Delete
diag Diagnosis mode
disable Turn off privileged mode command
enable enable
end End current mode and down to previous mode
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
ping send echo messages
quit Exit current mode and down to previous mode
reset reset
session Create Session
show Show
ssh Open a ssh connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also 'debug')
update Update Images
write Write Information
#

y To obtain the syntax for commands that are available for each command mode, enter the
list command at the prompt:
# list
calendar set WORD [WORD] [WORD] [WORD]
clear arp
clear arp A.B.C.D
clear arp-cache
clear dhcp statistics
clear dhcprelay lease all
clear dhcpserver lease all
clear dhcpserver lease ip A.B.C.D
clear dhcpserver lease mac A:B:C:D:E:F
.
.
update option image NAME slot <1-100>
update option image id <1-100> slot <1-100>
update port epon WORD onu mac WORD image NAME
update rootfs image NAME
update rootfs image id <1-100>
write dhcpserver leasefile
write file
write memory
write terminal
#
y To obtain a list of any command's associated keywords and arguments, enter a question
mark (?) after a partial command followed by a space:
# clear ip ?
bgp GP information
dhcp ynamic Host Configuration Protocol
igmp nternet Group Management Protocol
mroute elete multicast route table entries
ospf SPF information
pim rotocol Independent Multicast (PIM)
prefix-list uild a prefix list
rip lear rip routing table
route lear all routing table
static tatic routing table & configuration
vrrp RRP information
# clear ip

CLI Command Usage Basics
Entering CLI Commands
To executing a CLI command, you should enter both the command and it’s parameter. You can
execute the commands in the command mode which the prompt is locating now.
The CLI commands of the Corecess S5 have the following characteristics:
y The CLI commands are case-sensitive.
y The CLI supports command completion, so you do not need to enter the entire name of a
command or parameter. As long as you enter enough characters of the command or
parameter to avoid ambiguity with other commands or parameters, the CLI understands
what you are typing. For example, you can enter only con t to execute the configure
terminal command at Privileged command mode.
localhost# con t
localhost(config)#
But if you enter only co t, the following error message will be displayed. Because there are
copy and configure command and the system can’t distinguish the two commands.
localhost# co t
% Unknown command.
y To complete a command, press Tab key. If you enter a few known characters, then press Tab
key, the CLI displays the rest characters of the command. For example, if you enter only con
in Privileged mode, then press Tab key, the CLI displays configure on the terminal.

Specifying Ports
To specify ports as a parameter in the CLI, follow these rules.
y Use slot-number/port-number to specify one port. For example, enter 1/1 to specify the port 1
on the module installed in the slot 1.
y Use dash (-) to specify consecutive number of ports. For example, enter 1/1-4 instead of
entering 1/1, 1/2, 1/3 and 1/4.
y Use comma (,) to specify non-consecutive number of ports. For example, enter 1/1,1/3-4
instead of entering 1/1, 1/3 and 1/4.
y See the following figure to check the slot number:
Slot 5 (SCM Slot)

Slot 4 (LIM Slot)
Slot 3 (LIM Slot)
Slot 2 (LIM Slot)
Slot 1 (LIM Slot)
Editing Commands
The CLI supports the following line editing commands. To enter a line-editing command, use
the CTRL-key combination for the command by pressing and holding the CTRL key, then
pressing the letter associated with the command.
Table 5-4 CLI Edititng command.
Ctrl-Key
Description
Combination
Ctrl+a Moves to the first character on the command line.
Ctrl+b Moves the cursor back one character.
Ctrl+d Deletes the character at the cursor.
Ctrl+e Moves to the end of the current command line.
Ctrl+f Moves the cursor forward one character.
Ctrl+n Enters the next command line in the history buffer.
Ctrl+p Enters the previous command line in the history buffer.
Ctrl+u Deletes all characters from the cursor to the beginning of the command line.

Configuring Basic System Parameters

This section describes the procedure of configuring the following basic system parameters:
y IP address
y CLI users
y System name
y System time and date
Setting an IP Address for management

Before you use Telnet or SNMP to manage the Corecess S5 System from remote place, you must
assign an IP address to the Ethenet management port (Ethernet port on the SCM module). You
can specify the subnet mask (netmask) using the number of subnet bits or using the subnet
mask in dotted decimal format.
To set the IP address of the Ethernet management port, follow this procedure:
Table 5-5 Setting the IP address
Command Task
enable 1. Enter Privileged mode.
configure terminal 2. Enter Global configuration mode.
interface 3. Enter Interface configuration mode for configuring the Ethernet management
management port.
4. Assign an IP address and subnet mask to the Ethernet management port.

ip address
y <ip-address>: IP address for the interface.
<ip-address>/<M>
y <M>: Subnet mask.
5. Exit from Interface configuration mode and return to Global configuration

exit
mode.
ip route default 6. Specify the default gateway address.

<gateway-address> y <default-gateway>: Default gateway address.
end 7. Return to Privileged mode.
show interface
8. Verify the IP address configuration.
management
9. Check the network connectivity.

ping <host>
y <host>: The IP address of the host or the network number to ping.
write memory 10. Save the IP address configuration.

The following is an example of assigning an IP address and subnet mask to the Ethernet
management port and verifying the configuration:
> enable Enter the Privileged mode
# configure terminal Enter the Global Configuration mode
(config)# interface management Enter the interface mode of the Ethernet Manegement port
Specify the IP address and subnet mask of
(config-if)# ip address 172.27.68.100/16
the Ethernet Management port
(config-if)# exit Enter the Global Configuration Mode
(config)# ip route default 172.27.1.254 Specify the default gateway address

(config)# end Return to the Privileged mode
Display the configuration information of
# show interface management
the Ethernet Management port
Interface management
index 2 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:90:a3:cd:0e:b0
inet 172.27.68.100/16 broadcast 172.27.255.255
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 0, bytes 0, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# ping 172.27.2.49 Verify communicating with other hosts on the same network
172.27.2.49 is alive!
# write memory Save the changed configuration to the backup configuration file
Building Configuration...
[OK]
#

User Management
To access the CLI of the Corecess S5 System, you must login by entering the user name and the
password. By default, ‘corecess’ exists. This section describes how to add and delete user who
can login the CLI of the Corecess S5 System.
Adding a New User
The table below shows the commands to add a user:
Table 5-6 Adding a new user
Command Task
3. Add a user.
username <name> y <name> The user ID for entering the Corecess S5 System CLI.
password <password> [8] y <password> The password for the user.
y 8 Encrypts the password
show username 5. Verify the list of user configuration
write memory 6. Save the user configuration.
The following example shows how to adds a user whose id is ‘kka’ and password is ‘violet’ and
verifies the configuration:
# configure terminal
(config)# username kka passwd violet
(config)# end
# show username
corecess none none **Never logged in**
kka none none **Never logged in**
# write memory
[OK]

Changing a User Password
To change a user password for a user, execute the following procedure:
Table 5-7 Changing a user password
Command Task
3. Specify a new password.

username <name> passwd y <name> The user ID to modify password
<password> [8] y <password> New password
y 8 Encrypts the password
write memory 5. Save the changed configuration.
The following example shows how to change a password of the user ‘kka’:
(config)# user kka password corecess
(config)# end
# write memory
[OK]
#

Deleting a User
To delete a user, execute the following procedure:
Table 5-8 Deleting a user
Command Task
3. Delete a user.
no username <user-name>
y <user-name>: The user name to delete
show username 5. Verify the list of users.
write memory 6. Save the configuration change.
The following example shows how to delete the user ‘kka’ and verify the deletion:
(config)# no username kka
(config)# end
# show username
corecess none none **Never logged in**
# write memory
[OK]
#

Specifying System Name and System Time

This section describes the configuration of the following general system features:
y System name
y System date and time
y NTP (Network Time Protocol) mode and time zone
y Time zone
Changing System Name
The system name is used as the prompt on the console. Therefore, it is convenient for finding
out which device is connected to. To change the system name, use the following commands.
Table 5-9 Changing system name
Command Task
3. Specify the system name.

hostname <system-name>
y <system-name> The string used for system name
The following example shows how to change the system name to ‘Corecess’:
localhost> enable
localhost(config)# hostname Corecess
Corecess(config)# end
Corecess# write memory
[OK]
Corecess#

Adjusting System Date and Time
The system date and time is used in the log which is the record of the events occurred in the
system. When recording events or commands executed in the system into a log, the date and
time of the system is recorded with events or commands. Such logs can be used as an important
data in solving problems in the system, thus it is very important to accurately set the date and
time of the system.
The following describes how to set the system time and date.
Table 5-10 Adjusting system time
Command Task
2. Specify the current system time and date.

y <time>: Current time in hours, minutes, and seconds (in the format
clock set <time>
hh:mm:ss, example : 16:24:00)
[<date>] [<month>]
y <day>: Current day (by date) in the month.
[<year>]
y <month>: Current month (1 ~ 12, or name).
y <year>: Current year (no abbreviation).
show clock 3. Verify the configuration.
write memory 4. Save the changed information.
The following example shows how to adjust the system calendar and change the system clock
into the system calendar:
# clock set 33:20:10 8 mar 2004

# show clock
Fri Oct 8 17:37:49 2004 -0.066680 seconds
# write memory
[OK]
#
To use the current software clock (calendar) as the system clock, use the clock read-
calendar command in Privileged mode.
# show calendar
Fri Oct 8 11:26:38 KST 2004
# clock read-calendar
# show clock

Fri Oct 8 11:26:38 2004 -0.440000 seconds

#
Note: The ‘calendar’ is a software clock that is erased when the system is powered off or reboot. The other
hand, the system clock run continuously, even if the system is powered off or reboot.
Setting NTP Mode
NTP (Network Time Protocol) synchronizes timekeeping among a set of distributed time
servers and clients. This synchronization allows events to be correlated when system logs are
created and other time-specific events occur.
The Corecess S5 supports the following NTP modes:

y Broadcast client mode
In broadcast client mode, local network equipment, such as a router, regularly broadcasts the
time information. The Corecess S5 System listens for the broadcast messages and set the
system clock.
y Multicast client mode

In multicast client mode, local network equipment, such as a router, regularly multicast the
time information to specific multicast group address.
y Server mode
In server mode, the Corecess S5 System regularly requests the time information to an NTP
server.
To configure NTP on the system, use the following commands:
Table 5-11 Configuring NTP
Command Task

Command Task
2. Set the NTP mode.
y broadcast: Configure the system in NTP broadcast client mode.
y multicast <group-address>: Configure the system in NTP
multicast client mode.
ntp config type - <group-address>: Multicast group address
{broadcast | multicast y server <poll> <ip-address>: Configure the system in NTP
<group-address> | server server mode.
<poll> <ip-address> - <poll>: The polling interval.
preset {on | off}} - <ip-address>: The IP address of the NTP server.
y preset: Whether to preset the system clock to the time received
from NTP server.
- on: Preset.
- off: Not preset.
ntp enable 3. Enable NTP on the system
show ntp config 5. Verify the NTP configuration.
The following example shows how to configure the system in NTP server mode and verify the
configuration:
(config)# ntp config type server 32 203.255.112.69 preset on

(config)# ntp enable
(config)# end
# show ntp config
ntp config type server 32 203.255.112.69 preset on
ntp enable
#
Setting the Time Zone
You can specify a time zone for the Corecess S5 System to display the time based on that time
zone. The Corecess S5 System learnt time from NTP sets its clock according to the specified time
zone and displays time. For example, when you set the time zone as ‘Seoul’ and ‘Los Angeles’,
the displayed date is different.
The default time zone is UTC. You must enable NTP before you set the time zone. If NTP is not
enabled, this command has no effect.
To set the time zone, use the following commands:
Table 5-12 Set the time zone

Command Task
2. Set the time zone.

y <region> The region name. Select one of followings:
- Africa, America, Antarctica, Arctic, Asia, Atlantic,
ntp region <region>
Australia, Europe, Indian, Pacific
<area-code>
y <area> Area code(area code, 1 ~ 1000). You can see the area code
for the selected region by using the show ntp region in Privileged
mode.
show ntp config 4. Verify the configuration.
write memory 5. Save the configuration changes.
reset system 6. Restart the system.
The following example shows how to set the time zone and the area code to Asia/Seoul:
(config)# ntp region Asia 54

New NTP region/area is Asia/Seoul(Seoul)
system must be rebooted.

(config)# end
# show ntp config
ntp region Asia 54
ntp enable
# reset system
.
.

Configuration File Management

The system configuration file is a text file that has commands for system configuration when the
system is booting. It is convenient that you do not need to input commands manually for the
system configuration, whatever the system booting.
The Corecess S5 System contains two types of configuration files: the running (current
operating) configuration and the startup (last saved) configuration.
The feature of the files is as follows:
Running configuration
The running configuration is the current (unsaved) configuration that reflects the most recent
configuration changes. When a user changes the system configuration, the system configuration
is saved in the running configuration file of RAM and is applied immediately to the system.
You can upload or download the running configuration file via FTP or TFTP.
Startup configuration
The startup configuration is the saved configuration in NVRAM and is used when the system
initializes. The startup configuration is not removed when the system power is turned off. You
can upload or download the startup configuration file via FTP or TFTP.
Caution: Whenever you make changes to the Corecess S5 System configuration, you must save the changes to
memory so they will not be lost if the system is rebooted.

Displaying the Current Running Configuration

To display the current running configuration, enter the show running-config command in
Privilege mode:
To display the current running configuration, follow this procedure:
Table 5-13 Show the current running configuration
Command Task
show running-config 2. Display the current running configuration.
The following example shows how to display the current running configuration file of the
Corecess S5 System.
# show running-config
Building configuration...
Current configuration:
!
! version 0.73
!
hostname Corecess
!
snmp-server community "public" ro
snmp-server community "private" rw
snmp-server contact Unknown
snmp-server location Unknown
snmp-server enable rmon
!
system fan enable 33 25
system temperature enable 90 80
!
port gigabitethernet 1/1 flowctl off
port gigabitethernet 1/1 duplex full

!
interface management
ip address 172.18.22.6/16
!
ip multipath count 32
!
line vty
!
dhcprelay enable
dhcprelay serverlist 100.1.1.1
!
no ntp
!
.
.
#

Saving the Current Running Configuration

If you apply the current running configuration file when the next system’s booting, save the
current running configuration file to the startup configuration file before the system is reset or
powered off.
There are three commands to save the current running configuration file to the startup
configuration file.
Table 5-14 Commands for saving the current running configuration
Command Mode
write memory
write file Privileged
copy running-config startup-config
The following example shows how to save the current running configuration to the startup
configuration using the write memory command:
# write memory
[OK]
#
The following example shows how to save the current running configuration to the startup
configuration using the write file command:
# write file
[OK]
#
The following example shows how to save the current running configuration file to the startup
configuration file using the copy running-config startup-config command.
# copy running-config startup-config

[OK]
#

Restoring Default Configuration

To restore the default configuration, use the following commands:
Table 5-15 Restoring default configuration
Commands Task
copy factory-default
2. Restore the default configuration.
start-up config
reset system 3. Restart the Corecess S5 System.
The following example shows how to restore the default configuration.
# copy factory-default startup-config

done
# reset system
.
.

Monitoring and Maintaining the System

This section describes the commands you use to monitor the network connectivity and the state
of the system modules and display the system configuration. It also describes how to display
and manage the system log and how to download the software from the remote server.
Monitoring Network Connectivity

After you assign an IP address and a subnet mask of the Corecess S5 System and connect the
Ethernet Management port to the network, you should be able to communicate with other
nodes on the network.
To check whether the Corecess S5 System is properly connected and configured, use the
following commands:
Table 5-16 Checking network connectivity
Commands Task
2. Ping another node on the network.

y <destination>: The IP address of the host or the network
ping <destination> number to ping.
[count <packet-count>]
y count: Sends the specified number of ICMP packets.
- <packet-count>: The number of packets to send (1 ~ 512).
3. Trace the route of packets through the network to another node.

traceroute [<host-ip> y <host-ip>: Destination address.
| <host-name>]
y <host-name>: Host name.
show interface 4. If the host is unresponsive, check the IP address and the subnet mask
management in the configuration of the Ethernet Management port.
5. If the interface of the Ethernet Management port is properly

show ip route
configured, check the IP routing table.
This example shows how to ping a host with IP address 172.27.2.49:
# ping 172.27.2.49
PING 172.27.2.49 (172.27.2.49) from 172.27.2.100 : 56(84) bytes of data.
64 bytes from 172.27.2.49: icmp_seq=0 ttl=128 time=955 usec

64 bytes from 172.27.2.49: icmp_seq=3 ttl=128 time=8.284 msec

--- 172.27.2.49 ping statistics ---

16 packets transmitted, 15 packets received, 6% packet loss
round-trip min/avg/max/mdev = 0.760/1.304/8.284/1.866 ms
#
The following messages are displayed according to the status of host and network after
execution of the ping command:
Table 5-17 PING field descriptions
Connection Status message
64 bytes from <host> : Host or network is connected. (When the ICMP echo response
icmp_seq=n ttl=n time=n ms messages have been received from the host or network)
Destination does not respond. (When any packets have not
no answer from <host>
been received from the host or network)
<host> is unreachable Host is unreachable.
Network is unreachable. : 2 Network is unreachable.
This example shows how to perform a traceroute to the host whose IP address is 192.1.1.1:
# traceroute 192.1.1.1
traceroute to 192.1.1.1 (192.1.1.1), 30 hops max, 38 byte packets
1 * 172.27.1.254 (172.27.1.254) 4.204 ms 9.754 ms
2 * 192.168.11.126 (192.168.11.126) 1.640 ms 1.317 ms
3 61.107.96.1 (61.107.96.1) 1.825 ms 1.778 ms 1.441 ms
4 61.96.195.249 (61.96.195.249) 1.723 ms 1.812 ms 1.838 ms
5 172.30.4.1 (172.30.4.1) 2.375 ms 1.838 ms 1.856 ms
6 172.30.100.33 (172.30.100.33) 2.212 ms 1.813 ms 1.838 ms
7 172.30.100.10 (172.30.100.10) 2.404 ms 1.888 ms 2.277 ms
8 211.61.251.1 (211.61.251.1) 2.305 ms 1.861 ms 1.802 ms

9 211.61.251.4 (211.61.251.4) 3.338 ms 2.812 ms 2.811 ms

.
.
.
19 4.0.2.250 (4.0.2.250) 218.205 ms 4.1.81.1 (4.1.81.1) 220.789 ms *
20 4.1.138.38 (4.1.138.38) 220.070 ms 227.188 ms 4.1.81.1 (4.1.81.1) 23.769
ms
21 4.1.138.38 (4.1.138.38) 219.686 ms 192.1.101.81 (192.1.101.81) 222.896 ms
4.1.138.38 (4.1.138.38) 220.625 ms
22 * 192.1.101.81 (192.1.101.81) 219.597 ms 218.852 ms
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
The following example displays sample traceroute output when a destination host IP
address is specified:
# traceroute 61.107.97.51
traceroute to 61.107.97.51 (61.107.97.51), 30 hops max, 40 byte packets n
1 172.26.1.254 (172.26.1.254) 14.812 ms 29.758 ms 22.752 ms
2 192.168.11.126 (192.168.11.126) 0.497 ms 0.454 ms 0.360 ms
3 61.107.97.51 (61.107.97.51) 14.812 ms 29.758 ms 22.752 ms
o p q
#
The table below describes the fields shown by the traceroute command:
Table 5-18 traceroute field descriptions
Field Description
n Maximum TTL value and the size of the ICMP datagrams being sent
o Indicates the sequence number of the switch router in the path to the host
p IP address of the router
q Round-trip time for each of the three probes that are sent

If the host is irresponsible after execution of the PING or traceroute commands, check the
interface of the Ethernet Management port using the show interface management
command, and check the routing table using the show ip route command.
The following example shows how to display the interface of the Ethernet Management port
using the show interface management command.
# show interface management

index 0 kernel index 2 metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:11:a1:ca:00:01
inet 172.19.3.154/16 broadcast 172.19.255.255
collisions 0
#
The following example shows how to display the IP routing table using the show ip route
command.
# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info
S> * default [1/0] via 172.19.1.254, management

B> * 100.100.10.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
C * 172.19.0.0/16 is directly connected, vlan1
C> * 172.19.0.0/16 is directly connected, management
Route Source Num of Entries

connected 2
static 1
bgp 4
Total 7

Displaying CPU Utilization

You can display the utilization of the CPU on the Corecess S5 System using the show cpuinfo
command in Privileged mode. The following is a sample output of the show cpuinfo
command:
# show cpuinfo
cpu : 440GP Rev. C
revision : 4.129 (pvr 4012 0481)
bogomips : 595.96
vendor : IBM
machine : Ebony
#
The following table describes the fields shown by show cpuinfo command:
Table 5-19 show cpuinfo field descriptions
Field Description
cpu Model name of the CPU.
revision Version information of the CPU.
Bogomips is the number of million times per second a CPU can do absolutely nothing
bogomips
and is used for a measurement of speed for the non Intel CPUs.
vendor Maker of the CPU.

Displaying Memory Usage

You can display the usage of the memories on the Corecess S5 System using the show meminfo
command in Privileged mode. The following is a sample output of the show meminfo
command:
The following example shows how to display the information of the memory.
# show meminfo
total: used: free: shared: buffers: cached:
Mem: 250851328 106090496 144760832 0 3883008 40488960
Swap: 0 0 0
MemTotal: 244972 kB
MemFree: 141368 kB
MemShared: 0 kB
Buffers: 3792 kB
Cached: 39540 kB
SwapCached: 0 kB
Active: 8684 kB
Inactive: 77488 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 244972 kB
LowFree: 141368 kB
SwapTotal: 0 kB
SwapFree: 0 kB
#
The table below describes the fields shown by the show meminfo command:
Table 5-20 show meminfo field descriptions
Field Description
total Total amount of memory held in bytes.
used Total amount of used memory in bytes.
free Total amount of free memory in bytes.

Mem
shared Total amount of shared memory in bytes.
buffers Total amount of buffer memory in bytes.
cached Total amount of cache memory in bytes.
total Total amount of swap in bytes.
Swap used Total amount of used swap in bytes.
free Total amount of free swap in bytes.

(Continued)
Field Description
MemTotal Total amount of memory in Kilobytes.
MemFree Total amount of free memory in Kilobytes.
MemShared Total amount of shared memory in Kilobytes.
Buffers Total amount of buffer memory in Kilobytes.
Cached Total amount of cache memory in Kilobytes.
SwapCached Total amount of swap cache in Kilobytes.
Active Amount of buffer or cache memory currently allocated in kilobytes.
Inactive Amount of free buffer or cache memory in Kilobytes.
Amount of memory which is not mapping to kernel directly. This is different

HighTotal
according to the type of the used kernel.
Amount of free memory which is not mapping to kernel directly. This is

HighFree
different according to the type of the used kernel.
Amount of memory which is not mapping to kernel directly. This is different

LowTotal
according to the type of the used kernel.
Amount of free memory which is not mapping to kernel directly. This is

LowFree
different according to the type of the used kernel.
SwapTotal Total amount of swap in Kilobytes.
SwapFree Total amount of free swap in Kilobytes.

Displaying System Module Information

You can display the information of the modules installed in the slots on the Corecess S5 System
using the show module command in Privileged mode. The following is a sample output of the
show module command:
# show module
Mod Ports Description Status Serial No.
--- ----- --------------------------------- ---------------- ---------------
A N/A Control Module active N/A
1 4 LIM-EP4G-GR insert,up N/A
5 4 SCM-20G insert,up N/A
Mod Version Hw Fw Sw
--- -------------------- ---------------- ---------------- ----------------
1 release.rev(patch) 0.0(3) N/A N/A
#
The table below describes the fields shown by the show module command:
Table 5-21 show module field descriptions
Field Description
Mod Slot number which the module is installed on.
Ports Number of the ports on the module.
Type of the module.

- LIM-EP4G-GR : 4 ports, Gigabit Ethernet PON module
Description
- LIM-D4GF : 4 ports, Gigabit Ethernet line module
- SCM-20G : 4 ports, Gigabit Ethernet uplink module
Status Equipment status and operating status of the module.
Serial No. Serial number of the module.
Hw Hardware version of the module.
Fw Firmware version of the module.
Sw Software version of the module.

Displaying System Module Status

You can display the equipment and running state of the system modules using the show system
command in Privileged mode.
The following is a sample output of the show system command:
# show system
System Information
-----------------------------------------------------
CoreCMR(Control Module Redundancy)
side : A
local status : active
remote status : not-exist
Subscriber/Service Interface Board(s)

SIB S[ 1] N / Normal
FAN S[ 1] N / Normal
Auxiliary Information
-----------------------------------------------------
Fan (`C(`F)) -
Max/Min Threshold : 33/ 25 ( 91/ 77)
Temperature (`C(`F)) -
Current Temperature : 47 (116 )
Max/Min Threshold : 90/ 80 (194/176)
#

Each field shown by the show system command describes the following information about
system state:
Table 5-22 show system field descriptions
Field Description
CoreCMR The redundancy status of the SCM module (Not supported).
The status of the SCM module and the LIM module.

y SIB S [1] : The status of LIM module installed in the number 1 slot
System Subscriber/Service y SIB S [2] : The status of LIM module installed in the number 2 slot
Information Interface Board(s) y SIB S [3] : The status of LIM module installed in the number 3 slot
y SIB S [4] : The status of LIM module installed in the number 4 slot
y SIB S [5] : The status of SCM module installed in the number 5 slot
FAN The status of the fan module
y Max Threshold : The temperature that the fan module operate

Fan
y Min Threshold : The temperature that the fan module stop
Auxiliary
y Current Temperature : The current temperature of the Corecess S5
Information
System
Temperature
y Max Threshold : The maximum temperature that the trap occurs
y Min Threshold : The minimum temperature thst the trap occurs

Managing System Log
Managing System Log

The Corecess S5 System maintains a log file of all error and status messages generated by each
module on the Corecess S5 System. Log file is stored in the Corecess S5 System. You can
transmit the system log file to a remote host to manage it separately. In this section, the
following issues will be described:
y Specifying level of the logs to be displayed on the console screen
y Specifying screens to display log messages
y Saving event messages in the log file
y Displaying system logs saved in the log file
y Clearing system logs in the log file
Specifying Event Level

The Corecess S5 System classify events into eight levesls, based on criticality of the system. All
events occurred in the Corecess S5 System don’t need to be stored in the system log file. You
can specify the top level of events to be stored using the logging level command in Global
configuration mode. The events of the upper levels than the level designated by the loggin
level command will be ignored (These events will be neither saved nor displayed). The
Corecess S5 System supports the following eight event levels. ‘1. Emergency’ event is the most
critical level and ‘8. Debug’ is the least critical level event.
1. Emergency
More critical
2. Alert
3. Critical
4. Errors
5. Warning
6. Notify
7. Inform
8. Debug Less critical
By default, all events of the Corecess S5 System are specified to the level 6. Thus, if the event
occurs from the level 1 to the level 6, the event message is displayed on the console screen or
the remote host screen.

Managing System Log
The event level can be changed. The following procedure describes how to change the event
level.
Table 5-23 Changing the event level
Commands Task
configure terminal 2. Enter Global Configuration mode.
3. Specify the event level.

y <type> The type of the event
y <level> The event level (1 ~ 8, default: 6).
show logging 5. Verify the configuration.
This example shows how to specify the sys event to the level 4 and verify the result.
(config) # logging level sys 4
(config) # end
# show logging
console logging is disable
logging buffer is disable
Facility Default Severity Current Severity

----------- ------------------ ------------------
sys 6 4(*)
filesys 6 6
authorize 6 6
. . .
# write memory
[OK]
#

Managing System Log
Note : The Corecess S5 System supports the following types of events:
Event Description
sys Events related to system hardware
filesys Events related to file system
authorize Events related to security and authentication
port Events related to ports
interface Events related to interfaces
vlan Events related to VLAN (Virtual LAN)
spantree Events related to spanning tree and bridge
lacp Events related to LACP (Link aggregation Control Protocol)
gvrp Events related to GARP/GVRP
igmp Events related to IGMP and IGMP snoopping
pbnac Events related to PBNAC (Port Base Network Access Control)
mcast Events related to multicast
qos Events related to QoS (Quality Of Service)
acl Events related to access list
snmp Events related to SNMP
snmp_rmon Events related to SNMP RMON
dhcp Events related to DHCP
ntp Events related to NTP
route_main Events related to Main Routing Control
rip Events related to RIP
ospf Events related to OSPF
bgp Events related to BGP
dvmrp Events related to DVMRP
pim Events related to PIM

Managing System Log
Specifying Screen to Display Log

When an event is occurred, the information of the event can be appeared on the remote host
screen, a console screen, and telnet sessions.
Configuring to Display Log Messages on the Console Screen
To configure the log messages to display on the console screen, use the following commands:
Table 5-24 Configuring log messages to display on the console
Command Task
3. Configure whether to display log messages on the console.

logging console
y enable Displays log messages on the console.
{enable | disable}
y disable Doesn’t display log messages on the console.
show logging 5. Verify the result.
write memory 6. Save the changed configuration
The following example configures the log messages to display on the console screen and check
the result:
(config)# logging console enable
(config)# end
# show logging
console logging is enable
logging buffer is enable
logging servers
1.1.1.1
.
.
# write memory
[OK]
#

Managing System Log
Configuring to Display Log Messages to a Remote Host
To configure the log messages to display on a remote host, use the following command:
Table 5-25 Configuring log messages to display on a remote host
Command Task
3. Specify a remote host to display the log messages.

logging {<ip-address>
y <ip-address> IP address of a remote host
| <host-name>}
y <host-name> Name of a remote host
show logging 5. Verify the configuration.
The following example configures the system log to display on the remote host whose IP address
is 172.10.1.0:
(config)# logging 172.10.1.0
(config)# end
# show logging
console logging is enable
logging buffer is enable
logging servers
172.10.1.0
.
.
# write memory
[OK]
#

Managing System Log
Configuring to Display Log Messages to a Telnet Session
To configure the log messages to display on telnet sessions, use the following commands:
Table 5-26 Configuring log messages to display on a Telnet session
Command Task
3. Configure whether to display log messages on telnet sessions.

logging session
y enable Displays log messages on telnet sessions.
{enable | disable}
y disable Doesn’t display log messages on telnet sessions.
The following example configures the system log to display on telnet sessions:
(config)# logging session enable
(config)# end
# write memory
[OK]
#
Saving Log Message in Log File

By default, the Corecess S5 System does not save the log messages in a log file. After
configuring the log messages to save using the logging file enable command, the log
message generated will be saved in a log file. Since you can see the log messages in the log file
whenever you need, it useful to manage the system.
If you set the Corecess S5 System not to save the log messages, use the logging file
disable command.
The following example shows how to configure the log message to be save in a file:
(config)# logging file enable
(config)#

Managing System Log
Displaying Contents of Log File

To display the contents of the log file, use the show logging buffer command in Privileged
mode. You can specify a number from 1 to 100 as a parameter value, and it displays the number
of the resent saved log messages in the log file.
The following is a sample output of the show logging buffer command:
# show logging buffer 10

Jun 30 10:15:02 localhost SNMP_RMON-6-RMONENABLED: RMON agent enabled
Jun 30 10:15:02 localhost SYS-6-START_CONFIG: apply hot configuration module(1)
hwid(00000101)
Jun 30 10:15:04 localhost SYS-6-SYS_MODULE: module [1] is inserted
Jun 30 10:15:04 localhost SYS-6-SYS_MODULE: module [5] is inserted
Jun 30 10:15:04 localhost SYS-6-ALARM_FAN: Fan (1) : WORKING GOOD
Jun 30 10:15:04 localhost SYS-6-GBIC: 1/1 gbic is inserted
Jun 30 10:15:04 localhost SNMP-5-COLDSTART: Cold Start
Jun 30 10:15:17 localhost PORT-6-LINK_CHANGE: 1/1: ifIndex 8 Link Up (Up)
Jun 30 10:22:34 localhost AUTHORIZE-6-LOGIN: login corecess authentication
servi
ce(login) tty(/cinitrd/dev/ttyp0) from (172.18.80.14)
Jun 30 10:22:35 localhost AUTHORIZE-6-USER_LOGIN: corecess login from 172.18.80.
14
#
The following table describes the fields shown by the show logging buffer command:
Jun 30 10:15:02 localhost SNMP_RMON-6-RMONENABLED: RMON agent enabled

n o p
No Description
n Date and time that the event occurred (month, date, hour:minute:second)
o System name
p The brief description of the event

Managing System Log
Clearing System Log

To clear the system log file, the clear logging buffer command in Privileged mode. The
following example shows how to clear the logs in the log file and verifying the result:
# clear logging buffer

# show logging buffer 1
#

Upgrading Software
Upgrading Software
You can download the software for the modules on the Corecess S5 System from a remote TFTP
or FTP server. To download software from a remote TFTP or FTP server to the Corecess S5
System, perform this task:
Table 5-27 Downloading software from a remote TFTP server
Command Task
2. Download specified file from the TFTP or FTP server.

copy {tftp <host-ip> |
ftp <host-ip> [id y <host-ip> IP address of the TFTP or FTP server
<login-id> passwd y <login-id> Login ID of FTP server
<password>]} flash image y <password> Login password of FTP server
<file-name>
y <file-name> file name to download
show flash image 3. Verify software download.
4. Apply the download file to the system.

update flash image id
y <file-name> File name to apply
{<file-name> | <file-id>}
y <file-id> File ID to apply
reset system 5. Reboot the system.
The following example shows how to download the image file from TFTP server and apply the
download file to the system.
# copy tftp 172.27.2.17 flash image hamster-base-osapp-epon.img

tftp: data 10000 Kbytes
# show flash image
System flash directory:
File Length (bytes) Name/status
----- --------------- -----------------------------------
1 6875913 cs5-base-osapp-REL1.0.1.img (*)
2 6266476 hamster-base-osapp-REL1.0.0.img
3 6317126 hamster-base-osapp-REL1.0.1.img
4 6226882 hamster-base-osapp-epon.img
[31208 blocks used, 27960 available, 59168 total, 1K-blocks]
*/# : running/updated image
# update flash image id 3
# reset system
PPCBoot 2.0.0 (Apr 16 2003 - 14:29:15)
Corecess Boot Ver 1.0 (Apr 16 2003 14:29:15)

Chapter 6 Configuring Ports and Links
This chapter describes how to configure the Gigabit Ethernet port, the Gigabit Ethernet PON port and ONU.
9 Configuring Gigabit Ethernet port 6-2
9 Configuring Gigabit Ethernet-PON port 6-11
9 Configuring Link of Gigabit Ethernet-PON port 6-25
9 Configuring ONU 6-58
9 Profile 6-78
Configuring Gigabit Ethernet port

The Corecess S5 System provides Gigabit Ethernet port for each module as follows:
Table 6-1 Type of the Gigabit Ethernet port
Module Gigabit Ethernet port

x 10/100/1000Base-T port (RJ-45 connector)
SCM-20G
x 1000Base-SX/LX port (Duplex LC connector)
LIM-D4GF x 1000Base-SX/LX port (Duplex LC connector)
This section describes the basic configuration of the Gigabit Ethernet port, then how to
configure the Gigabit Ethernet port and monitor the ports.
Basic Configuration of Gigabit Ethernet Port

By default, the Gigabit Ethernet port of the Corecess S5 System is configured as follows:
Table 6-2 Basic Configuration of the Gigabit Ethernet Port
Item Basic Configuration
Port Status All port are enable to operate
Port Name DEFAULT
Port Speed Auto
Data Transfer Mode Auto
Data Flow Control Auto
STP Protocol Disabled (Used in default VLAN)
RSTP Protocol Disabled
Trap Disabled
Link aggregation Off
VLAN All ports are included in VLAN
Whenever the port configuration is changed, the changed configuration is applied immediately
to the system without the system rebooting or the command execution. Yet, if you want to keep
using the configuration after the system rebooting, the changed configuration should be saved
using the write memory command in Privileged mode.


This section describes following port configuration:
y Disabling or enabling the Gigabit Ethernet port
y Setting the auto sensing function
y Setting the port speed and the transfer mode
y Configure flow control
y Setting the port name
y Setting the port trap
Enabling or Disabling the Gigabit Ethernet Port
All ports of the Corecess S5 System are enabled by default. To change administrative status
(disabling a port or reenabling a port), use the following command in Global configuration
mode:
Table 6-3 Enabling or Disabling the Gigabit Ethernet Port
Command Description
port gigabitethernet y <slot>/<port> Slot/port number of the Gigabit Ethernet port

<slot>/<port> y enable Enable the port
admin {enable | disable} y disable Disable the port
The following example shows how to disable the Gigabit Ethernet port 5/1.
(config)# port gigabitethernet 5/1 admin disable

(config)#
The following example shows how to reenable the Gigabit Ethernet port 5/1.
(config)# port gigabitethernet 5/1 admin enable

(config)#
Configuring Ports and Links 6-3

Setting the auto sensing function
The auto sensing function of the Gigabit Ethernet port is used to exchange flow control
parameter, fault information of remote ports and transfer mode information. By default, the
auto sensing function is enabled on the Gigabit Ethernet port of the Corecess S5 System.
Ports that are located in both ends of the Gigabit Ethernet link must have the same
configuration. If the configurations are different each other, the link can not be connected. The
following table shows connection state of link depending on state of the auto sensing function
on the Gigabit Ethernet port.
Table 6-4 Link State and Auto Sensing Function
Auto Sensing Link State

1 2
Local Port Remote Port Local Port Remote Port
Off Off Up Up
On On Up Up
Off On Up Down
On Off Down Up
1
Local port : Gigabit Ethernet port of the local system
2
Remote port : Gigabit Ethernet port that is connected to the local port
To enable the auto sensing function of the Gigabit Ethernet port, use the following command in
Global configuration mode.
Table 6-5 Configuring auto sensing function
Command Task
port gigabitethernet
<slot>/<port> y <slot>/<port> slot number/port number
link-status auto
The following example shows how to enable the auto sensing function on the Gigabit Ethernet
5/1:
(config)# port gigabitethernet 5/1 link-status auto

(config)#

Setting Port Speed and the Transfer Mode
By default, the Gigabit Ethernet port on the Corecess S5 System can automatically match
transmission speed of the connected port. This function is called the auto-negotiation. The
maximum speed of the 10/100/1000Base-T port can be set as 10/100/1000Mbps by users
instead of auto-negotiation.
If the port speed is set as 10/100Mbps, full-duplex or half-duplex mode is operated. If the port
speed is set as 1000Mbps, only full-duplex is operated.
Note: The 1000Base-SX/LX port is only operated in full-duplex mode.
To change port speed and the transfer mode of the 10/100/1000Base-T port, use the following
commands.
Table 6-6 Changing the Port and the transfer mode
Command Task
1. Set the port speed of the specified port.

y <slot>/<port> Slot/Port number
y <port-speed> Transfer speed of the specified port
- 10 10Mbps
<slot>/<port> speed
- 100 100Mbps
<port-speed>
- 1000 1Gbps
- auto Auto-negotiation mode
- reset reset the auto-negotiation mode
2. Set the transfer mode of the specified port.

y <duplex-mode> Transfer mode of port
<slot>/<port> duplex
- auto Auto negotiation mode
<duplex-mode>
- full Full-duplex mode
- half Half-duplex mode
The following example shows how to change port speed and the transfer mode of the
10/100/1000Base-T port on the SCM module (5/1).
(config)# port gigabitethernet 5/1 speed 100

(config)# port gigabitethernet 5/1 duplex full

Configuring Flow Control (IEEE 802.3x)
You can enable or disable flow control of a port, which manages traffic rates during congestion.
If a port experiences congestion and cannot receive any traffic, flow control notifies the other
port to stop transmitting until the condition clears.
By default, flow control is disabled on the ports of the Corecess S5 System. To change flow
control status, use the following command in Global configuration mode:
Table 6-7 Configuring Flow Control Function
Command Task
y <slot>/<port> Port/Slot number
port gigabitethernet y <status> Flow control status
<slot>/<port> - on Enables flow control
flowctl <status> - off Disable flow control
- auto Auto-negotiation
The following example enables flow control on the Gigabit Ethernet port 5/1:
(config)# port gigabitethernet 5/1 flowctl on

(config)#
Setting the Port Name
You can assign a name to each port. If you use connected device information as port names, you
can manage the devices easily.
To set a port name, use the following command in Global configuration mode:
Table 6-8 Setting the Port Name
Command Task
<slot>/<port>
y <port-name> Port name (Maximum: 32 character)
name <port-name>
The following example shows how to set the name of the Gigabit Ethernet port 5/1.
(config)# port gigabitethernet 5/1 name uplink-port

(config)#

Setting the Port Trap
When port status is changed (up, down), a SNMP link trap is occurred, then the SNMP agent
notifies SNMP host or NMS of the trap occurrence.
By default, the SNMP link trap of the ports on the Corecess S5 System is disabled.
To set trap for a port, use the following command in Global configuration mode:
Table 6-9 Setting the port trap
Command Task
port gigabitethernet y <slot>/<port> Slot/Port number

<slot>/<port> trap y enable Enables the SNMP link trap for the port.
{enable | disable} y disable Disables the SNMP link trap for the port.
The following example enables the SNMP link trap on the Fast Ethernet port 5/1:
(config)# port gigabitethernet 5/1 trap enable

(config)#

Display the Gigabit Ethernet Port Information

You can see the port configuration, port status and received packet statistics using the show
port command in the Privileged mode.
The following example show information of all port on the Corecess S5 System using the show
port command.
# show port
Port Name Status Vlan FlwCtl Duplex Speed Type
----- --------------- ---------- ----- ------ ------ ------------- ----------
1/1 DEFAULT connected 1 off full 1000 1000BaseT
.
.
5/1 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
#
The table below describes the fields shown by the show port command:
Table 6-10 show port field descriptions
Field Description
Port Slot number/port number
Name Port name
Status Port admin status and network connection status
Vlan ID of the VLAN which the port belongs to
FlwCtl Status of the flow control
Duplex Duplex mode
Speed Port speed
Type Port type

The following example show information of the Gigabit Ethernet port 5/1 using the show
port command.
# show port gigabitethernet 5/1
Port Name Status Vlan FlwCtl Duplex Speed Type

---- ------- --------- ----- ------ ------ --------- -----------
AdminStatus Media-type STP RSTP Edge Trap LinkAgg

----------- ---------- -------- --------- ------- ---------
enable none disable disable disable off
Port Admin Speed Limited Speed Active Speed

----- ------------ ------------- -----------------
5/1 Desired None 1000
If Index Logical ID
---------- ----------
4 257
access-type : transparent
Port 5/1 Statistics Counters

All Unicast Multicast Broadcast Discard Error
---------- ---------- ---------- --------- ---------- ----------
in 0 0 0 0 0 0
out 0 0 0 0 0 0
Port Error Counters

input runt(0)/shortCRC(0)/normalCRC(0)/normalAlign(0)/longCRC(0)
output defered(0)/collision(single/multi/consecutive/late 0/0/0/0)
Extension status
#
The table below describes the fields shown by the show port command with a port number:
Table 6-11 show port with port argument field descriptions
Field Description
AdminStatus Admin status of the port (enable, disable).
Media-type Media type(MDI/MDIX) of the port (none).
STP STP status of the port (enable, disable).
RSTP Edge RSTP status of the port (enable, disable).

(Continued)

Field Description
Trap Whether to enable displaying trap messages of the port (enable, disable).
LinkAgg. LACP status of the port (on, off).
Admin Speed Maximum speed of the port.
Limited Speed Limited speed of the port.
Active Speed Current speed of the port.
If Index Interface number of the port.
Logical ID Logical ID of the port.
All Total number of the incoming/outgoing packets on the port.
Unicast Total number of the incoming/outgoing unicast packets on the port.

Port
Statistics Multicast Total number of the incoming/outgoing multicast packets on the port.
Counters
Broadcast Total number of the incoming/outgoing broadcast packets on the port.
(in/out)
Discard Number of the incoming/outgoing packets discarded on the port.
Error Number of the incoming/outgoing packets with errors on the port.
input runt Number of packet less then 64 byte without CRC error.
shortCRC Number of packet less than 64 byte with CRC error.
normalCRC Number of packet with CRC error
Number of incomplete packet that is not divided by eight with CRC

normalAlign
error.
Port Error longCRC Number of packet less than 1518 byte with CRC error
Counters
output
Number of packet that was not transmitted in the specified time.
defered
- single : Number of packet whose collision occurred once

- multi : Number of packet whose several collision occurred
collision - consecutive : Number of packet whose collision occurred continuously
- late : Number of packet whose collision is not checked in the specified
time

Configuring the Gigabit Ethernet PON Port

This section describes the configuration of the Gigabit Ethernet PON port and how to configure
and monitor the Gigabit Ethernet PON port.
Note: The LIM-EP4G-GR module has four GE-PON chips to perform the E-PON OLT function for each Gigabit
Ethernet PON port. Thus, the configuring the Gigabit PON port is the same as the configuring the GE-PON chip.
Basic Configuration of the Gigabit Ethernet PON Port

By default, the Gigabit Ethernet PON port of the Corecess S5 System is configured as follows:
Table 6-12 Basic Configuration of the Gigabit Ethernet PON Port
Port Status All port are enable to operate
Port Name DEFAULT
Port Speed 1000
Data Transfer Mode * Full-duplex mode
Bandwidth 1000Mbps
x Level-0 : 1msec
Polling interval of the bandwidth x Level-1 : 4msec
x Level-2 : 8msec
Maximum number of IGMP

0 (IGMP proxy function is disabled)
Group
*: Configuration is not changed
Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But, if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.

Configuring Gigabit Ethernet PON Port

This section describes following port configuration:
y Enabling or Disabling the Gigabit Ethernet PON port
y Setting the maximum bandwidth
y Setting the polling interval of the bandwidth group
y Configuring the maximum number of IGMP groups
y Executing loopback test
y Clearing the MAC address
y Restoring the default configuration
y Clear the statistics information
y Upgrading Firmware
Enabling or Disabling the Gigabit Ethernet PON Port
The Gigabit Ethernet PON (GE-PON) port is enabled by default. To change the operating status
of the Gigabit Ethernet PON port, use the following command in Global configuration mode:
Table 6-13 Enabling or Disabling the Gigabit Ethernet PON Port
Command Description
y <slot>/<port> Slot/port number of the GE-PON port

y disable Disable GE-PON port.
port epon <slot>/<port>
y all E-PON side and Network side
disable {all | epon-
y epon-side E-PON side (between GE-PON port and ONU)
side | network-side}
y network-side Network side (between GE-PON port and SCM
module)
The following example shows how to disable the E-PON side of the Gigabit Ethernet PON port 2/1:
(config)# port epon 2/1 disable epon-side

(config)#
The following example shows how to enable the E-PON side and the Network side of the
Gigabit Ethernet PON port 2/1:
(config)# no port epon 2/1 disable all
(config)#

Setting the Maximum Bandwidth
By default, the maximum bandwidth is not set to the Gigabit Ethernet PON (GE-PON) port of
the Corecess S5 System, thus the Gigabit Ethernet PON port use all of physical bandwidth to
transmit data. To configure the maximum bandwidth of the Gigabit Ethernet PON port, use the
following command in Privileged mode.
Table 6-14 Setting the Maximum Bandwidth
Command Task
2. Set the maximum bandwidth of the specified Gigabit Ethernet PON

port.
port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
aggregated-bandwidth y downstream Set the downstream bandwidth.
{downstream | upstream} y upstream Set the upstream bandwidth.
<bandwidth> <size> y <bandwidth> The maximum bandwidth of the GE-PON port
(0 ~ 1000Mbps, default:0)
y <size> The maximum size of the burst traffic (1 ~ 256Kbyte)
end 3. Return to Privileged mode
show port epon 4. Verify the configuration result.

<slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
aggregated-bandwidth y downstream Display the downstream bandwidth information.
{downstream | upstream} y upstream Display the upstream bandwidth information.
The following example shows how to configure the maximum downstream/upstream

bandwidth of the Gigabit Ethernet PON port 2/1, and verify the result:
(config)# port epon 2/1 aggregated-bandwidth downstream 1000 100

(config)# port epon 2/1 aggregated-bandwidth upstream 100 100
# show port epon 2/1 aggregated-bandwidth downstream
bandwidth(Mbps) burst size(KByte)
--------------- ----------------
1000 100
# show port epon 2/1 aggregated-bandwidth upstream
bandwidth(Mbps) burst size(KByte)
--------------- ----------------
100 100
#
Note: To disable the maximum bandwidth of the Gigabit Ethernet PON port, use no port epon
<slot>/<port> aggregated-bandwidth {upstream|downstream} command in Global
configuration mode.

Setting the Polling Interval of the Bandwidth Group
The Corecess S5 System assigns all logical links of the Gigabit Ethernet PON port to one of three
bandwidth groups (level-0, 1, 2) automatically, and the Corecess S5 System controls the
bandwidth for each group.
y level-0 : Link that the minimum bandwidth and the maximum bandwidth are set to the same value
(sensitive from processing delay).
y Level-1 : Link that the minimum bandwidth is bigger than 0.
y level-2 : Link that the minimum bandwidth is 0.
The bandwidth control applies only the upstream data and assigns the bandwidth to the
specific group depend on the configured polling interval. For example, if the polling interval is
2msec, the Corecess S5 System looks up the bandwidth every 2 msec to transmit the upstream.
If there is a appopriate bandwidth, the timeslot is assigned to the link to transmit the upstream.
By default, the polling intervals of the bandwidth group (level-0, 1, 2) are specified as each 1, 4
and 8msec. To change the polling interval of the bandwidth group, use the following command
in Privilege mode.
Table 6-15 Setting the Polling Interval of the Bandwidth Group
Command Task
2. Set the polling interval of the bandwidth group for the link of the
GE-PON port
dba polling-rate
y <slot>/<port> Slot/Port of the GE-PON port
<interval-0>
y <interval-0> Polling interval of level-0 group (0 ~ 4000msec)
<interval-1>
<interval-2>
show port epon

4. Verify the configuration result.
<slot>/<port>
dba polling-rate
The following example shows how to change the polling interval of the bandwidth group for
the link of the Gigabit Ethernet PON port 2/1 and verify the result.
(config)# port epon 2/1 dba polling-rate 2 5 10

(config)# end

# show port epon 2/1 dba polling-rate

level 0(msec) level 1 level 2
------------- ------- -------
2 5 10
#
Note: To clear the polling rate of the bandwidth group, use no port epon <slot>/<port> dba
polling-rate command in Global configuration mode.
Configuring the Maximum Number of IGMP Groups
By default, the maximum number of IGMP groups is ‘0’ not to operate the IGMP proxy function
on all Gigabit Ethernet PON ports.
To enable the IGMP proxy function on Gigabit Ethernet PON ports and specify the maximum
number of IGMP groups, use the following command in Privileged mode.
Table 6-16 IGMP Configuring the Maximum Number of IGMP Groups
Command Description
2. Set the maximum number of IGMP group.

y <slot>/<port> Slot/Port number of the GE-PON port
igmp-proxy group
y <number> The maximum number of IGMP Groups (0 ~ 4906). If
<number>
the value is set to 0, IGMP proxy function is disabled.
show port epon 4. Verify the result.

<slot>/<port> igmp y <slot>/<port> Slot/Port number of the GE-PON port
The following example shows how to set the maximum number of IGMP group including the
Gigabit Ethernet PON port 2/1 and verify the result.
(config)# port epon 2/1 igmp-proxy group 2048

(config)# end
# show port epon 2/1 igmp
min bw(Mbps) max bw(Mbps) delay max burst(KByte) max IGMP group
------------ ------------ --------- ---------------- --------------
100 100 tolerant 2 2048
#

Executing Loopback Test
Specify the number and size of loopback packets before loopback test in the Gigabit Ethernet
PON port.
To execute the loopback test in the specific Gigabit Ethernet PON port, use the following
Table 6-17 Configuring Loopback Parameters
Command Description
Configure terminal 1. Enter Global configuration mode.
port epon <slot>/<port> 2. Specify packet number and size

loopback param y <slot>/<port> Slot/Port number of the GE-PON port
frame <number> y <number> Number of loopback packets to transmit (1 ~ 1000)
pyld-size <size> y <size> Size of loopback packets to transmit (46 ~ 1500byte)
3. Execute the loopback test on the specified link.

loopback {link-id <llid> | y <llid> Proper ID of the logical link
link-mac <mac>} y <link-mac> MAC address of ONU
location {mac | phy} y mac loopback the packet in the Data link layer.
y phy loopback the packet in the Physical layer.
5. Verify the loopback result.

show port epon <slot>/
<port> {link-id <llid> |
y <llid> Proper ID of the logical link
link-mac <mac>} loopback
y <link-mac> MAC address of ONU
The following example shows how to set parameters (number and size of packets) for the
loopback test and execute the loopback test on the link of the Gigabit Ethernet 2/1:
(config)# port epon 2/1 loopback param frame 10 pyld-size 100

(config)# port epon 2/1 loopback link-id 3700 location mac
(config)# end
# show port epon 2/1 link-id 3700 loopback
frame sent frame recv bad frame min delay(usec) max delay average delay
---------- ---------- --------- --------------- --------- -------------
10 10 0 4100 10000 5220
#

Note: If the loopback test is executed without the parameter setting, the following message is displayed.
(config)# port epon 2/1 loopback link-id 3700 location mac

% loopback parameter MUST be configured
(config)#
Clearing the MAC Address
To clear all MAC addresses (dynamic MAC address, static MAC address) learnt from the
Gigabit Ethernet PON port, use the following command in Privileged mode.
Table 6-18 Clearing the MAC Address
Command Description
clear port epon <slot>/<port>

mac-address
The following example shows how to clear all MAC addresses learnt from the Gigabit Ethernet
PON port 2/1:
(config)# clear port epon 2/1 mac-address

(config)#
Resetting the Gigabit Ethernet PON Port
To reset the Gigabit Ethernet PON port, use the following command in Global configuration
mode.
Table 6-19 Resetting the Gigabit Ethernet PON Port
Command Description

y <slot>/<port> Slot/Port number of the GE-PON port to reset
reset
The following example shows how to reset the Gigabit Ethernet PON port 2/1:
(config)# port epon 2/1 reset

Reset OLT success
(config)#
Note: If the Gigabit Ethernet PON port is reset, the bandwidth and the VLAN mode information are maintained.
To restore the defult port configuration, use port epon <slot>/<port> restore command in

Restoring the Default Configuration
To clear the configuration information of the Gigabit Ethernet PON port and restore the default
setting, use the following command in Global configuration mode.
Table 6-20 Restoring the Default Configuration
Command Description

restore
The following example shows how to restore the default setting of the Gigabit Ethernet PON port
2/1:
(config)# port epon 2/1 restore

restore OLT success
(config)#
Caution: After executing restore command, all setting values that set to specific OLT(port) are changed to
default values; thus, confirm the configurations before excute restore command.
Clearing the Statistics Information
To clear the statistics information of the Gigabit Ethernet PON port, use the following
command in Global configuration mode.
Table 6-21 Clearing the Statistics Information
Command Description
clear port epon

y <slot>/<port> Slot/Port number of the GE-PON port to clear
<slot>/<port> counter
The following example shows how to clear the statistics information of the Gigabit Ethernet PON
port 1/.2:
(config)# clear port epon 1/2 counter

(config)#

Upgrading Firmware
You can upgrade the chip firmware of the Gigabit Ethernet PON port on the Corecess S5
System. To upgrade the firmware, use the following command in Privileged mode.
Table 6-22 Upgrading Firm ware
Command Description
show port epon 1. Check the image version of the GE-PON port.
<slot>/<port> information y <slot>/<port> Slot/Port number of the GE-PON port
2. Download the firmware image file from TFTP or FTP server.

copy {tftp <host-ip> |
y <host-ip> IP address of TFTP or FTP server
ftp <host-ip> [id <login-
y <login-id> Login ID of FTP server
id> passwd <password>]}
y <password> Login password of FTP server
flash image <file-name>
y <file-name> Name of the firmware image file
show flash config 4. Check if the file is successfully downloaded.
port epon <slot>/<port> 4. Upgrade the firmware of the GE-PON port.

upgrade firmware y <slot>/<port> Slot/Port number of the GE-PON port
<file-name> y <file-name> Name of the firmware image file
show port epon <slot>/ 6. Verify the upgrading status of the firmware.
<port> upgrade-status y <slot>/<port> Slot/Port number of the GE-PON port
configure terminal 7. Return to Global configuration mode.
port epon <slot>/<port> 8. Reset the GE-PON port

reset y <slot>/<port> Slot/Port number of the GE-PON port
show port epon 10. Verify the image version of the GE-PON port.
<slot>/<port> information y <slot>/<port> Slot/Port number of the GE-PON port
The following example shows how to upgrade the firmware of the Gigabit Ethernet PON port 2/1:
# show port epon 2/1 information

Not provide Vendor specific info!
mac addr IEEE OUI product code product version Firmware version
----------------- -------- ------------ --------------- ----------------
00:90:a3:21:50:00 0090a3 3721 060 0103
# copy ftp 172.18.80.14 id guest passwd guest flash image App3721Asic_R
104_Amd16.tkf
.../App3721Asic_R104_Amd16.tkf: 493666 bytes 649.74 kB/s

done
# show flash config
Configuratin flash directory:
----- --------------- -----------------------------------
1 493666 App3721Asic_R104_Amd16.tkf
2 615 startup-config
3 0 startup-config.sav
(config)# port epon 2/1 upgrade firmware App3721Asic_R104_Amd16.tkf
100 percent download !. writing image to flash
It will take more than 20 second. Please wait..
(config)# end
# show port epon 2/1 upgrade-status
OLT Firmware Upgrade Status : 2/1

STATUS : Success
IMGNAME : App3721Asic_R104_Amd16.tkf
start-time : 2h:39m:26s
end-time : 2h:40m:2s
(config)# port epon 2/1 reset
(config)# end
----------------- -------- ------------ --------------- ----------------
00:90:a3:21:50:00 0090a3 3721 060 0104
Caution: Frimware upgrade can not be executed on over two ports at the same time. If firmware upgrade is
being executed on a particuar port, excute show port epon <slot>/<port> upgrade-status
command, then verify upgrade result (‘success’ or ‘fail’ message) and proceed firmware upgrade.

Monitoring the Gigabit Ethernet PON Port

This section describes how to monitor the Gigabit Ethernet PON port.
Displaying the Chip Information
To display the chip information of the Gigabit Ethernet PON port, use the following command
in Privileged mode.
Table 6-23 Displaying the Chip Information
Command Description
show port epon <slot>/<port>

information
The following example shows how to display the chip information of the Gigabit Ethernet PON
port 1/2:

----------------- -------- ------------ --------------- ----------------
00:90:a3:21:50:00 0090a3 3721 060 0103
The table below describes the fields shown by the show port epon information command.
Table 6-24 show port epon information field description
Field Description
mac addr MAC Address of the GE-PON chip
IEEE OUI Vendor of the GE-PON chip
product code Code number of the GE-PON chip
product version Version of the GE-PON chip
Firmware version Firmware version of the GE-PON chip

Displaying the Link Information
To display the link information of the specific Gigabit Ethernet PON port, use the following
commands in Privileged mode.
Table 6-25 Displaying the Link Information
Command Description
show port epon <slot>/<port> Display all registered links on the specified GE-PON port.
registered-link y <slot>/<port> Slot/Port of the GE-PON port
show port epon <slot>/<port> Display blocked links on the specified GE-PON port.
block-link y <slot>/<port> Slot/Port of the GE-PON port
The following example shows how to display all registered links on the Gigabit Ethernet PON port
2/1:
# show port epon 2/1 registered-link

slot port llid mac address
---- ---- ------ -----------------
2 1 3700 54:4b:37:01:1a:01
2 1 3701 54:4b:37:01:1a:02
2 1 3702 54:4b:37:01:1a:03
2 1 3703 54:4b:37:01:1a:04
2 1 3704 54:4b:37:01:1a:05
2 1 3705 54:4b:37:01:1a:06
total : 6
#
The following example shows how to display blocked links on the Gigabit Ethernet PON port 2/1:
# show port epon 2/1 block-link

mac address
-----------------
54:4b:37:01:1a:03
#

Displaying the Statistics Information
To display the statistics information of the Gigabit Ethernet PON port, use the following
Table 6-26 Displaying the Statistics Information
Command Description

y epon Statistics information of E-PON side (between GE-PON
show port epon <slot>/<port> port and ONU)
counter {epon | network} y network Statistics information of network side (between GE-
{downstream | upstream} PON port and SCM module)
y downstream Statistics information of downstream packets
y upstream Statistics information of upstream packets
The following example shows how to display the downstream packet information of E-PON
side on the Gigabit Ethernet PON port 1/2:
# show port epon 2/1 counter epon downstream

octects packet unicast
-------------------- -------------------- --------------------
303,568 623 621
broadcast multicast crc-error discard

-------------------- -------------------- -------------------- --------------
0 0 0 0
#
The table below describes the fields shown by the show port epon counter command.
Table 6-27 show port epon counter field description
Field Description
octects Number of octets
packet Number of packets
unicast Number of unicast packets
broadcast Number of broadband packets
multicast Number of multicast packets
crc-error Number of packets with CRC error
discard Number of discarded packets

Displaying Register Information of ONU
To display parameter settings used for ONU registration, use the following command in
Privileged mode.
Table 6-28 Displaying Register Information of ONU
Command Description

discovery
The following example shows how to display the parameter settings.
# show port epon 2/1 discovery

period(msec) window size(byte)
------------ ------------------
1000 16319
#
The table below describes the fields shown by the show port epon discovery command.
Table 6-29 show port epon discovery field description
Field Description
period ONU discovery interval (1000 msec)
window size Time interval to decide whether or not the SLA setting of ONU is allowed

Configuring the Link of the Gigabit Ethernet PON Port

The Corecess S5 System searches for ONUs connected with splitter automatically and assigns
LLID (Logical Link Identification) values to each link (or logical link). The LLID is an identifier
to identify link. In case of the downstream frame, the LLID indicates which ONU should be
received the frame. The other hand, in case of the upstream frame, the LLID indicates which
ONU sent the frame.
The Corecess S5 System supports the maximum of three links per an ONU and the maximum of
96 (32x3) per the Gigabit Ethernet PON port.
This section describes the basic configuration of the Gigabit Ethernet PON link and how to
configure the Gigabit Ethernet PON links between the Corecess S5 System and ONUs.
Basic Configuration of the Gigabit Ethernet PON Link

The basic configuration of the Gigabit Ethernet PON link is as follows:
Table 6-30 Basic Configuration of the Gigabit Ethernet PON Link
Link Status All links are enabled.
Maximum/Minimum Downstream Bandwidth 1000Mbps
Maximum/Minimum Upstream Bandwidth 100Mbps
Configuration status of Processing delay Tolerant
Size of Burst traffic 100KByte
VLAN Mode Simple bridging
Number of MAC Address Entry 64

Configuring Gigabit Ethernet PON Link

Thos section describes following link configuration:
y Configuring SLA parameters
y Setting encryption key exchange timer
y Adding MAC address
y Block link registration
y Rediscovering link
y Clearing link configuration
Note: If you retrieve the LLID and MAC addresses of the Gigabit Ethernet PON link between the Corecess S5
System and OUNs, use show port epon <slot>/<port> registered-link command in
Privileged mode.
Configuring SLA Parameters
To decide the service level provided to subscribers, the following SLA (Service Level
Agreement) parameters should be configured.
Table 6-31 Type of SLA Parameter
SLA Parameter Description
Minimum Upstream Minimum upstream bandwidth (0 ~ 1000Mbps, default: 100Mbps)

Bandwidth
Downstream Minimum downstream bandwidth (0 ~ 1000Mbps, default: 1000Mbps)
Maximum Upstream Maximum upstream bandwidth (0 ~ 1000Mbps, default: 100Mbps)

bandwidth
Downstream Maximum downstream bandwidth (0 ~ 1000Mbps, default: 1000Mbps)
Processing delay level (sensitive, tolerant)

Delay If data is sensitive for processing delay such as voice, the processing
delay level can be set to sensitive. Then, the data of the link is sent first.
Size of burst traffic (1 ~ 256Kbyte, default: 100Kbyte)

Burst size
Burst traffic is suddenly increased traffic such as Internet traffic.

To configure SLA parameters of the Gigabit Ethernet PON link, use the following command in
Table 6-32 Configuring SLA Parameters
Command Task
2. Set SLA parameters of the specified link.

port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port
{link-id <llid> | y <llid> Proper ID of link
link-mac <link-mac>} y <link-mac> MAC address of link
{down-bw | up-bw} y down-bw Set downstream bandwidth
<min-bandwidth> y up-bw Set upstream bandwidth
<max-bandwidth> y <min-bandwidth> Minimum bandwidth of link (0 ~ 1000Mbps)
delay {sensitive | y <max-bandwidth> Maximum bandwidth of link (0 ~ 1000Mbps)
tolerant} y sensitive Set to be sensitive for processing delay
y tolerant Set not to be sensitive for processing delay
3. Enable SLA parameter of the specified link.

{link-id <llid> |
y <llid> Proper ID of link
link-mac <link-mac>}
y <link-mac> MAC address of link
{down-bw | up-bw}
y down-bw Enable SLA setting of downstream link.
enable
y up-bw Enable SLA setting of upstream.

show port epon <slot>/ y <slot>/<port> Slot/Port number of the GE-PON port
<port> {link-id <llid> y <llid> Proper ID of link
| link-mac <link-mac>} y <link-mac> MAC address of link
{up-bw | down-bw} y down-bw Display downstream bandwidth.
y up-bw Display upstream bandwidth.
Caution: If the processing delay is set to sensitive, the minimum bandwidth and the maximum bandwidth
should be specified with the same value.
The following example shows how to configure SLA parameters of the specified link on the
Gigabit Ethernet PON port 2/1 and verify the result.
(config)# port epon 2/1 link-id 3700 down-bw 1000 1000 delay sensitive
(config)# port epon 2/1 link-id 3700 down-bw enable
(config)# end
# show port epon 2/1 link-id 3700 down-bw
min bw(Mbps) max bw(Mbps) delay max burst(KByte) state
------------ ------------ --------- ---------------- -------
1000 1000 sensitive 100 enable
#

Note: To clear the SLA parameter setting, use no port epon <slot>/<port> {link-
id|link-mac} {up-bw|down-bw} command.
Setting Encryption Key Exchange Timer
By default, the Corecess S5 System encrypts frames, which communicated through links, using
128bit AES (Advanced Encryption Standard) algorithm, and the encryption key exchange timer
is not set.
To set the encryption key exchange timer for 128bit AES, use the following command in Global
configuration mode.
Table 6-33 Setting Encryption Key Exchange Timer
Command Task

2. Set Encryption Key Exchange Timer of the specified link.
{link-id <llid> |
encrypt key-exchange-timer
y <second> Encryption Key Exchange Time (1 ~ 65535
<second>
second)
show port epon <slot>/ 4. Verify the configuration result.

<port> {link-id <llid> | y <slot>/<port> Slot/Port number of the GE-PON port
link-mac <link-mac>} y <llid> Proper ID of link
key-exchange-timer y <link-mac> MAC address of link
The following example shows how to set the encryption key exchange timer to 10 seconds for
the specified link whose ID is 3700 on the Gigabit Ethernet PON port 2/1.
(config)# port epon 2/1 link-id 3700 encrypt key-exchange-timer 10

(config)# end
# show port epon 2/1 link-id 3700 key-exchange-timer
AES key exchange timer : 10
#

Adding MAC Address
The following table describes how to add a static MAC address to a particular link.
Table 6-34 Adding MAC Address
Command Task

port epon <slot>/<port> 2. Add a MAC address to a particular link.
{link-id <llid> | y <slot>/<port> Slot/Port of the GE-PON port
mac-address static y <link-mac> MAC address of link
<mac-address> y <mac-address> MAC address added to the link

<port> {link-id <llid> | y <slot>/<port> Slot/Port number of the GE-PON port
mac-address static y <link-mac> MAC address of link
The following example shows how to add a static MAC address to the specified link whose ID
is 3700 on the Gigabit Ethernet PON port 2/1.
(config)# port epon 2/1 link-id 3700 mac-address static 00:90:fe:22:62:52

(config)# end
# show port epon 2/1 link-id 3700 mac-address static
mac address
-----------------
00:90:fe:22:62:52
#

Blocking Link Registration
To block the transmission of the user traffic through a particular link of the Gigabit Ethernet
PON port, set the link not to be registered to the port.
To set a particular link not to be registered to the Gigabit Ethernet PON port, use the following
Table 6-35 Controlling Link Registration
Command Task
2. Set the link not to be registered to the port.

{link-id <llid> |
link-mac <link-mac>} block

<port> block-link y <slot>/<port> Slot/Port number of the GE-PON port
The following example shows how to set the link not to be registered to the Gigabit Ethernet
PON port 2/1 and verify the result:
(config)# port epon 2/1 link-id 3702 block

(config)# end
# show port epon 2/1 block-link
mac address
-----------------
54:4b:37:01:1a:03
#
Note: To set a particular link to be registered to the port, execute no port epon <slot>/<port>
{link-id <llid> | link-mac <link-mac>} block command in Global configuration
mode.

Rediscovering Links
To rediscover a particular link, use the following command in Global configuration mode.
Table 6-36 Rediscovering Links
Command Description

{link-id <llid> |
rediscovery
The following example shows how to rediscover a particular link on the Gigabit Ethernet PON
port 2/1:
(config)# port epon 2/1 link-id 3702 rediscovery

(config)#
Clearing Link Configuration
To clear configuration information (VLAN mode, SLA parameter setting and so on) configured
on a particular link, use the following command in Global configuration mode.
Table 6-37 Clearing Link Configuration
Command Description
clear port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
{link-id <llid> | link-mac y <llid> Proper ID of link
<link-mac>} provision y <link-mac> MAC address of link
The following example shows how to clear the configuration information of the link whose ID
is 3701 on the Gigabit Ethernet PON port 2/1:
(config)# clear port epon 2/1 link-id 3701 provision

(config)#

Configuring Bridging Mode of Link

The Corecess S5 System supports the bridging function based on MAC, VLAN and Layer 3. You
can apply the flexible security policy to the various applications with the bridging function.
The Corecess S5 System provides dynamic or static MAC-based filtering and packet
classification function. The Corecess S5 System also supports several links (or logical links).
VLAN can be applied to several links which consist of a link or a broadcast domain (Shared
VLAN group). The Shared VLAN group works as a virtual bridge and is effective for multi-
service which provides reliable quality to each service. The downstream bridging is decided
depending on a VLAN or a combination of IPv4 TOS and DA fields.
The Corecess S5 System supports the maximum of three links per an ONU, which connected to
the Gigabit Ethernet PON port. Each link can be consisted of a bridging mode and be managed
independently. All ONU can classify packets by the filtering rule and send the classified packets
by the priority of queue.
The Gigabit Ethernet PON link of the Corecess S5 System can be consisted of nine types of the
bridging mode as follows:
y Simple Bridge
y Single VLAN
y Double-vlan
y Shared-vlan
y Transparent VLAN
y Translated-vlan
y Priority-vlan
y Priority-shared-vlan
y Cross-connect
This section describes how to configure various bridging modes on the Gigabit Ethernet PON
link.

Configuring Simple Bridge
In the Simple bridge mode, the Corecess S5 System works as a bridge, and ports are dividesd
into two types as follows:
y Network-side port: connects the Corecess S5 System to an upstream device such as an edge router or a
switch.
y User-side port: corresponds to LLID (Logical Link ID).
In the Simple bridge mode, an upstream frame can have a VLAN tag, but the system ignores the
VLAN tag. And a downstream frame has the VLAN tag also is dropped. The Simple bridge is
appropriate for applications that use the normal Ethernet bridge.
Upstream
A frame arrived to user-side ports is only forwarded to a network-side ports by their
destination address. At this moment, if the frame has destination addresses learnt from other
user-side port, the frame is droped. And, if the frame has a destination address which is not in
the address table, the frame is flooded to all network-side ports.
Corecess 3804T ONU - A

Port 1
EPON 0 Queue 0 Port 2

Link 0 UNI
Link 1 Port 3
Queue 1
Corecess S5 OLT
Port 4
EPON 0
Link 0
Uplink 1 Link 1
Link 2
Link 3 Corecess 3804T ONU - B
Port 1

Link 2 UNI
Link 3 Port 3
Queue 1
Port 4

Downstream
A frame arrived to a network-side port is only forwarded to a user-side port. At this moment, if
the fame has a destination address which is not in the address table, the fame is flooded to all
network-side ports. When the fame is flooded to all user-side ports, the broadcast LLID is used.
Corecess 3804T ONT - A

Port 1

Link 0 UNI
Link 1 Queue 1 Port 3
Broadcast
Corecess S5 OLT
Flooding Port 4
EPON 0
Link 0
Uplink 1 Link 1
Link 2
Link 3 Corecess 3804T ONT - B
Broadcast Port 1

Link 2 UNI
Broadcast
Flooding Port 4
By default, the Simple bridge mode is set on the Gigabit Ethernet PON link of the Corecess S5
System. To configure the Simple bridge mode on a particular Gigabit Ethernet PON link, use
the following command.
Table 6-38 Configure Simple bridge Mode
Command Description
Set a link to Simple bridge mode.

{link-id <llid> |
bridge-mode normal-brg
y <number> Maximum number of MAC address learnt form
<number>
link (0 ~ 64)
The following example shows how to configure the 3700 link of the Gigabit Ethernet PON port 2/1
to Simple Bridge mode and verify the result.
(config)# port epon 2/1 link-id 3700 bridge-mode normal-brg 64

(config)# end
# show port epon 2/1 link-id 3700 bridge-mode

mode mac entry

--------------------------- ---------
simple bridge 64
#
Configuring Transparent VLAN
In Transparent VLAN mode, the VLAN tag information of all forwarded frames is maintained.
Transparent VLAN mode is appropriate for applications that users use their own VLAN tag
value.
Upstream
Since downstream bridging is only decided by VID, it does not need to learn a destination
address of a upstream frame. All upstream frames arrived on links, which consist of transparent
VLAN, are forwarded.

Port 1

Link 0 UNI
Link 1 Port 3
Queue 1
Corecess S5 OLT
Port 4
EPON 0
Link 0
Uplink 1 Link 1
Link 2
Link 3 Corecess 3804T ONT - B
Port 1

Link 2 UNI
Link 3 Port 3
Queue 1
Port 4

Downstream
In Transparent VLAN, each link supports the maximum of 62 VLAN tags. When a downstream
frame that has tag value is arrived on the OLT’s uplink port, the OLT compares tag value of the
frame with tag value configured by a host, then OLT forwards the frame through the
Transparent VLAN link which has the same VID value. If a downstream frame does not have
tag value, OLT drops the downstream frame.

Port 1

Link 0 UNI
Corecess S5 OLT
VID=2000
Port 4
EPON 0
VID Link
VID=2000
2000
Link 0
Uplink 1 2001 VID=2010
VID=2010 Corecess 3804T ONT - B
2010
Link 1 Port 1
2003
VID=2004
2004 VID=2004 EPON 0
Link 2 Port 2
2020 Link 2 Queue 0
UNI
Port 3
Port 4
To configure Transparent VLAN mode on the Gigabit Ethernet PON link, use the following
Table 6-39 Configuring Transparent VLAN mode
Command Task
1. Configure a link to Transparent VLAN mode.

{link-id <llid> | link-mac y <llid> Proper ID of the link
<link-mac>} bridge-mode y <link-mac> MAC address of the link
transparent <number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)
2. Set tag value of the link.
{link-id <llid> | link-mac
y <llid> Proper ID of the link
<link-mac>} tag-map
y <link-mac> MAC address of the link
transparent <vlan-id>
y <vlan-id> tag value of the link (VLAN ID)
to Transparent VLAN mode and verify the result.

(config)# port epon 2/1 link-id 3700 bridge-mode transparent 64

(config)# port epon 2/1 link-id 3700 tag-map transparent 2000
(config)# end
mode mac entry
--------------------------- ---------
transparent vlan 64
#
Note: To clear bridge mode and tag value on a particular link, execute no port epon
<slot>/<port> {link-id <llid> | link-mac <link-mac>} tag-map command in
Global configuration mode. This command clears tag-mapping information of the link, and change bridge mode
to normal bridge mode (default bridge mode).
Configuring Single VLAN
Single VLAN mode removes a user defined VLAN tag before adding VLAN tag provided from
the network. Unlike Transparent VLAN mode, Single VLAN mode allows the network
administrator can control VLAN tags inserted to the core network.
Upstream
When a tagged upstream frame is arrived on the link configured Single VLAN, the frame is
forwarded after the tag is removed. If a tagged upstream frame has over one VLAN tag, the
outermost tag (the nearest tag of Layer 2 Source Address)is only removed. An upstream frame
that does not have a tag is simply forwarded.

Port 1
EPON 0 Queue 0
Port 2
Link 0 UNI
Corecess S5 OLT
Port 4
VID=5
EPON 0
VID=2000 VID Link
2000 Link 0
Uplink 1 VID=2010 2010 Link 1
Corecess 3804T ONT - B
2004 Link 2
VID=2004 Port 1
EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3
Port 4

Downstream
If a tagged downstream frame is matched with a link configured to Single VLAN, the frame is
received by the uplink port of the OLT, and the tag is removed before the frame is forwarded to
the link. An untagged downstream frame is discarded.

Port 1

Link 0 UNI
Corecess S5 OLT
Port 4
EPON 0
ID=2000 VID Link
2000 Link 0
Uplink 1 ID=2010 2010 Link 1
2004 Link 2 Port 1
ID=2004
EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3
Port 4
To configure the Gigabit Ethernet PON link to Single VLAN mode, use the following command
in Global configuration mode.
Table 6-40 Configuring Single VLAN
Command Task
1. Configure the link to Single VLAN mode.

{link-id <id> | link-mac y <llid> Proper ID of the link
<mac>} bridge-mode single y <link-mac> MAC address of the link
<number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)

<mac>} tag-map single y <link-mac> MAC address of the link
<vlan-id> <priority> y <vlan-id> tag value of the link (VLAN ID)
y <priority> packet priority (0 ~ 7, 0 is the highest priority)
to Single VLAN mode and verify the result.

(config)# port epon 2/1 link-id 3701 bridge-mode single 64

(config)# port epon 2/1 link-id 3701 tag-map single 2000 0
(config)# end
mode mac entry
--------------------------- ---------
single vlan 64
#
Configuring Double VLAN
Since Double VLAN mode maintains VLAN tag information that a user specifies, data of an
uplink port have over two VLAN tags. One is provided by the network, and another is specified
by a user. The outermost tag (the nearest tag of Ethertype field), assigned by the network, can
controls switching and traffic engineering. The other hand, the nearested tag, assigned by a
user, should be configured how to process it. In case of upstream, the tag is added by OLT. The
other hand, in case of downstream, the tag is discarded before transmited to subscribers.

Port 1
EPON 0 Queue 0
Port 2
Link 0 UNI
Corecess S5 OLT
Port 4
VID=5
EPON 0
VID=2000, VID=5 VID Link
2000 Link 0
Uplink 1 VID=2010 2010 Link 1
2004 Link 2
VID=2004 Port 1
EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3
Port 4

To configure a particular link to Double VLAN mode, use the following command in Global
configuration mode.
Table 6-41 Configuring Double VLAN
Command Task
1. Configure the link to Double VLAN mode.

<mac>} bridge-mode y <link-mac> MAC address of the link
double <number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)

<mac>} tag-map double y <link-mac> MAC address of the link
<vlan-id> <priority> y <vlan-id> tag value of the link (VLAN ID)
y <priority> packet priority (0 ~ 7, 0 is the highest priority)
to Double VLAN mode and verify the result.
(config)# port epon 2/1 link-id 3701 bridge-mode double 64

(config)# port epon 2/1 link-id 3701 tag-map double 2000 0
(config)# end
mode mac entry
--------------------------- ---------
double vlan 64
#

Configuring Shared VLAN
Shared VLAN mode works as a virtual bridge, which divides PON to several broadcast
domain. Each broadcast domain consists of at least one link.
Shared VLAN mode can divide PON based on service types. For example, One Shared VLAN
can be used exclusively for voice traffic, and another VLAN can be used exclusively for data
service.
If a particular link is configured as Shared VLAN mode, the link is added to the Shared VLAN,
and a VLAN tag is assigned. All links configured the Shared VLAN with the same VLAN ID are
said to be members of the same Shared VLAN multicast group. Each Shared VLAN has a
broadcast channel, and the broadcast channel can isolate broadcast traffic of the same group
member from broadcast traffic of other links. There is no bound on the number of links
configured as a Shared VLAN, but two links with the same destination UNI port can not be
included in the same Shared VLAN.
Filtering and classification on OLT and ONU are used to support an additional security
function.
Upstream
When an upstream frame is received on a link of Shared VLAN, the OLT adds a VLAN tag
before forwarding the frame to the core network. OLT learns the destination address of the
upstream frame as dynamic MAC address filtering rule for downstream bridging.

Port 1
EPON 0 Queue 0
Port 2
Link 0 UNI
Corecess S5 OLT
Port 4
EPON 0
VID=1
Link 0
VID=2 Link 1
Uplink 1
VID=1 Link 2
Link 3
VID=2 Port 1
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Port 4

Downstream
A tagged downstream frame identifying a Shared VLAN group is received by the OLT’s uplink
port, and the tag is removed before forwarding the frame. A downstream frame which can not
identify the destination address is broadcasted to Shared VLAN. These frames are forwarded to
all links of the Shared VLAN group, but are not forwarded to other links. If there is a certain
destination address, the frames are forwarded to the link.

Port 1
EPON 0 Queue 0
Port 2
Link 0 UNI
Corecess S5 OLT Multicast0
Multicast1 Port 4
EPON 0
VID=1 Link 0
VID=2
Link 1
Link 2
Uplink 1 VID=1
VID=2
Link 3
Multicast 0
VID=1 Port 1
Multicast 1
VID=2
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Multicast0
Multicast1 Port 4
To configure a particular link as Shared VLAN mode, use the following command in Global
configuration mode.
Table 6-42 Configuring Shared VLAN
Command Task
1. Configure the link to Shared VLAN mode.

<mac>} bridge-mode share y <link-mac> MAC address of the link
the link (0 ~ 64)

{link-id <id> | link-mac
y <llid> Proper ID of the link
<mac>} tag-map share <vlan-
y <link-mac> MAC address of the link
id>
y <vlan-id> tag value of the link (VLAN ID)

to Shared VLAN mode and verify the result.
(config)# port epon 2/1 link-id 3701 bridge-mode share 64

(config)# port epon 2/1 link-id 3701 tag-map share 2000
(config)# end
mode mac entry
--------------------------- ---------
shared vlan 64
#

Configuring Translated VLAN
Translated VLAN mode is used when the uniqueness of VLAN tags used by subscribers
connected to one EPON cannot be guaranteed, for example, in the case when VLAN tag values
are selected by the subscribers themselves. In Translated VLAN mode, an OLT changes a user
tag and unique LLID to 2-tuple and a network VLAN tag for each upstream frame. OLT also
changes a network VLAN to a user VLAN tag and a unique LLID for downstream frames.
Upstream
A tagged upstream frame is arrived on a user-side port, the OLT changes a non-unique tag to a
unique VLAN tag using the original VLAN tag and LLID field of the arrived frame. An
untagged upstream frame is discarded.

Port 1

Link 0 UNI
Corecess S5 OLT
EPON 0 VID=1
Port 4
Translations Link
2001 2000 Link
VID=2000 1 2 0
2003 2010 Link VID=1
Uplink 1 VID=2010
1 2 1
VID=2020 2004 2020 Link
Port 1
3 4 2
EPON 0 Port 2
VID=4 Link 2 Queue 0
UNI
LLID .. 8100 4 Port 3
Port 4
Downstream
When an untagged downstream frame is received to an uplink port of OLT, the OLT changes
VLAN tag value to a new non-unique value which a user use, then selects each user-side port
based on the VLAN tag value of the frame. An untagged downstream frame is discarded.


Port 1

Link 0 UNI
Corecess S5 OLT
EPON 0 VID=1
Port 4
Net User Link
VID VID
VID=2000 2000 1 Link
2001 2 0 VID=1
Uplink 1
VID=2010 2010 1 Link
2003 2 1
Port 1
VID=2004 2004 3 Link
2020 4 2 User VID=3 EPON 0 Port 2
Link 2 Queue 0
UNI
Port 3
Port 4
To configure the Gigabit Ethernet PON link to Translated VLAN mode, use the following
Table 6-43 Configuring Translated VLAN
Command Task
1. Configure the link to Translated VLAN mode.

<mac>} bridge-mode y <link-mac> MAC address of the link
translate <number> y <number> Maximum number of MAC address learnt form
the link (0 ~ 64)
<mac>} tag-map translate y <link-mac> MAC address of the link
<vlan-id> <trans-vlan-id> y <vlan-id> tag value of the link (VLAN ID)
y <trans-vlan-id> tag value after changing (VLAN ID)
to Translated VLAN mode and verify the result.
(config)# port epon 2/1 link-id 3701 bridge-mode translate 64

(config)# port epon 2/1 link-id 3701 tag-map translate 2000 1
(config)# end

mode mac entry

--------------------------- ---------
translated vlan 64
#
Configuring Priority VLAN
Priority VLAN mode uses the VID carried by the downstream frame to select a ONU and the
802.1p priority (VLAN CoS) field or IPv4 ToS field to select a particular link of that ONU. This
mode allows mapping of user-side priority information, such as the IP-precedence or TOS field,
into each link. The service class on network-side is decided depending on the VLAN priority.
Note: Links which is in the same ONU use the same VID values.
In downstream, switching is executed in two steps. The first step is that the VID is used to select
a link group. The second step is that the priority field is used to select the specific link of the
selected link group. The priority can be a value or continuous range of priority value such as (3
~ 5).
Note: If IPv4 ToS is used, one link should be configured to transmit non-IP (non ToS) frames. The link should be
only used for this purpose. This link normally has the lowest priority link and is only used for data
communication.
In upstream, the link which the frame is arrived is used to select VLAN tag (VID or upstream
CoS value). Upstream user tag is removed before forwarding similar to Single VLAN. A range
of priority value can be used in downstream, but only one priority field is used to select the
VLAN.

To configure the Gigabit Ethernet PON link as Priority VLAN mode, use the following
Table 6-44 Configuring Priority VLAN
Command Task
2. Configure a link as Priority VLAN.

{link-id <id> | link-mac y <llid> Proper ID of link
<mac>} bridge-mode priority y <link-mac> MAC address of link
link (0 ~ 64)
(Continued)

Command Task
3. Set tag value of link.

y <vlan-id> tag value of link (VLAN ID)
<mac>} tag-map priority
y <us-value> Upstream CoS value (0 ~ 7)
<vlan-id> <us-value> mode
y cos Use CoS as priority field.
{cos | tos} range <range>
y tos Use ToS as priority field.
non-tos {enable | disable}
y <range> range of priority value
y enable transmit packet which does not have ToS field.
y disable Do not transmit which does not have ToS.
end 4. Enter Privileged node

<slot>/<port> {link-id y <slot>/<port> Slot/Port of the GE-PON port
<llid> | link-mac y <llid> Proper ID of link
<link-mac>} pri-vlan-config y <link-mac> MAC address of link
Caution: If the three links which connected with a particular ONU are all configured as Priority VLAN, send-
non-tos field should be enabled in at least one link to transmit packets which do not have ToS field.
to Priority VLAN mode and verify the result.
(config)# port epon 2/1 link-id 3700 bridge-mode priority 64

(config)# port epon 2/1 link-id 3700 bridge-mode priority 2 1 mode cos range 0-
1 non-tos enable
(config)# end
# show port epon 1/1 link-id 3700 pri-vlan-config
vid up-cos pri-mode min-pri max-pri tx-non-TOS mode
----- ------ -------- ------- ------- ---------------
2 1 cos 0 1 enable
#

Configuring Priority Shared VLAN
Priority Shared VLAN mode is similar to Shared VLAN mode except that all bits of the VLAN
tag are used to specify a VLAN as Priority VLAN. The VID is used to select a group of ONUs in
Priority Shared VLAN. The 802.1p priority field (CoS) is used to select a group of ONUs, and
IPv4 ToS field can be used as VLAN CoS.
In Priority Shared VLAN mode, IPv4 ToS is used for downstream bridging, and VLAN address
space is maintained using priority value which is used to identify a domain. Downstream
bridging can be decided as specifying the range in the case of IPv4 ToS value.
Note: If a particular link is configured as Priority VLAN mode, Check the priority range(0~7) for each VLAN.
For example, if a link of Priority Shared VLAN is configured as follows,
Link ID VLAN Min Priority Max Priority

1 10 0 3
2 10 4 6
The traffic of VLAN 10 is not allowed because VLAN 10 and Priority 7 is not configured in any link. At this
occasion, the configuration should be changed to include all priority range as follows:.
Case 1:

1 10 0 3
2 10 4 7
Case 2:

1 10 0 3
2 10 4 6
3 10 7 7
Upstream
In upstream, links are associated with a particular VLAN depending on a combination of VID
and CoS value. When a frame is arrived on a link that is configured in Priority Shared VLAN,
the OLT inserts a VLAN tag that is the combination of the upstream CoS and VID value. The
OLT, as Shared VLAN mode, learns the L2 source address of upstream frames for dynamic
MAC filtering downstream.


Port 1
EPON 0 Queue 0
Port 2
Link 0 UNI
Corecess S5 OLT
Port 4
VID=1, CoS=0 EPON 0

Link 0
VID=1, CoS=1 Link 1
Uplink 1
VID=1, CoS=0 Link 2
Link 3
VID=1, CoS=1 Port 1
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Port 4
Downstream
In downstream, forwarding decision is more complicated. The VID which is transmitted by the
frame is used to decide a subset of ONU UNI ports. The priority field (IPv4 ToS or VLAN CoS)
is used to select a smaller subset of link from the subset of UNI ports. The Layer 2 destination
address is used to select a particular link within the VLAN to forward the frame. If the
destination address is not learnt, the frame is broadcasted on the VLAN.
Note: There should be no links that have the same ONU UNI port in the same Shared VLAN.
Note: When the Priority Shared VLAN is configured, all LLID groups that have the same VID should be
configured such that they do not have the matching or overlapping priority ranges. Downstream forwarding is
decided by VID (or CoS) and ToS value. If LLID groups have the same priority, it can cause unexpected result.
Furthermore, all priority value within the downstream (ToS or CoS) range should be defined.
Note: If IPv4 ToS is used as the priority field, one link should be configured for forwarding non-IP frame. At this
time, this is usually the lowest priority link, and dedicates to data communications. To allow a link to forward
non-IP frames, the Tx-Non-ToSFrame option should be set to 1.

Corecess 3804T ONU - A

Port 1
EPON 0 Queue 0
Port 2
Link 0 UNI
Multicast0
Corecess S5 OLT
Multicast1 Port 4
EPON 0
VID=1, Pri=0 Link 0
VID=1, Pri=1
Link 1
Link 2
Uplink 1 VID=1, Pri=0
VID=1, Pri=0
Link 3
Corecess 3804T ONU - B
Multicast 0
VID=1, Pri=0 Port 1
Multicast 1
VID=1, Pri=1
EPON 0 Port 2
Queue 0
Link 2 UNI
Link 3 Port 3
Queue 1
Multicast0
Multicast1 Port 4
To configure the Gigabit Ethernet PON link as Priority Shared VLAN mode, use the following
Table 6-45 Configuring Priority Shared VLAN
Command Task
configure terminal 1. Enter Global configuration mode

2. Configure a link as Priority Shared VLAN.
{link-id <id> | link-mac y <llid> Proper ID of link
<mac>} bridge-mode pri- y <link-mac> MAC address of link
share <number> y <number> Maximum number of MAC address learnt form
link (0 ~ 64)
3. Set tag value of link.
y <vlan-id> tag value of link (VLAN ID)
<mac>} tag-map pri-share
y <us-value> Upstream CoS value (0 ~ 7)
<vlan-id> <us-value> mode
y cos Use CoS as priority field.
{cos | tos} range <range>
y tos Use ToS as priority field.
non-tos {enable | disable}
y <range> range of priority value
y enable transmit packet which does not have ToS field.
y disable Do not transmit which does not have ToS.
end 4. Enter Privileged node.
<slot>/<port> {link-id y <slot>/<port> Slot/Port of the GE-PON port
<llid> | link-mac y <llid> Proper ID of link
<link-mac>} pri-vlan-config y <link-mac> MAC address of link

Caution: If the three links which connected with a particular ONU are all configured as Priority VLAN, send-
non-tos field should be enabled in at least one link to transmit packets which do not have ToS field.
to Priority Shared VLAN mode and verify the result.
(config)# port epon 2/1 link-id 3701 bridge-mode pri-share 64

(config)# port epon 2/1 link-id 3701 bridge-mode pri-share 2 1 mode cos range
0-1 non-tos enable
(config)# end
# show port epon 1/1 link-id 3701 pri-vlan-config
vid up-cos pri-mode min-pri max-pri tx-non-TOS mode
----- ------ -------- ------- ------- ---------------
2 1 cos 0 1 enable
#

Connection Two Links (Cross-connect Mode)
In Cross-connect mode, two links are connected each other. Upstream traffic from one link is
switched to the downstream of the other link, and vice versa. None of the traffic from the cross-
connected links appears on the uplink side of the OLT. Only the two links involved in the cross-
connect can see the traffic.
Cross-connect mode is useful to create VPN pipe between two ONUs on the same PON.
To connect two Gigabit Ethernet PON links each other, use the following command in Global
configuration mode.
Table 6-46 Connecting two links
Command Task

2. Connect two links each other.
<mac>} bridge-mode cross-
connect
y <connect-llid> Proper ID of two links
End 3. Enter Privileged mode.

<port> {link-id <llid> | y <slot>/<port> Slot/Port of the GE-PON port
bridge-mode y <link-mac> MAC address of link

The following example shows how to connect two Gigabit Ethernet PON links 2/1 each other and
verify the result.
(config)# port epon 2/1 link-id 3700 bridge-mode cross-connect

(config)# end
localhost# show port epon 2/1 link-id 3701 bridge-mode
mode mac entry
--------------------------- ---------
link cross-connet 0

Monitoring Link Information

This section describes how to monitor link information of the Gigabit Ethernet PON port.
y Displaying bridging mode information
y Displaying VLAN tag information
y Displaying bandwidth information
y Displaying statistics information
Displaying Bridging Mode Information
To display bridging mode information of logical link, use the following command in Privileged
mode.
Table 6-47 Displaying Bridging Mode Information
Command Description
show port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port

{link-id <llid> | link-mac y <llid> Proper ID of link
<link-mac>} bridge-mode y <link-mac> MAC address of link
The following example shows how to display bridging mode information of 3700 link on the
Gigabit Ethernet PON port 2/1.

mode mac entry
--------------------------- ---------
simple bridging 64
#

Displaying VLAN Tag Information
To display VLAN tag information of link, use the following command in Privileged mode.
Table 6-48 Displaying VLAN Tag Information
Command Description
show port epon <slot>/<port> y <slot>/<port> Slot/Port of the GE-PON port

{link-id <llid> | link-mac y <llid> Proper ID of logical link
<link-mac>} tag-map y <link-mac> MAC address of logical link
The following example shows how to display VLAN tag information of 3700 link on the Gigabit
Ethernet PON port 2/1.
# show port epon 2/1 link-id 3700 tag-map

vlan id translated vlan 802.1p
------- --------------- ------
2000 0 0
2 0 1
#
The table below describes the fields shown by the show port epon link-id tag-map
command.
Table 6-49 show show port epon link-id tag-map field decryption
Field Description
vlan id VLAN ID that the link is included
translated vlan When link is configured as translated VLAN, tag value to be changed.
802.1p 802.1p priority value

Displaying Bandwidth Information
To display bandwidth information of a logical link, use the following command in Privileged
mode.
Table 6-50 Displaying Bandwidth Information
Command Description

<link-mac>} {up-bw | down-
y up-bw Display upstream bandwidth information.
bw}
y down-bw Display downstream bandwidth information.
The following example shows how to display downstream bandwidth information of 3700 link
on the Gigabit Ethernet 2/1.
# show port epon 2/1 link-id 3700 down-bw

min bw(Mbps) max bw(Mbps) delay max burst(KByte) state
------------ ------------ --------- ---------------- -------
1000 1000 tolerant 100 enable
#
The table below describes the fields shown by the show port epon link-id command.
Table 6-51 show show port epon link-id field description
Field Description
Min bw (Mbps) Minimum bandwidth of link (0 ~ 1000Mbps)
Max bw (Mbps) Maximum bandwidth of link (0 ~ 1000Mbps)

Configuration status of processing delay
delay - sensitive : Set to be sensitive for processing delay
- tolerant : Set not to be sensitive for processing delay
max burst(KByte) Maximum burst traffic size of link
state Operating status of link

Displaying Statistics Information
To display statistics information of link, use the following command in Privileged mode.
Table 6-52 Displaying Statistics Information
Command Description
y <llid> Proper ID of logical link
y <link-mac> MAC address of logical link
<link-mac>} counter
y upstream Display upstream statistics information.
{upstream | downstream}
y downstream Display downstream statistics information.
The following example shows how to display downstream statistics information of 3700 link on
the Gigabit Ethernet PON port 2/1.
# show port epon 2/1 link-id 3700 counter downstream

-------------------- -------------------- --------------------
455,988 5,846 5,846

-------------------- -------------------- -------------------- --------------
0 0 0 0
#
The table below describes the fields shown by the show port epon link-id counter
command.
Table 6-53 show show port epon link-id counter field description
Field Description
octets Number of octets
crc-error Number of packet which happen to CRC error
discard Number of discarded packet

Configuring ONU
Configuring ONU
This section describes configuration of an ONU (Optical Network Unit) which is connected to
the Gigabit Ethernet PON port and how to configure and monitor an ONU.
Basic Configuration of ONU

By default, the ONU is configured as follows:
Table 6-54 Basic Configuration of ONU
Operation Status All enable status
x Number of link : 3
x Number of queue : 7
Upstream Queue
x Number of used queue : 1 (Queue-0)
x Size of used queue : 30Kbyte (Queue-0)
x Number of queue : 7
Downstream Queue x Number of used queue : 1 (Queue-0)
x Size of used queue : 22Kbyte (Queue-0)
x Operation status : All port are enabled

x Transfer speed : 100Mbps
Ethernet Port Configuration
x Transfer mode : full duplex
x Flow control : Off
Maximum Number of MAC
64
Address

Configuring ONU
Configuring ONU
This section describes ONU configuration.
y Setting enable status
y Configuring upstream queue
y Configuring downstream queue
y Specifying packet classification and forward queue
y Configuring Ethernet port
y Specifying number of maximum MAC address
y Clearing MAC address
y Restoring configuration
y Resetting ONU
y Upgrading firmware
Setting Enable Status
By default, the ONU which is connected to the Gigabit Ethernet PON port is configured to be
operated. To change the operation status, use the following command in Global configuration
mode.
Table 6-55 Setting Enable Status
Command Description

port epon <slot>/<port> y <index> Index number of ONU
onu {index <index> | mac y <mac> MAC address of ONU
<mac>} disable {epon-side y disable Disable the specified side of ONU.
| user-side} y epon-side Connect E-PON OLT side.
y user-side Connect user network side.
The following example shows how to configure E-PON side of the number 1 ONU not to
operate on the Gigabit Ethernet PON port 2/1.
(config)# port epon 2/1 onu index 1 disable epon-side

Configuring ONU
(config)#
The following example shows how to configure E-PON side of the number 1 ONU to operate on
the Gigabit Ethernet PON port 2/1.
(config)# no port epon 2/1 onu index 1 disable epon-side

(config)#
Configuring Permission Mode
You can register ONUs that have particular MAC addresses on the permission mode. The MAC
addresses are set through CLI. The Permission mode cannot be applied to a particular slot or
port, but only the whole system. To change to the permission mode, no ONUs are registered to
the Corecess S5 System.
To configure the permission mode and register ONUs that have particular MAC addresses,
execute the following tasks:
Table 6-56 Configuring Permission Mode
Command Task
onu-permission-mode on 2. Change to the Permission mode.
3. Register MAC address.

port epon <port>/<slot>
permit <mac>
y <mac> MAC address that is registered
show port epon <slot>/ 4. Verify the configuration.

<port> permit y <slot>/<port> Slot/Port number of the GE-PON port
Note: If there is registered ONU when onu-permission-mode on command, “% X/X has

registered ONU” message is displayed, and the Corecess S5 System cannot be changed to the
permission mode. Also, If port epon permit command is executed when the Corecess S5 System is not
in the permisiion mode, “%NOT ONU permission mode” message is displayed.
The following example shows how to regiter an ONU that has address of 00:90:a3:15:04:a1 and
verify the result.
(config)# onu-permission-mode on
(config)# port epon 1/1 permit 00:90:a3:15:04:a1

Configuring ONU
(config)# end
# show port epon 1/1 onu
index mac address product name attach allow profile
------ ----------------- --------------- ------ ----- --------------------
1 00:90:a3:15:04:a1 R1-OPT-S Yes Yes N/D
.
.
# show port epon 1/1 permit
id mac
--- -----------------
1 00:90:a3:15:04:a1
Note: To remove registered MAC address, use no port epon <port>/<slot> permit {<mac-
address> | <mac-address-id>} command.
Configuring Upstream Queue
To configure upstream queues, specify the maximum number of logic links first, then specify
the maximum number of queues and the size of queue for each logical link.
To configure the upstream queues of ONU, use the following command.
Table 6-57 Configuring Upstream Queue
Command Description

2. Specify the maximum number of link for upstream
port epon <slot>/<port> transmission.
onu {index <index> | mac y <slot>/<port> Slot/Port number of the GE-PON port
<mac>} up-queue max-lid y <index> Index number of ONU
<number> y <mac> MAC address of ONU
y <number> Maximum number of logical link (1 ~ 3)
3. Set the number of queue and the size of queue for each link.
port epon <slot>/<port> y <index> Index number of ONU
onu {index <index> | y <mac> MAC address of ONU
mac <mac>} up-queue y <link-type> Type of link (link0, link1, link2)
<link-type> max <number> y <number> number of queue for the specified link (1~6)
<queue0 size> <queue1 size> y <queue0 size> Size of Queue-0 (0 ~ 60Kbyte)*
y <queue3 size> Size of Queue-3 (0 ~ 60Kbyte)*

Configuring ONU
Command Description

<port> onu {index <index> |
y <index> Index number of ONU
mac <mac>} queue
y <mac> MAC address of ONU
* If the size of queue is specified as 0, the queue is disabled.

* 960Kbyte of <queue size> parameter is total queue size that is possible to be set on the up-queue.
The following example shows how to configure three upstream queues to be used at the first
link (link0) of number 1 ONU on the Gigabit Ethernet PON port 2/1 and set the size of each
queue to 12Kbyte, 7Kbyte and 5Kbyte.
(config)# port epon 2/1 onu index 1 up-queue max 3

(config)# port epon 2/1 onu index 1 up-queue link0 max 3 12 7 5 0 0 0
(config)# end
# show port epon 2/1 onu index 1 queue
upstream queue0(KB) queue1 queue2 queue3 queue4 queue5
-------- ---------- ------ ------ ------ ------ ------
Link 0 12 7 5 0 0 0
Link 1 30 0 0 0 0 0
Link 2 30 0 0 0 0 0
downstream queue0(KB) queue1 queue2 queue3 queue4 queue5

---------- ---------- ------ ------ ------ ------ ------
UNI 22 0 0 0 0 0

Configuring ONU
Configuring Downstream Queue
In the Corecess S5 System, it is already defined which link will be used to send data to an ONU.
Thus, unlike upstream queue, only the maximum number of queue and the size of queue can be
set for downstream queue. To configure the downstream queue, use the following commands.
Table 6-58 Configuring Downstream Queue
Command Task

2. Set the number of downstream queue and the size of queue for
each logical link.
onu {index <index> | y <index> Index number of ONU
mac <mac>} down-queue y <mac> MAC address of ONU
max <number> <queue0 size> y <number> number of used queue (1~6)
<queue1 size> <queue2 size> y <queue0 size> Size of Queue-0 (0 ~ 60Kbyte)
<queue3 size> <queue4 size> y <queue1 size> Size of Queue-1 (0 ~ 60Kbyte)
<queue5 size> y <queue2 size> Size of Queue-2 (0 ~ 60Kbyte)
y <queue3 size> Size of Queue-3 (0 ~ 60Kbyte)

mac <mac>} queue
The following example shows how to configure three downstream queues to be used at the first
link (link0) of number 1 ONU on the Gigabit Ethernet PON port 2/1 and set the size of each
queue to 12Kbyte, 7Kbyte and 5Kbyte.
(config)# port epon 2/1 onu index 1 down-queue max 2 20 20 0 0 0 0
(config)# end
# show port epon 2/1 onu index 1 queue
upstream queue0(KB) queue1 queue2 queue3 queue4 queue5
-------- ---------- ------ ------ ------ ------ ------
Link 0 30 0 0 0 0 0
Link 1 30 0 0 0 0 0
Link 2 30 0 0 0 0 0
downstream queue0(KB) queue1 queue2 queue3 queue4 queue5

---------- ---------- ------ ------ ------ ------ ------
UNI 20 20 0 0 0 0
#

Configuring ONU
Specifying Packet Classification and Forward Queue
In the Corecess S5 System, packets from ONU are classified by a particular rule, and the link
(upstream) and the queue (both upstream and downstream) for forwarding the classified
packets are specified. Because of these reasons, the Corecess S5 System provides different
services for each packet.
To configure the classification rule and the queue, use the following commands.
Table 6-59 Specifying Packet Classification and Forward Queue
Command Task
2. Set the packet classification rule.

y down-class Set the packet classification rule of downstream.
y up-class Set the packet classification rule of upstream.
y <field-typ> Type of field to compare
- dest-mac MAC address field of destination
- src-mac MAC address field of source
- link-index link index field
port epon <slot>/<port> - ether-type Ethertype field
onu {index <index> | - vid VLAN ID field
mac <mac>} {down-class | - ip-precdence IP-precedence field
up-class} rule <field-typ> - cos CoS (Class of Service) field
<value> <match-type> y <value> Value to compare
y <match-type> comparing condition
- equal Field value is the same as specified value.
- field-exist Specified field exist in packet.
- field-not-exist Specified field does not exist in
packet
- greator-or-equal Field value is bigger or equal than
specified value
- less-or-equal Field value is less than or equal than
specified value
- not-equal Field value is not equal to specified value
(Continued)

Configuring ONU
Command Task
port epon <slot>/<port> 3. Set forwarding queue of packet which matched with the
onu {index <index> | mac classification rule
<mac>} up-class forward y <slot>/<port> Slot/Port number of the GE-PON port
<link> queue <queue-number> y <index> Index number of ONU
<priority> y <mac> MAC address of ONU
y up-class forward Specify forwarding queue of
upstream.
port epon <slot>/<port> y down-class forward Specify forwarding queue of
onu {index <index> | mac upstream.
<mac>} down-class forward y <link> Logical link to forward upstream packet (link-0,
queue <queue-number> link-1, link-2)
<priority> y <queue-number> Number of forward queue (0 ~ 5)2
y <priority> Priority of packet classification rule (4 ~ 6) 3

mac <mac>} {down-class |
y down-class Display packet classification rule of
up-class}
downstream.
y up-class Display packet classification rule of upstream.
The following example shows how to classify packets that have a link index field in the
downstream packets and forward the packets through the number 0 queue.
(config)# port epon 2/1 onu index 1 down-class rule link-index 0 field-exist
(config)# port epon 2/1 onu index 1 down-class forward queue 0 4
(config)# end
# show port epon 2/1 onu index 1 down-class
queue priority field lookup value operation
----- -------- -------------- -------------------- -------------------------
0 4 link-index 0x000000000000 match when field exist
#

Configuring ONU
The following example shows how to classify the downstream packets which is forwarded from
the Gigabit Ethernet PON port 2/1 to ONU. The downstream packets have a link index field,
and IP-precedence field value is not 2. The packets are forwarded through the number 1 queue.
(config)# port epon 2/1 onu index 1 down-class rule link-index 0 field-exist
(config)# port epon 2/1 onu index 1 down-class rule ip-precdence 2 not-equal
(config)# port epon 2/1 onu index 1 down-class forward queue 1 4
(config)# end
# show port epon 2/1 onu index 1 down-class
queue pri field lookup value match condition
----- -------- ------------ --------------------- ------------------------
1 4 link-index 0 field exist
ip-prec 2 not equal to
#
The following example shows how to classify upstream packets which is forwarded from ONU
to the Gigabit Ethernet PON port 2/1. The upstream packets have less 234 of VLAN ID and are
forwarded through first link (link-0).
(config)# port epon 2/1 onu index 1 up-class rule vid 234 less-than-or-equal
(config)# port epon 2/1 onu index 1 up-class forward link-0 queue 1 6
(config)# end
# show port epon 2/1 onu index 1 up-class
queue pri field lookup value operation
----- ---------- ---------- ----------------------- ------------------------
1 6 vid 234 less-or-equal
#

Configuring ONU
Configuring Ethernet port
To configure the Ethernet port of ONU connected with the Corecess S5 System, use the
following commands.
Note: Description of this section is only applied when the Corecess S5 System is connected to the Corecess
3804T. If the Corecess S5 System is connected to the Corecess R1-SW24L2B, you can skip the command
description of this section.
Table 6-60 Configuring Ethernet port
Command Description
2. Change the following configuration.

3 Set the operation status of the ONU Ethernet port.
port epon <slot>/<port> onu
mac <mac> port <number>
y <number> Number of Ethernet port (1 ~ 4)
admin {enable | disable}
y enable Enable Ethernet port.
y disable Disable Ethernet port.
3 Enable auto sensing function on the ONU Ethernet port.
autonego
3 Set transfer mode of the ONU Ethernet port.
duplex {full | half}
y full Full duplex
y half Half duplex
3 Enable/Disable flow control of ONU Ethernet port.
port epon <slot>/<port> onu y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac> port <number> y <mac> MAC address of ONU
flwctl {on | off} y <number> Number of Ethernet port (1 ~ 4)
y on Enable flow control function.
y off Disable flow control function.
3 Specify the maximum number of MAC address of the ONU
Ethernet port.
maclimit <number>
y <number> the maximum number of MAC address
(Continued)

Configuring ONU
Command Description
3 Set bandwidth of the ONU Ethernet port.
port epon <slot>/<port> onu y <mac> MAC address of ONU
mac <mac> port <number> y <number> Number of Ethernet port (1 ~ 4)
ratelimit {ingree | egress} y ingress Set the maximum receiving speed.
<rate> <burst-rate> y egress Set the maximum sending speed.
y <rate> maximum sending/receiving speed
y <burst-rate> Size of burst traffic
3 Set the transfer speed of the ONU Ethernet port.
speed {10 | 100}
y 10 10Mbps
y 100 100Mbps
3 Set the priority of the ONU Ethernet port.

port epon <slot>/<port> onu y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac> port <number> y <mac> MAC address of ONU
userpri <priority> y <number> Number of Ethernet port (1 ~ 4)
y <priority> user priority (0 ~ 7)

onu mac <mac> port
The following example shows how to configure number 1 Ethernet port of number 1 ONU
connected to the Gigabit Ethernet PON port 2/1 and verify the result.
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 duplex full
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 speed 100
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 maclimit 64
(config)# port epon 2/1 onu mac 54:4b:37:01:1a:01 port 1 userpri 1
(config)# end
# show port epon 2/1 onu mac 54:4b:37:01:1a:01 port
port onu port status flwctl dupx speed link-conf adm macn macl
----- ------------ ---- ------ ------ ---- ----- ------------ --- ---- ----
2/ 1 544b37011a01 1 conn off full 100 100-full-off en 0 64
2/ 1 544b37011a01 2 conn off half 10 auto en 0 0
#

Configuring ONU
Specifying Number of Maximum MAC Address
By default, the maximum number of MAC address learnt from ONU is 64. To change the
maximum number of MAC address, use the following commands.
Table 6-61 Specifying Number of Maximum MAC Address
Command Description
2. Specify the maximum number of MAC address.

onu {index <index> |
mac <mac>} entry <number>

<port> onu {index <index> | y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac>} mac-address y <index> Index number of ONU
entry y <mac> MAC address of ONU
The following example shows how to the maximum number of MAC address learnt from the
number 1 ONU connected to the Gigabit Ethernet PON port 2/1 and verify the result.
(config)# port epon 2/1 onu index 1 mac-address entry 32

(config)# end
# show port epon 2/1 onu index 1 mac-address entry
entry
-----
32
#

Configuring ONU
Clearing MAC address
To clear all dynamic MAC address learnt from ONU and verify the result, use the following
Table 6-62 Clearing MAC address
Command Description
clear port epon Clear all dynamic MAC address learnt from ONU.
<slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
mac <mac>} dynamic y <mac> MAC address of ONU
The following example show how to clear all dynamic MAC address learnt the number 1 ONU
and verify the result.
# port epon 2/1 onu index 1 mac-address dynamic clear

#
Restoring Configuration
To resotre the ONU configuration, use the following command.
Table 6-63 Restoring Configuration
Command Description

mac <mac>} restore y <mac> MAC address of ONU
The following example shows how to restore the configuration of the number 1 ONU connected
to the Gigabit Ethernet PON port 2/1:
(config)# port epon 2/1 onu index 1 restore

restore ONU(54:4b:37:01:1a:01) success
(config)#

Configuring ONU
Resetting ONU
To reset the ONU on the Gigabit Ethernet PON port, use the following command.
Table 6-64 Resetting ONU
Command Description

mac <mac>} reset y <mac> MAC address of ONU
The following example shows how to reset the number 1 ONU connected to the Gigabit Ethernet
PON port 2/1.
(config)# port epon 2/1 onu index 1 restore

reset ONU[54:4b:37:01:1a:01] success
(config)#
Clearing Statistics Information
To clear the statistics information of the ONU, use the following command in Privileged mode.
Table 6-65 Clearing Statistics Information
Command Description
clear port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | mac <mac>} y <index> Index number of ONU
counter y <mac> MAC address of ONU
The following example shows how to clear the statistics information of the number 1 ONU
connected to the Gigabit Ethernet PON port 2/1:
# clear port epon 2/1 onu index 1 counter

#

Configuring ONU
Upgrading Firmware
In the Corecess S5 System, the firmware of the ONU can be upgraded. To upgrade the firmware
of the ONU, download the latest version of the firmware from TFTP or FTP server to the flash
memory of the Corecess S5 System.
To upgrade the firmware of the ONU, use the following command in Privileged mode.
Table 6-66 Upgrading Firmware
Command Description
show port epon 1. Check the firmware version of the ONU.

<slot>/<port> onu y <slot>/<port> Slot/Port number of the GE-PON port
{index <index> | mac y <index> Index number of ONU (1 ~ 32)
<mac>} information y <mac> MAC address of ONU
copy {tftp <host-ip> | 2. Download firmware image file form TFTP or FTP server
ftp <host-ip> [id y <host-ip> IP address of TFTP or FTP server.
<login-id> passwd y <login-id> login ID
<password>]} flash y <password> login password of FTP server
config <file-name> y <file-name> Image file name
show flash config 3. Check if the file is downloaded successfully.
5. Upgrade the firmware of the specified ONU.

onu {index <index> | mac y <index> Index number of ONU
<mac> | all} upgrade y <mac> MAC address of ONU
firmware <file-name> y all specify all ONU connected to the specified GE-PON port.
y <file-name> firmware image file name
show port epon <slot>/ 7. Check the upgrade status of the specified ONU.
<port> onu {index y <slot>/<port> Slot/Port number of the GE-PON port
<index> | mac <mac>} y <index> Index number of ONU
upgrade status y <mac> MAC address of ONU
9. Reset the ONU which upgraded firmware.

onu {index <index> | mac
<mac>} reset

Configuring ONU
The following example shows how to upgrade the firmware of the number 1 ONU connected to
the Gigabit Ethernet PON port 2/1:
# show port epon 2/1 onu index 1 information

mac address product code product name fw version
----------------- ------------ --------------- ----------
00:90:a3:15:04:a1 3701 R1-OPT-S 0103
approximated distance : < 100 meter

# copy ftp 172.18.80.14 id guest passwd guest flash image App3701_R104_Amd8.tkf
...onfig/App3701_R104_Amd8.tkf: 60272 bytes 654.37 kB/s
done
# show flash config
Configuratin flash directory:
----- --------------- -----------------------------------
1 60272 App3701_R104_Amd8.tkf
2 493666 App3721Asic_R104_Amd16.tkf
4 0 startup-config.sav
(config)# port epon 2/1 onu index 1 upgrade firmware App3701_R104_Amd8.tkf
100 percent download !. writing image to flash
It will take more than 20 second. Please wait..
(config)# end
# show port epon 2/1 onu index 1 upgrade-status
ONU Firmware Upgrade Status : 2/1 54:4b:37:01:1a:01
STATUS : Success
IMGNAME : App3701_R104_Amd8.tkf
start-time : 3h:5m:42s
end-time : 3h:6m:4s
(config)# port epon 2/1 onu index 1 reset
reset ONU[54:4b:37:01:1a:01] success
(config)# end
mac address product code product name fw version
----------------- ------------ --------------- ----------
00:90:a3:15:04:a1 3701 R1-OPT-S 0104

#

Configuring ONU
Monitoring ONU
This section describes how to monitor configuration information and statistics information of
the ONU connected to the Gigabit Ethernet PON port.
Displaying Index Number and MAC Address
To display index numbers and MAC addresses of all ONUs connected to the Gigabit Ethernet
PON port, use the following command in Privileged mode.
Table 6-67 Displaying Index Number and MAC Address
Command Description
show port epon

<slot>/<port> onu
The following example shows how to display index numbers and MAC addresses of all ONUs
# show port epon 2/1 onu

index mac address product name attach allow profile
------ ----------------- --------------- ------ ----- --------------------
1 00:90:a3:15:04:a1 N/A No Yes N/A
2 00:90:a3:15:08:bd N/A No Yes N/A
#
Note: When an ONU is registered, a fixed index number is assigned to ONU. To remove the index number, use
no port epon <slot>/<port> onu-index <index-number> command in Global configuration
mode. If a paticular ONU has already been registered, index number cannot be removed.
Displaying Configuration Information
To display configuration information of the ONU connected to the Gigabit Ethernet PON port,
use the following command in Privileged mode.
Table 6-68 Displaying Configuration Information
Command Description
show port epon <slot>/<port> y <slot>/<port> Slot/Port number of the GE-PON port
onu {index <index> | mac y <index> Index number of ONU (1 ~ 32)
<mac>} information y <mac> MAC address of ONU

Configuring ONU
The following example shows how to display configuration information of the number 1 ONU

mac address OUI product code product version llid
----------------- ------ ------------ --------------- ------
54:4b:37:01:1a:01 54454b 3701 0100 3700
fw version max links # upstream queue # downstream queue

---------- --------- ---------------- ------------------
0103 03 07 07
The table below describes the fields shown by the show port epon onu information
command.
Table 6-69 show port epon onu information field description
Field Description
mac address MAC address of ONU
OUI Vendor of ONU E-PON chip
product code Product code of ONU E-PON chip
product version Product version of ONU E-PON chip
llid Proper ID of link connected to ONU
fw version Firmware version of ONU
max links Maximum number of link for ONU
# upstream queue Number of upstream for ONU
# downstream queue Number of downstream for ONU

Configuring ONU
Displaying Statistic Information
To display statistics information of the ONU connected to the Gigabit Ethernet PON port, use
the following command in Privileged mode.
Table 6-70 Displaying Statistic Information
Command Description

onu {index <index> | mac
y epon E-PON OLT side
<mac>} counter {epon | user}
y user user network side
{downstream | upstream}
y downstream display statistic information of downstream.
y upstream Display statistics information of upstream.
The following example shows how to display statistic information of the number 1 ONU
# show port epon 2/1 onu index 1 counter epon downstream

-------------------- -------------------- --------------------
466,674 5,983 5,983

-------------------- -------------------- -------------------- --------------
0 0 0 0
#
The table below describes the fields shown by the show port epon onu counter command.
Table 6-71 show port epon onu counter field description
Field Description
octets Number of octets
crc-error Number of packet which happen to CRC error
discard Number of discarded packet

Profile
Profile
General LLID profile Creation

Restriction Items:
y You can not create profile name over 15 length characters.
y You can not create profile name as ‘default’.
Genenal LLID porfile Creation is as follows;
Localhost # con t
Localhost (config) # epon-llid-profile test
Localhost (config-epon-llid-profile) # up-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # down-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # token 16
Localhost (config-epon-llid-profile) # end
LLID profile Application

- You can set two profiles to specific LLID
Localhost # conf t
Localhost (config) # port epon 1/1 link-id 3700 profile tests
Or
Localhost # conf t
Localhost (config) # port epon 1/1 link-mac 0090a3112233 profile test
LLID profile application to all links that is registered on specific port.
Localhost # conf t
Localhost (config) # port epon 1/1 link-all profile test

Profile
LLID profile deletion
Localhost # conf t
Localhost (config) # no port epon 1/1 link-id 3700 profile tests
Or
Localhost # conf t
Localhost (config) # no port epon 1/1 link-mac 0090a3112233 profile
test
LLID profile deletion to all links that is registered on specific port.
Localhost # conf t
Localhost (config) # no port epon 1/1 link-all profile test
Setting confirmation
Localhost # show port epon 1/1 registered-link

Llid (num) : LLID number (onu index number)
Llid mac address block profile
------------------ ----- -------------------------------
3700 (1) 00:90:a3:11:22:33 No Test N/D

Profile
Default LLID profile
FunctionSummary
y Automatic application to all LLIDs that is registered to system
y Need 'Default' field and 'Link-index' field setting at profile creation.
y EPON must specify whether is going to apply profile to some Link because ONT/ONU that have multiple
LLID at specification ONT/ONU registration because support multiple LLID basically can be registered.
Therefore, you establish 'Link-index' item at profile creation. Multiple link is possible to 0 ~ 4.
Default LLID porfile Creation is as follows;
Localhost # con t
Localhost (config) # epon-llid-profile allLinkDef
Localhost (config-epon-llid-profile) # up-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # down-bw 1 1000 1 delay tolerant
Localhost (config-epon-llid-profile) # token 16
Localhost (config-epon-llid-profile) # Default enable
Localhost (config-epon-llid-profile) # Link-index 0
Default LLID profile application
when attached link, this is applied automatically., so special command does not need.
LLID profile deletion
Localhost # conf t
Localhost (config) # no port epon 1/1 link-id 3700 profile defaults
Or
Localhost # conf t
Localhost (config) # no port epon 1/1 link-mac 0090a3112233 profile
default

Profile
Setting confirmation.
Localhost # show port epon 1/1 profile-llid-info

* Configuration OK LLID Profile Info
Slot/port llid (index) default pf user define-1 user define-2
----------- --------------- --------------- ---------------
1/1 3700 (1)TestN/D N/D
Disabling defalut LLID function.
Disabling default LLID function is as follows;
Localhost # con t
Localhost (config) # epon-llid-profile allLinkDef
Localhost (config-epon-llid-profile) # default disable
Localhost #

Profile
General ONU profile
Restriction Items:
y You can not create profile name over 15 length character.
y You can not create profile name as ‘default’.
Genenal ONU porfile creation is as follows;
Localhost # con t
Localhost (config) # epon-onu-profile test
Localhost (config-epon-onu-profile) # port 1 admin disable
Localhost (config-epon-onu-profile) # end
ONU profileApplication
Localhost # conf t
Localhost (config) # port epon 1/1 onu index 1 profile test
Or
Localhost # conf t
Localhost (config) # port epon 1/1 onu mac 0090a3112233 profile test
ONU profile application to all ONU that is registered on specific port.
Localhost # conf t
Localhost (config) # port epon 1/1 onu all profile test

Profile
Disabling ONU profile
Localhost # conf t
Localhost (config) # no port epon 1/1 onu index 1 profile test
Or
Localhost # conf t
Localhost (config) # no port epon 1/1 onu mac 0090a3112233 profile
test
ONU profile deletion to all ONU that is registered on specific port.
Localhost # conf t
Localhost (config) # no port epon 1/1 onu all profile test
Localhost # show port epon 1/1 onu

Index mac address product name attach allow profile
----------------------------------------------------
1 00:90:a3:11:22:33 CC3804TN Yes Yes Test

Profile
Default ONU profile
Function Summary
y Automatic application to all LLIDs that is registered to system .
y Need 'Default' field and 'Product' field setting at profile creation
ONU profile creation
Localhost # con t
Localhost (config) # epon-onu-profile onuDef
Localhost (config-epon-onu-profile) # port 1 admin disable
Localhost (config-epon-onu-profile) #Default enable
Localhost (config-epon-onu-profile) #Product CC3804TN
Default ONU profile application
This is established automatically at ONT/ONU registration.
Default ONU profile deletion
Localhost # conf t
Localhost (config) # no port epon 1/1 onu index 1 profile default
Or
Localhost # conf t
Localhost (config) # no port epon 1/1 onu mac 0090a3112233 profile
default
Default ONU profile deletion to all ONU that is registered on specific port.
Localhost # conf t
Localhost (config) # no port epon 1/1 onu all profile default

Profile
Show port eponSlot/portProfile-onu-info

Localhost # sh port epon 1/1 profile-onu-info
* R (Registerd)
* S (Sync Status)
Idx mac address R product name default onupf (S) user onupf (S)
---------------------------------------------------------------
1 00:90:a3:11:22:33 Y CC3804TNOnuDef(Y) N/D (-)
Disabling default onu function
Disabling default onu function is as follows;
Localhost # con t
Localhost (config) # epon-onu-profile onuDef
Localhost (config-epon-llid-profile) # default disable
Localhost #

Profile

Chapter 7 Configuring VLAN
This Chapter describes how to create/clear VLAN and add/clear port to VLAN. This chapter also describes
how to configure VLAN interface.
9 VLAN Configuration 7-2
9 Configuring VLAN Interface 7-11

VLAN Configuration
VLAN Configuration
Default Configuration
The table below shows the default VLAN configuration for the Corecess S5 System:
Table 7-1 Default VLAN configuration
Parameter Default
VLAN name DEFAULT
VLAN ID 1
Ports All ports belong to default VLAN.
STP state Off
IP address 0.0.0.0
Subnet mask 0.0.0.0
Tag Untagged
VLAN state active
After modifying the default VLAN configuration, modified configuration will be applied
immediately without rebooting system or using additional command. To maintain the modified
configuration after rebooting the system, save the configuration using write memory

VLAN Configuration
Basic VLAN Configuration

You can configure VLAN on the Corecess S5 System when it is starting or running. If you
change VLAN configuration on running, all MAC address that have been learned by the ports
in VLAN will be deleted.
You can configure VLAN on the Corecess S5 System using the following procedures:
1. Design network topology to configure with VLAN.
2. Create VLAN
3. Assign ports to the defined VLAN (or clear ports from VLAN).
4. Save the VLAN configuration and apply the configuration to the system.
Creating VLANs
In the factory default configuration, VLAN support is enabled and all the ports are only in the
Corecess S5 System physical broadcast domain, which is given the name DEFAULT. You can
partition the Corecess S5 System into multiple virtual broadcast domains by adding one or
more additional VLANs and moving ports from the default VLAN to the new VLANs. Because
the default VLAN permanently exists in the Corecess S5 System, adding new VLANs results in
multiple VLANs existing in the Corecess S5 System.
VLAN is distinguished ID from other VLANs. VLAN ID and name can be specified by user.
The range of VLAN ID can be properly selected from 2 to 4094. Defining VLAN does not mean
that broadcast domain is created. When defined VLANs are added in ports, broadcast domain
is created with defined VLANs. Default VLANs in the system can not be removed, and
ID/VLAN name can not be changed.
Configuring VLAN 7-3

VLAN Configuration
The following describes how to create VLAN.
Table 7-2 Creating VLAN
Command Task
2. Define VLAN.
vlan id <vlan-id>
y <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>
y <vlan-name> VLAN name
show vlan 4. Verify VLAN configuration.
The following example creates a VLAN whose id is 2 and name is ‘test’.
(config)# vlan id 2 name test
(config)# end
# show vlan
VLAN Name Status Slot/Ports
---- ---------------- -------- ------------------------------------
1 DEFAULT active 1/1-4
2/1-4
3/1-4
4/1-4
5/1-4
2 test active
VLAN Interface IGMPs STP Private Promisc Port(s)

---- ---------- -------- -------- -------- ------------------------
1 disable disable enable Disable None
#
To delete a VLAN, use the no vlan command in Global configuration mode. The following
example deletes the VLAN whose id is 2:
(config)# no vlan id 2
(config)#

VLAN Configuration
Assigning Ports to a VLAN
You should add ports that belong to the same broadcast domain to a VLAN after defining a
VLAN. When ports are assigned to a VLAN, a broadcast domain with assigned ports is created.
If you add ports belonging to the default VLAN to other VLAN, the ports are deleted from the
default VLAN and are added to other VLAN.
To add ports to a VLAN, use the following commands.
Table 7-3 Assigning ports to a VLAN
Commands Task

2. Assign the specified ports to the VLAN.
vlan {id <vlan-id> |
name <vlan-name>}
y <slot>/<port> slot number / port number to be added to the
<slot>/<port>
VLAN
4. Verify the VLAN configuration.

show vlan [id <vlan-id>
y <vlan-id> ID of the VLAN to verify (2 ~ 4094)
| name <vlan-name>]
y <vlan-name> Name of the VLAN to verify
The following example shows how to add the Gigabit Ethernet port 5/4 to the VLAN that the
ID is 2:
(config)# vlan id 2 port gigabitethernet 5/4
(config)# end
# show vlan id 2
VLAN Name Status Slot/Ports
---- ---------------- -------- ------------------------------------
2 test active 5/4
VLAN Interface IGMPs STP Private Promisc Port(s)

---- ---------- -------- -------- -------- ------------------------
#
To remove ports from a VLAN, use no vlan command in Global configuration mode. The
following example shows how to remove the Gigabit Ethernet port 5/4 from the VLAN that
name is ‘test’.

VLAN Configuration
(config)# no vlan name test port gigabitethernet 5/4

(config)#
Assigning IP Address to a VLAN
To assign the IP address of a VLAN, use the following command.
Table 7-4 Assigning IP address to a VLAN
Commands Task
interface vlan 2. Enter Interface configuration mode.

{id <vlan-id> | y <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>} y <vlan-name> VLAN name
3. Assign the IP address of the VLAN

ip address
y <network-num> IP address
<network-num>/<M>
y <M>: subnet mask
5. Verify the VLAN configuration.

show vlan [id <vlan-id>
y <vlan-id> VLAN ID to display (2 ~ 4094)
| name <vlan-name>]
y <vlan-name> VLAN name to display
show interface vlan 6. Verify the interface configuration.

[id <vlan-id> | y <vlan-id> VLAN ID to retrieve (2 ~ 4094)
name <vlan-name>] y <vlan-name> VLAN name to retrieve
This example shows how to specify the IP address of the VLAN whose id is ‘1’:
(config)# interface vlan id 1

(config-if)# end
# show interface vlan id 1
Interface vlan1
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
collisions 0
#

VLAN Configuration
To remove the IP address of a VLAN, use the no ip address command in interface

configuration mode. The following example shows how to remove the IP address of the VLAN
whose id is ‘2’.

(config-if)# no ip address 10.1.1.1/24
Assigning Secondary IP address to a VLAN
You can specify another IP address to a VLAN. This is called ‘secondary’ IP address. Secondary
IP address is useful that the number of hosts is more than the number of IP addresses.
To specify the secondary IP address to the VLAN, use the following command in Global
configuration mode:
Table 7-5 Assigning secondary IP address to a VLAN
Commands Task

{id <vlan-id> | y <vlan-id> ID of the VLAN to configure (2 ~ 4094)
name <vlan-name>} y <vlan-name> Name of the VLAN to configure
ip address 3. Specify the secondary IP address of the VLAN.

<network-num>/<M> y <network-num> IP address
secondary y <M> subnet mask (‘1’의 개수)
show interface 4. Verify the VLAN configuration.
This example shows how to specify the secondary IP address of the VLAN whose id is ‘1’:
(config-if)# ip address 172.25.1.100/16 secondary
(config-if)# end
Interface vlan1
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255

VLAN Configuration
inet 172.25.1.100/16 broadcast 172.25.255.255 secondary

collisions 0
#
To remove the secondary IP address of a VLAN, use the no ip address secondary

command in interface configuration mode. The following example shows how to remove the
secondary IP address of the VLAN whose id is ‘1’.

(config-if)# no ip address 172.25.1.100/16 secondary
(config-if)# end

Interface vlan1
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
collisions 0
#

VLAN Configuration
Configuring 802.1Q Trunk

The VLAN can transmit and receive data with other devices when the VLAN has its proper ID
using 802.1Q trunk. To maintain VLAN information (tag), 802.1Q trunk ports should be defined
on each device that transmits data, then the devices forms tunnels to transmit traffic safely.
If 802.1Q trunk is applied, the devices can share their VLANs. Because a switch generally does
not know VALN information of other switch, the switch can not share VALN. Thus, nodes that
connected to several devices can not be configured to be included in the same VLAN. In this
occasion, if traffic that has VLAN information is transmitted by 802.1Q trunk, because the
switch that receives traffic recognizes VLAN information and can forward traffic to the
corresponding VLAN, VLANs can be shared between switches.
802.1Q truck is generally used for VPN (Virtual Private Network).
To configure trunk ports for 802.1Q tunneling, use the following commands.
Table 7-6 802.1 Configuring trunk port
Commands Task
dot1q port gigabitethernet 2. Specify 802.1Q trunk port.

<slot>/<port> tag <tag-id> y <slot>/<port> Slot/Port number of trunk port
[<tag-id> … ] y <tag-id> VLAN ID
end 3. Return to the Privileged mode.
show dot1q port 4. Verify the 802.1Q trunk port configuration.
If 802.1Q trunk port is configured on the Corecess S5 System as above, traffic is transmitted
through the tunnel between 802.1Q trunk port of the connected neighbor device and the
Corecess S5 System. Traffic is also received from 802.1Q trunk port that is defined on the
Corecess S5 System. The trunk port that received traffic does not remove 802.1Q tag of the
traffic header but forward all received 802.1Q traffic to the VLAN that has the trunk port
instead.
The VLAN that has the trunk port transmits the subscriber traffic to other neighbor device that
is included in the VLAN of the trunk port. When the traffic reaches to the final destination,
802.1Q tag is removed, traffic is removed from the tunnel.

VLAN Configuration
The following example shows how to specify 802.1Q trunk port and verify the result.
(config)# vlan id 2 port gigabitethernet 5/1,5/2
(config)# dot1q port gigabitethernet 5/1 tag 1-2
(config)# end
# show dot1q
Port allowed 802.1q VLAN TAGs
-------- -----------------------------------------------------------------
5/1 1-2
# show dot1q port gigabitethernet 5/1
Port PVID Acceptable frame types Ingress filter
---------- ---- ---------------------- --------------
5/1 2 all off
Port allowed 802.1q Vlans
-------- -----------------------------------------------------------------
5/1 1-2
#

Configuring VLAN Interface

Many features are enabled on a per-interface basis. The Corecess S5 System supports VLAN
interface type. This section describes the VLAN interface configuration tasks in interface
configuration mode.
Entering Interface Configuration Mode

You can enter Interface configuration mode using the interface command in Global
configuration mode. Follow each interface command with Interface configuration
commands your particular VLAN interface requires. When you enter the interface
command, you must specify the VLAN interface. After specifying the VLAN interface, all
command in Interface configuration is only applied to the specified VLAN interface.
The following example shows how to enter Interface configuration mode to configure VLAN
interface that ID is 1.

(config-if)#
You have entered interface configuration mode when the prompt changes to (config-if)#.
You can configure the followings of the VLAN interface on Interface configuration mode:
y Configuring the OSPF on the VLAN interface

y Configuring the IS-IS on the VLAN interface
y Configuring the RIP on the VLAN interface

y Enabling split-horizon on the VLAN interface
y Enabling multicasting on the VLAN interface
y Configuring IP parameters of the VLAN interface

y Shutting down the VLAN interface
Note: To specify the IP address of the VLAN interface, refer to Assigning the IP address of a VLAN section
in this chapter.

Configuring OSPF on the VLAN Interface

You can configure the following OSPF parameters of each VLAN interface:
Table 7-7 Configuring OSPF on the VLAN Interface
Parameter Description
OSPF supports three methods of authentication for each interface—none, simple
password, and MD5.
y None : Send/Receive OSPF routing packet without any authentication mode.
y Simple Password : The simple password method of authentication requires you
to configure an alphanumeric password on an interface. The simple password
setting takes effect immediately. All OSPF packets transmitted on the interface
Authentication contain this password. Any OSPF packet received on the interface is checked
Mode for this password. If the password is not present, then the packet is dropped.
y MD5 : The MD5 method of authentication requires you to configure a key ID
and an MD5 Key. The key ID is a number from 1 – 255 and identifies the MD5
key that is being used. The MD5 key can be up to sixteen alphanumeric
characters long.
Only one method of authentication can be active on an interface at a time. The
default authentication value is none, meaning no authentication is performed.
In Simple Password authentication method, the key can be up to eight characters
Authentication long. In MD5(Message Digest) authentication method, the key ID is a number from
Key 1 – 255 and identifies the MD5 key that is being used. The MD5 key can be up to
sixteen alphanumeric characters long.
The overhead required to send a packet across an interface. You can modify the cost
to differentiate between 100 Mbps and 1000 Mbps (1 Gbps) links. The default cost is
Cost calculated by dividing 100 million by the bandwidth. For 10 Mbps links, the cost is
10. The cost for both 100 Mbps and 1000 Mbps links is 1, because the speed of 1000
Mbps was not in use at the time the OSPF cost formula was devised.
The number of seconds that a neighbor router waits for a hello packet from the
dead-interval current router before declaring the router down. The value can be from 1 – 65535
seconds. The default is 40 seconds.
The length of time between the transmissions of hello packets. The value can be
hello-interval
from 1 – 65535 seconds. The default is 10 seconds.
The time between retransmissions of link-state advertisements (LSAs) to adjacent
retransmit-
routers for this interface. The value can be from 0 – 3600 seconds. The default is 5
interval
seconds.
The time it takes to transmit Link State Update packets on this interface. The value
transmit-delay
can be from 0 – 3600 seconds. The default is 1 second.
network The OSPF network type. The default network type is broadcast.
The priority allows you to modify the priority of an OSPF router. The priority is
used when selecting the designated router (DR) and backup designated routers
Priority
(BDRs). The value can be from 0 – 255. The default is 1. If you set the priority to 0,
the Corecess S5 System does not participate in DR and BDR election.

Setting Simple Password Authentication Method
In simple Password authentication method, a particular key is specified for each area. Routers
in the same area should use the same key. This method has a disadvantage that the key can be
disclosed because the key is not encrypted.
To set simple authentication key and password authentication method, use the following
commands.
Table 7-8 Setting Simple Password Authentication Method
Command Task
interface vlan id 2. Enter Interface configuration mode.

<vlan-id> y <vlan-id> VLAN interface ID (1 ~ 4094)
ip ospf authentication- 3. Specify password for authentication.

key <key> y <key> password (8 character, 16byte)
exit 4. Return Global configuration mode.
router ospf 5. Enter OSPF configuration mode.
area <area-id>
6. Set simple password authentication method in the specified area.
authentication
The following example shows how to set simple password authentication method.

(config-if)# ip ospf authentication-key mypasswd
(config-if)# exit
(config)# router ospf
(config-router)# network 210.120.1.0/26 area 23
(config-router)# area 23 authentication
(config-router)#
To remove the key of the specified simple password authentication method, use no ip ospf
authentication-key command.

Setting MD5 Authentication Method
MD5 (Message Digest) authentication assign a key and key identifier to each router. The router
makes authentication information(Message digest) using OSPF packets, key, and key identifier.
This authentication information will be appended to OSPF packets and sent.
In general, one key is used per interface to generate authentication information when sending
packets and to authenticate incoming packets. The same key identifier on the neighbor router
must have the same key value.
The following example shows that the new MD5 password is added over the existing MD5
password.

(config-if)# ip ospf message-digest-key 100 md5 OLD
You can add a new key to the following:

(config-if)# ip ospf message-digest-key 101 md5 NEW
The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It
sends multiple copies of the same packet, each authenticated by different keys. In this example,
the system sends out two copies of the same packet—the first one authenticated by key 100 and
the second one authenticated by key 101.
Rollover allows neighboring routers to continue communication while the network

administrator is updating them with the new key. Rollover stops once the local system finds
that all its neighbors know the new key. The system detects that a neighbor has the new key
when it receives packets from the neighbor authenticated by the new key. After all neighbors
have been updated with the new key, the old key should be removed.
To remove the old key, enter the following:

(config-if)# no ip ospf message-digest-key 100
Then, new password is only used for VLAN interface.

Then, only key 101 is used for authentication on the interface eth1. We recommend that you not
keep more than one key per interface. Every time you add a new key, you should remove the
old key to prevent the local system from continuing to communicate with a hostile system that
knows the old key. Removing the old key also reduces overhead during rollover.
The following example sets a new key 100 with the password mypasswd on interface vlan1:

(config-if)# ip ospf message-digest-key 100 md5 mypasswd
(config-if)# exit
(config-router)# network 210.100.1.0/26 area 0.0.0.0
(config-router)# area 0.0.0.0 authentication message-digest
Configuring Cost of OSPF interface
Each interface can have only one cost in the Corecess S5 System. The cost of OSPF interface is
calculated by the following formula depending on interface bandwidth.
Cost = 100000000 /bandwidth (bps)
If interface cost using above formula is not preferable to be used to user network, use ip ospf
cost command to specify cost to each interface in Interface configuration mode.
Command Description
ip ospf cost <cost> y <cost> Interface cost (1 ~ 65535)
The following example sets the cost value of a VLAN interface to 10:

(config-if)# ip ospf cost 10
(config-if)#

Specifying Dead-Interval
Dead-interval indicates the number of seconds that a neighbor router waits for a hello packet
from the current router before declaring the router down. The value can be from 1 - 65535
seconds. The default is 40 seconds.
To specify dead-interval, use the following commands in Interface configuration mode:
Command Description
ip ospf dead-interval y <seconds> Unsigned integer that specifies the interval in seconds;
<seconds> the value must be the same for all nodes on the network (1 ~ 65535)
The following example sets the OSPF dead interval to 60 seconds:

(config-if)# ip ospf dead-interval 60
(config-if)#
Specifying Hello-Interval
Hello-interval represents the length of time between the transmissions of hello packets. The
value can be from 1 - 65535 seconds. The default is 10 seconds. To specify the hello-interval, use
the following commands in Interface configuration mode:
명령 설명
y <seconds> Unsigned integer that specifies the interval in seconds.

ip ospf hello-interval
The value must be the same for all nodes on a specific network (1 ~
<seconds>
65535).
The following example sets the interval between hello packets to 15 seconds:

(config-if)# ip ospf hello-interval 15
(config-if)#

Specifying Retransmit interval
Retransmit-interval is the time between retransmissions of link-state advertisements (LSAs) to

adjacent routers for the interface. The value can be from 3 - 65535 seconds. The default is 5
seconds. To specify the retransmit-interval, use the following commands in Interface
configuration mode:
Command Description
y <seconds> Time in seconds between retransmissions. It must be

ip ospf retransmit-
greater than the expected round-trip delay between any two routers
interval <seconds>
on the attached network (3 ~ 65535)
The following example sets the retransmit-interval value of the interface vlan1 to 8 seconds:

(config-if)# ip ospf retransmit-interval 8
(config-if)#
Specifying Transmit Delay
Transmit delay is the time it takes to transmit Link State Update packets on the interface. The
value can be from 1 - 65535 seconds. The default is 1 second. To specify the transmit delay, use
the following commands in Interface configuration mode:
Command Description
ip ospf ospf transmit- y <seconds>: Time in seconds that it takes to transmit a link state
delay <seconds> update (1 ~ 65535).
The following example sets the retransmit-delay value of the interface vlan 1 to 3 seconds:

(config)# ip ospf transmit-delay 3
(config)#

Specifying Priority
Priority allows you to modify the priority of an OSPF router. The priority is used when
selecting the designated router (DR) and backup designated routers (BDRs). The value can be
from 0 - 255. The default is 1. If you set the priority to 0, the system does not participate in DR
and BDR election.
To set the router priority, use the following commands in Interface configuration mode:
Command Description
ip ospf priority <number> y <number>: Router priority (0 ~ 255)
The following example sets the router priority value to 4 of the interface vlan1:

(config-if)# ip ospf priority 4
(config-if)#

Configuring IS-IS on the VLAN Interface

You can configure the following IS-IS parameters of each VLAN interface:
Table 7-9 IS-IS interface parameters
Circuit-type Specifies adjacency levels on a specified interface.

CSNP interval Configures the IS-IS CSNP interval for a specified interface.
Hello interval Specifies the length of time between hello packets for a specified interface.
Hello Padding Enables or disables hello padding for IS-IS hello packets.
Hello Multiplier Specifies the hello multiplier for calculating the hold time.
LSP interval Configures the delay between successive IS-IS link state packet transmissions
Configures the number of seconds between retransmission of IS-IS LSPs for
Retransmit Interval
point-to-point links.
Mesh Group Creates a mesh group and designate that an interface is part of the group.
Metric Configure a cost for a specified interface.
Password Configures a password for a specified interface.
Priority Configures the priority of designated router (DR).
Note: Most interface configuration commands can be configured independently from other attached routers.
But the isis password command should configure the same password on all routers on a network.
This section describes how to configure IS-IS parameters on a VLAN interface.

Configuring IS-IS Levels
You specify the IS-IS level on a per-interface basis, and the Corecess S5 System becomes
adjacent with other routers on the same level on that link only. The Corecess S5 System
supports the following IS-IS levels:
• Level-1
Establish a Level 1 adjacency if there is at least one area address in common between this
system and its neighboring systems. If Level 1 is set, this interface cannot support Level 2
adjacencies.
• Level-1-2
Establish a Level 1 and Level 2 adjacency if a neighboring system is also configured as a Level
-1-2 and there is at least one area address in common. If there is no area address in common, a
Level 2 adjacency is established.
• Level-2-only
Establish a Level 2 adjacency if the neighboring system is configured as a Level 2-only router.
To configure the type of IS-IS adjacency for an interface, enter the isis circuit-type
command in Interface configuration mode:
Command Description
y level-1: Configures the interface to support only intra-area traffic.

y level-1-2: Configures the interface to support both intra-area
isis circuit-type
traffic and inter-area traffic.
{level-1 | level-1-2 |
y level-2-only: Configures the interface to support only Level-2
level-2-only}
adjacencies. This option is used on routers that are between areas to
prevent transmission of unnecessary Level 1 hellos.
The following example shows how to configure the VLAN interface to support a Level-2
adjacency:

(config-if)# isis circuit-type level-2-only
(config-if)#
Note: Normally, this command does not need to be configured. Only on routers that are between areas (Level
1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending
out unused Level 1 hellos. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same
packet.

Modify the IS-IS Metric
All IS-IS routes have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. The cost is an arbitrary, dimensionless integer that can be from 1 through 63. The
default metric value is 10.
To modify the default value, enter the isis metric command in Interface configuration
mode:
Command Description
y <metric-value> The default metric is used as a value for the IS-IS

isis metric
metric. Valid values are 0 – 63.
<metric-value>
y level-1 Configures the metric only for level-1 routing.
[level-1 | level-2]
y level-2 Configures the metric only for level-2 routing.
The following example shows how to configure the default metric for the VLAN interface:

(config-if)# isis metric 15
Note: If no level is specified, the isis metric command configures the metric for level-1 routing only.
Configuring the CSNP Interval
On broadcast networks, designated routers send complete sequence number PDU (CSNP)
packets to maintain database synchronization. The CSNP interval timer is the number of
seconds between transmissions of CNSP packets from this interface.
The CSNP interval is configured independently for Level 1 and Level 2. This feature does not
apply to point-to-point interfaces. To modify the CSNP interval, enter the csnp-interval
command in Interface configuration mode.
Command Description
y <seconds> The interval of time between transmissions of CSNPs on

broadcast networks. This interval only applies to the designated router.
isis csnp-interval
This can be a number between 0 and 65535 seconds.
<seconds> [level-1|
y level-1 Configures the amount of time between transmissions of
level-2]
CSNPs for Level 1 independently.
y level-2 Configures the interval of time between transmission of

CSNPs for Level 2 independently.
The following example shows how to configure the transmission interval for CSNP packets:

(config-if)# isis csnp-interval 30
Configuring the Hello Interval
To modify how often the system sends hello packets out of an interface, enter the isis
hello-interval command in Interface configuration mode.
Command Description
y <seconds>: Number of seconds between transmissions of hello

packets. Valid values are between 1 and 65535 seconds.
isis hello-interval
y minimal:. Causes the system to compute the hello interval based on
{<seconds>|minimal}
the hello multiplier so that the resulting hold time is 1 second.
[level-1|level-2]
y level-1: Configures the hello interval for Level 1 independently
y level-2: Configures the hello interval for Level 2 independently
The following example shows how to configure the VLAN interface to advertise hello packets
every 5 seconds:

(config-if)# isis hello-interval 5
(config-if)#
If the minimal keyword is specified, the hold time is 1 second and the system computes the
hello interval based on the hello multiplier as follow:
Hello interval = 1000 / (hello-multiplier) ms

Setting the Hello Multiplier
The hello multiplier determines the total holding time transmitted in the IS-IS hello packet.
Holding time is the time a neighbor waits for another hello packet before declaring the neighbor
is down.
The hello interval times multiplied by the hello multiplier equals the hold time. If the hello
interval is 10 seconds and the hello multiplier is 3, the hold time is 30 seconds.
Hold time = hello interval x hello multiplier
To modify the hello multiplier, enter the isis hello-multiplier command in Interface
configuration mode.
Command Description
y <multiplier>: The multiplier used to determine how long to

hold an IS-IS hello packet before declaring an adjacency down.
isis hello-multiplier Valid values are 3 – 1000.
<multiplier> y level-1: Configures the hello multiplier independently for Level
[level-1|level-2] 1 adjacencies.
y level-2: Configures the hello multiplier independently for Level
2 adjacencies.
The following example configures the hello interval and hello multiplier to 6 and 10. As the
result, an adjacency will go down only when many (10) hellos are missed and the total time to
detect link failure is 60 seconds.

(config-if)# isis hello-interval 6
(config-if)# isis hello-multiplier 6
(config-if)# isis hello-interval multiplier
(config-if)#

Configuring Hello Padding
Padding adds extra characters to the hello packets so that all packets sent out by Is-IS have the
maximum sized data payload.
To enable hello padding for IS-IS hello packets, enter the isis hello padding command in
Interface configuration mode as follows:

(config-if)# isis hello padding
(config-if)#
Setting the LSP Interval
To configure the time delay between successive IS-IS link state packet transmissions, enter the
isis lsp-interval command in Interface configuration mode.
Command Description
isis lsp-interval y <milliseconds>: Time delay between successive link state packets.
<milliseconds> Valid values are 1 ~ 4294967295.
The default LSP interval is 33 milliseconds. The following example configures the LSP interval
to 100 milliseconds (10 packets per second) on the VLAN interface:

(config-if)# isis lsp-interval 100
(config-if)#

Configuring the LSP Retransmit Interval
To configure the amount of time between retransmission of each IS-IS LSP on a point-to-point
link, enter the isis retransmit-interval command in Interface configuration mode.
Command Description
isis retransmit- y <seconds>: Time in seconds between retransmission of each LSP.

interval <seconds> Valid values are 1 ~ 65535.
The following example shows how to configure the LSP retransmit interval to 60 seconds:

(config-if)# isis retransmit-interval 60
(config-if)#
Configuring Mesh Groups
A mesh group is a set of routers that are fully connected; that is, they have a fully meshed
topology. When LSP packets are being flooded throughout an area, each router within a mesh
group receives only a single copy of an LSP packet instead of receiving one copy from each
neighbor, thus minimizing the overhead associated with the flooding of LSP packets.
To create a mesh group and designate that an interface is part of the group, enter the isis
mesh-group command in Interface configuration mode.
Command Description
y <group-number>: A number identifying the mesh group of which

isis mesh-group
this interface is a member. Valid values are1 ~ 4294967295.
{<group-number> |
y blocked: Specifies that no LSP flooding will take place on this
blocked}
interface.
In the following example show how to configure the VLAN interfaces to be a member of the
mesh group 3:

(config-if)# isis mesh-group 3

Configuring the Authentication Password
You can prevent unauthorized routers from forming adjacencies with the Corecess S5 System,
and thus protects the network from intruders.
To configure the authentication password for an interface, enter the isis password
Command Description
y <string>: Authentication password you assign for an interface.
isis password y level-1: Configures the authentication password for Level 1
<string> [level-1 | independently.
level-2] y level-2: Configures the authentication password for Level 2
independently.
The following example configures a password for the VLAN interface:

(config-if)# isis password corecess
Configure the Priority of DR
The priority is used to determine which router on a LAN will be the designated router (DR) or
Designated Intermediate System (DIS). The priorities are advertised in the hellos. The router
with the highest priority will become the DIS. In the case of equal priorities, the highest MAC
address breaks the tie.
To configure the priority of DR, enter the isis priority command in Interface configuration
mode.
Command Description
isis priority y <priority> The priority of a router and is a number from 0 to 127.
<priority> y level-1 Sets the priority for Level 1 independently.
[level-1 | level-2] y level-2 Sets the priority for Level 2 independently.
The following example shows how to set the priority level to 80:

(config-if)# isis priority 80

Configuring RIP on the VLAN Interface

You can configure the following RIP parameters of each interface:
Table 7-10 RIP interface parameters
Parameters Description
RIP supports two methods of authentication for each interface— simple password
and MD5. Only one method of authentication can be active on an interface at a time.
• The simple password method of authentication requires you to configure an
alphanumeric password on an interface. The simple password setting takes effect
immediately. All OSPF packets transmitted on the interface contain this password.
authentication
Any OSPF packet received on the interface is checked for this password. If the
mode
password is not present, then the packet is dropped. The password can be up to
eight characters long.
• The MD5 method of authentication requires you to configure a key ID and an MD5
Key. The key ID is a number from 1 – 255 and identifies the MD5 key that is being
used. The MD5 key can be up to sixteen alphanumeric characters long.
In Simple Password authentication method, the key can be up to eight characters

Authentication long. In MD5(Message Digest) authentication method, the key ID is a number from 1
Key – 255 and identifies the MD5 key that is being used. The MD5 key can be up to
sixteen alphanumeric characters long.
RIP version RIP version can be specified to each interface.
Split Horizon function is that the same route information can not be transmitted to
Split Horizon
the interface if route information is received form a particular interface.
This section describes how to configure RIP parameter in VLAN interface.
Configuring RIP Authentication
RIP version 2 provides authentication function to check receiving routing information is secure.
RIP does not add a new field to packets for authentication, but uses the first entry of message as
authentication key. RIP specifies key chain as the key to be used for authentication. Key chain is
a group of keys. If key chain is specified for each interface, the key of key chain is used when
authentication proceeds.
There are two authentication mode-Simple password and MD5. By default, simple password
mode is used. In Simple password mode, the key is transmitted without any encryption. Thus,
if authentication is used for security, the mode is inappropriate. In MD5 authentication mode,
the key is encrypted to “message digest” using MD5 algorithm, then the message digest is
transmitted instead of the key.

Setting MD5 Authentication Mode

To set MD5 authentication mode for RIP authentication, use the following command.
Table 7-11 Setting MD5 Authentication Mode
Command Task

ip rip authentication 3. Specify the type of key for authentication

key-chain
y <name-of-chain> Name of key group (key chain).
<name-of-chain>
ip rip authentication
4. Specify MD5 authentication mode.
mode md5
To authenticate RIP packets with MD5 authentication mode, specify the type of key to use for
authentication using ip rip authentication key-chain command. Then, specify which
authentication mode will used between simple password and MD5. By default, simple
password authentication mode is specified.
The following example shows how to set MD5 authentication mode.
(config)# key chain corecess
(config-keychain)# key 1
(config-keychain-key)# key-string 234
(config-keychain-key)# exit
(config-keychain)# exit
(config-if)# ip rip authentication key-chain corecess
(config-if)# ip rip authentication mode md5
If you cancel the specified authentication mode and back to the default, use no ip rip
authentication mode command. And, if you cancel the key chain that is used for
authentication, use no ip rip authentication key-chain command.

Setting Simple Password Authentication Mode

To set simple password authentication mode for RIP authentication, use the following
command.
Table 7-12 Setting Simple Password Authentication Mode
Command Task

ip rip authentication 3. Specify the type of key

string <auth-string> y <auth-string> Authentication string (less than 16 character)
4. Specify simple password authentication mode.
mode text
The following example shows how to set simple password authentication method.

(config-if)# ip rip authentication string corecess
(config-if)# ip rip authentication mode text
To remove the key of the specified simple password authentication method, use no ip rip
authentication-key command.

Specifying RIP Version
To specify a Routing Information Protocol (RIP) version on an interface basis, use the following
commands in Interface configuration mode:
Table 7-13 Specifying RIP Version
Command Task

3. Specify RIP version to receive.

ip rip receive y <version> RIP version (1, 2)
version <version> -1 : Accepts only RIP Version 1 packets on the interface.
-2 : Accept only RIP Version 2 packets on the interface.
- 1 2 : Accepts both RIP Version 1 and 2 packets on the interface.
4. Specify RIP version to send.

ip rip send version y <version> RIP version (1, 2)
-1 : Sends only RIP Version 1 packets out the interface.
<version>
-2 : Sends only RIP Version 2 packets out the interface.
- 1 2 : Sends both RIP Version 1 and 2 packets out the interface.
The following example configures the interface to receive both RIP Version 1 and Version 2
packets:
(config-if)# ip rip receive version 1 2
The following example configures the interface to send both RIP Version 1 and Version 2
packets out the interface:
(config-if)# ip rip send version 2

Enabling Split-Horizon
RIP can use the “split-horizon” to prevent routing loops. The split horizon is the function that
the router does not advertise a route on the same interface as the one on which the router
learned the route.
To enable the split horizon on an interface, use the following commands.
Table 7-14 Enabling Split-Horizon
Command Task

ip split-horizon 3. Enable split horizon on the specified interface.
The following example shows how to enable split horizon function.
(config)# ip split-horizon
(config)#
To disable the split horizon mechanism, use the no ip split-horizon command in Interface
configuration mode.

Enabling Multicasting on the VLAN Interface

To enable the interface to forward the multicast packets, use the following commands in Global
configuration mode:
Table 7-15 Enabling Multicasting on the VLAN Interface
Command Task

<vlan-id> y <vlan-id> ID of the VLAN to configure (1 ~ 4094)
multicast 3. Enable multicast forwarding.
The multicast packet forward on the interface is enabled by default. To disable the multicast
packet forward, use the no multicast command.
The following is an example of disabling the multicast packet forward of the interface vlan1:

Interface vlan1
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
collisions 0
(config-if)# no multicast
(config-if)# end
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
collisions 0
#

Shutting Down the VLAN Interface

You can disable an interface. Doing so disables all functions on the specified interface and
marks the interface as unavailable on all monitoring command displays. This information is
communicated to other network servers through all dynamic routing protocols. The interface
will not be mentioned in any routing updates.
To shut down an interface, use the following commands
Table 7-16 Shutting Down the VLAN Interface
Command Task

shutdown 3. Shut down the specified interface.
To reenable the interface, use the no shutdown command.
This example shows how to shut down the interface vlan1 and re-enable the interface:

(config-if)# shutdown
(config-if)# end
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <BROADCAST>
HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
collisions 0
(config-if)# no shutdown
(config-if)# end
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING>

HWaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
collisions 0
#
Configuring IP Parameters
Table below lists the IP global parameters for the VLAN interface on the Corecess S5 System:
Table 7-17 Type and Function of IP Parameter
Parameters Description
MTU The maximum length an Ethernet packet can be without being

(Maximum Transmission Unit) fragmented
A standard IP mechanism that routers use to learn the Media Access

ARP Control (MAC) address of a device on the network. The router sends
(Address Resolution Protocol) the IP address of a device in the ARP request and receives the
device’s MAC address in an ARP reply.
To configure the parameters above for the VLAN interface, use the following commands in
interface configuration mode:
Table 7-18 Configuring IP Parameters
Command Task

<vlan-id> y <vlan-id> ID of the VLAN to configure. (1 ~ 4094)
arp 3. Enables the ARP on the VLAN interface.
arp <ip-address>
4. Adds a static ARP (Address Resolution Protocol) entry.
<hw-address>
5. Changes the size of the MTU (Maximum Transmission Unit) on the

mtu <mtu-size> VLAN interface.
y <mtu-size> Size of the MTU (1 ~ 65535bytes, default : 1500)

Chapter 8 Configuring SNMP and RMON
This chapter describes how to configure SNMP and RMON on the Corecess S5 System.
9 Configuring SNMP 8-2
9 Configuring RMON 8-17
9 SNMP and RMON Configuration Commands 8-34

Configuring SNMP
Configuring SNMP
SNMP(Simple Network Management Protocol) Overview

The Simple Network Management Protocol (SNMP) is an application layer protocol that
facilitates the exchange of management information between network devices. It is part of the
Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables
network administrators to manage network performance, find and solve network problems,
and plan for network growth.
SNMP Basic Components
SNMP consists of the following three key components:
y Managed Device
y SNMP Agent and Management Information Base (MIB)
y SNMP Manager
SNMP
Manager
Managed Managed Managed

Device Device Device
SNMP Agent SNMP Agent SNMP Agent

MIB MIB MIB
Managed Device
A managed device is a network node that contains an SNMP agent and that resides on a
managed network. Managed devices collect and store management information and make this
information available to NMSs using SNMP. Managed devices, sometimes called network
elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or
printers.

Configuring SNMP
SNMP Agent and MIB

The SNMP agent is a network management module running in the managed device. The SNMP
agent responds to SNMP manager requests as follows:
y Get a MIB variable: The SNMP agent initiates this function in response to a request from
the NMS. The agent retrieves the value of the requested MIB variable and responds to
the NMS with that value.
y Set a MIB variable: The SNMP agent initiates this function in response to a message from
the NMS. The SNMP agent changes the value of the MIB variable to the value requested
by the NMS.
The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event
has occurred on the agent. Examples of traps conditions include, but are not limited to, when a
port or module goes up or down, when spanning-tree topology changes occur, and when
authentication failures occur.
The MIB is the information base, the SNMP agent must keep available for the managers. This
information base contains objects whose values provide information on the status of the
checked system or objects whose values can be modified by a manager to control the system.
Each object is identified by an Object ID (OID). There are two kinds of MIBs, standard MIB
and enterprise-specific MIB.
SNMP Manager
SNMP Manager is an integrated management module which collects information from SNMP
agent and sometimes sends warning messages depending on the each SNMP agent relations. In
other words, the actual data is collected from SNMP agent and this data will be processed by
management module and saved. To request information or configuration changes, respond to
requests, and send unsolicited alerts, the SNMP manger and SNMP agent use the four messages
(Get, GetNext, Set, and trap). For more information on these messages, refer to the following
section.
Configuring SNMP and RMON 8-3

Configuring SNMP
SNMP Messages
The SNMP manger and SNMP agent use the following SNMP messages to request information
or configuration changes, respond to requests, and send unsolicited alerts.
y Get-Request / Get-Response Message

y GetNext-Request / GetNext-Request Message
y Set-Request Message
y Trap Message
Get-Request Message
Get-Request Message is the basic SNMP request message. Sent by an SNMP manager, it
requests information about a single MIB entry on an SNMP agent. For example, the amount of
free drive space.
GetNext-Request Message
GetNext-Request Message is an extended type of request message that can be used to browse
the entire tree of management objects. When processing a Get-next request for a particular
object, the agent returns the identity and value of the object which logically follows the object
from the request. The Get-next request is useful for dynamic tables, such as an internal IP route
table.
Set-Request Message
If write access is permitted, Set-Request message can be used to send and assign an updated
MIB value to the agent.
Trap Message
An unsolicited message sent by an SNMP agent to an SNMP manager when the agent detects
that a certain type of event has occurred locally on the managed device. For example, a trap
message might be sent on a system restart event.

Configuring SNMP
SNMP Community
SNMP community authenticates access to MIB objects and function as embedded passwords. In
order for the NMS to access the system, the community definitions on the NMS must match at
least one of the two community definitions on the system.
A community can have one of the following attributes:
Table 8-1 Types of community
Types Access Authority
Gives read access to authorized management stations to all objects in the MIB except the
Read-only
community strings, but does not allow write access
Gives read and write access to authorized management stations to all objects in the MIB,
Read-write
but does not allow access to the community strings
Trap
Trap is a defined status of event or system. For example, event generated when port
configuration is changed or a host having not-allowed IP address accesses can be defined as a
trap. You can configure the level of trap according to the kind of events.
If a trap occurs on the system, the SNMP agent send SNMP trap message to the registered trap
host.

Configuring SNMP
Configuring SNMP
The default SNMP configuration of the Corecess S5 System is as follows:
Table 8-2 Default SNMP configuration
SNMP Configuration Element Default Setting
Agent contact information (MIB-II System Contact variable) None configured

Agent location information (MIB-II System Location variable) None configured
Community strings None configured
Trap None enabled
Trap Host None configured
RMON Enabled
Setting the System Contact and Location Information
In the system group of MIB-II (Public MIB) supported by the Corecess S5 System has System
Contact variable and System Location variable displaying the system contact information and
system location information.
The values of these variables can be browsed or modified via ViewlinX, NMS of the Corecess or
NMS of other companies.
To specify these values, use the following commands:
Table 8-3 Setting the system contact and location information
Command Task
snmp-server contact 2. Set the system contact information.

<string> y <string>: String described for system contact information.
snmp-server location 3. Set the system location information.

<string> y <string>: String described for system location information.
show snmp-server 5. Verify the system contact and location information.

Configuring SNMP
The following is an example of setting the system contact information and system location
information:
(config)# snmp-server contact Dial System Administrator at phone #2734
(config)# snmp-server location 1st_floor lab
(config)# end
# show snmp-server
RMON: Enabled
Extended RMON: Extended RMON module is not present
sysContact Dial System Administrator at phone #2734

sysLocation 1st_floor_lab
.
.
#
Configuring Community
You use the SNMP community to define the relationship between the SNMP manager and the
agent. The community acts like a password to permit access to the agent on the system. One
thing to be aware of is that in case of adding new community using the Corecess S5 System CLI
command, this community must be added in NMS in order to connect to the system using this
community. To define SNMP community, use the following commands in Privileged mode:
Table 8-4 Configuring SNMP community
Command Task

2. Define the SNMP community for each access type.
y <string> The SNMP community name for this system
snmp-server community
<string> <auth> y <auth> Access authentication of the community
- ro This authority can only read a value.
- rw This authority can read and writer a value.
show snmp-server 4. Verify new community string.

Configuring SNMP
The following example defines new community string:
(config)# snmp-server community corecess rw
(config)# end
# show snmp-server
RMON: Enabled
sysContact Dial System Administrator at phone #2734

sysLocation 1st_floor_lab
Community-Access Community-String
---------------- ----------------
read-only public
read-write private
read-write corecess
.
.
#

Configuring SNMP
Configuring Trap
Traps are system alerts that the Corecess S5 System generates when certain events occur.
The Corecess S5 System supports the following trap types:
Table 8-5 Types of trap supported by Corecess S5 System
Trap Types Description
Sends a trap message when power supply is installed or uninstalled, temperature

chassis
limitations are exceeded, or fan errors occur.
module Sends a trap message when a module goes up or down.
port Sends a trap message when a port goes up or down.
bridge Sends a trap message when there is spanning tree topology changes.
Sends a trap message when Ethernet hub repeater state is changed. This trap doesn’t
repeater
happen in the Corecess S5 system.
ip_permit Sends a trap message when there are access attempts with unauthorized IP address.
sysconfig Sends a trap message when the system backup configuration is changed.
Sends a trap message when there is Entity Management Information Base (MIB) change.
entity
This trap doesn’t happen in the Corecess S5 system.
cpuload Sends a trap message when CPU load limitations are exceeded.
auth Sends a trap message when there are access attempts with unauthorized community.
sysauth Sends a trap message when user login or log-out to the system through Telnet or CLI.
bgp Sends a trap message when Border Gateway Protocol (BGP) state is changed.
Sends a trap message when Dynamic Host Configuration Protocol (DHCP) state is
dhcp
changed.
When a trap is enabled, if an error occurs in the device where corresponding trap is enabled or
if problem occurs in the part defined by the trap, such error status (trap message) are
transmitted to the trap receiving host and NMS, the SNMP agent. By default, all trap types are
disabled. To send traps to the trap hosts, the trap types should be enabled.

Configuring SNMP
To enable a trap type, use the following commands in Privileged mode:
Table 8-6 Enabling a trap type
Command Task

2.. Enable the specified trap type
y <trap-type> Trap type to be enabled
snmp-server enable
(all, auth, bgp, bridge, chassis, cpuload, dhcp,
traps <trap>
entity, ip_permit, module, port, repeater, sysauth,
sysconfig). If you choose all, all traps become enabled.
show snmp-server 4. Check the state of the trap.
The following example enables the port and auth traps:
(config)# snmp-server enable traps port
(config)# snmp-server enable traps auth
(config)# end
# show snmp-server
RMON: Enabled
.
.
Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port enabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth enabled
sysauth disabled

Configuring SNMP
bgp disabled
dhcp disabled
atm disabled
adslAtuc disabled
adslAtur disabled
mac-flood disabled
#
Configuring Trap Host
Trap host is the host to receive traps from an SNMP agent. Trap is message sent by an SNMP
agent to an NMS, a console, or a terminal to indicate the occurrence of a significant event, such
as a specifically defined condition or a threshold that was reached. By default, no trap host is
configured. To receive the trap generated on your managed device using NMS, you must add
the NMS as a trap host. You can specify up to twenty trap hosts on the Corecess S5 System.
To add or modify trap hosts, use the following commands in Privileged mode:
Table 8-7 Configuring a trap host
Command Task
2. Configure trap hosts.

y <host-addr> The IP address of an SNMP host that been configured
snmp-server host to receive traps.
<ip-address> y <community> The community name to use when sending traps to the
<community> port specified SNMP host.
{<udp-port> | y port The UDP port number to use when sending traps to the
default} specified SNMP host
- <udp-port> UDP port number to use (1~ 65535)
y default Default UDP port number (162).
show snmp-server 4. Verify the trap host entries
When a trap host is added, the community of the host should be specified. The type of trap
message, which the host receives, is decided by the specified community.
The following example shows how to add a trap host:
(config)# snmp-server host 172.168.2.23 corecess port default

Configuring SNMP
(config)# end
# show snmp-server
RMON: Enabled
.
.
------------------------- ------------------
udp:172.168.2.23:162 corecess
.
.
#
Restrict Host Access
The Corecess S5 System can restrict hosts that attempt to access to the Corecess S5 System with
SNMP using access list. Only hosts that are satisfied with the access list condition can be access
the system with SNMP.
To restrict host by using access lists, use the following commands in Global configuration mode:
Table 8-8 Restrict Host Access
Command Description
snmp-server group access Apply the defined access list.

<list-number> y <list-number> number of access list (1 ~ 99, 100 ~ 199)
The following example shows how to define the access list to restrict host access and apply the
access list.
(config)# access-list 12 permit 192.89.55.0 0.0.0.255

(config)# snmp-server group access 12
(config)#

Configuring SNMP
Displaying SNMP Information

The section describes how to display SNMP configuration information, SNMP community
strings, SNMP trap hosts, and SNMP statistics.
Displaying SNMP Configuration Information
To display SNMP configuration information, use the show snmp-server command in

Privileged mode.
The following example is a sample output of the show snmp-server command:
# show snmp-server
RMON: Disabled
sysContact support@corecess.com
sysLocation Unknown
Community-Access Community-String
---------------- ----------------
read-only public
read-write private
------------------------- ------------------
udp:172.27.2.36:162
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port disabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth disabled
sysauth disabled
bgp disabled

Configuring SNMP
dhcp disabled
atm disabled
adslAtuc disabled
adslAtur disabled
mac-flood disabled
#
The table below describes the fields shown by the show snmp-server command:
Table 8-9 show snmp-server field descriptions
Field Description
RMON Status of whether RMON is enabled or disabled.
Extended RMON Status of whether extended RMON is enabled or disabled.
sysContact SNMP system operator information
sysLocation SNMP system location information string
SNMP access authority
Community-Access - read-only
community - read-write
SNMP community strings associated with each SNMP
Community-String
community
IP address of trap receiver hosts and UDP port number for
Trap-Rec-Address
sending trap messages.
TrapReceiver
SNMP community string used for trap messages to the trap
Trap-Rec-Community
receiver.
Traps Trap types
Trap Configuration status of trap message

Enabled - enabled : Trap message is allowed to send.
- disabled : Trap message is not allowed to send.
Displaying SNMP Community Strings
To display SNMP community strings, use the show snmp-server community-list

The following example shows how to display SNMP community strings:
# show snmp-server community-list

community:pubilc access: ro
community:private access: rw
community:corecess access: ro
#

Configuring SNMP
The table below describes the fields shown by the show snmp-server community-list
command output:
Table 8-10 show snmp-server community-list field descriptions
Field Description
community SNMP community strings
Access authority of the community strings

access - ro : Read-Only
- rw : Read-Write
Displaying SNMP Statistics
To display SNMP statistics, use the show snmp-server statistics command in

Privileged mode.
The following is sample output from the show snmp-server statistics command:
# show snmp-server statistics

10090 SNMP packets input
0 Bad SNMP version errors
96 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
28051 Number of requested variables
12 Number of altered variables
9854 Get-request PDUs
83 Get-next PDUs
12 Set-request PDUs
9994 SNMP packet output
0 Too big errors (Maximum packet size 1500)
3 No such name errors
0 Bad values errors
0 General errors
9994 Response PDUs
0 Trap PDUs
#

Configuring SNMP
The table below describes the fields shown by the show snmp-server statistics
command output:
Table 8-11 show snmp-server statistics field descriptions
Field Description
SNMP packets input Total number of SNMP packets received.
Bad SNMP version errors Number of packets with an invalid SNMP version.
Unknown community name Number of SNMP packets with an unknown community name
Illegal operation for Number of packets requesting an operation not allowed for that
community name supplied community
Encoding errors Number of SNMP packets that were improperly encoded
Number of requested
Number of variables requested by SNMP managers
variables
Number of altered variables Number of variables changed by SNMP managers
Get-request PDUs Number of get requests received
Get-next PDUs Number of get-next requests received
Set-request PDUs Number of set requests received
SNMP packet output Total number of SNMP packets sent by the router
Number of SNMP packets which were larger than the maximum

Too big errors
packet size.
Number of SNMP requests that specified an MIB object which does

No such name errors
not exist.
Number of SNMP set requests that specified an invalid value for an

Bad values errors
MIB object.
General errors Number of SNMP set requests that failed due to some other error.
Response PDUs Number of responses sent in reply to requests.
Trap PDUs Number of SNMP traps sent.

Configuring SNMP
Displaying SNMP Trap Hosts
To display the list of the trap receiver hosts, use the show snmp-server traphost
The following example shows how to display the list of the trap receiver hosts:
# show snmp-server traphost

host: udp:172.27.2.36:162 comm: public
host: udp:172.28.3.178:24 comm: corecess
#
The table below describes the fields shown by the show snmp-server traphost command
output:
Table 8-12 show snmp-server traphost field descriptions
Field Description
host Protocol : IP address of a trap receiver host: port number.
comm SNMP community of the trap receiver host

Configuring RMON
Configuring RMON
RMON (Remote MONitoring) Overview

The RMON (Remote MONitoring) is an extend function of SNMP (Simple Network
Management Protocol) that designs to manage the devices from a remote place. The RMON
collects information that happens in a LAN segment such as the number of collision, packet size
distribution and amount of data in a distributed LAN environment, then the RMON delivers
information to managing device. The information can be used as resource to find out network
efficiency, collision, etc.
The RMON provides alarm function and event function that monitor the distributed LAN
environment and report changed status to users. Network problems can be easily solved by
network status report of RMON before network problem becomes worse.
RMON MIB groups consist of nine groups (1. Statistics 2. History 3. Alarm 4. Host 5. Host Top
N 6. Matrix 7. Filter 8. Packet Capture 9. Event), and the Corecess S5 System supports four
groups as follows:
1) Statistics (Statistics, RMON group 1)

Collects the number of packets/bytes, the number of broadcast/multicast packets, the
number of collisions, the number of errors occurred (fragment, CRC, jabber, short-length,
long-length) on an interface.
2) History (History, RMON group 2)

Collects a history group of statistics on Ethernet for a specified polling interval.
3) Alarm (Alarm, RMON group 3)

Monitors a specific management information base (MIB) object for a specified interval,
triggers an alarm at a specified value (rising threshold), and resets the alarm at another
value (falling threshold). Alarms can be used with events; the alarm triggers an event, which
can generate a log entry or an SNMP trap.
4) Event (Event, RMON group 9)

Determines the action to take when an event is triggered by an alarm. The action can be to
generate a log entry or an SNMP trap.

Configuring RMON
Configuring RMON
The configuration procedure of RMON is as follows:
y Enabling RMON
y Configuring Statistics Groups
y Configuring History Groups
y Configuring Alarm Groups
y Configuring Event Groups
Enabling RMON
To enable RMON, use the following commands.
Table 8-13 Enabling RMON
Command Task
snmp-server enable rmon 2. Enable the RMON on the Corecess S5 System.
show snmp-server 4. Verify that RMON is enabled.
This example shows how to enable the RMON on the Corecess S5 System and how to verify
that RMON is enabled:
(config)# snmp-server enable rmon
(config)# end
# show snmp-server
RMON: Enabled
sysContact TEL:+82-2-3016-6900
sysLocation Daechi-dong Seoul Korea
.
.

Configuring RMON
Configuring Statistics Groups
The RMON Statistics group monitors traffic of the specified interface and records basic statistic
information in the form of a table. The user can specify the interface to collect and save data in
the RMON Statistics group, and the user also gives authority to a user to use the statistic
information.
By default, the RMON Statistics group is defined that all port interfaces of the Corecess S5
System save statistics information. To configure the RMON Statistic group, use the following
commands.
Table 8-14 Configuring RMON statistics group
Command Task
y <index> RMON statistics group number (1 ~ 65535)

rmon etherstats
y <ifIndex> Interface number to collect statistics information. (Instance
<index> {<ifIndex> |
number defined in RFC 1213, 1 ~ 2147483647)
gigabitethernet
y <slot>/<port> Slot/Port number to collect statistics information
<slot>/<port>} owner
y <etherstats-owner> The object that uses the collected statistics
<etherstats-owner>
information (IP address, host name or user name)
The following is an example of configuring statistics groups:
(config)# rmon etherstats 10 gigabitethernet 5/1 owner aaa

(config)# rmon etherstats 11 gigabitethernet 5/2 owner aaa
The following example shows how to display the RMON Statistics group.
# show rmon
RMON: Enabled
[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)

Configuring RMON

[history]
----- -------------- -----------------------------
.
.
#
To show the detail configuration information, specify the number of the statistics information
using show rmon statistics command.
# show rmon statistics 1

Entry 10 is valid, and owned by aaa
Monitors ifEntry.ifIndex.4 which has
Received 0 octets, 0 packets,
0 broadcast and 0 multicast packets,
0 CRCAlign error and 0 Collisions(tx),
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
# of dropped packet events (due to lack of resoures): 0
# of packets received of length (in octets):
64: 0 65-127: 0 128-255: 0
256-511: 0 512-1023: 0 1024-1518: 0
To delete the configured RMON statistics group, use no rmon historycontrol command
in Global configuration mode:
(config)# no rmon etherstats 10

(config)#

Configuring RMON
Configuring History Groups
The RMON History group contains a control and data collection function. The RMON History
group provides the control function and the history function to collect traffic data periodically.
The control function retrieves statistics data periodically from network and sets control
parameters such as retrieve interval. The history function records statistics data periodically
such as number of packet and period start time.
The RMON History group has statistics information of the specified interface in history table
and adds new entry in the history table when new data is collected. Users can perceive overall
information of the interface with information of the RMON History group, and if an error
occurs, information of the RMON history group helps users to detect problems easily and solve
problems.
The RMON History group collects and stores statistics information, which is the same as the
RMON Statistics group, from a particular interface for a certain amount of time. It means that
the statistics group has immediate statistics information, but in the other hand, the History
group stores the sequent statistic information continuously.
By default, the History group is defined that all port interfaces store history information. To
configure the RMON History group, use the following commands in Global configuration
mode.
Table 8-15 Configuring RMON history group
Command Task
y <index> Number to identify RMON history (1 ~ 65535)

y <ifIndex> Interface number to collect statistics information.
rmon historycontrol (Instance number defined in RFC 1213, 1 ~ 2147483647)
<index> {<ifIndex> | y <slot>/<port> Slot/Port number to collect statistics information
gigabitethernet
y <history-owner> The object that uses the collected statistics
<slot>/<port>} owner
information (IP address, host name or user name)
<history-owner>
<bucket-number> y <bucket-number> Number of data to collect in history group.
<history-interval> (Bucket size. 1 ~ 65535)
y <history-interval> interval to collect information (1~3600
second)
The following example shows how to configure the RMON History group.
(config)# rmon historycontrol 10 gigabitethernet 5/1 owner aaa 50 30

Configuring RMON
(config)#
The following example shows how to display the RMON History group.
# show rmon
RMON: Enabled
[statistics]
----- ------------- -----------------------------
[history]
----- ------------- -----------------------------
.
.
#
To display the detail information on a history group, enter the show rmon history
command with the history number:
# show rmon history 10

Entry 10 is valid, and owned by aaa
Monitors ifEntry.ifIndex.4 every 30 seconds
Requested # of time intervals, is buckets, is 50
Granted # of time intervals, is buckets, is 50

Configuring RMON
Sample # 6878 began measuring at 1days 18h:5m:52s:44th(15155244)

0 CRC alignment errors and 0 collisions.
# of dropped packet events is 0
Network utilization is estimated at 0
.
.
.
Sample # 269704428 began measuring at 0days 7h:23m:44s:51th(2662451)

0 CRC alignment errors and 0 collisions.
# of dropped packet events is 0
Network utilization is estimated at 0
To delete a history group, enter the no rmon historycontrol command in Global

configuration mode:
(config)# no rmon historycontrol 10

(config)#

Configuring RMON
Configuring Alarm Groups

The RMON Alarm group allows you to set an alarm threshold and a sampling interval to
enable the RMON agent to generate alarms on any network segment it monitors. Alarm
thresholds can be based on ‘absolute’ or ‘delta’ values so that you can be notified of rapid spikes
or drops in a monitored value.
The alarm group periodically takes statistical samples from variables and compares them to
previously configured thresholds. The Alarm Table stores configuration entries that define a
variable, a polling period, and threshold parameters.
Each alarm is linked to an event in the event group. An event defines an action that will be
triggered when the alarm threshold is exceeded. The event generated when a RMON alarm
occurs should specify one of the RMON event entry and be configured. To configure the RMON
event, use rmon event command.
The alarm group retrieves variables periodically and compares variables to threshold. The
variable type, retrieval interval and threshold are consisted of an entry, and the entry is stored
in the alarm table.

Configuring RMON
To configure the RMON Alarm group, use the following message in Global configuration
group.
Table 8-16 Configuring Alarm Groups
Command Task
y <index> Number to identify alarm group (1~ 65535)

y <interval> MIB object monitoring interval (1-2147483647 seconds)
y <type> Value to monitor. Select one of the following values:
- multicastPkts: The number of incoming multicast packets
- cRCAlignErrors: The number of incoming packets with CRC errors
- collisions : The number of times a collision occurs while the packet is
received
- octets: The total number of incoming octets
- pkts: The total number of incoming packets
- broadcastPkts: The number of incoming broadcast packets
- pkts256to511 : The number of incoming packets 256 to 511 bytes in
length
- pkts512to1023: The number of incoming packets 512 to 1023 bytes in
length
rmon alarm <index> - pkts1024to1518 : The number of incoming packets 1024 to 1518 bytes
in length
<interval> {<type>
- pkts64: The number of incoming packets 64 bytes in length
<StatisticsIndex> - pkts65to127: The number of incoming packets 65 to 127 bytes in length
|<variable>} - pkts128to255 : The number of incoming packets 128 to 255 bytes in
{delta | absolute} length
{rising | falling | y <StatisticsIndex> The number of statistics group to get the
both} threshold selected value from <type>option (0 ~ 65535)
<rising-threshold> y <variable> OID number of the MIB object to monitor
<falling-threshold> y <StatisticsIndex> The number of statistics group to get the
selected value from <type>option (0 ~ 65535)
event-index <rising-
y absolute Option for testing each MIB variable directly
event-number>
y delta Option for testing the change between MIB variables
<falling-event-number>
y rising Option for triggering alarm when the monitored value
owner <alarm-owner>
exceeds the rising threshold
y falling Option for triggering alarm when the monitored value
exceeds the falling threshold
y both Option for triggering alarm when the monitored value exceeds
the rising or falling threshold
y <rising-threshold> Value at which the alarm is triggered (0 ~
2147483647)
y <falling-threshold> Value at which the alarm is reset (0 ~
2147483647)
y <rising-event-number> Event number to trigger when the rising
threshold exceeds its limit (0 ~ 65535)
y <falling-event-number> Event number to trigger when the
falling threshold exceeds its limit (0 ~ 65535)
y <alarm-owner> Option for specifying an owner for the alarm

Configuring RMON
The following example shows how to configure RMON alarm group and check the result:
(config)# rmon alarm 1 10 pkts 1 absolute both threshold 1000 100 event-index 1
1 owner aaa
(config)#
Before configure RMON alarm group, you should verify that the statistics group
(<StatisticsIndex>) is defined.
(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 100 event-
index 1 1 owner kimka
Can't fetch the MIB values
(config)#
If you specify undefined statistics group, the ‘Can't fetch the MIB values’
message will be displayed:
To display the information on an alarm group, enter the show rmon command with the alarm
number:
# show rmon
RMON: Enabled
[statistics]
----- -------------- -----------------------------
.
.
[history]
----- -------------- -----------------------------
2 valid ifIndex.7 (Gi 1/2).
.
.
[alarm]
index status sample

Configuring RMON
----- -------------- -----------------------------

1 valid etherStatsPkts.1
[event]
index status type
----- -------------- ---------------
#
To display the detail information on an alarm group, enter the show rmon alarm command
with the alarm number:
# show rmon alarm 1

Alarm 1 is valid, owned by aaa
Monitors etherStatsEntry.etherStatsPkts.1 every 10 seconds
Taking absolute samples, last value was 0
Rising threshold is 1000, assigned to evnet 1
Falling threshold is 100, assigned to event 1
On startup enable rising or falling alarm
To delete a RMON alarm group, enter the no rmon alarm command in Global configuration
mode:
(config)# no rmon alarm 1

(config)#

Configuring RMON
Configuring Event Groups

The RMON Event group defines an action that is able to do when an alarm occurs. The action is
usually generating SNMP trap or storing the log entry to the log table to record the alarm. If
you configure SNMP trap generated, you should specify community to transmit the generated
trap to the managed system.
To configure the RMON Event group, use the following command in Global configuration
mode.
Table 8-17 Configuring RMON event group
Command Task
y <index> Number to identify events (1 ~ 65535)

y description <string> Add a description of the event.
- <string> A description of the event.
rmon event <index>
y trap <community> Option for generating SNMP trap with the
description <string>
<community> community string when the event occurs
{trap <community> |
- <community> Community String
log } owner <owner>
y log Option for storing log for alarm when the alarm occurs
y owner <owner> Option for specifying an owner for the event
- <owner> IP address, host name or user name
This example shows how to configure an event group on the Corecess S5 System and how to
verify that they are configured:
Parameter Value
Event index 10
Event description Event to create log entry and SNMP notification
Event type log, trap
Community public
Owner help_desk
(config)# rmon event 10 description “Event to create log entry and SNMP
notification” log trap public owner help_desk

Configuring RMON
To display the information on an event group, enter the show rmon command:
# show rmon
RMON: Enabled
[statistics]
----- -------------- -----------------------------
.
.
[history]
----- -------------- -----------------------------
.
.
[alarm]
index status sample
----- -------------- -----------------------------
[event]
index status type
----- -------------- ---------------
10 valid logandtrap
.
.
#
To display the detail information on an event group, enter the show rmon events command
with the event number:
# show rmon events 10

Event 10 is valid, owned by help_desk
Description is Event to create log entry and SNMP notification
Event firing causes log and trap to community public
last fired 0days 0h:1m:14s:25th(7425)
#
To delete an event group, enter the no rmon event command in Global configuration mode:
(config)# no rmon event 10

(config)#

Configuring RMON
Collecting Bandwidth Information of Traffic
In the Corecess S5 System, bandwidth information of traffic can be collected by RMON through
a particular port with a certain cycle (five seconds, one minute and ten minutes). To collect
bandwidth information communicated through the specified port, use the following
commands.
Table 8-18 Collecting Bandwidth Information of Traffic
Command Task

2. Collect bandwidth information communicated through the
rmon port gigabitethernet specified port.
<slot>/<port> utilization y <slot>/<port> Slot/Port number to collect bandwidth
information of traffic
End 3. Return to Privileged mode.
show rmon port <port-type>

4. Verity the bandwidth information of traffic.
<slot>/<port> utilization
The following example shows how to collect the bandwidth information of traffic and verify it.
(config)# rmon port gigabitethernet 5/1 utilization
(config)# end
# show rmon port gigabitethernet 5/1 utilization
Rx-avg: bits/s bytes/s pkts/s utilization
Tx-avg: bits/s bytes/s pkts/s
------------ ------------ ------------ -------------
Port 5/1
5 sec: 0 0 0 0
0 0 0
1 min: 0 0 0 0
0 0 0
10 min: 0 0 0 0
0 0 0
#

Configuring RMON
Displaying RMON Information

To display the current RMON configuration, enter the show rmon command in Privileged
mode. You can execute the show rmon command with the following options:
y alarm Displays the RMON alarm table.
y events Displays the RMON event table.
y history Displays the RMON history table.
y statistics Displays the RMON statistics table.
If you do not specify any option, the contents of the RMON alarm table, event table, history table, and
statistics table are displayed. The following is a sample output of the show rmon command:
# show rmon
RMON: Enabled
[statistics]
----- -------------- -----------------------------
.
.
[history]
----- -------------- -----------------------------
.
.
[alarm]
index status sample
----- -------------- -----------------------------
[event]
index status type
----- -------------- ---------------
10 valid logandtrap

Configuring RMON
The table below describes the fields in the show rmon command output:
Table 8-19 show rmon field descriptions
Field Description
RMON Running status of the RMON
Index Proper number of statistics group
statistics Status Status of statistics group
dataSource Object to collect data
Index Proper number of the statistics group
history Status Status of the statistics group
dataSource Object to collect data
Index Proper number of alarm group
alarm Status Status of alarm entry
Sample Object to refer data
Index Proper number of event group
event Status Status of event group
Type Type of event group
The following example shows how to display the bandwidth information of traffic.
# show rmon port gigabitethernet 5/1 utilization

Rx-avg: bits/s bytes/s pkts/s utilization
Tx-avg: bits/s bytes/s pkts/s
------------ ------------ ------------ -------------
Port 5/1
5 sec: 0 0 0 0
0 0 0
1 min: 0 0 0 0
0 0 0
10 min: 0 0 0 0
0 0 0
#
To verify the average bandwidth of traffic for five seconds, one minute and ten minutes, execute
show rmon port command.

SNMP and RMON Configuration Commands
SNMP and RMON Configuration Commands

The table below shows the list of SNMP and RMON configuration commands and their
functions.
Table 8-20 SNMP & RMON Configuration Commands
Command Description
show snmp-server Display SNMP configuration information of the system.
show snmp-server
Display SNMP community list defined the system.
community-list
show snmp-server statistics Display statistics information of SNMP operation.
show snmp-server traphost Display list of trap host received trap.
show rmon Display entry information of RMON table.
snmp-server community Configures the SNMP community strings.
snmp-server contact Specifies the system operator information.
snmp-server enable rmon Enables the RMON.
snmp-server enable traps Enables a SNMP trap.
Limits hosts which can access to the system through SNMP based
snmp-server group access
on the access list.
snmp-server host Specifies hosts to receive SNMP notifications.
snmp-server location Specifies the system location information..
rmon alarm Configure an RMON alarm group.
rmon etherstats Configures an RMON statistics group.
rmon event Configures an RMON event group.
rmon historycontrol Configures an RMON history group.
rmon port Collects the average bandwidth information of traffic.

Chapter 9 Configuring QoS
This chapter describes how to configure QoS (Quality of Service) on the Corecess S5 System.
9 QoS Overview 9-2
9 Configuring QoS Service Policy Map 9-17
9 Configuring Non-Class-map QoS Features 9-30
9 QoS Configuration Commands 9-43

QoS Overview
QoS Overview
This section describes QoS (Quality of Service) and QoS features supported by the Corecess S5
System.
QoS (Quality of Service)

QoS can classify traffic into several levels and provide graded quality of service. QoS function
can give high priority to traffic that should transmit important information or be processed in
real-time, so high priority traffic is transmitted first, then low priority traffic is transmitted. It
makes the limited network resource such as bandwidth use efficiently.
QoS consists of the Classifier and the Traffic manager. The Classifier classifies traffic, and the
Traffic Manager processes the classified traffic as follows:
　
Packet Buffer Queue Packet
Classifier Marker Policer
In Manager Scheduler Out
Traffic Manager
The Classifier refers to a header of a received packet, and then decides the QoS level. The traffic
manager marks the QoS level to the packet header or processes a packet that is in permitted
bandwidth. The Traffic Manager also chooses which packet drop when congestion occurs or
prefers which packet transmits first.
The following section describes parameters to classify packets and how to classify packet.

QoS Overview
Classifier
Classification Standard
The classifier uses the following values to decide the packet level.
y Layer 1 : Number of Input/output port

The input/output ports in Layer 1 packet is a port that a packet is received and transmitted.
It is also called as ingress/egress port.
y Layer 2 : Source/Destination MAC Address, EtherType Field, DSAP Field, 802.1P Field, VLAN ID
802.1P field in Layer 2 packet is a three bit field that marks the packet priority, and a number
from zero to seven is stuffed in the three bit field.
y Layer 3 : Source/Destination IP Address, Protocol ID, TOS/DSCP Field

Protocol ID in the header of Layer 3 packet is a field that marks which packet of protocol is.
The field is set by values that have been defined (TCP: 6, UDP: 17, ICMP:1, IGMP:2).
The following values are set in the eight bit of TOS field - also called DSCP field - in the
header of Layer 3 packet.
IP Type of Service (RFC 1349) IP DiffServ Code Point (RFC 2474)
bits bits 0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
DSCP C
IP-Prec TOS MRZ U
Class Selector
D T R C
- MRZ : Must Be Zero -D : Minimum Delay

-T : Maximum Throughput -R : Maximum Reliability
-C : Minimize Cost - CU : Currently Unused
y Layer 4 : Source/Destination Port Number, TCP Flag

The port number in TCP/UDP header of Layer 4 packet notifies what the packet of
application is.
The classifier can classify the following types of category with the classification standard.
Configuring QoS 9-3

QoS Overview
y Subscriber (packet sender) Classification: Who send the packet?

- Packet Classification using Input Port Number, Source MAC Address and Source IP
Address
y Subscriber and Application Classification: Who send the packet? And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address
and TCP/UDP Port Number
y Subscriber and Destination Classification: Who send the packet. And, who receive the packet?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address,
Output Port Number, Destination MAC Address and Destination IP Address
y Subscriber, Destination and Application Classification; Who send the packet?, Who receive the packet? And, what
kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address,
Output Port Number, Destination MAC Address and Destination IP Address and
TCP/UDP Port Number
y Class based Classification: QoS level is marked in the packet?

- Packet Classification using the value of the 802.1p field and IP TOS/DSCP/IP-Prec field
Classification Table
The classifier has two types. One is MF (Multi Field) classifier that refers several fields of a
packet simultaneously and decides QoS service level. The other is BA (Behavior Aggregate)
classifier that recognizes the packet decided QoS level.
MF classifier uses the following table to decide QoS level and to recognize a QoS profile.
level Classification standard Service Contents
Source Destination
Input Output Source Destination VLAN Source Destination Protocol TCP QoS
Rule# 802.1P TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID IP IP ID Flag Profile
Port # Port #
1
2
3
4
5
6
7
.
.
.

QoS Overview
A QoS profile has information what actions (marking, policing and assigning queue) should be
done to the packet decided QoS level through classification standard. The traffic manager
actually applies the actions to the packet.
BO
For example, the classification table is defined as follows.

20.1.1.0/24
There is a packet that source IP address is 1.1.1.0/24, and
HQ
destination IP address id 20.1.1.0/24. When the classifier
HTTP Packet
receives the packet, the classifier recognizes that the packet
1.1.1.0/24
matches rule number four, and applies the packet to be
processed by the QoS profile.
Source Destination
Input Output Source Destination VLAN Protocol TCP QoS
Rule# 802.1P Source IP Destination IP TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID ID Flag Profile
Port # Port #
1
2
3
4 * * * * 0x0800 * 1.1.1.0/24 20.1.1.0/24 6 * * 80 *
5
6
The BA classifier recognizes the QoS profile, which is applied to the packet, using the tables of
802.1p or ToS field that are only used for QoS. In the table of 802.1p or ToS field, the following
field values are defined. One of the profiles is applied to the packet by the field values.
TOS/DSCP/IP-Prec
802.1p Table
Table
802.1p Field Value QoS Profile ToS Field Value QoS Profile
0 0
1 1
2 2
3 3
4 4
5 5
6 …
7 255
The following section describes the traffic manager.
Configuring QoS 9-5

QoS Overview
Packet Marker
Packet marker marks 802.1P field or ToS field with QoS level. QoS level of a packet can use the
value decided by the classifier or be changed by QoS profiles. It is called “remarking” that the
first decided level is changed and marked by QoS profiles.
Policer
Policer can limit bandwidth to make users only use engaged traffic. Policer measures traffic
flow rate by traffic flow, which classified by classifier, and limits traffic not to use over engaged
bandwidth.
Policer consists of metering and action block. Metering measures traffic flow rate and compares
the result of traffic flow rate to engaged bandwidth, then informs the comparing result to action
block. Action block decide how to process traffic depending on the result.
There are three methods to process the result as follows:
y Pass: transmits packets without the result.
y Drop: Discard packets which exceed bandwidth.
y Mark: Remark packets which exceed bandwidth.
Policer Variables
To use Policer function, you should understand the following variables.
y CIR (Committed Information Rate)

Engaged Bandwidth. It is also called Average rate or Guaranteed rate.
y PIR (Peak Information Rate)

Maximum bandwidth
y CBS (Committed Burst Size)

Packet size that can be received for one time. It is also called Average burst size.
y PBS (Peak Burst Size)

Maximum packet size that can be received for one time
y EBS (Excessive Burst Size)

Gap between received packet size and CBS

QoS Overview
The following graph shows the variables.
Information Burst Size (Bytes)

Rate(bps)
EBS
CIR PIR PBS CBS
time
Token Bucket
There are several implementation of policer function, and the typical implementation is the
token bucket. The token bucket contains tokens, each of which can represent a unit of bytes.
Token is filled up in the token bucket for a certain rate. When packets are arrived, the same
amount of tokens is removed from the token bucket.
Packet
The same amount of tokens is

removed from the bucket.
Token Bucket
Bucket Size
Token Rate
Token
The variables of policer can be substituted for the element of token bucket as follows:
y CIR : Token Rate
y CBS : Bucket Size
Configuring QoS 9-7

QoS Overview
If tokens are full in the token bucket, no token is provided. When packets are received, the same
amount of token are removed. If the number of tokens is less than size of a packet, the packet is
specified as non-conforming packet. And, if the number of tokens is more than size of a packet
or is the same as the size of packet, the packet is specified as conforming packet. The packet
specified as non-conforming packet is processed by QoS profile of the packet.
There are two method of token bucket - single token bucket, dual token bucket. Single token
method uses only one bucket, and dual token method uses two bucket.
In dual token bucket method (RFC 2698 tr-TCM algorithm), the first bucket receives tokens at PIR
rate and the second bucket receives tokens at CIR rate. The first bucket size also is PBS and the
second bucket size is CIR. A packet that is specified as non-conforming in the first bucket finally
becomes the non-conforming packet. If a packet that is specified as conforming in the first bucket
becomes non-conforming in the second bucket, the packet is specified as loosely non-conforming
packet.
Dual token bucket method can control the packet with detailed classification above.
The following graph shows the dual token bucket method.
Bucket Size Bucket Size

= PBS = CBS
Token Rate Token Rate

= PIR = CIR P

QoS Overview
Queue Scheduler
The output port is generally slower than the input port because the output port transmits
packets that are received from the several input ports. In the output port, at least one queue is
assigned, and packets that have to be processed by the output port are saved. When saved
packets in a queue are more than bandwidth that can transmit packets - it means congestion,
what packets are transmitted first should be defined in the output port. This is called queue
scheduling.
There are various queues scheduling method, and the following methods are generally used.
y Strict Priority Queuing
y WRR (Weight Round Robin)
y WFQ (Weight Fair Queuing)
y DWRR (Deficit Weight Round Robin)
SPQ (Strict Priority Queuing)
In this method, each queue has assigned priorities (high, medium, low), and packets in the high
priority queue are transmitted first. After packets in the high priority are transmitted
completely, packets in the next priority queue are transmitted.
[Q1] Priority: High

200B 300B 400B 100B 300B
[Q2] Priority: Medium Output Port
400B 500B 500B 400B 300B 600B 400B 500B 500B 200B 300B 400B 100B 300B
[Q3] Priority: Low SPQ Scheduler

400B 300B 600B
This method is easy to implement, but if there are plenty of packets that flows into the high
priority queue, packets in the low priority queue can not be transmitted at all. This is called
starvation.
Configuring QoS 9-9

QoS Overview
WRR (Weight Round Robin)
WRR method processed every queue in sequence to remove starvation that happens in SPQ
(Strict Priority Queuing). The packet size that process packets each time can be set for each
queue instead. A value, called weight, is used to set the packet size. The weight represents the
ratio of packets that is serviced through the queues.
[Q1] Weight: 2
200B 300B 400B 100B 300B
[Q2] Weight: 1 Output Port
400B 500B 500B
[Q3] Weight: 1 WRR Scheduler

400B 300B 600B
If weight values (2, 1, 1) are assigned to each queue as above, the ratio of packets are 2:1:1. It
means that two packets are transmitted through the first queue (Q1), and a packet is
transmitted through the second queue (Q2), then a packet is transmitted through the third
queue (Q3).
WRR method can specify priority to each queue and prohibit starvation as above. The
disadvantage of WRR is not useful in IP network that packet size is variable because weight is
ratio of packets. For example, there are two packets. One is 64byte VoIP packet, and the other is
1500byte data packet. The packets are serviced through two queues that weight is 2:1. Even
though the VoIP packet is serviced through high weight queue, 128bytes are sent each time, but
the 1500byte data packet can be sent through the low weight queue.

QoS Overview
WFQ (Weight Fair Queuing)
WFQ method divides whole packet in queue into bit unit to solve the problem of WRR and
transmits the bits at weight ratio of queues, then reassembles the bits.
[Q1] Weight: 2 1 bit

Last bit of Last bit of Last bit of
200B 300B 400B 100B 300B 400B Pkt 500B Pkt 600B Pkt
Packet Segmentation
Last bit of Last bit of Last bit of
400B Pkt 300B Pkt 500B Pkt
[Q2] Weight: 1
Packet
400B 500B 500B
Reassembler
Bit-by-Bit WRR
[Q3] Weight: 1 Scheduler Last bit of Last bit of Last bit of
300B Pkt 400B Pkt 300B Pkt
Bit-by-Bit Service Ratio Last bit of
400B 300B 600B
= Q1:Q2:Q3 = 2:1:1 200B Pkt Last bit of
100B Pkt
400B 400B 500B 300B 200B 600B 300B 500B 400B 100B 300B
Output Port
This method can transmit packets without the packet size at the ratio that is specified in the
queue, but it is complicated to implement.
DWRR (Deficit Weight Round Robin)
DWRR method enhances disadvantage of WRR and WFQ. DWRR defines weight, quantum and
deficit counter to each queue. Quantum is the maximum packet size that is processed by weight
ratio. Deficit counter is set to ‘0’ by default. Deficit counter is merged with quantum when data
of a queue is serviced. The packet of queue can be serviced up to deficit counter. After the
packet is serviced, deficit counter is decreased to the packet size.
For example, there is a queue that quantum value is 1000bytes. If 500byte packet, 300byte
packet, and 300byte packet are in a queue, only 500byte packet and 300byte packet can be
processed because the queue can process up to 1000bytes. Then, deficit counter becomes 200.
After other queues process their packet, the queue become in the order. The deficit counter
value becomes 1200, and the queue can process up to 1200byte.
Deficit counter memorizes the size of packet that was not transmitted as the ratio of weight, and
transmits the packet next time.
Let’s look at the operation principal of DWRR. There are three queues in an output port as
below. In each queue, 2:1:1 of weight is assigned. The quantum values of each queue are set as
1000byte, 500byte and 500byte. The deficit counter values are set as ‘0’ (Picture 1).
Configuring QoS 9-11

QoS Overview
[Q1] Weight: 2 [Q1] Weight: 2

1000B - 300B - 100B - 400B
Quantum=1000, DeficiCounter=0B Quantum=1000, DeficiCounter=200B
200B 300B 400B 100B 300B 200B 300B

Output Port Output Port
Quantum=500, DeficitCounter=0B Quantum=500, DeficitCounter=0B
400B 500B 500B 400B 500B 500B 400B 100B 300B
[Q3] Weight: 1 DWRR [Q3] Weight: 1 DWRR

Quantum=500, DeficitCounter=0B Scheduler Quantum=500, DeficitCounter=0B Scheduler
400B 300B 600B 400B 300B 600B
[Picture 1] [Picture 2]
The DWRR scheduler visits the number 1 of queue, then deficit counter value becomes
1000bytes. 300byte, 100byte and 400byte packets are transmitted through output port. After the
transmission, the deficit counter value becomes 200 (Picture 2).
The DWRR scheduler visits the number 2 of queue. The number 2 of deficit counter set the
value as 500byte, then 500byte packet is transmitted. After the transmission, the deficit counter
value becomes 0. The next time the number 3 of queue should be processed, but the first packet
in the number 3 of queue is 600byte and is bigger than deficit counter of 500byte. In this case,
deficit counter is not changed, and no packet is transmitted.
The DWRR scheduler visits the number 1 of queue again, then the quantum value is added to
the current deficit counter value. In this time, the deficit counter value becomes 1200bytes, and
the number 1 of queue can transmit packets up to 1200byte. 300byte and 200byte packets can be
transmitted, then deficit counter becomes 700 (Picture 3).
[Q1] Weight: 2
1200B - 300B - 200B [Q1] Weight: 2
Quantum=1000, DeficiCounter=700B Quantum=1000, DeficiCounter=0B

Output Port Output Port
Quantum=500, DeficitCounter=0B Quantum=500, DeficitCounter=0B
400B 500B 200B 300B 400B 300B 600B
[Q3] Weight: 1 DWRR [Q3] Weight: 1 DWRR

Quantum=500, DeficitCounter=500B Scheduler Quantum=500, DeficitCounter=100B Scheduler
400B 300B 600B 400B
1000B - 600B - 300B
[Picture 3] [Picture 4]
There is no packet in the number 1 of queue, so the DWRR scheduler visits the number 2 of
queue. The deficit counter is set as 500byte, and 500byte packet is transmitted in the number 2
of queue, then deficit counter becomes 0. In the num 3 of queue that could not transmit packets

QoS Overview
previous time, the deficit count becomes 1000byte, and 600byte and 300byte packet are
transmitted. After the transmission, the deficit counter becomes 100 (Picture 4). The rest of
packets are processed as above.
Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue.
The traffic that is more than target traffic rate is stored into the buffer. If there is enough
bandwidth to transmit, the stored traffic is transmitted.
Bandwidth(bps) Bandwidth(bps)
Offered Traffic Buffered
Target Traffic Rate

Rate Shaped Traffic
time time
This method is more flexible than policing, but is not useful in real-time traffic such as voice
traffic because transfer delay occurs.
WC (Work Conserving) Scheduler and NWC (Non Work Conserving)

Scheduler
WC scheduler can use whole bandwidth of output port until congestion occurs. SPQ, WRR,
DWRR and WFQ are WC method. On the other hand, even if there is no congestion, NWC
scheduler does not service more than bandwidth that is assigned queue. Shaping is this method.

QoS Overview
Buffer Manager
Queues of an output port have fixed size. If a queue is full of packets, and other packets flow
into the queue, the packets are discarded as a particular rule. Buffer manager is the function
that discards received packets selectively to solve the congestion of the queue.
This section introduces that buffer manager methods.
Tail Drop
In Tail drop method, if there is no space to store Drop Probability
packets, packets that arrived after full of the queue

are discarded. The ratio that packets are discarded 1
is ‘1’ when the amount of packet in the queue

becomes the size of the queue (Max Size) as the
right graph.
Retransmission requests are sent to senders 0 Queue Size

Max Size
continuously because packets are discarded after
the queue is full. The host that received retransmission requests considers that the link is not
stable and makes transmission speed slow. If this situation occurs repetitively, the speed of
whole network is slower. This problem is called TCP global synchronization.

QoS Overview
QoS of the Corecess S5 System

This section describes QoS features supported by the Corecess S5 System. The following figure
shows QoS structure on the Corecess S5 System:
Output
Q0 port #1 TC #1
Q1 TC #1
.
.
TC #1
Q6
Classifier
Input port #1 Q7
match
match
. .
. match .
. . .
.
. .
.
Input port #n . .
.
Output
Q0 port #n
Q1
.
. TC #216
Q6 TC #217
Q7 TC #218
The Corecess S5 System classifies the packets from ingress (incoming) port according to the
criteria defined the class map, stores the classified packets to each transmit queue (0 ~ 7), and
transmits packets via TC (Traffic Class) applied the QoS action defied the policy map.
Packet Classification
The Corecess S5 System uses the values in the following fields of the layer 1 ~ layer 4 IP packet
header as a criterion to classify packets:
y Layer 1: Input/output port number
y Layer 2: Source/destination MAC address, EtherType field, DSAP field, 802.1P filed, VLAN ID
y Layer 3: Source/destination IP address, protocol ID, TOS/IP Precedence/DSCP filed
y Layer 4: Input/output port number, TCP flag

QoS Overview
Marking & Remarking
The Corecess S5 System supports marking based on the following bits in the CoS (Class of
Service) filed for the packet:
y DSCP
y CoS
y VLAN priority
The Corecess S5 System can recognize packets from a particular VLAN or port and configure
packets to set the specified values to the CoS field of packets.
Policing
The Corecess 5242 supports Policing. Policing is the process by which the system limits the
bandwidth consumed by a flow of traffic. You can limit the bandwidth of a specific traffic flow
by using a policy map or limit the full bandwidth of a port.
Transmit Queue
The Corecess S5 System provides eight transmit queues for each egress port. These transmit
queues are scheduled by the Strict Priority Queuing (SPQ) mechanism. The priority of queues
decides which queue transmits packets. The following values can be used as the priority, and
the user can specify which value uses as the priority.
y User defined priority
y ToS Field Value
y VLAN Priority
y Class Priority
When the transmit queue is full, frames at the end of the queue are dropped (tail drop)
Shaping
The Corecess S5 System supports shaping function.

Configuring QoS Service Policy Map

The Corecess S5 System can configure QoS using class map (Classifier) and policy map (QoS
action). This section describes how to configure QoS on the Corecess S5 System.
Configuring QoS Service Policy

The following diagram shows steps for configuring QoS service policy:
The first task for configuring QoS service policy is defining class maps.
X Defining Class Map Class map defines a standard to classfy a particular traffic and execute
the role of QoS classifier.
The second step for configuring QoS service policy is defining policy
Y Defining Policy Map maps. Policy map defines QoS action that is applied to classified traffi
c and execute the role of traffoc manager.
The last step of configuring the QoS Service policy is defining service
Z Applying
policies. A service policy consists of a policy-map and ingress/egress
Service Policy
ports which the policy map will be applied to.
The sections which describe how to configure each step follow.

Configuring a Class Map

A class-map is a mechanism that you use to name and to isolate a specific traffic flow (or class)
from all other traffic. The class-map defines the criteria used to match against a specific traffic
flow to further classify it. If you have more than one type of traffic that you want to classify, you
can create another class-map and use a different name. After a packet is matched against the
class-map criteria, you further classify it through the use of a policy-map.
You can classify packets and assign them to specific queues based on the following criteria:
Table 9-1 Criteria for packet classification
Criterion Description Value

cos The CoS (Class of Service) value 0~7
dscp The DSCP (DiffServe Code Point) value 0 ~ 63
tos The ToS (Type of Service) value 0~7
ip-prec The IP precedence value 0~7
ip-sa The source IP address
ip-da The destination IP address
mac-sa The source MAC address
mac-da The destination MAC address
tcp-dpn The destination TCP port number 0 ~ 65535

tcp-flag The TCP flag value
tcp-spn The source TCP port number 0 ~ 65535

udp-spn The source UDP port number 0 ~ 65535
udp-dpn The destination UDP port number 0 ~ 65535
ether-type The Ethernet Type filed value 0 ~ 65535
input-port The input port number
output-port The output port number
protocol The L4 Protocol field value 0 ~ 255

vlan-sid The VLAN ID that the input port belongs to. 1 ~ 4094
vlan-did The VLAN ID that the output port belongs to. 1 ~ 4094
CoS field cannot be included with DSCP or IP precedence in the same class-map. To make the
CoS field available, enable IEEE 802.1p using 802.1p classification enable command.
If IEEE 802.1p is enabled, DSCP and IP precedence criteria in class-maps are not available.

To use the DSCP or IP precedence instead of CoS, disable the IEEE 802.1p using 802.1p
classification disable command. By default, IEEE 802.1p is disabled.
After creating class-maps, system checks the inbound or outbound packets by the criteria in
class-maps. QoS actions defined in the policy-map for the class will be applied to the classified
packets into classes.
To create a class map and specify the way in which the Corecess S5 System should classify
traffic, enter the following commands in Global configuration mode:
Table 9-2 Creating a class map
Command Task
qos 1. Enter QoS configuration mode.
2. (Optional) Enables IEEE 802.1p. If IEEE 802.1p is

enabled, CoS field is available for the criterion of
8021p classification enable the class-map. If IEEE 802.1p is disabled (default
setting), IP precedence and DSCP fields become
available instead of CoS field.
class-map 3. Create a class map and enters class-map

<class-map-name> configuration mode.
match cos <value>

match dscp <value>
match ether-type <value>
match input-port <port-type>
<slot>/<port>
match ip-da <destination-ip> <mask>
match ip-prec <value>
match ip-sa <source-ip> <wildcard>
match mac-da <destination-mac>
match mac-sa <source-mac>
4. Define the classification criteria for the class map.
match output-port <port-type>
<slot>/<port>
match protocol <protocol-I
match tcp-dpn <tcp-port-num>
match tcp-flag <flag-num>
match tcp-spn <tcp-port-num>
match udp-dpn <udp-port-num>
match ucp-spn <udp-port-num>
match vlan-sid <vlan-id>
match vlan-did <vlan-id>
show classmap <class-map-name> 6. Verify the class map configuration.

The following example shows how to create a class map and define a classification criterion by
using the source IP address:
(config)# qos
(config-qos)# class-map class1
(config-cmap)# match ip-sa 172.27.2.16 0.0.255.255
(config-cmap)# end
# show classmap
ClassMap
--------------------------------------------------
Name : class1
Match Content : ip-sa 172.27.2.16/0.0.255.255
Total Entries = 1
The following example shows how to create a class map and define the criteria by using the
destination IP address and the destination TCP port number:
(config)# qos
(config-qos)# class-map class2
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255
(config-cmap)# match tcp-dpn 25
(config-cmap)# end
# show classmap class2
ClassMap
--------------------------------------------------
Name : class2
Match Content : ip-da 10.10.10.1/0.0.0.255
: tcp-dpn 25
Total Entries = 2
#
To delete a class-map, use the no class-map <class-map-name> command in the QoS

configuration mode. To remove a criterion from a class-map, use no match command in the
class-map configuration mode.

Configuring a Policy Map

A policy-map specifies which traffic class to act on. A policy map can include several classes
that have different classification and QoS actions that are applied to the classes. And, several
policy maps can be applied to an interface. Each policy map should be applied to different types
of traffic.
The Corecess S5 System supports the following QoS actions.
Table 9-3 QoS action supported by the Corecess S5 System
QoS Action Description Command

Action for changing values of QoS field (CoS, IP precedence,
Remarking mark
DSCP)
Action for deciding whether the traffic is discarded or
Packet Filtering filter
forwarded.
Policing Action for configuring the rate-limiting feature. rate-limit
Action for configuring the priority(high or low) of the traffic.
Priority The priority is used for selecting the traffic to be discarded priority
when the system congestion.
Action for configuring the minimum transmission
bandwidth for the traffic class. bandwidth
minimum transmission
bandwidth Action for configuring the ration of the minimum
weight
transmission bandwidth for the traffic class.
To apply multiple QoS actions to a traffic class, multiple QoS actions can be included in a
policy-map.

Creating a Policy-map
To create a policy-map and configure QoS actions for a traffic class, perform this task:
Table 9-4 Creating a policy map
Command Task
2. Create a policy map and enter the policy-map

configuration mode.
policy-map <policy-map-name>
y <policy-map-name>: Name of a policy map to
define.
3. Specify the class to which the policy map applies and

class <class-name>
enter the policy-map-class configuration mode.
bandwidth <value>
filter {deny|permit|to-proc}
4. Configures QoS actions for the class. Refer to the
mark {cos|dscp|ip-prec} <value>
following sections for configuring QoS actions in the
priority <value>
policy-map class configuration mode.
rate-limit rate <value>
weight <value>
show policymap 6. Verify the policy map configuration.
The following example shows how to create a policy map and specify a class map to which the
policy map applies:
(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class1
(config-pmap-c)# priority 7
(config-pmap-c)# end
# show policymap policy1
PolicyMap
--------------------------------------------------
Name : policy1
Linked ClassMap : class1
Policy : priority 7
Total Entries = 1
#

Configuring Policy-Map Class Remarking (CoS, IP Precedence, or

DSCP)
The QoS fields such as the Layer 2 CoS (802.1p field) or Layer 3 IP precedence, ToS, or DSCP
fields are used for classifying the traffic class. Depending on the network state or QoS policy,
user can set these fields to the specified values which can change the priority of traffic.
To set the QoS fields of packets, which belong to the policy-map class to the specified values,
perform this task in the Policy map class configuration mode.
Table 9-5 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map
Command Task
policy-map 2. Create a policy map and enter policy-map configuration mode.

<policy-map-name> y <policy-map-name>: The name of a policy-map.
3. Specify the class to which the policy map applies and enter policy-map-
class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy map
applies.
4. Specify the value and type of the field to change.

mark {cos | dscp | y cos <value>: Specify the value of the CoS field (0 ~ 7).
ip-prec} <value> y dscp <value>: Specify the value of the DSCP field. (0 ~ 64).
y ip-prec <value>: Specify the value of the IP precedence field(0 ~ 7).
This example configure remarking feature to set the CoS field to “7” of the traffic class class3 in
the policy map polmap6:
(config)# qos
(config-qos)# policy-map polmap6
(config-pmap-c)# mark cos 7
(config-pmap-c)#

Configuring Packet Filtering
In a policy-map, you can add criteria for filtering a traffic class or forwarding it to the internal
system processor.
To add a criterion for deciding whether filtering packets or forwarding, perform this task.
Table 9-6 Configuring packet filtering of a traffic class in a policy map
Command Task
2. Create a policy map and enter policy-map configuration

policy-map <policy-map-name> mode.
y <policy-map-name>: The name of a policy-map.
3. Specify the class to which the policy map applies and enter
policy-map-class configuration mode.
class <class-name>
y <class-name>: The name of the class to which the policy
map applies.
4. Select the filtering method of the traffic class.

filter y deny: Discard the traffic.
{deny|permit|to-proc} y permit: Forward the traffic.
y to-proc: Send the traffic to the CPU.
This example configures to discard the traffic class class2 in the policy map polmap6:.
(config)# qos
(config-pmap-c)# filter deny
(config-pmap-c)#
Configuring Minimum Transmission Bandwidth
The Corecess S5 System can specify the minimum transmission bandwidth which should be
guaranteed for a specific traffic class when congestion occurs. You can set this minimum
transmission bandwidth to either speed or ratio. Beyond the guaranteed bandwidth, the traffic
will be dropped in the event of congestion.

To configure the minimum transmission bandwidth for a traffic class in a policy-map, perform
this task.
Table 9-7 Configuring a transmission queue for a traffic class
Command Task
qos 1. Enter the QoS configuration mode.

3. Specify the class to which the policy map applies and enter policy-
map-class configuration mode.
class <class-name>
applies.
4. Specifies minimum bandwidth guarantee, in Kbps, for the traffic class.

bandwidth <bandwidth>
y <bandwidth>: The minimum bandwidth (0 ~ 100000Kbps).
5. Specify the bandwidth ratio of the transmission queue for the traffic
class.
weight <percentage>
y <percentage>: Percentage of available bandwidth to be assigned
to the class (0 ~ 100)
This example configures the bandwidth of the transmission queue for the traffic class class1 in
the policy map class polmap6:
(config)# qos
(config-pmap-c)# bandwidth 10000
(config-pmap-c)#
This example designates 25% for the bandwidth ratio of the transmission queue for the traffic
class class1 in the policy map class polmap6:
(config)# qos
(config-pmap-c)# weight 25
(config-pmap-c)#

Configuring Policy-Map Class Priority
The priority command in the policy-map configuration mode can assign the user-defined
priority to a traffic class. This user-defined priority is used for selecting one of eight
transmission queues in an output port for buffering packets. It is also used as the value for CoS
field. By default, a transmission queue is select by this user-defined priority. However, you can
use the CoS, DSCP, or VLAN ID when selecting a transmission queue. To do this, use the
queue-precedence command in the QoS configuration mode.
The following is a procedure for specifying the user-defined priority for a traffic class:
Table 9-8 Specifying a priority of a traffic class in a policy map
Command Task

class <class-name>
applies.
4. Gives priority to a class of traffic belonging to a policy-map.

priority <priority> y <priority>: Priority (0 ~ 7). ‘0’ is the highest priority queue and ‘7’ is
the lowest priority queue.
This example assigns the queue with the priority of 7 to the traffic class class4 in the policy map
polmap6:
(config)# qos
(config-pmap-c)# priority 7
(config-pmap-c)#

Configuring Policy-Map Class Policing (Rate-Limiting)
In a policy map, you can configure the rate limiting feature which discards the packets that
exceed the bandwidth limits.
Rate limiting is the process by limiting the bandwidth consumed by a flow of traffic. After a
packet is classified, the rate limiting process can begin. The rate limiting involves creating a
policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are
dropped.
To configure the rate limiting feature in a policy map, perform this task in the Global
configuration mode:
Table 9-9 Configuring rate-limit of a traffic class in a policy map
Command Task
policy-map 2. Enter policy-map configuration mode.

class <class-name>
applies.
4. Specifies the limited rate to be applied to traffic of the class in the

specific policy-map
rate-limit rate
y <target-rate>: Average rate to be applied to the traffic which
<target-rate>
meets the condition of the class(0 ~ 1000000Kbps). The value must be
in increments of 64 kbps.
Note: Policing can be applied to a specific port as well as a specific traffic class. Entering the rate-limit
command in the QoS configuration mode specifies the target bandwidth to be applied to both incoming and
outgoing traffic through a port. How to configure policing for a port will be described later in this chapter.
This example specifies the target bandwidth of the traffic class class5 to apply the rate limiting in
the policy map polmap6:
(config)# qos
(config-pmap-c)# rate-limit rate 640
(config-pmap-c)#

Configuring Service Policy

Service policy specifies which policy map is applied in the defined policy maps. If QoS action is
related to bandwidth such as bandwidth, rate-limit and weight, an output port that QoS
action is applied should be specified in service policy. If QoS action is filter, mark or
priority, you don’t need to specify an output port.
Defining class map and policy map is a process to make rules for QoS. On the other hand,
defining service policy is a process to select which rule is applied and which port uses the rule.
To configure service policy, use the following commands.
Table 9-10 Applying QoS service policy
Command Task
qos 1. Enter the QoS configuration mode.
2. Define service policy.

service-policy <service-name>
y <service-name> Name of the service map.
policy-map <policy-map-name> y <policy-map-name> Name of the policy map.
[input-port gigabitethernet
y input-port Attach the policy map to input traffic.
<slot>/<port>] [output-port
y output-port Attach the policy map to output traffic.
gigabitethernet <slot>/<port>]
y <slot>/<port> Slot number and port number
show service-policy
4. Verify the service policy configuration.
[<service-policy-name>]
This example applies the policy map named ‘polmap6’ to the Gigabit Ethernet port 5/1 and
verifies the configuration:
(config)# qos
(config-qos)# service-policy service1 policy-map polmap6 input-port gigabitethernet 5/1
(config-qos)# end
# show service-policy
ServicePolicy
--------------------------------------------------
Name : service1
Linked PolicyMap : polmap6
Port(In ) : 5/1
Port(Out) : 5/1
Total Entries = 1
#

Configuring Non-Class-map QoS Features

The previous sections describe QoS features for the traffics classified by class maps(classifiers).
The Corecess S5 System has QoS features which can be applied without classifiers. This section
describes how to configure these non-class-map QoS features.
Specifying Priority for VLAN or Port

User priority can be set to a packet of a particular class. User priority can be also set to a packet
that a particular port transmitted.
To specify user priority of a packet that is transmitted from a particular port, use the following
commands.
Table 9-11 Specifying User Priority
Command Task
8021p user-priority 2. Assigns the priority to the specific VLAN interface or port.
<priority> vlan <vlan- y <priority> The priority (0 ~ 7)
id>[port gigabitethernet y <vlan-id> VLAN ID (1~4094)
<slot>/<port>] y<slot>/<port> Slot number and port number of the port
3. Apply the setting to the system. (Priority of the packet is changed

8021p enable
after execution of 8021p enable command.)
show user-priority 5. Verify the configuration.
Note: If you do not specify the port, assigned priority are applied to all ports in the specified VLAN.
The following example shows how to assign a priority of “6” to the Gigabit Ethernet port 5/1
which belongs to the default VLAN:
(config)# qos
(config-qos)# 8021p user-priority 6 vlan 1 port gigabitethernet 5/1
(config-qos)# 8021p enable
8021p is enabled
(config-qos)# end
# show user-priority

Default User Priority

--------------------------------------------------
Entry[ 1]
Vlan : 1
Priority : 6
Port : 5/1
#

Applying Policing to a Port

Policing allows you to control the maximum bandwidth of traffic transmitted or received on a
port. The packets that exceed the bandwidth limits are discarded.
To configure policing to traffic from the specified port, use the following commands.
Table 9-12 Applying Policing to a Port
Command Task
2. Configure the maximum bandwidth of a specific port.

rate-limit [input-port y input-port Applies rate limiting on an input port.
gigabitethernet <slot>/<port>] y output-port Applies rate limiting on a output port.
output-port gigabitethernet y <slot>/<port> Slot number and port number of the
<slot>/ <port> port
rate <target-rate>
y <rate> : The maximum bandwidth (0 ~ 1000000Kbps, in
64Kbps step).
show rate-limit 4. Verify the configuration of Policing.
The following example shows how to apply policing to the packet:
(config)# qos
(config-qos)# rate-limit input-port gigabitethernet 5/1 output-port
gigabitethernet 5/1 rate 24000
(config-qos)# end
# show rate-limit
RateLimit
--------------------------------------------------
Rate : 24000
Port(In ) : 5/1
Port(Out) : 5/1
Total Entries = 1
#

Specifying Priority for CoS Field

You can specify the precedence of the values which can be filled with the CoS field of the packet
when the packet is transmitted through the port. The available values for the CoS field are as
follows:
y tos : The value of ToS Field (IP-precedence or DSCP)

y user : User Defined Priority (default value)
y vlan : Source VLAN Priority
To fill the value to CoS filed when the packet is transmitted, use the following commands.
Table 9-13 Specifying Priority for CoS Field
Command Task
2. Input the values (tos, user, vlan) in the order of high priority.
y <value1>: Specify the highest priority value to be used in CoS field.
8021p-precedence
<value1> <value2> y <value2>: Specify the second-highest priority value. This value is
<value3> used when the <vlaue1> can not be used.
y <value3>: Specify the third-highest priority value. This value is
used when the <vlaue1> and <vlaue2> can not be used.
show 8021p-precedence 4. Verify the configuration.
The following example shows how to configure the precedence of the values for the CoS field to
the order of priority Î ToS Î CoS:
(config)# qos
(config-qos)# 8021p-precedence vlan tos user
(config-qos)# end
# show 8021p-precedence
8021p precedence odering
vlan tos user
#

Specifying Priority for a Transmission Queue

The transmission queue for a packet is selected from eight transmission queues in a port
according to priority of the packet. The following values can be used as priority.
y class : Priority of Class

y tos : The value of ToS Field (IP-precedence or DSCP)
y user : User Defined Priority (default value)

y vlan : Source VLAN Priority
The following is a procedure for specifying a value used as the packet priority for choosing a
packet transmission queue:
Table 9-14 Specifying priority for transmission queue
Command Task
2. Input the values (tos, user, vlan, or class) in the order of high priority.
y <value1> Specify the highest priority value.
y <value2>: Specify the second-highest priority value. This value is
queue-precedence
used when the <vlaue1> can not be used.
<value1> <value2>
<value3> <value4> y <value3>: Specify the third-highest priority value. This value is
used when the <vlaue1> and <vlaue2> can not be used.
y <value4>: Specify the lowest priority value. This value is used
when the <vlaue1>, <vlaue2>, and <vlaue3> can not be used.
show queue-precedence 4. Verify the configuration.
The following example shows how to configure the precedence of the values used for
transmission queue priority to the order of VLAN priority Î User’s priority Î Class Î ToS:
(config)# qos
(config-qos)# queue-precedence vlan user class tos
(config-qos)# end
# show queue-precedence
queue precedence odering
vlan user class tos
#

Configuring Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue. The traffic that is more than target traffic rate is stored into
the buffer. If there is enough bandwidth to transmit, the stored traffic is transmitted.
To configure shaping in the Corecess S5 System, use following commands.
Table 9-15 Configuring Shaping
Command Task
shaping output-port 2. Configure shaping for traffic that transmits through the specified output
gigabitethernet port.
<slot>/<port> y<slot>/<port> Slot number and port number
rate <target-rate> y <targe-rate> Target bandwidth (1~1000000Kbps, in 64Kbps step)
show shaping 4. Verify shaping configuration.
The following example shows how to configure shaping for the traffic that is transmitted
through the Gigabit Ethernet port 5/1.
(config-qos)# shaping output-port gigabitethernet 5/1 rate 128000

(config-qos)# end
# show shaping
Shaping
--------------------------------------------------
Shaping : 128000
Port(In ) :
Port(Out) : 5/1
Total Entries = 1
#

Controlling Broadcast Storm

In the Corecess S5 System, you can set the maximum value of broadcast traffic to each port or
VLAN not to occur broadcast storm. At this time, all broadcast packets that exceed the
maximum value are discarded.
To control broadcast storm, use the following commands.
Table 9-16 Controlling Broadcast Storm
Command Task
broadcast-storm-control 2. Set the control function of broadcast storm on VLAN.

[port gigabitethernet y <slot>/<port> Slot number and port number
<slot>/<port> | y <vlan-id> VLAN ID (1~4094)
vlan id <vlan-id>] y <packet-number> The maximum number of packet that can
pps <packet-number> transmit per a second (16~1048560)
write momory 4. Save the changed configuration.
The following example shows how to discard excess packets when broadcast packet is received
more than 256 per a second.
(config)# qos
(config-qos)# broadcast-storm-control vlan id 1 pps 256
(config-qos)#

Configuring Packet Filtering

This section describes types of packet filtering, filtering purpose and how to configure packet
filtering.
Packet Filtering
The packet filtering is used in the following cases.
y DHCP Packet Filtering

When a host which is connected to the Corecess S5 System operates a DHCP server, unusual
IP addresses can be assigned to other hosts. The Corecess S5 System can filter packets of the
DHCP server received from the host to prevent assigning unusual IP address.
y File and Resource Sharing Protocol Filtering

To prevent hosts that are connected on the same VLAN from sharing files and resources, the
Corecess S5 System can filter the following protocols:
- Apple FileSharing Protocol

- Rendezvous Protocol
- NetBIOS Protocol
- UPnP (Universal Plug & Play) Protocol
y Default Traffic Filtering

The Corecess S5 System can filter default traffic that is not classified by class map.
y Broadcast Packet Filtering

To prevent hosts that are connected with the Corecess S5 System from transmitting
unnecessary broadcast packets to other networks, the Corecess S5 System can filter broadcast
packet transmitted form a particular port.

DHCP Packet Filtering
If a host who is connecting to a Corecess S5 System runs a private DHCP server, other
subscribes connected with the Corecess S5 System may receive an invalid IP address from that
private DHCP server. To prevent this, you can filter DHCP Offer packets received from a host.
Internet or LAN
Corecess S5 System
Filter DHCP Offer packets received
from the DHCP server of ONU
ONU ONU ONU
Host DHCP Server Host
To discard the all DHCP packets, enter the following commands:
Table 9-17 Filtering DHCP Offer Packet
Command Task
2. Filter DHCP server packet received to the specified port. If a port

dhcp-offer filter discard is not specified, all port of the system are filtered.
[port gigabitethernet y accpet Allow receiving DHCP server packet.
<slot>/<port>] y discard Discard receiving DHCP server packet.
4. Display the ports configured to filter the DHCP packets received

show dhcp-offer-filter
from hosts..

The following example configures to discard all the DHCP OFFER packets received from the all
the ports:
(config)# qos
(config-qos)# dhcp-offer filter discard
(config-qos)# end
# show dhcp-offer-filter
Dhcp Offer Filter Ports
--------------------------------------------------
Accept :
Discard : All Ports
#
File and Resource Sharing Protocol Filtering
To prevent hosts that are connected on the same VLAN from sharing files and resources, the
Corecess S5 System can filter protocols as follows:
Ethernet Switch Internet or LAN
Corecess S5 System
ONU
ONU
호스트 호스트
Host Host

To filter the packet of file and resource sharing protocol, use the following commands.
Table 9-18 Filtering File and Resource Sharing Protocol
Command Task
2. Set to deny receiving particular protocol packets.
apple-filesharing-protocol 2-1. Refuse Apple FileSharing packets. This command is applied

filter discard to all ports.
netbios filter discard

2-2. Refuse NetBIOS packet received to the specified port.
[port gigabitethernet
<slot>/<port>]
2-3. Refuse Rendezvous packets. This command is applied to all

rendezvous filter discard
ports.
upnp filter discard 2-4. Refuse UPnP packets. This command is applied to all ports.
show running-config 4. Verify the filtering configuration.
The following example shows how to filter the file and resource sharing protocols received to
all ports.
(config)# qos
(config-qos)# apple-filesharing-protocol filter discard
(config-qos)# netbios filter discard
(config-qos)# rendezvous filter discard
(config-qos)# upnp filter discard
(config-qos)# end
.
.
!
qos
default traffic deny
shaping output-port gigabitethernet 5/1 rate 128000
rendezvous filter discard
apple-filesharing-protocol filter discard
upnp filter discard
!
.
.

Default Traffic Filtering
Default traffic is traffic that is not classified with defined class map in the Corecess S5 System. If
default traffic is filtered, traffic that is not specified by network operators is discarded, so it can
prevent traffic that is not permitted from receiving.
To filter default traffic, use the following commands.
Table 9-19 Filtering Default Traffic
Command Task
default traffic deny 2. Set default traffic to be refused.
show default-traffic-policy 4. Verify the filtering configuration..
The following example shows how to refuse default traffic that is not classified with class map.
(config)# qos
(config-qos)# default traffic deny
(config-qos)# end
# show default-traffic-policy
Default QoS Traffic Policy
--------------------------------------------------
Deny
#

Broadcast Packet Filtering
The Corecess S5 System can filter broadcast packets that are transmitted from a paricular port. It
prevents unnecessary broadband packets from transmitting.
To filter broadband packets, use the following commands.
Table 9-20 Filtering Broadcast Packet
Command Task
egress-filter broadcast 2. Discard broadcast packets from a particular port on the specified
vid <vlan-id> port VLAN.
gigabitethernet y <vlan-id> VLAN ID (1 ~ 4094)
<slot>/<port> y <slot>/<port> Slot number and port number
The following example shows how to filter broadcast packet on the Gigabit Ethernet port 5/1.
(config)# qos
(config-qos)# egress-filter broadcast vid 1 port gigabitethernet 5/1
(config-qos)#

QoS Configuration Commands

The following table lists the commands for configuring QoS on the Corecess S5 System:
Table 9-21 QoS Configuration Commands
Command Description Mode
8021p classification Enable/Disable match cos command of class map.
Enable/Disable the result of 8021p user-priority

8021p enable/disable
command to be applied to the system.
Assign the user defined priority for the specified VLAN

8021p user-priority
or port.
8021p-precedence Specify CoS Filed value of packets.
apple-filesharing-
Refuse Apple FileSharing packet.
protocol filter discard
broadcast-storm-control Set control function of broadcast storm.
class-map Define class map to classify packet.
Set packets that are not classified with class map to be

default traffic deny
discarded. QoS
Configuration
dhcp-offer filter Filter DHCP server packet received to the specified port.
Mode
Discard broadcast packets that are transmitted from a
egress-filter broadcast
particular port on the specified VLAN.
Refuse NetBIOS packets that are received to the specified

port.
policy-map Define/Change service policy for traffic class.
Specify which value is used as the priority that select

queue-precedence
transmission queue of output port.
rate-limit Configure rate limiting function.
rendezvous filter
Set to refuse Rendezvous packet.
discard
Define service policy that specifies policy map and a
service-policy
port.
shaping Set shaping function for traffic that is transmitted QoS

through the specified output port. Configuration
Mode
upnp filter discard Refuse UPnP packet.
(Continued)

Command Description Mode
Add the entry that compares CoS value of the packet to class
match cos
map.
Add the entry that compares DSCP value of the packet to

match dscp
class map.
Add the entry that compares destination IP address of the

match ip-da
packet to class map.
Add the entry that compares IP precedence value of the

match ip-prec
Add the entry that compares source IP address of the packet

match ip-sa
to class map.
Class-map
Add the entry that compares destination MAC address of Configuration
match mac-da
the packet to class map. Mode
Add the entry that compares source MAC address of the
match mac-sa
Add the entry that compares TCP port number for receiving
match tcp-dpn
packets to class map.
Add the entry that compares TCP port number for
match tcp-spn
transmitting packets to class map.
Add the entry that compares UDP port number for receiving
match udp-dpn
packets to class map.
Add the entry that compares UDP port number for

match udp-spn
transmitting packets to class map.
bandwidth Specifies the minimum bandwidth of a traffic class.
filter Set filtering rule of the specified class traffic.
Change the values of CoS field, IP precedence and DSCP

mark Policy-map
field for the specified class traffic.
class
Specify the priority of queue that is used when the specified Configuration
priority
class traffic is in network congestion. mode
rate-limit Set rate limiting function to the specified class traffic.
Set the ratio of bandwidth that is assigned to the specified

weight
class traffic.


Chapter 10 Configuring DHCP
This chapter describes how to configure DHCP server or DHCP relay agent.
9 Configuring DHCP Server 10-2
9 Configuring DHCP Relay Agent 10-18
9 Displaying DHCP Configuration 10-26
9 DHCP Commands 10-37
9 Configuring DHCP Server(Only S518) 10-41
9 Configuring DHCP Relay Agent(Only S518) 10-57
9 Configuring DHCP Proxy Server(Only S518) 10-61
9 Displaying DHCP Configuration information(Only S518) 10-63

DHCP (Dynamic Host Configuration Protocol) Overview
DHCP Server
DHCP has client-server architecture. A DHCP server is generally located in central place, and is
operated by network operators. DHCP server can receive reliable and appropriate information
for the current network status because of network operators.
Most of network consists of several subnets called VLAN. Each VLAN should basically have a
DHCP server because packets are only broadcasted in internal VLAN. If a VLAN has not a
DHCP server, it should be configured that the VLAN supports the DHCP relay agent feature.
A DHCP client broadcasts DHCPDISCOVER message to search a DHCP server. If there is a

DHCP server in the network, the DHCP server assigns an IP address as response to the DHCP
client. The DHCP client, which is assigned the IP address, requests lease time for using the IP
address to the DHCP server.
Communication between DHCP Server and Client
DHCP clients and DHCP servers request and transmit information using DHCP messages. The
following figure shows the basic steps that occur when a DHCP client requests an IP address
from a DHCP server.
1. DHCPDISCOVER
2. DHCPOFFER
3. DHCPREQUEST
4. DHCPACK
DHCP Client 5. DHCPRELEASE DHCP Server

1. DHCPDISCOVER
A DHCP Client broadcasts the DHCPDISCPVER message to local network for searching a
DHCP server.
2. DHCPOFFER
If there is a DHCP server in the local network, the DHCP server, which receives the
DHCPDISCOVER message, transmits the DHCPOFFER message with DHCP configuration
parameters (IP address, MAC address, domain name and assigned time of IP address).
3. DHCPREQUEST
When the DHCP client, which transmitted DHCPDISCOVER message, receives the
DHCPOFFER message, the DHCP client transmits the DHCPREQUEST message to requests
that the client uses the received parameters.
4. DHCPACK
When the DHCP server receives the DHCOREQUEST message, the DHCP server transmits
the DHCPACK message to approve that the client can use the assigned IP address.
5. DHCPRELEASE
When lease time of IP address that the DHCP client uses is over, or the DHCP client is shut
down, the DHCPRELEASE message is transmitted.
Configuring DHCP 10-3

Configuring DHCP Server
Procedure of DHCP Server Configuration

The following is the procedure for configuring DHCP server on the Corecess S5 System.
y Enabling DHCP server
y Configuring the global DHCP server parameters (default gateway, DNS and IP address lease time). These
values are used in all DHCP subnets.
y Verifying the subnet name of the interface to configure
y (Optional) Changing parameter values of the DHCP server on each subnet if necessary
y Specifying the DHCP IP address pool on each subnet
y Adding a static host
y Setting the maximum/minimum number of IP address that is assigned to the DHCP client on the subnet
Parameter Values for Configuration DHCP Server

Before configuration a DHCP server with the Corecess S5 System, the following parameters
should be surveyed.
Table 10-1 Parameters for Configuration DHCP Server
Field Description
IP Address of DHCP server IP Address of a VLAN that is configured to the DHCP server.
IP address range that is assigned to clients. The maximum of five IP

Range of IP address
address can be assigned to one subnet (VLAN).
Subnet mask Subnet mask that is assigned to clients
Default router (Default Gateway) IP address of default gateway.
IP address of DNS (Domain Name Server). The maximum of three

DNS
DNS can be assigned to one subnet (VLAN).
Lease time of IP address that is assigned to clients. Clients return the

Lease time of IP address IP address after lease time, then new IP addresses are assigned to the
clients.
After you decide the above parameter values, you can configure the DHCP server as following
section.

Enabling DHCP Server

To configure a DHCP server, you should enable the DHCP server in the Corecess S5 System as
follows:
Table 10-2 Enabling DHCP server
Commands Task
dhcpserver enable 2. Enable the DHCP server.
The following example shows how to enable the DHCP server.
(config)# dhcpserver enable
DHCP Server Enabled.
(config)#
To disable the DHCP server, enter the no dhcpserver command in the Global configuration
mode.
(config)# dhcpserver disalbe

DHCP Server Disabled.
(config)#
Configuring the Global DHCP Server Parameters

The following table shows the global DHCP server parameters and default values.
Table 10-3 Global DHCP server parameters
Parameter Description Default
The default lease time of the IP address to be assigned to the

Default Lease Time 43200
DHCP clients (second).
The maximum lease time of the IP address to be assigned to the

Max Lease Time 86400
DHCP clients (second).
Default Gateway IP address of the default gateway for DHCP clients. 0.0.0.0
Default DNS IP address of the DNS to be assigned to the DHCP clients.
*Log Server IP address of the log server for DHCP clients.

Path name of a file to which the DHCP client's core image should
*Merit Dump
be dumped in the event the client crashes.
(Continued)
Parameter Description Default
*Root Path Path name that contains the client's root disk.
Whether to allow the DHCP server to assign IP addresses to

Allow BOOTP requests Yes
BOOTP clients.
Whether to allow the DHCP server to assign IP addresses to the

Allow Unknown Clients Yes
unknown hosts.
Security Whether to enable DHCP server security or not. Off
*: This indicates that the parameter is option.
By default, these DHCP server parameters are applied to all DHCP subnets. If necessary, these
parameter values can be changed for each DHCP subnet. To configure the global DHCP server
parameters which are used for all DHCP subnets, use the following commands.
Table 10-4 Configuring the global DHCP server parameters
Command Task
dhcpserver defaultleasetime 2. Specify the default lease time of the IP address.

<time> y <time>: The maximum lease time (1 ~ 4294967295 seconds)
3. Specify the IP address of the default gateway to be assigned to

dhcpserver defaultgateway the DHCP clients.
<ip-address> y <ip-address>: IP address of the default gateway for DHCP
clients.
4. Specify the IP address of the DNS to be assigned to the DHCP

dhcpserver defaultdns
clients.
<ip-address>
y <ip-address>: IP address of the DNS for DHCP clients.
dhcpserver bootp 5. Allow for the DHCP server to respond to the BOOTP queries.
6. Specify the IP address of log server to be assigned to the DHCP

dhcpserver log-server clients.
<ip-address> y <ip-address>: IP address of the log server for DHCP
clients.
dhcpserver maxleasetime 7. Specify the maximum lease time of the IP address.

<max-lease-time> y <time>: The maximum lease time (1 ~ 4294967295 seconds)
8. Specify the path name of a file to which the DHCP client's core
dhcpserver merit-dump
image should be dumped in the event the client crashes.
<file-name>
y <file-name>: Path name of a file
dhcpserver root-path 9. Specify the path name that contains the client's root disk.
<path-name> y <path-name>: Path name that contains the client's root disk.

dhcpserver security 10. Enable security feature on the DHCP server.
You don’t need to configure all DHCP server parameters. Regardless of the order in the above
table, you can set parameters needed.
Allowing the DHCP server respond to a BOOTP Request

To allow the DHCP server respond to a BOOTP request, use the command in Global
configuration mode:
(config)# dhcpserver bootp

Success to enable BOOTP support.
(config)#
To NOT allow the DHCP server respond to the BOOTP request, use the no dhcpserver
bootp command in Global configuration mode.
Configuring the Default DNS

To configure the default DNS that is assigned to the DHCP client, use the dhcpserver
defaultdns command.
(config)# dhcpserver defaultdns 172.168.20.11

New default DNS #1 is 172.168.20.11
(config)#
The maximum of three default DNSs can be assigned. To remove the specified DNS, use the no
dhcpserver defaultdns command.
Configuring the Default Gateway

To specify the default gateway list for all the DHCP subnets, use the dhcpserver
defaultgateway command in Global configuration mode:
(config)# dhcpserver defaultgateway 172.168.20.1

New default gateway is 172.168.20.1
(config)#
To remove the default gateway list, use the no dhcpserver defaultgateway command.

Configuring the Default Lease Time

To configure the duration of the lease for an IP address that is assigned from the DHCP server
to a DHCP client, use the dhcpserver defaultleasetime command in Global
configuration mode:
(config)# dhcpserver defaultleasetime 86400

Now default lease time is set to be 86400 seconds
(config)#
The default lease time is set to 43200 seconds. To restore the default lease time, use the no
dhcpserver defaultleasetime command in Global configuration mode
Configuring the Maximum Lease Time

To configure the maximum lease time for an IP address, use the dhcpserver maxleasetime
command:
(config)# dhcpserver maxleasetime 172800

Now max lease time is set to be 172800 second
(config)# end
# show dhcpserver
Global DHCP Server Configurations :

Status : Enabled
Default Lease Time : 43200 seconds
Max Lease Time : 172800 seconds
Allow BOOTP requests : Yes
Allow Unknown Clients : Yes
Security : Off
#
The default max lease time is set to 86400 seconds. To restore the default max lease time, use the
no dhcpserver maxleasetime command.

Configuring the Log Server

To specify the IP address of log server to be assigned to the DHCP clients, use the dhcpserver
log-server command:
(config)# dhcpserver log-server 168.1.1.1

New default LOG-SERVER #1 is 168.1.1.1
(config)# end
# show dhcpserver

Status : Enabled
Log Server #1 : 168.1.1.1
Security : Off
#
You can specify up to three log servers. The first entered log server is the most preferred server.
To remove a log server, use the no dhcpserver logserver command.
Specifying Merit Dump File

To specify the path name of a file to which the DHCP client's core image should be dumped in
the event the client crashes, use the dhcpserver merit-dump command:
(config)# dhcpserver merit-dump /tftp/merit-dump
New merit-dump is /tftp/merit-dump
(config)# end
# show dhcpserver

Status : Enabled
Merit Dump #4 : /tftp/merit-dump
Security : Off
#
To remove the path name of a merit dump file, use the no dhcpserver merit-dump
command.

Specifying the Path Nam for Root Disk

To specify the path name that contains the client's root disk, use the dhcpserver root-path
command:
(config)# dhcpserver root-path /usr/rootfs

New root-path is /usr/rootfs
(config)# end
# show dhcpserver

Status : Enabled
Merit Dump #4 : /tftp/merit-dump
Root Path #4 : /usr/rootfs
Security : Off
To remove the path name that contains the client's root disk, use the no dhcpserver root-
path command.
Enabling DHCP Server Security

To enable DHCP server security feature, use the dhcprelay security command:
(config)# dhcpserver security

DHCP Server security is on.
(config)#
If you enable the DHCP server security feature, the Corecess S5 System stores the IP address
assigned to a DHCP client (host A) and the client’s MAC address. If any other host access to the
system with the host A’ IP address, the Corecess S5 System regards the packets as spoofing
packet and discard the packet. To disable DHCP server security feature, use the no
dhcprelay security command.

Verifying the DHCP Subnet for the Interface

The Corecess S5 System configures DHCP server for each VLAN. If you create a VLAN
interface, the DHCP subnet for the VLAN interface will be added automatically. To verify the
DHCP subnet for the interface, use the following commands:
Table 10-5 Verifying the DHCP subnet for the Interface
Command Task
show dhcpserver subnet all 2. Display the configuration information of all DHCP subnet.
This example is a sample output of all DHCP subnet:
# show dhcpserver subnet all

DHCP Server Subnets :
| | | default | Max |
Name| IP Address| Netmask| Lease time| Lease time| Interface
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
SUB1| 172.168.20.0| 255.255.255.0| 43200| 86400| none
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan2| 172.20.2.0| 255.255.255.0| 43200| 86400| vlan2
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan1| 172.10.1.0| 255.255.255.0| 43200| 86400| vlan1
--------------- ---------------- ---------------- ----------- ----------- ---------

Configuring DHCP Server Parameters for Each Subnet

To configure the DHCP server parameters on each subnet, use the following commands in
Global configuration mode:
Table 10-6 Configuring DHCP server parameters for each subnet
Command Task
2. Specify the default lease time of the IP address that is assigned to

dhcpserver subnet
the DHCP clients in a subnet.
<subnet-name>
y <subnet-name> Subnet name to configure.
defaultleasetime <time>
y <time> Maximum lease time for the subnet (in seconds).
3. Specify the IP address of the default gateway to be assigned to the

dhcpserver subnet
DHCP clients in a subnet.
<subnet-name>
y <subnet-name> Subnet name to configure.
defaultgateway <ip-address>
y <ip-address> IP address of the default gateway for the subnet.
4. Specify the IP address of the DNS to be assigned to the DHCP

dhcpserver subnet
clients in a subnet.
<subnet-name> defaultdns
y <subnet-name>: Subnet name to configure
<ip-address>
y <ip-address>: IP address of the DNS for the subnet.
5. Specify the IP address of log server to be assigned to the DHCP

dhcpserver subnet
clients in a subnet..
<subnet-name> log-server
y <subnet-name>: Subnet name to configure.
<ip-address>
y <ip-address>: IP address of the log server for the subnet.
6. Specify the maximum lease time of the IP address that is

dhcpserver subnet
assigned to the DHCP clients in a subnet.
<subnet-name>
maxleasetime
y <time>: The maximum lease time for the subnet (1 ~
<max-lease-time>
4294967295 seconds)
7. Specify the path name of a file to which the DHCP client's

dhcpserver subnet
core image should be dumped in the event the client crashes.
<subnet-name> merit-dump
<file-name>
y <file-name>: Path nam of a file
dhcpserver subnet 8. Specify the path name that contains the client's root disk.
<subnet-name> root-path y <subnet-name>: Subnet name to configure.
<path-name> y <path-name>: Path name that contains the client's root disk.
You don’t need to configure all DHCP server parameters on each subnet. Regardless of the
order in the above table, you can set parameters needed. If you don’t specify parameters on
each subnet, the system uses the values of global DHCP parameters for the values.

This example shows how to configure the DHCP server parameters for the DHCP subnets:
(config)# dhcpserver subnet sub_vlan1 defaultgateway 172.27.1.254

New default gateway of subnet sub_vlan1 is 172.27.1.254
(config)# dhcpserver subnet sub_vlan2 defaultgateway 10.10.1.254
New default gateway of subnet sub_vlan2 is 10.1.1.254
#
Specifying IP Address Pool for DHCP Clients

To configure the IP address pool for DHCP clients of each subnet, use the following command
Table 10-7 Specifying IP address pool for DHCP clients
Commands Task
Specify the range of the IP addresses to be assigned to the DHCP

dhcpserver subnet
clients in the specified subnet.
<subnet-name> iprange
<start-ip-address>
y <start-ip-address>: the start IP address of the IP pool.
<end-ip-address>
y <end-ip-address>: the last IP address of the IP pool.
This example shows how to specify the IP address pools for DHCP clients of the interfaces
sub_vlan1 and sub_vlan2:
(config)# dhcpserver subnet sub_vlan1 iprange 172.27.1.2 172.27.1.253

Now adding new IP range....
new address range 172.72.1.2 ~ 172.27.1.253 is added in subnet sub_vlan1
(config)# dhcpserver subnet sub_vlan2 iprange 10.1.1.2 10.1.1.253
new address range 10.1.1.2 ~ 10.1.1.253 is added in subnet sub_vlan2
(config)# end
# show dhcpserver subnet sub_vlan1 iprange
DHCP IP Range for subnet sub_vlan1
ID | Start Address | End Address

-----+----------------+-----------------
1 | 172.27.1.2 | 172.27.1.253
--------------------------------------

-----+----------------+-----------------
1 | 10.1.1.2 | 10.1.1.253
--------------------------------------
#
To delete the IP address pool for DHCP clients of each subnet, use the no dhcpserver
subnet iprange <range-id> command. <range-id> is the ID of the IP range to delete.
You can see the ID of the IP range by using the show dhcpserver subnet command. To
delete all IP address ranges in the subnet, use the no dhcpserver subnet iprange all
command.
This example shows how to delete the IP address pools for DHCP clients of the interfaces
sub_vlan1 and check the result:

-----+----------------+-----------------
1 | 172.19.1.2 | 172.19.1.253
-----+----------------+-----------------
2 | 172.19.3.1 | 172.19.3.100
--------------------------------------
(config)# no dhcpserver subnet sub_vlan1 iprange 1
Address range 172.19.1.2 ~ 172.19.1.253 is deleted in subnet sub_vlan1
(config)# end

-----+----------------+-----------------
2 | 172.19.3.1 | 172.19.3.100
--------------------------------------
#

Defining Subnet for DHCP Relay Configuration

The DHCP subnets for DHCP relay don’t need to be attached to interfaces. All that you have to
do for DHCP subnets for DHCP relay is to define DHCP subnets using dhcpserver subnet
command:
The following is an example of defining a DHCP subnet subnet_r for DHCP relay and check the
result:
(config)# dhcpserver subnet subnet_r 211.10.1.0/24

(config)# dhcpserver subnet subnet_r iprange 211.10.1.1 211.10.1.253
new address range 211.10.1.1 ~ 211.10.1.253 is added in subnet subnet_r
(config)#
To check the result, use the show dhcpserver subnet all command in Privileged mode.
In case of the DHCP subnet defined by the user, ‘none’ is displayed in the Interface field.

Name | IP Address | Netmask |Lease time |Lease time| Interface
-------------+--------------+---------------+-----------+----------+---------
subnet_r | 1.1.1.0 | 255.255.255.0 | 43200 | 86400 | none
-------------+--------------+---------------+-----------+----------+---------
sub_vlan1 | 72.19.0.0 | 255.255.0.0 | 43200 | 86400 | vlan1
----------------------------------------------------------------------------
#

Configuring Static Host

To configure the static hosts who the fixed IP addresses are assigned to, use the following
command in Global configuration mode:
Table 10-8 Configuring Static Host
Command Task
2. Add a static host

dhcpserver host <host-name> y <host-name> Host name
<mac-address> <ip-address> y <mac-address> MAC address of the host
y <ip-address> IP address for the host

show dhcpserver host 4. Verify the static host configuration.
This example shows how to add a static host ‘kka’ and verify the configuration:
(config)# dhcpserver host kka 00:11:22:33:44:55 200.1.1.1

host kka added
(config)# end
# show dhcpserver host
Static Host Information

-------------------------------------------
Name: kka
HW Addr : 00:11:22:33:44:55
IP Addr : 200.1.1.1
leasetime : 43200
-------------------------------------------
#
To remove a static host, use the no dhcpserver host command. To remove all static hosts,
no dhcpserver host all command.

Configuring the Maximum and Minimum Number of IP

Address for a Subnet
You can configure the maximum and minimum number of IP addresses to be assigned to
DHCP clients of each subnet. A log messages generates when the number of IP addresses
exceeds the high threshold (the maximum number) or when the number of IP addresses
becomes less than or equal to the low threshold (the minimum number).
The default maximum number of IP addresses is 5000 and the default minimum number of IP
addresses is 1.
To configure the maximum and minimum number of IP addresses for a subnet, perform this
task in privileged mode:
Table 10-9 Configuring the maximum and minimum number of IP addresses for a subnet
Command Task
dhcpserver subnet 2. Set the maximum number of IP addresses to be assigned to DHCP clients
<subnet-name> of the specific subnet.
highthreshold y <subnet-name>: Subnet name to configure.
<max-value> y<max-value>: The maximum number of IP addresses (2 ~ 5000)
dhcpserver subnet 3. Set the minimum number of IP addresses to be assigned to DHCP clients
<subnet-name> of the specific subnet.
lowthreshold y <subnet-name>: Subnet name to configure.
<min-value> y <min-value>: The minimum number of IP addresses (1 ~ 4999)
The following example shows how to configure the maximum and minimum number of IP
addresses for the sub1 subnet:
(config)# dhcpserver subnet sub1 highthreshold 200

highthreshold of subnet sub1 is 200
(config)# dhcpserver subnet sub1 lowthreshold 5
lowthreshold of subnet sub1 is 5
(config)#

Configuring DHCP Relay Agent
DHCP Relay Agent Overview

If the DHCP server and the DHCP client are in the different network, the procedure that assigns
DHCP address should be changed. The message that the DHCP client sends to the DHCP server
is only broadcasted in the local network, so it is not possible to communicate with the DHCP
server of other network. In this case, you should configure the DHCP relay agent in the local
network to communicate between the DHCP server and the DHCP client.
The following network example explains the DHCP relay agent.
DHCP Relay
Client A DHCP Server Agent Clinet B
If the client a broadcasts the DHCPDISCOVER message to assign an IP address, the DHCP server,
which is in the same network, receives the message and assigns the IP address to the client A.
If the client B broadcasts the DHCPDISCOVER message to assign an IP address, the DHCP
server, which is in other network, can not receive the message. Therefore, the DHCP server can
not assign the IP address to the client B. In this case, you should configure the VLAN that the
client B is included to the DHCP relay agent. If the DHCP relay agent receives the
DHCPDISCOVER message, the DHCP relay agent transmits the message to the specified DHCP
server. The DHCP server, which receives the DHCPDISCOVER message, transmits the IP
address that is for the client B to the DHCP relay agent. The DHCP relay agent transmits the
assigned IP address to the client B.

Communication with the DHCP Server, the Relay Agent and the Client
When a DHCP client communicates with a DHCP server through a DHPC relay agent, IP
address is assigned to the DHCP client as follows:
unicast
DHCP Relay
Client 1. DHCPDISCOVER Agent 2. DHCPDISCOVER DHCP Server
4. DHCPOFFER 3. DHCPOFFER
5. DHCPDISCOVER 6. DHCPDISCOVER
8. DHCPACK 7. DHCPACK
9. DHCPRELEASE
1. The client sends a DHCPDISCOVER broadcast message to find out DHCP server.
2. The DHCP relay agent received DHCPDISCOVER message forwards DHCPDISCOVER

message to DHCP server.
3. DHCP server received DHCPDISCOVER message from DHCP relay agent offers
configuration parameters (such as an IP address, a MAC address, a domain name, and a
lease for the IP address) to the DHCP relay agent in a DHCPOFFER unicast message.
4. DHCP relay agent sends configuration parameters (such as an IP address, a MAC address, a
domain name, and a lease for the IP address) offered from the DHCP server to the client in a
DHCPOFFER unicast message.
5. After the client receives a DHCPOFFER, it responds with a DHCPREQUEST message,

indicating its intent to accept the parameters in the DHCPOFFER.
6. The DHCP relay agent received DHCPDISCOVER message from the client forwards
DHCPREQUEST message to DHCP server.
7. After the DHCP server receives the DHCPREQUEST from DHCP relay agent, it
acknowledges the request with a DHCPACK message, thus completing the initialization
process.

8. After the DHCP relay agent receives the DHCPACK from DHCP server, it sends the
DHCPACK to the client.
9. A DHCP client may choose to relinquish its lease on a network address by sending a
DHCPRELEASE message to the DHCP server. The client identifies the lease to be released
by the use of the client identifier field and network address in the DHCPRELEASE message.

Configuring DHCP Relay

The following is the procedure for configuring DHCP relay on the Corecess S5 System.
y Enabling DHCP relay
y Specifying a DHCP server used for DHCP relay agent
y Enabling DHCP relay security
y Assigning the weight to the secondary IP address
Enabling DHCP Relay
To enable DHCP relay on the Corecess S5 System, use the following command:
Table 10-10 Enabling DHCP relay
Commands Task
dhcprelay enable 2. Enable the DHCP relay.
The following example shows how to enable DHCP relay on the Corecess S5 System:
(config)# dhcprelay enable
DHCP Relay Enabled.
#
If you enter the dhcprelay enable when the DHCP server is enabled, the following message
will be displayed:
(config)# dhcprelay
Already running in DHCP server
Fail to enable DHCP Relay agent.
Before enabling the DHCP relay, disable the DHCP server using dhcpserver disable
command:
(config)# dhcpserver disable

DHCP Server Disabled.

(config)#
To disable the DHCP relay, enter the dhcprelay disable command in the Global
configuration mode.
(config)# dhcprelay disable

DHCP Relay Disabled.
(config)#
Adding DHCP Servers for DHCP Relay
To add the DHCP servers which will assign the IP address to the DHCP relay, use the following
command in Privileged mode:
Table 10-11 Adding DHCP server for the DHCP relay
Command Task
dhcprelay serverlist 2. Add the DHCP servers.

{<ip-address> | y <ip-address>: IP address of the DHCP server.
<server-name>} y <server-name>: Host name of the DHCP server.
This example shows how to add a DHCP server for DHCP relay:
(config)# dhcprelay serverlist 172.16.1.1

Server List 172.16.1.1 is added
(config)#
To delete a DHCP server which will assign the IP address to the DHCP relay, use the no
dhcprelay serverlist command in Global configuration mode. To delete all DHCP
servers, use the no dhcprelay serverlist all command.

Enable DHCP Relay Security
If you enable the DHCP relay security feature, the Corecess S5 System stores the IP address
assigned to a DHCP client (host A) and its MAC address. If any other host access to the system
with the host A’ IP address, the Corecess S5 System regards the packets as spoofing packet and
discard the packet.
By default, the DHCP relay security feature is disabled. To enable the DHCP relay security
feature, perform this task:
Table 10-12 Enabling DHCP relay security
Command Task
dhcprelay security 2. Enable the DHCP relay security feature.
The following example enables the DHCP relay security feature:
(config)# dhcprelay security

DHCP Relay security is on.
(config)#
To disable the DHCP relay security feature, use the no dhcprelay security command in

Assigning the Weight to the Secondary IP
When an interface of the system enabled DHCP relay agent has the primary IP address and the
secondary IP address, the Corecess S5 System decides which range of IP address (Primary IP,
Secondary IP 1, Secondary IP 2 and so on…) should be assigned to the interface by using the
weight assigned to the secondary IP address.
For example, when the following IP addresses are set to the vlan1 interface:
y Primary IP address : 10.10.10.10/24

y Secondary IP 1 address : 1.1.1.1/24
If you set the weight as follows:
y Secondary IP 1 address : 20%

y Secondary IP 2 address : 30%
If the DHCP relay receives a DHCP request ten times, the DHCP relay assigns IP address of the
primary IP range five times, IP address of the secondary IP 1 range two times, and IP address of
the secondary IP 2 range three times via the DHCP server.
By default, the weight assigned to the primary IP is 100 and the weight assigned to the
secondary IP is 0. This allows the Corecess S5 System to assign a DHCP client an IP address of
the primary IP range via the DHCP server.
To configure the weight to be assigned the secondary IP address, perform this task:
Table 10-13 Assigning the weight to the secondary IP address
Command Description
dhcprelay weight Assign the weight to the secondary IP address.

<secondary-ip> y <secondary-ip>: Secondary IP address to assign the weight.
<ip-weight> y <ip-weight>: Weight assigned to the secondary IP address (1 ~ 100)
<interface-weight> y <interface-weight>: Weight assigned to the interface (1 ~ 100)

The following example shows how to assign the weight, 40%, to the secondary IP address,
172.2.2.2 and check the result:
(config)# dhcprelay weight 172.2.2.2 40 100

(config)# end
# show dhcprelay weight
DHCP Relay Weight:

vlan2
+-----------------+-----------+
| IP Address | Weight |
+-----------------+-----------+
| 172.1.1.1 | 100/100 |
+-----------------+-----------+
vlan1
+-----------------+-----------+
+-----------------+-----------+
| 172.19.3.97 | 60/100 |
| 172.2.2.2 | 40/100 |
+-----------------+-----------+
#

Displaying DHCP Configuration

This section describes how to display DHCP server and DHCP relay configuration.
Displaying DHCP Server Configuration
Displaying the Global DHCP Server Configuration
To display the global DHCP server configuration, use the show dhcpserver command:
# show dhcpserver

Status : Enabled
Log Server #1 : 168.1.1.1
Security : Off
#
The table below describes the fields in the show dhcpserver command output:
Table 10-14 show dhcpserver Field Description
Field Description
Status The status of the DHCP server.
The default lease time of the IP address to be assigned to the DHCP

Default Lease Time
clients (second)
The maximum lease time of the IP address to be assigned to the DHCP

Max Lease Time
clients (second)
Default Gateway IP address of the default gateway for DHCP clients.
*Default DNS #1, #2, #3 IP address of the DNS to be assigned to the DHCP clients
*Log Server IP address of the log server for DHCP clients.
Path name of a file to which the DHCP client's core image should be
*Merit Dump
dumped in the event the client crashes.
*Root Path Path name that contains the client's root disk

(Continued)
Field Description
Allow BOOTP requests Whether to allow for the DHCP server to respond to the BOOTP queries.
Allow Unknown Clients Whether to allow for the DHCP server to respond to the BOOTP queries.
Security Whether to enable DHCP server security feature.
*: this indicates that the fields are displayed when users set the field value.
If the DHCP server is disabled on the Corecess S5 System, the following message will be
displayed:
# show dhcpserver
DHCP Server is not running.
#
Displaying DHCP Subnet Configuration
To display the configuration of a DHCP subnet on the Corecess S5 System, use the show
dhcpserver subnet command.
The following example displays the configuration of all DHCP subnets by using the show
dhcpserver subnet all command:

Name| IP Address| Netmask| Lease time| Lease time| Interface
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
SUB1| 172.168.20.0| 255.255.255.0| 43200| 86400| none
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan2| 172.20.2.0| 255.255.255.0| 43200| 86400| vlan2
--------------+ ---------------+ ---------------+ ----------+ ----------+ ---------
sub_vlan1| 172.10.1.0| 255.255.255.0| 43200| 86400| vlan1
--------------- ---------------- ---------------- ----------- ----------- ---------

The following example displays the information of the specified DHCP subnets by using the
show dhcpserver subnet command:
# show dhcpserver subnet SUB1
DHCP Server Subnet : SUB1
Subnet IP : 172.168.20.0
Interface Name : none
Netmask : 255.255.255.0
default lease time : 43200 seconds
max lease time : 86400 seconds
HighThreshold : 5000
LowThreshold : 1
CurrentLeaseCount : 0
Default Gateway : 172.168.20.1
Log Server #1 : 120.1.1.1
#
The following example displays the IP address ranges of the specified subnet by using the show
dhcpserver subnet iprange command:

----+---------------+-----------------
1 | 172.27.1.2 | 172.27.1.253
--------------------------------------

----+---------------+-----------------
1| 10.1.1.2 | 10.1.1.253
--------------------------------------
#

The table below describes the fields in the show dhcpserver subnet all command output:
Table 10-15 show dhcpserver subnet all field descriptions
Field Description
Name Subnet name
IP Address Network number of the subnet
Netmask Net mask of the subnet
Default Lease time The default lease time for in the subnet
Max Lease time The maximum lease time for the hosts in the subnet
Interface Interface name which the subnet applies to.
The table below describes the fields in the show dhcpserver subnet command output:
Table 10-16 show dhcpserver subnet field descriptions
Field Description
DHCP Server Subnet Subnet name
Subnet IP Network number of the subnet
Interface Name Interface name which the subnet applies to.
Netmask Net mask of the subnet
default lease time The default lease time for in the subnet
maximum lease time The maximum lease time for the hosts in the subnet
Default Gateway IP address of the default gateway for the subnet
DNS IP #1 IP address of the DNS to be assigned to the subnet
IP Range The IP address ranges of the subnet
The table below describes the fields in the show dhcpserver subnet <subnet-name>
iprange command output:
Table 10-17 show dhcpserver subnet <subnet-name> iprange field description
Field Description
ID The ID of the IP range
Start Address The starting address of the range
End Address The last address of the range

Displaying the IP Addresses Assigned to the DHCP Clients
To display the information of the IP addresses assigned to the DHCP clients, use the show
dhcpserver lease [summary] command.
The following example shows how to display the IP addresses assigned to the DHCP clients:
# show dhcpserver leases
DHCP Lease Information(current time : 2002/12/24 10:39:34)
IP Address | MAC Address | Start | End | Status | Remain

-------------+-----------------+ ---------------+ ---------------+ --------+-------
100.100.100.4|00:00:21:fb:66:a4| 12/24 10:32:48| 12/24 1:26:50| Active | 53 min
-------------+-----------------+ ---------------+ ---------------+ --------+-------
100.100.100.1|00:10:a4:a3:c2:9e| 12/24 10:26:50| 12/24 11:26:50| Active | 47 min
-------------+-----------------+ ---------------+ ---------------+ --------+-------
200.200.201.3|00:50:da:ea:4a:cd| 12/24 10:26:50| 12/24 1:30:28| Active | 50 min
-------------+-----------------+ ---------------+ ---------------+ --------+-------
200.200.201.1|00:50:da:ea:4a:cd| 12/24 10:15:18| 12/24 1:15:18| Active | 35 min
-------------+-----------------+ ---------------+ ---------------+ --------+--------
Total 4 Entries Assigned

#
The following example displays the summary information of the IP addresses assigned to the
DHCP clients:
# show dhcpserver leases summary
DHCP Lease Information(current time : 2002/12/24 17:01:10)
Interface| Total Lease| Assigned Lease| Free Lease

-------------+-----------------+ -----------------+ ----------------
vlan1| 200| 2| 198
-------------+-----------------+ -----------------+ ----------------
vlan2| 200| 2| 198
-------------+-----------------+ -----------------+ ----------------

#

The table below describes the fields in the show dhcpserver lease command output:
Table 10-18 show dhcpserver lease field descriptions
Field Description
IP Address IP address assigned to a DHCP client
MAC Address MAC address of a DHCP client
Start The IP address assignment time
End The lease expiration time of the IP address
Status Status of a DHCP client
Remain Remaining time of the lease for an IP address that is assigned (in minutes)
The table below describes the fields in the show dhcpserver lease summary command
output:
Table 10-19 show dhcpserver lease field descriptions
Field Description
Interface The interface name
Total Lease The number of IP addresses in the IP pool of the interface
Assigned Lease The number of IP addresses that have been assigned to DHCP clients
The number of remaining IP addresses that have not been assigned to DHCP
Free Lease
clients yet

Displaying the List of the Static Hosts
To display the list of the static hosts who can get the fixed IP addresses, use the show
dhcpserver host command.
The following example shows how to display the static DHCP hosts:
# show dhcpserver host

Static Host Information
-------------------------------------------
Name : George
HW Addr : 10:10:10:1f:2e:00
IP Addr : 172.12.1.99
leasetime : 43200
#
The table below describes the fields in the show dhcpserver host command output:
Table 10-20 show dhcpserver host field descriptions
Field Description
Name The DHCP client name
HW Addr The MAC address of the DHCP client
IP Addr The IP address for the DHCP client
leasetime Duration of the lease for an IP address that is assigned to the host
Default DNS #1 The IP address of DNS server to be assigned to the host
Log Server The IP address of log server to be assigned to the host

Displaying DHCP Relay Configuration
Displaying DHCP Relay Configuration
To display the DHCP relay configuration information, use the show dhcprelay command.
The following example shows how to display the DHCP relay configuration information on the
Corecess S5 System:
# show dhcprelay
Global DHCP Relay Agent Configurations :

Status : Enabled
Security : On
Relay Interface :
vlan2, 10.1.1.1
vlan1, 172.27.2.100
#
The table below describes the fields in the show dhcprelay command output:
Table 10-21 show dhcprealy field descriptions
Field Description
Status The DHCP relay agent state on the system (Enabled or Disabled).
Security The DHCP relay security state on the system (On or Off)
Relay Interface The name of the VLAN interfaces that the DHCP relay is enabled
If the DHCP relay agent is disabled on the system, the ‘DHCP relay agent is not
running.’ message is displayed as follows:
# show dhcprelay
DHCP relay agent is not running
#

Displaying the List of the DHCP Servers
To display the list of the DHCP servers which assign the IP addresses to the clients of the DHCP
relay agent, use the show dhcprelay serverlist command.
The following example displays the DHCP servers used for the DHCP relay agent:
# show dhcprelay serverlist
DHCP Relay Server List

NUM | IP Address | Port
--------------------------------
1 | 172.16.1.1 | 67
--------------------------------
#
The table below describes the fields in the show dhcprelay serverlist command output:
Table 10-22 show dhcprealy serverlist field descriptions
Field Description
NUM Index number of the DHCP relay agent
IP Address IP addresses of the DHCP server
Port Port number used for the DHCP server
Displaying the Weight of the Secondary IP
To displays the weight to be assigned to secondary IP address of the system interface, use the
show dhcprelay weight command.
The following is a sample output of displaying weights of the secondary IP addresses:

# show dhcprelay weight
DHCP Relay Weight:

vlan1
+-----------------+-----------+
+-----------------+-----------+
| 10.10.10.10 | 5/10 |
| 3.3.3.3 | 0/10 |
| 2.2.2.2 | 3/10 |
| 1.1.1.1 | 2/10 |
+-----------------+-----------+
#

Displaying DHCP Version and Statistics
Displaying the DHCP Version

To display the version of the DHCP module supported by the system, use the show dhcp
version command. The following example displays the version of the DHCP module:
# show dhcp version

Corecess DHCP – Bug Fixed 031227 #1 - common
#
Displaying the DHCP Statistics

To display the DHCP statistics, use the show dhcp statistics. This example shows how to
display the DHCP statistics:
# show dhcp statistics

DHCP statistics :
-----------------------------------------------------------------
rxDhcpDiscovers : 803 txDhcpDiscovers : 0
rxDhcpRequests : 2464 txDhcpRequests : 0
rxDhcpOffers : 0 txDhcpOffers : 803
rxDhcpAcks : 0 txDhcpAcks : 2450
rxDhcpNaks : 0 txDhcpNaks : 10
rxDhcpDeclines : 0 txDhcpDeclines : 0
rxDhcpReleases : 5 txDhcpReleases : 0
rxDhcpInforms : 1259 txDhcpInforms : 0
rxDhcpBadPackets : 0
-----------------------------------------------------------------
rxTotalPackets : 4531 txTotalPackets : 3263
-----------------------------------------------------------------
-----------------------------------------------------------------
rxBootpRequest : 4530 txBootpRequest : 0
rxBootpReply : 0 txBootpReply : 0
-----------------------------------------------------------------

The table below describes the fields shown by the show dhcp statistics command:
Table 10-23 show dhcp statistics field descriptions
Field Description
rxDhcpDiscovers Number of received DHCPDISCOVER messages.
rxDhcpRequests Number of received DHCPREQUEST messages.
rxDhcpOffers Number of received DHCPOFFER messages.
rxDhcpAcks Number of received DHCPACK messages.
rxDhcpNaks Number of received DHCPNAK messages.
rxDhcpDeclines Number of received DHCPDECLINE messages.
rxDhcpReleases Number of received DHCPRELEASE messages.
rxDhcpInforms Number of received DHCPINFORM messages.
rxDhcpBadPackets Number of received DHCP packets with error.
txDhcpDiscovers Number of sent DHCPDISCOVER messages.
txDhcpRequests Number of sent DHCPREQUEST messages.
txDhcpOffers Number of sent DHCPOFFER messages.
txDhcpAcks Number of sent DHCPACK messages.
txDhcpNaks Number of sent DHCPNAK messages.
txDhcpDeclines Number of sent DHCPDECLINE messages.
txDhcpReleases Number of sent DHCPRELEASE messages.
txDhcpInforms Number of sent DHCPINFORM messages.
rxTotalPackets Number of sent DHCP packets with error.
txTotalPackets Total number of received DHCP packets.
rxBootpRequest Number of received BOOTP request messages
rxBootpReply Number of received BOOTP reply messages
txBootpRequest Number of sent BOOTP request messages
txBootpReply Number of sent BOOTP reply messages

DHCP Configuration Commands

The following table lists the commands for configuring DHCP on the Corecess S5 System:
Table 10-24 DHCP configuration commands
Command Function
dhcprelay Enables the DHCP relay agent on the Corecess S5 System.
dhcprelay security Enables the DHCP relay security feature.
Adds the DHCP servers which will assign the IP address to the DHCP
dhcprelay serverlist
relay.
dhcpserver bootp Allows for the DHCP server to respond to the BOOTP queries.
Specifies the global default Domain Name System (DNS) server which
dhcpserver defaultdns
applies to all the DHCP subnets.
dhcpserver
Specifies the global default gateway list for all the DHCP subnets.
defaultgateway
dhcpserver Specifies the duration of the lease for an IP address that is assigned from
defaultleasetime a DHCP server to a DHCP client.
dhcpserver Enables the DHCP server on the Corecess S5 System.
dhcpserver host Specifies the IP address for a manual binding to a DHCP client.
Specifies a log server to which logging information DHCP clients are

dhcpserver log-server
sent.
dhcpserver
Specifies the upper limit of the default lease time.
maxleasetime
Specifies the path name of the merit dump file to which the client's core
dhcpserver merit-dump
image should be placed in the event the client crashes.
dhcpserver root-path Specifies the path name that contains the client's root disk.
dhcpserver security Enables the DHCP server security feature.
Adds a DHCP subnet. The clients in the DHCP subnet can be assigned
dhcpserver subnet
the IP addresses from the DHCP server.
dhcpserver subnet
Specifies the default Domain Name System (DNS) server for a subnet.
defaultdns
dhcpserver subnet
Specifies the default gateway list for a subnet.
defaultgateway
Specifies the duration of the lease for an IP address that is assigned to the
dhcpserver subnet
DHCP clients in a subnet. This value will apply to the specified DHCP
defaultleasetime
subnet.

(Continued)
Command Function
dhcpserver subnet
Specifies the high-threshold of the number of the leased IP addresses.
highthreshold
dhcpserver subnet Sets the range of addresses (or address pool) for DHCP clients in the
iprange specified subnet.
dhcpserver subnet Specifies a log server to which logging information DHCP clients are sent
log-server for a subnet.
dhcpserver subnet
Specifies the low-threshold of the number of the leased IP addresses.
lowthreshold
dhcpserver subnet
Specifies the upper limit of the default lease time for a subnet.
maxleasetime
dhcpserver subnet Specifies the path name of the merit dump file to which the client's core
merit-dump image should be placed in the event the client crashes for a subnet.
dhcpserver subnet
Specifies the path name that contains the client's root disk for a subnet.
root-path
dhcpserver unicast Allows for the DHCP server to send unicast reply.
dhcpserver
Allows for the DHCP server to assign IP addresses to the unknown hosts.
unknownclients
show dhcp statistics Shows the statistics of the DHCP
show dhcp version Shows the version of the DHCP module.
show dhcprelay Shows the status of the DHCP relay agent
show dhcprelay Shows the list of the DHCP servers which assign the IP addresses to the
serverlist clients of the DHCP relay agent.
show dhcpserver Shows the global DHCP server configuration.
show dhcpserver host Shows the list of the static hosts who can get the fixed IP addresses.
Shows the current usage of the IP addresses available for the DHCP
show dhcpserver lease
clients.
show dhcpserver
Shows the DHCP subnet configuration.
subnet

Configuring DHCP Server(Only S518)
Sequence to configure DHCP Server

The sequence to configure the most basic DHCP Server in Corecess S518 is as shown below:
y Activate DHCP Server in the interface to be used;
y Create IP Pool to be connected with DHCP Server;
y Designate the IP address range to be allocated in IP Pool;
y Designate the Host to use static IP;
y Configure DHCP Server Parameter to be allocated when allocating the IP of corresponding Pool in IP Pool; and
y Connect interface and IP Pool.
Values to be identified
Corecess S518 configures DHCP Server by VLAN unit. To configure DHCP Server, below-listed
values should be identified in advance:
y Interface to configure DHCP Server;
y Range of IP to be allocated;
y Various network information including the gateway address to be used by the Host to which IP was
allocated; and
y IP lease time.

Activating DHCP Server

DHCP Server is activated by executing below-shown commands:
Command Work
Configure terminal Enter into Configuration mode.
Interface vlan id [ID] Enter into Interface mode.
Ip dhcp server Activate DHCP Server.
End Return to Privileged mode.
Show ip dhcp Check the activation of DHCP
interface Server.
Below-shown is the example to activate DHCP Server:

localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp server
localhost(config-if)# end
localhost# show ip dhcp interface
Interface DHCP Status

------------------------------------
vlan32 DHCP Disabled
vlan50 DHCP Server
------------------------------------
localhost#
To inactivate DHCP Server so as not to act anymore, run no ip dhcp server command in
Interface Mode.
Localhost(config-if)# no ip dhcp server

localhost(config-if)#

Configuring GLOBAL DHCP Parameters
Below-shown are the kinds and default values of parameters supplied by DHCP in Corecess:
Default
Value
Default lease time IP lease time allocated to Client 43200
Default gateway Default gateway address of client
Dns server DNS Server address
Log server LOG Server address
Wins server WIN Server address
Path of Merit dump file where Core image of client is
Merit dump
saved
Root
Path where Root disk of client exists
path
These DHCP Parameters may set distinguishing into Global mode applied to all the subnet and
IP Pool mode applied to only one subnet.
If the setting is done to both Global mode and IP Pool mode, the value set in IP Pool mode is
firstly applied in corresponding subnet.
The method to designate the parameter as the prior Global mode as shown below:
Command Work
Configure terminal Enter into Global Configuration mode.
Ip dhcp leasetime <time> Designate Default lease allocation time.
Ip dhcp default-gateway <ip-address> Designate default gateway.
Ip dhcp dns-server <ip-address> Designate the address of Dns-Server.
Ip dhcp log-server <ip-address> Designate the address of Log-Server.
Ip dhcp wins-server <ip-address> Designate the address of Wins-Server.
Ip dhcp merit-dump-file <string> Designate the route of Merit-dump-file.
Ip dhcp root-path <string> Designate the path of Root disk.
Setting default lease time

The default lease time of IP to be allocated to client may be set as shown below:
Localhost(config)# ip dhcp leasetime 86400

Set lease time to 86400

Localhost(config)#
To return the default lease time to default setting value, 43200, execute no ip dhcp leasetime
command.
Setting default gateway

The IP of default gateway may be set as shown below:
Localhost(config)# ip dhcp default-gateway 50.1.1.1

set default gateway to 50.1.1.1.
Localhost(config)#
To delete default gateway setting, execute no ip dhcp default-gateway command.
Setting DNS Server IP

The IP of DNS Server may be set as shown below:
Localhost(config)# ip dhcp dns-server 60.1.1.1

dns server setting is finished.
Localhost(config)#
It is also possible to set multiple IPs at a time. (maximum 3)
Localhost(config)# ip dhcp dns-server 60.1.1.1 60.1.1.2 60.1.1.3

Localhost(config)#
To delete set DNS Server address, execute no ip dhcp dns-server command.
Setting Log Server IP

The IP of Log Server may be set as shown below:
Localhost(config)# ip dhcp log-server 70.1.1.1

log server setting is finished.
localhost(config)#

Localhost(config)# ip dhcp log-server 70.1.1.1 70.1.1.2 70.1.1.3

localhost(config)#
To delete set Log Server address, execute no ip dhcp log-server command.
Setting WINS Server IP

The IP of WINS Server may be set as shown below:
Localhost(config)# ip dhcp wins-server 80.1.1.1

WINS server setting is finished.
localhost(config)#
Localhost(config)# ip dhcp wins-server 80.1.1.1 80.1.1.2 80.1.1.3

localhost(config)#
To delete set WINS Server address, execute no ip dhcp WINS server command.
Setting Merit-dump-file path

The path of merit-dump-file may be set as shown below:
localhost(config)# ip dhcp merit-dump-file /tmp/boot.img

set merit-dump-file-path to /tmp/boot.img
localhost(config)#
To delete the set path information of merit-dump-file, execute no ip dhcp merit-dump-file

command.
Setting root-path
The path of root disk may be set as shown below:
localhost(config)# ip dhcp root-pathname /tmp/

set root path to /tmp/
localhost(config)#

To delete set root-path, execute no ip dhcp root-path command.
Creating IP Pool
In IP Pool, IPs allocated to clients in DHCP Server and related parameters may be set. To do so,
IP Pool should be created in advance.
To create IP Pool, execute below-shown command.
Command Work
Ip pool <string> Create IP Pool named <string>.
Show service-manager ip pool config Check created IP Pool.
Below-shown is the example to create IP Pool.

localhost(config)# ip pool test
localhost(config-ippool)# end
localhost# show service-manager
interface ip protocol-manager session
localhost# show service-manager ip pool config
Service Manager Static Host

---------------------------------------------------
---------------------------------------------------
Used Static Host Address Count : 0
Free Static Host Address Count : 0
---------------------------------------------------
Service Manager Ip Pool test

---------------------------------------------------
---------------------------------------------------
Used IP Address Count : 0
Free IP Address Count : 0
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%
---------------------------------------------------

To delete IP Pool, execute no ip pool test command in Config mode.
Setting IP subnet and address range

The range of IP address and subnet to be allocated to clients is set.
Subnet and IP address range may be set with use of below-shown commands:
Command Work
Ip pool <string> Create and Enter into <string> pool.
Network <ip-address/mask> Set subnet.
Ip range dhcp <start-ip> <end-ip> or
IP range to be allocated is set.
Ip range dhcp <ip-address/mask>
end Return to Privileged mode.
Show service-manager ip pool config Check pool setting.
The next is the example to set the IP range to be allocated to subnet in IP Pool.

localhost(config-ippool)# network 50.1.1.0/24
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254
localhost# show service-manager
interface ip protocol-manager session

---------------------------------------------------
---------------------------------------------------
---------------------------------------------------

---------------------------------------------------
Range : 50.1.1.2 ~ 50.1.1.254
---------------------------------------------------


---------------------------------------------------
localhost#
To delete subnet and IP address range set in IP Pool, execute below-shown commands:
When deleting subnet:

localhost(config-ippool)# no network
When deleting IP address range:
localhost(config-ippool)# no ip range dhcp <ip address range>
- At this time, set <ip address range> as the value inputted at first creation.
Ex)
When creating:
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254
When deleting:
localhost(config-ippool)# ip range dhcp 50.1.1.3 50.1.1.254 (X)
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.250 (X)
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254 (O)
When creating:
localhost(config-ippool)# ip range dhcp 50.1.1.0/24
When deleting:
localhost(config-ippool)# no ip range dhcp 50.1.1.0/26 (X)
localhost(config-ippool)# no ip range dhcp 50.1.1.0/24 (O)
To exclude specific IP range from the allocation range, use below-shown commands:
Command Work
Ip range excluded-address <start-ip> <end-ip> Set the IP Range to be excluded from allocation range.
Below-shown is the example to set the IP Range to be excluded from the allocation range in IP

Pool.

localhost(config-ippool)# ip range excluded-address 50.1.1.5 50.1.1.200

---------------------------------------------------
---------------------------------------------------
---------------------------------------------------

---------------------------------------------------
Range : 50.1.1.0/24
Exclusive Range : 50.1.1.5 ~ 50.1.1.200
---------------------------------------------------
---------------------------------------------------
localhost#

Setting IP Pool Parameters

To set the parameters to be allocated to clients in IP Pool, execute below-shown commands:
Command Work
Ip dhcp leasetime <time> Designate Basic lease allocation time.
Ip dhcp default-gateway <ip-address> Designate basic gateway.
Ip dhcp dns-server <ip-address> Designate the address of Dns-Server.
Ip dhcp log-server <ip-address> Designate the address of Log-Server.
Ip dhcp wins-server <ip-address> Designate the address of Wins-Server.
Ip dhcp merit-dump-file <string> Designate the route of Merit-dump-file.
Ip dhcp root-pathname <string> Designate the path of Root disk.
Setting basic lease time

The basic lease time of IP to be allocated to client may be set as shown below:
Localhost(config)# ip pool test

Localhost(config-ippool)# ip dhcp leasetime 86400
Set lease time to 86400
Localhost(config)#
To return the basic lease time to basic setting value, 43200, execute no ip dhcp leasetime
command.
Setting default gateway

The IP of default gateway may be set as shown below:

Localhost(config-ippool)# ip dhcp default-gateway 50.1.1.1
set default gateway to 50.1.1.1.
Localhost(config)#
To delete default gateway setting, execute no ip dhcp default-gateway command.
Setting DNS Server IP

The IP of DNS Server may be set as shown below:


Localhost(config-ippool)# ip dhcp dns-server 60.1.1.1
Localhost(config)#

Localhost(config-ippool)# ip dhcp dns-server 60.1.1.1 60.1.1.2 60.1.1.3
Localhost(config)#
To delete set DNS Server address, execute no ip dhcp dns-server command.
Setting Log Server IP

The IP of Log Server may be set as shown below:

Localhost(config-ippool)# ip dhcp log-server 70.1.1.1
localhost(config)#

Localhost(config-ippool)# ip dhcp log-server 70.1.1.1 70.1.1.2 70.1.1.3
localhost(config)#
To delete set Log Server address, execute no ip dhcp log-server command.
Setting WINS Server IP

The IP of WINS Server may be set as shown below:

Localhost(config-ippool)# ip dhcp wins-server 80.1.1.1
localhost(config)#

Localhost(config-ippool)# ip dhcp wins-server 80.1.1.1 80.1.1.2 80.1.1.3
localhost(config)#
To delete set WINS Server address, execute no ip dhcp WINS server command.
Setting Merit-dump-file path

The path of merit-dump-file may be set as shown below:

localhost(config-ippool)# ip dhcp merit-dump-file /tmp/boot.img
set merit-dump-file-path to /tmp/boot.img
localhost(config)#
To delete the set path information of merit-dump-file, execute no ip dhcp merit-dump-file

command.
Setting root-path
The path of root disk may be set as shown below:

localhost(config-ippool)# ip dhcp root-pathname /tmp/
set root path to /tmp/
localhost(config)#
To delete set root-path, execute no ip dhcp root-path command.

Configuring Pool Chaining

To allocate IPs to the clients belonging to each subnet when multiple subnets exist in an
interface, create IP Pools corresponding to the number of subnets and connect them with
interface.
IP Pools may separately be registered in the interface and this Pool Chaining method may be
used when intending to firstly allocate the IP of a specific subnet or to designate the IP
allocation order to subnets.
In this Pool Chaining method, the order of IP Pools is designated by connecting the created
pools to a single direction list shape.
Below-shown figure is the example:
Five pools are connected to a single direction list by Pool Chaining method and Pool #1 at the
front is connected with interface.
When IP request is received from a client, IP is firstly allocated to Pool #1 at the left and then in
the order of Pool #2, Pool #3...
Below-shown is the commands to configure Pool Chaining.
Command Work
Next-pool <string> Designate the next Pool to be connected by Pool Chaining.

Above-shown Pool Chaining may be configured with use of below-shown commands.

localhost(config)# ip pool pool5
localhost(config-ippool)# exit


localhost(config-ippool)# next-pool pool5
localhost(config-if)# dhcp address-pool local pool1
IP allocation by DHCP option

It is possible to set so that the client having the option value same as designated option value
may receive IP allocation.
When using this function, it is possible that IP is allocated only to the client using specific OS or
equipment or separate IP is allocated.
This function becomes available with the option and option value to firstly be applied is set and
the option strategy set in interface mode and IP Pool are connected together.
Commands are as shown below:
Command Work
Dhcp option <name> id
<option number> value Create and Enter into <string> pool.
<string value>
Dhcp option <option name> Assign the IP address from the address pool defined in <pool name>
address-pool local <pool based on the value in DHCPDISCOVER packets referring to its
name> registered <option name>.
Show service-manager ip pool
Check pool setting.
config
Below-shown is the example setting that DHCP Option 60 allocates IP only to the Packet that is
‘MSFT 5.0’.
localhost(config)#
localhost(config)# dhcp option test id 1 value "MSFT 5.0"


localhost(config-if)# dhcp option test address-pool local test

Configuring DHCP Relay Agent(Only S518)

The process to configure DHCP Relay in Corecess S5 as shown below:
- Activating DHCP Relay

- Designating DHCP Server to be used by DHCP Relay Agent
- Allocating the weight of Secondary IP Address
- Activating option82 function
Activating DHCP Relay

The thing to be done first to configure DHCP Relay Agent is to activate DHCP Relay by below-
shown method:
Command Work
Configure terminal Enter into Configuration mode.

Interface vlan id [ID] Enter into Interface mode.
Ip dhcp relay Activate DHCP Relay.
Ip dhcp interface Check the activation of DHCP Server.
Below-shown is the example to activate DHCP Relay:

localhost(config-if)# ip dhcp relay

------------------------------------
vlan5 DHCP Disabled
vlan32 DHCP Server
vlan50 DHCP Relay
------------------------------------

In case of DHCP Relay also, like DHCP Server, activation by interface unit is possible. The
interface to be activated is the one that belongs to the network where the client to receive IP
through DHCP exists.
Designating DHCP Server

External DHCP Server to send/receive Packets to/from DHCP Relay may be designated.
External DHCP Server is designated with use of below-shown commands.
Command Work
Interface vlan id <ID> Enter into Interface mode.
Ip dhcp helper-address <ip-address> Set External DHCP Server Address.
Below-shown is the example to designate DHCP Server to send/receive Packets to/from DHCP
Relay.

localhost(config-if)# ip dhcp helper-address 20.1.1.1
server set to 20.1.1.1
localhost#
As shown below, designation of multiple DHCP Servers is also possible.

localhost#

DHCP Relay unicasts Packets to DHCP Server designated by above-shown commands every
time when the DHCP packet broadcasted by client is received.
Designating DHCP Secondary weight

When two or more subnets exist in the interface where clients exist, DHCP Server creates IP
Pool to each subnet and allocates IP by the strategy of DHCP Server in each IP Pool upon every
request for IP allocation from corresponding interface.
However, sometimes DHCP Server cannot allocate IP to multiple subnets of an interface. The
purpose of DHCP Secondary weight function is to support IP allocation connected with such
DHCP Server.
To allocate corresponding IP to each subnet, weight should be given to the interface IPs
(secondary IPs) corresponding to each subnet excluding the first subnet.
To give weight to secondary IPs, execute below-shown commands:
Command Work
Ip dhcp secondary weight
<ip-address> <weight> <total> Set weight to secondary IPs.
In the commands to give weight to secondary IPs, <total> means the whole ratio of IPs for
allocation and <weight> means the ratio of IP allocated to the subnet corresponding to
secondary IP.
Below-shown is the example of such command.
Ip dhcp secondary weight 210.147.10.254 20 100

When this command is executed, DHCP Relay corrects the giaddr field of DHCP Packet and
sends it to DHCP Server so that 20 IPs are allocated to the subnet having 210.147.10.254 as the
gateway IP in the 100 IP request through corresponding interface.

Configuring DHCP Proxy Server(Only S518)

The method to configure DHCP Proxy Server is as shown below:
Command Work
Ip dhcp proxy-server Activate DHCP Proxy Server in interface.
Below-shown is the example to configure DHCP Proxy Server.
localhost#
localhost(config-if)# ip dhcp proxy-server
Sep 28 15:51:30 localhost DHCP-7-INFO: DHCP Proxy Server serviced on interface
v
lan50.

------------------------------------
vlan5 DHCP Disabled
vlan50 DHCP Proxy Server
------------------------------------
localhost#

Designating DHCP Server

The DHCP Server to send/receive Packets to/from DHCP Proxy Server may be designated.
DHCP Server is designated with use of below-shown commands:
Command Work
Ip dhcp proxy helper-address <ip-address> Set External DHCP Server Address.
Below-shown is the example to designate DHCP Server:

localhost(config-if)# ip dhcp proxy helper-address 20.1.1.1
localhost#
As shown below, designation of multiple DHCP Servers is also possible.

localhost#

Displaying DHCP Configuration information(Only S518)

In this section, the commands to output the various kinds of configuration information of
DHCP are described.
Displaying DHCP Activation information

When using show ip dhcp interface command, whether DHCP Service (Server, Proxy Server,
and Relay) is activated in each interface may be identified.
Below-shown is the example used the command.

------------------------------------
vlan5 DHCP Disabled
vlan50 DHCP Proxy Server
------------------------------------
localhost#

Displaying IP Pool Configuration information

When using show service-manager ip pool [IP Pool name] config command, the configuration
information of corresponding IP Pool may be identified.
Also, when using show service-manager ip pool config command, the setting information of
all IP Pools created until now may be identified.
localhost# show service-manager ip pool test config

---------------------------------------------------
---------------------------------------------------
---------------------------------------------------

---------------------------------------------------
Range : 50.1.1.50 ~ 50.1.1.60
---------------------------------------------------
---------------------------------------------------
localhost#

---------------------------------------------------
---------------------------------------------------
---------------------------------------------------


---------------------------------------------------
Range : 50.1.1.50 ~ 50.1.1.60
---------------------------------------------------
---------------------------------------------------
Service Manager Ip Pool test2

---------------------------------------------------
Range : 60.1.1.10 ~ 60.1.1.20
---------------------------------------------------
---------------------------------------------------
localhost#

Displaying allocated lease information

Displaying whole lease information
When using show ip dhcp leases command, all the lease information allocated by DHCP Server
or Proxy Server may be identified.
localhost# show ip dhcp leases
DHCP Lease Information

(current time : 2007/06/28 17:32:50)
Interface name : vlan250

IP Address MAC Address Status Remain
50.1.1.50 00:e0:00:59:53:e1 active 00h:59m
50.1.1.51 00:e0:00:53:53:e2 active 00h:59m

60.1.1.50 00:e0:10:ac:53:e1 active 00h:59m
Total lease count with all interfaces : 3

localhost#

Displaying the lease information of each interface

When using show ip dhcp leases interface vlan id [vlanid] command, the lease information
belonging to corresponding interface may be identified.
localhost# show ip dhcp leases interface vlan id 250

(current time : 2007/06/28 17:34:27 interface : vlan250)

50.1.1.50 00:e0:00:59:53:e1 active 00h:57m
50.1.1.51 00:e0:00:53:53:e2 active 00h:57m
localhost#
Displaying lease information in detail

When using show ip dhcp leases detail command, detailed information of each lease may be
identified.
localhost# show ip dhcp leases detail

(current time : 2007/06/28 17:35:13)

IP Address : 50.1.1.50
MAC Address : 00:e0:00:59:53:e1
Status : active
Client Id : 00:e0:00:59:53:e1
Start time : 06/28 17:32:17
Renewing time : 06/28 17:32:17
End time : 06/28 18:32:17
Remain time : 00h:57m:04s


Total lease count with all interfaces : 1

localhost#
Displaying summarized information of whole lease

When using show ip dhcp leases summary command, the summarized information of whole
lease may be identified.
localhost# show ip dhcp leases summary
DHCP Lease Information Summary

(current time : 2007/06/28 17:40:18 )
Interface Allocated Lease
------------------------------------------
vlan250 2
vlan200 1
------------------------------------------
Total 3
localhost#

Displaying DHCP Packet statistics information

To identify the flow of DHCP Packet, the function to identify the statistics information of DHCP
Packet is provided. This function may valuably be used to identify the cause of trouble when a
trouble is occurred in DHCP Service.
Displaying whole statistics information

When using show ip dhcp packet statistics command, the packet statistics information on all
the interfaces may be identified.
localhost# show ip dhcp packet statistics

DHCP Statistics
---------------------------------------------------------
rxDhcpBadPackets : 1 txErrorPackets : 0
---------------------------------------------------------
---------------------------------------------------------
---------------------------------------------------------
---------------------------------------------------------
localhost#

Displaying statistics information on each interface

When using show ip dhcp packet statistics interface vlan id [vlanid] command, the statistics
information on corresponding interface may be identified.
localhost# show ip dhcp packet statistics interface vlan id 250

DHCP Statistics : vlan250
---------------------------------------------------------
rxDhcpBadPackets : 1 txErrorPackets : 0
---------------------------------------------------------
---------------------------------------------------------
---------------------------------------------------------
---------------------------------------------------------
localhost#

Chapter 11 Configuring Netsnoop
In this chapter, the method to use the Netsnoop functions of Corecess S5 System is described.
9 Understanding NetSnoop 11-2
9 Configuring DHCP snoop 11-4
9 Configuring ARP snoop 11-18
9 Displaying NetSnoop Confituration Information 11-25
9 DHCP Configuration Command 11-36

Understanding NetSnoop
In this chapter, the specific features of NetSnoop and the method to use are described.
NetSnoop is the function to manage user's profile and to protect users and equipment from
various wrong network attack with use of DHCP and ARP.
It consists of two modules: DHCP Snoop and ARP Snoop.
In general, this function is available when using L3 Gateway or L2 Switch.
DHCP Snoop
Differently from DHCP Server or Relay, it manage DHCP state machine to snoop DHCP Packet
and supports with security function for basic DHCP Packet. Also, when it interworks with ARP
Snoop, it may prevent illegal use of IP by the method to pass only the ARP Packet towhich IP
was assigned through DHCP.
DHCP Snoop Base Rule
This is the filtering rule of whole S5 equipment. Two modes – Permit and Deny – are provided;
in case of Permit mode, control such as communication blocking is not perfomed. In contrast, in
case of Deny mode, the subscribers who were assigned with IPs through DHCP may only
communicate.
DHCP Snoop Port Type
Each Port of S5 equipment exists in three types in DHCP Snoop:

Server Port
Transparent Port
Client Port
Server Port means the Port connected with DHCP Server. DHCP Snoop transfers all the Packets,
which was transferred to server by client, to Server Port. When the server exists in upper

network, Uplink is designated as the Server Port. When the equipment does not drive DHCP
Server, Server Port is not separately designated.
Client Port means the Port connected with Subscriber Client. The DHCP Packet sent by client is
received by this Port and the Packets sent from Server are blocked. Also, if Base Rule is in Deny
status, the clients received IPs through DHCP may only communicate.
Transparent Port acts as a common port. In this port, all the hosts may communicate regardless
of Base Rule.
Configuring Netsnoop 11-3

Configuring DHCP Snoop
Order of configuration of DHCP Snoop
The process to configure DHCP Snoop in Corecess S5 System is as shown below:
y Activate DHCP Snoop;
y Set System Base Rule;
y Set the strategies of Ports;
y (Optional) Set security strategy by the situation of network; and
y (Optional) Set the functions of DHCP Option82.
Activating DHCP Snoop
The thing to be done for the first time to configurate DHCP Snoop is to activate DHCP Snoop in
the Corecess S5 Sysem by the method shown below:
Command Work
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop 2. Activate DHCP snoop.
Below-shown is the example to activate DHCP Snoop in Corecess S5 Sysem.

localhost(config)# ip dhcp snoop
localhost(config)#
To inactivate DHCP Server so as not to act anymore, run no ip dhcp snoop command in Global
Configuration Mode.
localhost(config)# no ip dhcp snoop
localhost(config)#

Setting DHCP Snoop System Base Rule
This is the basic value to permit communication to the users with assignment of IPs through
licensed DHCP and converts the System Base Rule set as Permit mode to Deny mode.
Command Work
Ip dhcp snoop base- 2. System Base Rule of DHCP snoop is
rule deny converted into Deny mode.
The next is the example to set Base Rule of Corecess S5 System as Deny mode.
localhost(config)# ip dhcp snoop base-rule deny
localhost(config)# end
localhost# show ip dhcp snoop
ip dhcp snoop : $Revision: 1.22 $
ip dhcp snoop is enable
system's base rule : deny
base-rule timeout : none
enforced deny rule : applied
information policy : replace
secure-unicast : off
suppression : off
client-aging time(sec): 300
option82 insertion mode : disable
uptime : 26s
Internal router port information

dhcp snooping port 0/0 is enable ref(3) type(L:A)
link up, vlan 1, clients limit 0 (serviced 0)
base port rule: permit, port snooping type: server
port traffic rule: none
port timer-id: 15186480
opt82 circuit-id (none)
localhost#

Setting DHCP Snoop Port Strategy
Below-shown commands are used to decide the strategy of each port.
Command Work
Ip dhcp snoop port <port info> 2. Set corresponding port as Server Port. The port
server connected with DHCP Server is set as this one.
3. Set corresponding port as Transparent Port
Ip dhcp snoop port <port info>
transparent (basic value). In case of ports that do not need to or
should not manage hosts are set as theses ports.
4. Set corresponding port as Client Port. The ports
Ip dhcp snoop port <port info> that intend to permit the communication to the
client subscribers with assignment of IPs through
licensed DHCP are set as these ports.
Ip dhcp snoop port <port info> 5. Number of clients of corresponding port is
client-limit <num> limited to <num>.
Ip dhcp snoop port <port info> 6. The Circuit-ID of corresponding port is set as
circuit-id <str> <str>.
Ip dhcp snoop port <port info> 7. The Base-Rule of corresponding port is set as
base-rule <permit|deny> Deny mode.
8. A host is set as static type so that a specific host
Ip dhcp snoop port <port info>
static <MAC> <IP> may always communicate in the corresponding
port.
9. Corresponding port should not use Netsnoop
No ip dhcp snoop port <port info>
function.
In case of #1~#4, setting is different depending upon the situation that which kinds of hosts exist
in each port. Each port has one strategy – Severe, Transparent, or Client – and the port with no
setting is set as Transparent.
In case of#5~#7, setting is performed only when there is the DHCP Server that manages
subscribers through web authentication and allocate temporary IPs.
In case of #8~#11, setting is performed in needed cases only. If no setting is performed,
corresponding function is used.

Setting the Port to be connected with DHCP Server

Execute ip dhcp snoop port <port info> server command to the port to be connected with DHCP
Server so that DHCP Snoop may forward DHCP Packets to server.
Below-shown is the example to execute the command.
localhost(config)# ip dhcp snoop port fastethernet 3/1 server
localhost(config)#
When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#
Setting the port to be connected with DHCP Clients

Execute ip dhcp snoop port <port info> client command in the port to be connected with DHCP
Clients so that DHCP Snoop may forward DHCP Packets to clients and the users with
assignment of IPs from licensed DHCP Server may communicate.
localhost(config)# ip dhcp snoop port fastethernet 3/1 client
localhost(config)#
localhost(config)#
Setting the port to be connected with Temporary DHCP Server

Execute ip dhcp snoop port <port info> server command to the port to be connected with DHCP
Server so that DHCP Snoop may forward DHCP Packets to server.
localhost(config)# ip dhcp snoop port fastethernet 3/1 captive server
localhost(config)#

localhost(config)#
localhost(config)#
Limiting the number of Clients by Port unit

To limit the number of Clients that may be connected with specific Ports, perform setting with
ip dhcp snoop port <port info> client-limit <num> command so that <num> clients may only
communicate.
However, this setting is possible in the ports that are set as clients.
localhost(config)# ip dhcp snoop port fastethernet 3/3 clients-limit 200
localhost(config)#
To cancel the limit number of clients in a specific port, execute no ip dhcp snoop port <port info>
client-limit command.
localhost(config)# no ip dhcp snoop port fastethernet 3/3 clients-limit
localhost(config)#
Setting Circuir-ID for a specific port

Circuit-ID is one of the sub-options of DHCP Option #82. To add and transfer Circuit-ID set in
all the DHCP Packets coming from corresponding port by setting Circuit-ID in a specific Port
when using DHCP Option82, execute ip dhcp snoop port <port info> circuit-id <str> command.
localhost(config)# ip dhcp snoop port fastethernet 3/1 circuit-id aaa
slotport 3/1 circuit_id(aaa)
localhost(config)#
To delete set Circuit-ID, execute no ip dhcp snoop port <port info> circuit-id command.
localhost(config)# no ip dhcp snoop port fastethernet 3/1 circuit-id
localhost(config)#

Setting Base-Rule in a specific port

To set own Base-Rule in a specific port regardless of the whole Base-Rule, execute ip dhcp snoop
port <port info> base-rule <permit|deny> command.
However, this function is available in client port only and is effective when the setting is done in
contrast to the whole Base-Rule.

localhost(config)# ip dhcp snoop port fastethernet 3/3 base-rule deny
localhost(config)#

localhost(config)# ip dhcp snoop port fastethernet 3/3 base-rule permit
localhost(config)#
To release the setting, set Port Base-Rule same as whole Base-Rule.
Registering Static Host

To set a specific host to communicate always in the connected port, execute ip dhcp snoop port
<port info> static <MAC> <IP> command.
localhost(config)#ip dhcp snoop port fastethernet 3/3 static a:a:a:a:a:a
10.1.1.1
localhost(config)#
To delete static host, execute no ip dhcp snoop port <port info> static <IP> command.
localhost(config)# no ip dhcp snoop port fastethernet 3/3 static 10.1.1.1
localhost(config)#

Turning DHCP snoop function off in a specific port

Not to use DHCP snoop function in a specific port, execute no ip dhcp snoop port <port info>
command.
localhost(config)# no ip dhcp snoop port fastethernet 3/3
localhost(config)#
To use DHCP snoop function again, execute ip dhcp snoop port <port info> command.
localhost(config)# ip dhcp snoop port fastethernet 3/3
localhost(config)#

Setting DHCP Snoop Packet Control
Table 11-1 Kinds of Global DHCP snoop Packet Control Parameters
Default
Parameter Desctiption
value
When inputted Packet is not same with saved information,
Information policy Replace
whether to update is decided.
Inspection Appropriateness of inputted Packet is inspected. None
Broadcast is converted into Unicast with use of saved
Secure-unicast None
informationl.
Suppression Burst packet attack is blocked with use of DHCP Packet. None
The method to set the values of such DHCP snoop parameters are as follows:
Command Work

2. When inputted Packet is not same with saved information,
whether to update is decided.
Ip dhcp snoop information policy
y <drop> : Inputted Packet is dropped.
<drop|replace>
y <replace> : Existing information is replaced with the
information of inputted Packet.
3. Appropriateness of inputted Packet is inspected and the
Packet that does not meet the condition is dropped.
y <mac-match> : It is inspected whether the mac address
of ethernet header and the mac address recorded in chaddr
Ip dhcp snoop inspection <mac- of dhcp header is same.
match|client-id| state_transition> y <cliend-id> : It is inspected whether the mac address of
ethernet header and the mac address recorded in client-id of
dhcp header is same.
y <state transition> : It is inspected whether inputted
Packet is appropriate DHCP Packet in terms of state.
4. The Packet, which is transferred to broadcast if
Ip dhcp snoop secure-unicast corresponding client information exists when the Packet to be
transferred to client is inputted, is transferred to unicast.
5. When two or more Discover Packets are inputted from a
same DHCP Client within the set time, the Packets other
Ip dhcp snoop suppression
than the firstly inputted Discover Packet are dropped.
<seconds>
y <seconds> : The section to process only one Packet is
set as time.
In the above-shown table, the processes from #2 through #6 are the descriptions on the method
to configure all the DHCP snoop parameters. It is not need to set all the parameters shown in
the table. You may set the values of needed parameters only regardless of the order.

Setting Snoop information policy as drop

Below-shown is the example to set so as to drop the Packet with use of ip dhcp snoop
information policy command when the Packet inputted in DHCP snoop differs from the
saved information.
localhost(config)# ip dhcp snoop information policy drop
localhost(config)#
To set so as to update saved information to the client information of newly inputted Packet,
execute ip dhcp snoop information policy replace command.
localhost(config)# ip dhcp snoop information policy replace
localhost(config)#
Setting inspection function

Below-shown is the example to set inspection function in DHCP snoop with execution of ip
dhcp snoop inspection command.
localhost(config)# ip dhcp snoop inspection mac-match
localhost(config)#
Not only mac-match but also client-id and state-transition may also be set. Each setting may be
duplicated. If you do not want to use inspection function, execute no ip dhcp snoop inspection
command.
localhost(config)# no ip dhcp snoop inspection
localhost(config)#

Setting secure unicast function

Below-shown is the example to set secure-unicast function in DHCP snoop with execution of ip
dhcp snoop secure-unicast command.
localhost(config)# ip dhcp snoop secure-unicast
localhost(config)#
To delete the setsecure-unicast function, execute no ip dhcp snoop secure-unicast command.

localhost(config)# no ip dhcp snoop secure-unicast
localhost(config)#
Setting suppression function
Below-shown is the example to set suppression function in DHCP snoop with execution of ip
dhcp snoop suppression command.
localhost(config)# ip dhcp snoop suppression 1
localhost(config)#
The time is inputted in second unit next to suppression. As shown above, if the time is set as 1 second,
other Packets having same mac in the chaddr field of dhcp header excluding the Packet firstly inputted
within the 1 second are blkocked. To delete suppression function, execute no ip dhcp snoop
suppression command.
localhost(config)# no ip dhcp snoop suppression
localhost(config)#

Setting DHCP relay information (Option82)
What is DHCP relay information (Option82)?

When the Server allocates IP through DHCP Relay, the Server does not know the information
on the network position of client because it does not belong to the same network of client. To
recover such problem, the position information of client may be attached when transferring
DHCP Packet from relay to server. At this time, the part in which network position information
is inputted is #82 of DHCP Option field and this is called ‘DHCP relay information (hereinafter
referred to as ‘Option82’)’.
Option82 may have many suboptions. As the suboption currently set as the standard, circuit-
id(suboption1) remote-id(suboption2) is available and various suboptions may be defined and
used for each vendor. Also, the suboption field set as standard may also be somewhat different.
In Corecess S5, DHCP Snoop adds DHCP Option82 to Packet.
Setting Option82
Below-shown is the command to add DHCP Option82 in DHCP Snoop.
Command Work
2. The function is activated so that dhcp packet에 option82

Ip dhcp snoop opt82 epon
may be added so as to be transferred to Server.

localhost(config)# ip dhcp snoop opt82 epon
localhost(config)#
If you intend not to use Option82 function anymore, execute no ip dhcp snoop opt82 command.

localhost(config)# no ip dhcp snoop opt82
localhost(config)#

Configuring ARP Snoop

In this section, the method to configure ARP Snoop is described.
ARP Snoop
In case of existing LAN switch, the arp request used in linking ip address and mac address in
IPv4 is basically broadcasted. In this case, malicious user may easily obtain the ip/mac
information of other hosts of nodes on the LAN by sniffing the Packet with substitution of own
network device for promicuous mode. Based on such information, the arp information of router
may be poisoned and the traffic of other hosts may be monitored. Also, by producing wrong
arp reply/request, proper users become ip conflict status and cannot receive network service.
To solve such problem, ARPsnoop blocks inputting of improper arp packet by inspecting all the
arp request/reply inputted into the switch and manages the ip/mac in the table to reduce the
quantity of broadcasted arp request .
When interworking with DHCPsnoop, arp request/reply is permitted only to the subscribers
using the ip-pool allocated through proper dhcp action and it can be prevented that malicious
user receives service by producing improper arp request or setting static IP.
Activating ARP Snoop
To enable ARP snoop, below-shown command is executed in Global Configuration mode.
Command Desctiption
ip arp snoop y ARP snoop enable
localhost(config)# ip arp snoop

To inactivate ARP snoop so to stop the action, execute no ip arp snoop command in Global
Configuration mode.
localhost(config)# no ip arp snoop

Maintenance of ARP Snoop table entry
When the user communicates with use of proper IP, the entry is created and maintained in the
table managed by ARP snoop. Also, the users using static IPs set by group access list have static
entries. If you want to maintain the table of static IP users by maintaining the entries until the
users’ terminals are turned off, you may set ARP snoop active-probing and then ARP snoop
periodically transfers ARP request message to maintain the entries.
Command Desctiption
ip arp snoop active-probing y ARP snoop table entries are maintained.
localhost(config)# ip arp snoop active-probing

To inactivate active-probing so to stop the action, execute below-shown command.
localhost(config)# no ip arp snoop active-probing

If you execute arp-move command, it may be prevented that, in case of properly registered
entries, ARP snoop table entry is changed by received ARP message.
Command Desctiption
ip arp snoop arp-move restricted y ARP snoop table entries are maintained.
Localhost(config)# ip arp snoop arp-move restricted

To inactivate, execute below-shown command.
localhost(config)# no ip arp snoop arp-move restricted

ARP Snoop access function
When performing arp secured with use of dhcp binding information, Deny and Permit may be
performed with referring to access-list only with no secure checking of IP existing in
corresponding acces-list to manage the lower layer equipment using static IP.
Command Desctiption
ip arp snoop group access <list-

y <list-number> 1 ~ 99 IP standard access list
number>
To activate group access function, group-access list should be configured in advance.

localhost(config)#ip arp snoop groop access 1
The command to inactivate the activated group-access list is as follows:

localhost(config)#no ip arp snoop groop access
GARP sending cycle setting
As improper ARP Snoop table may be configured when arp poisoning is detected by the
equipment where ARP Snoop is set, ARP Snoop table may be reconfigured by sending the
GARP of proper ip/mac to the port where poisoning is detected.
Command Desctiption
ip arp snoop guard arp-poisoning y < sec > : Cycle to send GARP
<sec> <packets> y < packets > : Number of GARP Packets
Below-shown is the command to send 5 GARPs in a second. < sec > may be set in the range of 1
~ 10 and < packets >may be set in the range of 5 ~ 60.
localhost(config)#ip arp snoop groop guard arp-poisoning 1 5
The command to inactivate the activated GARP function is as follows:

localhost(config)#no ip arp snoop groop guard arp-poisoning

ARP Snoop inspection setting
ARP Snoop provides with ARP Snoop inspection function to drop Packet when modified ARP
Packet is sent for poisoning attack. Inspection function is available as two types: mac-match and
unsolicited-reply. Mac-match function is the one to drop improper ARP Packet judged when
source mac address of Ethernet header part and source mac address part of ARP packet are not
same. Unsolicited-reply function is the one to judge and drop ARP poisoning attack when multi
ARP reply packets are received in a short time.
Command Desctiption
ip arp snoop inspection <mac- y < mac-match > : Source mac address inspection
match/unsolicited-reply> y < unsolicited-reply > Reply packet inspection
Both mac-match and unsolicited-reply may be used at the same time and only one mode may
also be used.
localhost(config)#ip arp snoop inspection mac-match
localhost(config)#ip arp snoop inspection unsolicited-reply
To inactivate the activated ARP Snoop inspection function, execute below-shown command. It
is not impossible to inactivate one of Mac-match mode or unsolicited-reply mode; if inactivation
is performed when two modes are set, both two are inactivated.
localhost(config)#no ip arp snoop inspection
ARP Snoop packet inspection
This is the function to drop the ARP packet to which proper IP is not allocated through DHCP
server, by referring the dhcp binding information in arp source address and target address.
Three modes are available and default mode is All: Target, Source, and All.
Command Desctiption
y < all > : Both source and target are inspected.
ip arp snoop reply < all, soruce, target >
y < source/target > : Either target or source is inspected.
localhost(config)#ip arp snoop reply source

As default mode is All, to change to default mode, execute all command.
localhost(config)#ip arp snoop reply all

ARP Snoop cache reply function
ARP Snoop unicasts reply message to the port received request for the ARP request message
already registered in ARP Snoop table to reduce the quantity of ARP packets.
Command Desctiption
ip arp snoop reply-cache y ARP Snoop reply cache function is activated.
localhost(config)#ip arp snoop reply-cache
To inactivate the activated ARP Snoop reply cache function, execute below-shown command.
localhost(config)#no ip arp snoop reply-cache
ARP request message forwarding setting
ARP Snoop may set whether to broadcast or unicast ARP request message.
Four request modes are available: broadcast, protected-broadcast, restricted-broadcast, and
secure-broadcast. Default mode is broadcast. In the broadcast mode, if there is no target
information, ARP request message is transferred to all the server port, transparent port, and
client port in the port types set in DHCP snoop.
Command Desctiption
ip arp snoop request <broadcast,
protected-broadcast, restrict-broadcast, y ARP Snoop request message setting
secure-broadcast>
When the mode is set as Restrict-broadcast, if the IP information was not properly allocated by
DHCP to source IP, ARP request packet is dropped. At this time, DHCP snoop base-rule should
be set as Deny. ARP request message is transferred to the port to which target belongs to when
there is the information on target; if there is no information on target and the request message is
sent from client port, it is broadcasted to server port and transparent port; if request message is
sent from server port, it is broadcasted to all ports.
localhost(config)#ip arp snoop request restrict-broadcast

The basic action is same in the secure-broadcast mode and restrict-broadcast mode but, if there
is the information on target, the ARP request packet is unicasted to the physical address of
target IP.
localhost(config)#ip arp snoop request secure-broadcast
In protected-broadcast mode, ARP request packet is broadcasted to server port/router port only.
Therefore, action is possible only when local proxy arp is set in the router and ip dhcp snoop
base-rule deny is set. This setting is performed so that lower layer switch sends all the arp
requests to router to be processed when local-proxy-arp is drived in the router to perform user
isolation.
localhost(config)#ip arp snoop request protected-broadcast
The command to set ARP request as default mode again is as follows:

localhost(config)#ip arp snoop request broadcast
Prevention of MAC-move production to arp-entry registered as static

IP
If arp sticky command is activated, MAC move is not produced in the users or equipments
using static IPs.
Command Desctiption
ip arp snoop sticky y Setting of MAC move prevention to static IPs.
Below-shown is the example command to activate ARP sticky.

Localhost(config)#ip arp snoop sticky
The command to inactivate the activated ARP sticky is as follows:
localhost(config)#no ip arp snoop sticky

Chapter 12 Configuring Security
This chapter describes how to configure security features on the Corecess S5 System.
9 Managing Password and Session 12-2
9 Configuring Access Lists 12-6
9 Security Configuration Commands 12-11

Managing Password and Session

This section describes how to set the password and time out value of Telnet session.
Configuring Password
Console is a terminal to connect the system directly through a console port, and virtual terminal
is a terminal to connect the system through Telnet. In the Corecess S5 System, users who access
the system through console or virtual terminal require a password. It can enhance the system
security.
Changing CLI Login Password
By default, the Corecess S5 System requires a login password. The default login password is
‘corecess’. To change the default login password, use passwd command.
The following example shows how to change the password.
> passwd
Changing password for corecess
(current) UNIX password: ******** Enter the current password.
New UNIX password: ******** Enter the new password.
Retype new UNIX password: ******** Enter the new password again.
passwd: all authentication tokens updated successfully
>
After setting the CLI login password, you should enter the login password at the login prompt
that is shown when you connect the system.

Setting the Privileged Mode Password
You can set the Privileged mode password that controls access to privilege mode. By default,
the Corecess S5 System does not require the Privileged mode password for entering the
Privileged mode.
You can specify the password for the Privileged mode using enable passwd command. The
following example shows how to set the Privileged mode password to ‘corecess’ by the enable
passwd command.
(config)# enable passwd corecess

(config)#
After setting the Privileged mode password, you should enter the password to go to the
Privileged mode from user mode as follows:
> enable
Password: corecess
Privileged mode is signified by the # prompt. In the Privileged mode, you can enter all
commands to view statistics and configure the system.
# The privileged mode prompt
Configuring Security 12-3

Password Encryption
All IDs and passwords on the system can be shown by using the write terminal command.
In the Corecess S5 System, user passwords are stored and displayed by the password
encryption. Even if the writer terminal command is executed, only system administrator can see
the user password.
The following example shows how to add a CLI user who ID and password are ‘guest’ using
the username command and how to display the user using the write terminal command.
(config)# username guest passwd guest
(config)# end
# write terminal
banner incoming "welcome\n"
username recover passwd 8 $1$$nlCC0vP6YG0ZB0Mp685Fy0
username guest passwd 8 $1$$ysap7EeB9ODCrO46Psdbq/
.
.

Configuring Telnet Session Timeouts

The timeout for an unattended telnet session provides an additional security measure. If the
telnet line is left unattended in Privileged mode, any user can modify the system configuration.
The default timeout for an unattended telnet session is 10 minutes. To change the login timeout,
enter the following commands:
Table 12-1 Configuring Telnet Session Timeouts
Command Task
line vty 1. Enter the VTY-line configuration mode.

2. Set the login timeout.
exec-timeout <minute>
y <minute>: Timeout in minutes ( 1 ~ 600)
The following commands change the timeout to 1 minute:
(config)# line vty

(config-line)# exec-timeout 1
(config-line)#

Configuring Access Lists
Access Lists
Access lists filter network traffic by controlling whether routed packets are forwarded or
blocked at the system's interfaces. Your system examines each packet to determine whether to
forward or drop the packet, based on the criteria you specified within the access lists.
Access list criteria could be the source address of the traffic, the destination address of the traffic,
the upper layer protocol, or other information. Note that sophisticated users can sometimes
successfully evade or fool basic access lists because no authentication is required.
You can use standard access lists to control the Telnet or SNMP access methods to management
functions on the Corecess S5 System.
Internet or LAN
Router 인터넷이나 LAN Server A
Server B
Corecess S5 System
Access List
x Source Address : 172.20.128.64
x Permit/Deny : Permit
x Flow : Out
Host A Host B
IP: 172.20.128.10 IP: 172.20.128.64
In the above example, the access list allows access from the 172.20.128 64 host. Therefore the
host B connected to the Corecess S5 System can access to the Server A or Server B and the host
A can’t access to the Servers.

Defining Access Lists
The Corecess S5 System is basically set to be connected to all networks. Therefore, you should
limit addresses not to access the system using access list for safety if possible.
To define access lists, use the following commands on the Corecess S5 System:
Table 12-2 Defining Access Lists
Command Task
2. Permit/Deny packets from the specified source network

address.
y <list-number> Number of the standard access list (1 ~ 99,
1300 ~ 1999)
access-list <list-number>
y permit Permits the frame whose source address matches
{permit| deny} <source-ip>
the condition.
[<wildcard>]
y deny Denies the frame whose source address matches the
condition.
y <source-ip> The IP address of the source network or host
y <wildcard> Wildcard bit to be applied to <source-ip>
3. Permit/Deny packets from the specified source host address.
{permit| deny} host
y <host-addr> IP Address of the host
<host-addr>
4. Permit/Deny packets from all network or host.
{permit| deny} any
show access-list 6. Verify the access list.
Note:
x The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros.
Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value
matches. For example, the <source-ip> and <wild-card> values 209.157.22.26 0.0.0.255 mean that all
hosts in the Class C sub-net 209.157.22.x match the policy.
x The packets that do not match any entries in an access list are denied.

The following example shows how to define an access list which permits the access from hosts
in the specified network:
(config)# end
# show access-list
Standard IP access list 1
permit 192.5.34.0, wildcard bits 0.0.0.255
The following example shows how to define an access list which denies the access from the
specified host:
(config)# access-list 2 deny host 171.69.198.102
(config)# access-list 2 permit any
(config)# end
# show access-list
Standard IP access list 2
deny 171.69.198.102
permit any

Applying the Access List to Terminal Line
After you create an access list, you can apply it to terminal line. In this case, access lists can be
applied on both outbound and inbound flows. To restrict terminal line access to the system
using access lists, enter commands such as the following:
Table 12-3 Applying the access list to terminal line
Command Task
line vty 1. Enter the VTY-line configuration mode.
2. Apply the access lists to terminal line.

y <access-list-number>: Number of an IP access list (1
~ 99, 1300 ~ 1999).
access-class <list-number>
y in: Restricts incoming connections between the system
{in | out}
and the addresses in the access list.
y out: Restricts outgoing connections between the system and
the addresses in the access list.
The following example shows how to apply the access list to terminal line. The Corecess S5
System allows Telnet access to all IP addresses except the hosts listed in access list 2.
(config)# line vty

(config-line)# access-class 2 in
(config-line)#
The following example shows how to apply the access list to terminal line. The Corecess S5
System denies connections to networks other than network 192.89.55.0:
(config)# line vty 0 5
(config-line)# access-class 12 out
(config-line)#
Note: To remove access restrictions, use the no access-class <list-number> {in | out}
command.

Applying the Access List to SNMP Access
After you create an access list, you can apply it to SNMP access. In this case, access lists can be
applied on inbound flow.
To restrict SNMP access to the system using access lists, enter commands such as the following:
Table 12-4 Applying the Access List to SNMP Access
Command Description
snmp-server group Apply the access list to SNMP access.

access <list-number> y <list-number>: Standard access list number (1 ~ 99, 1300 ~ 1999)
The following example shows how to apply the access list to SNMP access. The Corecess S5
System allows SNMP access to all IP addresses except the hosts listed in access list 2.
(config)# snmp-server group access 2

(config)#

Security Configuration Commands

The following table lists the commands for configuring security on the Corecess S5 System:
Table 12-5 Security configuration commands
Command Function
Restricts incoming and outgoing connections between the Corecess S5 System

access-class
virtual terminal and the addresses in an access list.
access-list Defines a standard IP access list using source addresses for filtering packets
(Standard) received/transmitted through the specific interface.
enable passwd Sets the Privileged mode password.
Sets the interval that the EXEC command interpreter waits until user input is
exec-timeout
detected.
passwd Specifies or changes the CLI login password
snmp-server group Limits hosts which can access to the system through SNMP based on the
access access list.


Chapter 13 Configuring Multicast
This chapter describes how to configure the Corecess S5 System for multicast routing protocols.
9 Multicast Routing Overview 13-2
9 Configuring IP Multicast Routing 13-10
9 Monitoring IP Multicast Routing 13-41
9 Multicast Routing Commands 13-60

Multicast Routing Overview

Multicast is a transmission mode which transmits the copy of packets to multiple destinations. It
is a special mode of broadcast transmission mode which transmits the copy of packets to all
destinations. There are three Internet transmission mode - unicast, broadcast, and multicast.
Unicast transmission mode transmits data from one source to one destination. It is used in
general Internet application program such as Telnet or ftp.
Broadcast transmission mode is the transmission of the copy of packet to all receivers in the same
network from one transmitter.
Multicast transmission mode is used in application programs of Internet image conference and
etc, as a mode of more than one transmitters transmitting data to more than one certain
receivers. When a transmitter transmits the pack to a multicast group address, only the
receivers belonging to that multicast group can receive the copy of the packet transmitted by
the transmitter.
The following example shows the difference between unicast transmission mode and multicast
transmission mode.
Unicast Mode Multicast Mode
300K x 3 = 900K 300K

Video Video
Server Server
Multicast Router Multicast Router

300K x 2 = 600K 300K
300K 300K
300K 300K 300K 300K 300K 300K
Service User Multicast User

Multicast transmission mode minimizes the network resource loss due to repetitive
transmission of the data like the broadcast transmission mode and thus can save network
bandwidth, and can save transmission time since there is no need to transmit the packet to all
receivers separately like the unicast transmission mode.
There is the receiver address displayed on the packet header in unicast transmission, but in the
multicast transmission, marking the multicast group address where receivers belong other than
the receiver address on the header, it transmits the packet.
D class IP address is used for multicast group address. The range of D class is 224.0.0.0 ~
239.255.255.255, and IP address 224.0.0.0 ~ 224.0.0.255 among this range is assigned for other
uses and cannot be used.
Multicast routing is that routers exchange messages for multicast transmission and make routing
trees, then decide the path from source to destination (group members of multicast). The
Corecess S5 System supports the following multicast routing protocols.
• IGMP (Internet Group Management Protocol) version 2 and IGMP snooping

• PIM-SM (Protocol Independent Multicast Sparse-Mode) version 2
• PIM-DM (Protocol Independent Multicast Dense-mode) version 2
• DVMRP (Distance Vector Multicast Routing Protocol) version 3
This section provides the overview of each multicast routing protocol.
Configuring Multicast 13-3

IGMP (Internet Group Management Protocol)

IGMP is used to dynamically register individual hosts in a multicast group on a particular LAN.
Hosts identify group memberships by sending IGMP messages to their local multicast router.
Under IGMP, routers listen to IGMP messages and periodically send out queries to discover
which groups are active or inactive on a particular subnet.
IGMP snooping manages multicast traffic at Layer 2 on the Corecess S5 System by allowing
directed switching of IP multicast traffic. Switches can use IGMP snooping to configure Layer 2
interfaces dynamically so that IP multicast traffic is forwarded only to those interfaces
associated with IP multicast devices.
When IGMP snooping is enabled on the Corecess S5 System, the route processor sends out
periodic general queries to all VLANs. The switch processor responds to the route processor’s
queries with only one join request per MAC multicast group. The switch processor creates one
entry per VLAN in the Layer 2 forwarding table for each MAC group from which it receives an
IGMP join request. All hosts interested in this multicast traffic send join requests and are added
to the port mask of this forwarding table entry.

DVMRP (Distance-Vector Multicast Routing Protocol)

DVMRP (Distance-Vector Multicast Routing Protocol) is an intra-domain routing protocol to
transmit multicast data among multicast routers that is located in the domain. DVMRP uses
IGMP to manage IP multicast groups.
DVMRP consists the multicast tree that the root is one source. If the DVMAP source transmits
multicast packets to the DVMRP network, the routers that does not want to receive the packets
of the multicast group transmits the prune message to upstream routers. Then, the routers that
transmit the prune message are removed from the multicast tree, and finally the multicast tree
is completed with the routers who want to receive multicast packets. The prune state is released
after a certain time, and the source transmits the multicast packet to the DVMRP network again.
DVMRP uses RPF (Reverse Path Forwarding) algorithm to maintain a multicast tree that has the
minimum branch. If DVMRP is enabled, the multicast tree is made to transmit multicast packets
to a downstream interface. When the interface receives multicast packets, the interface checks
its DVMRP routing table to find the shortest path. If the interface has the shortest path, the
interface transmits multicast packets to adjacent DVMRP router. If the interface does not have
the shortest path, the interface ignores multicast packets and transmits the prune message to the
upstream router.
Pruning a Multicast Tree
After the multicast tree is constructed, pruning of the tree will occur after IP multicast packets
begin to traverse the tree. As multicast packets reach leaf networks (sub-nets with no
downstream interfaces), the local IGMP database checks for the recently arrived IP multicast
packet address. If the local database does not contain the address (the address has not been
learned), the router prunes (removes) the address from the multicast tree and no longer receives
multicasts until the prune age expires.
Grafts to a Multicast Tree
A DVMRP router restores pruned branches to a multicast tree by sending graft messages
towards the upstream router. Graft messages start at the leaf node and travel up the tree, first
sending the message to its neighbor upstream router. You do not need to perform any
configuration to maintain the multicast delivery tree. The prune and graft messages
automatically maintain the tree.

PIM (Protocol Independent Multicast)

PIM protocol maintains the current IP multicast service mode of receiver-initiated membership.
It is not dependent on a specific unicast routing protocol.
There are two modes in which PIM operates: Dense and Sparse. The Dense Mode is suitable for
densely populated multicast groups, primarily in the LAN environment. The Sparse Mode is
suitable for sparsely populated multicast groups with the focus on WAN. PIM primarily differs
from DVMRP by using the IP routing table instead of maintaining its own, thereby being
routing protocol independent.
Once PIM is enabled on each router, when a multicast packet is received on a PIM-capable
router interface, the interface checks its IP routing table to determine whether the interface that
received the message provides the shortest path back to the source. If the interface does provide
the shortest path back to the source, the multicast packet is then forwarded to all neighboring
PIM routers. Otherwise, the multicast packet is discarded and a prune message is sent back
upstream.
PIM-SM (Protocol Independent Multicast-Sparse Mode)
PIM-SM searches the point where various transmitting places (sources) converges into one
route and set up a tree to where point becomes the route. This type of tree that makes up PIM-
SM is called Shared Tree and the route for Shared Tree is called RP(Rendezvous Point). First,
data are transmitted to RP and then they are transmitted to receivers in each group.
Shared Tree shares one tree per each multicast group. It means that multicast group can use
only one router as RP whereas PIM-SM domain can have multiple RP. At default, Shared Tree
automatically selects RP to be built itself but user customized versions can also be used. User-
defined version of RP is called static RP. Since Shared Tree must pass RP it goes through
different path than optimized SPT (Shortest Path Tree).
BSR is a router that receives candidate RP messages with prioritization information and its own
IP address and transmits information to multicast router for RP selection. When RP is selected
RP router transmits information about its domain to BSR by unicast. Then, BSR include this
message in its Bootstrap message and transmits them to all the PIM-SM routers in its domain.
Based on this information, all the routers can map the multicast group to a RP.

PIM-SM Router Types

Routers that are configured with PIM-SM interfaces also can be configured to fill one or more of
the following roles:
• BSR – The Bootstrap Router (BSR) distributes RP information to the other PIM-SM routers
within the domain. Each PIM-SM domain has one active BSR. For redundancy, you can
configure ports on multiple routers as candidate BSRs. The PIM-SM protocol uses an election
process to select one of the candidate BSRs as the BSR for the domain. The BSR with the
highest BSR priority (a user-configurable parameter) is elected. If the priorities result in a tie,
then the candidate BSR interface with the highest IP address is elected.
• RP – The Rendezvous Point (RP) is the meeting point for PIM-SM sources and receivers. A
PIM-SM domain can have multiple RPs, but each PIM-SM multicast group address can have
only one active RP. PIM-SM routers learn the addresses of RPs and the groups for which they
are responsible from messages that the BSR sends to each of the PIM-SM routers.
Note: We recommends that you configure the same interfaces as candidate BSRs and RPs.

PIM-DM (Protocol Independent Multicast-Dense Mode)
PIM-DM(dense mode) assumes that the downstream networks want to receive the datagram
forwarded to them. The PIM-DM router forwards all packets on all outgoing interfaces until
pruning and truncating occurs. Thus, interfaces with PIM-DM enabled receive the multicast
data stream until it times out. PIM-DM is most useful under these conditions:
y Senders and receivers are in close proximity to each other.

y The internetwork has fewer senders than receivers.
y The stream of multicast traffic is constant.
In the figure below, the root node (RTA) is forwarding multicast packets for group 229.225.0.1,
which it receives from the server, to its downstream nodes, RTB, RTC, and RTD. Router RTD is
an intermediate router with RTE and RTF as its downstream routers. Because RTE and RTF
have no downstream interfaces, they are leaf nodes. The receivers in this example are those
workstations that are resident on routers RTB, RTC, and RTF.
Server
RTA
229.225.0.1
229.225.0.1
RTB RTC
Group members
RTD
Group members ....
....
RTE RTF
Group members
....
229.225.0.1
As multicast packets reach these leaf routers, the routers check their IGMP databases for the
group. If the group is not in a router’s IGMP database, the router discards the packet and sends
a prune message to the upstream router. The router that discarded the packet also maintains the
prune state for the source, group (S,G) pair. The branch is then pruned (removed) from the

multicast tree. No further multicast packets for that specific (S,G) pair will be received from that
upstream router until the prune state expires. You can configure the PIM Prune Timer (the
length of time that a prune state is considered valid).
For example, in the figure above the sender with address 207.95.5.1 is sending multicast packets
to the group 229.225.0.1. If a PIM router receives any groups other than that group, the router
discards the group and sends a prune message to the upstream PIM router.
Router RTD is a leaf node with no group members in its IGMP database. Therefore, the router
must be pruned from the multicast tree. RTE sends a prune message upstream to its neighbor
router RTD to remove itself from the multicast delivery tree and install a prune state, as seen in
the figure RTE will not receive any further multicast traffic until the prune age interval expires.
When a node on the multicast delivery tree has all of its downstream branches (downstream
interfaces) in the prune state, a prune message is sent upstream. In the case of RTD, if both RTE
and RTF are in a prune state at the same time, RTD becomes a leaf node with no downstream
interfaces and sends a prune message to RTA. With RTD in a prune state, the resulting
multicast delivery tree would consist only of leaf nodes RTB and RTC.

Configuring IP Multicast Routing

This section describes how to configure IP multicast routing on the Corecess S5 System.
Enabling Multicast Routing

Enabling IP multicast routing allows the Corecess S5 System to forward multicast packets. By
default, IP multicast routing is disabled on the Corecess S5 System. This section describes how
to enable the following multicast routing protocols on the Corecess S5 System:
• PIM-SM (Protocol Independent Multicast Sparse-Mode)

• PIM-DM (Protocol Independent Multicast Dense-mode)
• DVMRP (Distance Vector Multicast Routing Protocol)
Enabling PIM-SM
To configure PIM-SM network using the Corecess S5 System, enable PIM globally on the switch
and enable PIM-SM locally on VLAN interfaces. To enable PIM-SM, use the following
Table 13-1 Enabling PIM-SM
Command Task
ip multicast-routing 2. Enable PIM on the Corecess S5 System.
3. Enter Interface configuration mode for the VLAN
interface vlan interface that will use PIM-SM.
{id <id> | name <name>} y <id> VLAN ID (1 ~ 4094)
y <name> VLAN name
4. Configuring IP address of the VLAN interface.
ip address
<ip-address>/<M> y <ip-address>: IP address of the VLAN interface
y <M>: Subnet mask
ip pim sparse-mode 5. Enable PIM-SM on the VLAN interface.
show running-config 7. Verify the result.
Note: PIM-SM use IGMP to dynamically manage multicast group members. Enabling PIM-SM on an interface
also enables IGMP operation on that interface.

The following example enables PIM-SM on the Corecess S5 System and on the VLAN interface:
(config)# ip multicast-routing
(config)# ip address 10.10.10.20/24
(config-if)# ip pim sparse-mode
(config-if)# end
localhost# show running-config
!
!
ip multicast-routing
!
!
interface vlan id 1
!
interface vlan id 10
ip address 10.10.10.20/24
ip pim sparse-mode
!
#
Note: To disable PIM-SM on a VLAN interface, use the no ip pim sparse-mode command in
Interface configuration mode and to disable PIM on the switch, use the no ip multicast-routing
pim command in Global configuration mode.
If you enable PIM-SM, PIM-SM will run on the switch with default values for all global and
interface parameters. IGMP is also automatically enabled. Therefore you do not need to
configure all PIM-SM parameters. To change PIM-SM and IGMP parameters according to your
network environment, refer to the following sections:
y To configure PIM-SM parameters, see the Configuring PIM and Configuring PIM-SM section in this chapter.
y To configure IGMP parameters, see the Configuring IGMP section in this chapter.
y To enable IGMP snooping and configure IGMP snooping parameters, see the Configuring IGMP Snooping
section in this chapter.

Enabling PIM-DM
To configure PIM-DM network using the Corecess S5 System, enable PIM globally on the switch
and enable PIM-DM locally on VLAN interfaces. To enable PIM-DM, use the following
Table 13-2 Enabling PIM-DM
Command Task
ip multicast-routing 2. Enable PIM on the Corecess S5 System.

3. Enter Interface configuration mode for the VLAN
interface vlan interface that will use PIM-DM.
y <name> VLAN name
ip address
y <ip-address>: IP address of the VLAN interface
<ip-address>/<M>
y <M>: Subnet mask
ip pim dense-mode 5. Enable PIM-DM on the VLAN interface.
Note: PIM-DM use IGMP to dynamically manage multicast group members. Enabling PIM-DM on an interface
The following example enables PIM-DM on the Corecess S5 System and on the VLAN interface:
(config-if)# ip pim dense-mode
(config-if)# end
!
!
!

!
interface vlan id 1
!
ip address 10.10.10.20/24
ip pim dense-mode
!
#
Note: To disable PIM-DM on a VLAN interface, use the no ip pim dense-mode command in
Interface configuration mode and to disable PIM on the switch, use the no ip multicast-routing
pim command in Global configuration mode.
If you enable PIM-DM, PIM-DM will run on the switch with default values for all global and
configure all PIM-DM parameters. To change PIM-DM and IGMP parameters according to
your network environment, refer to the following sections:
y To configure PIM-DM parameters, see the Configuring PIM and Configuring PIM-DM section in this chapter.
Enabling DVMRP
To configure DVMRP network using the Corecess S5 System, enable DVMRP globally on the
switch and locally on VLAN interfaces. To enable DVMRP, use the following command in
Privileged mode:
Table 13-3 Enabling DVMRP
Command Task
ip multicast-routing 2. Enable DVMRP on the Corecess S5 System.

3. Enter Interface configuration mode for the VLAN interface that
interface vlan will use PIM-DM.
y <name> VLAN name

(Continued)
Command Task
ip address
<ip-address>/<M> y <ip-address>: IP address of the VLAN interface
y <M>: Subnet mask
ip dvmrp 5. Enable DVMRP on the VLAN interface.
Note: DVMRP use IGMP to dynamically manage multicast group members. Enabling DVMRP on an interface
The following example enables DVMRP on the Corecess S5 System and on the VLAN interface:
(config-if)# ip dvmrp
(config-if)# end
localhost# show running-config
!
!
!
interface vlan id 1
!
ip address 10.10.10.20/24
ip dvmrp
#
Note: To disable DVMRP on a VLAN interface, use the ip dvmrp command in Interface configuration mode and
to disable DVMRP on the switch, use the no ip multicast-routing dvmrp command in Global configuration mode.

If you enable DVMRP, DVMRP will run on the switch with default values for all global and
configure all DVMRP parameters. To change DVMRP and IGMP parameters according to your
network environment, refer to the following sections:
y To configure DVMRP parameters, see the Configuring DVMRP section in this chapter.

Configuring a Static Multicast Route

Static multicast routes allow you to control the network path used by multicast traffic. Static
multicast routes are especially useful when the unicast and multicast topologies of a network
are different. You can avoid the need to make the topologies similar by instead configuring
static multicast routes.
MR1 UR1 UR2 MR2
Source Tunnel Destination
In the above figure, MR1-UR1-UR2-MR2 path is used to forward unicast packets and the MR1-
MR2 tunnel is used to forward multicast packets.
You can configure more than one static multicast route. The Corecess S5 System always uses the
most specific route that matches a multicast source address. Thus, if you want to configure a
multicast static route for a specific multicast source and also configure another multicast static
route for all other sources, you can configure two static routes as shown in the examples below.
To add a multicast static route, use the following command in global configuration mode:
Table 13-4 Configuring a Static Multicast Route
Command Description
y <source>: IP address of the multicast source
ip pim sparse-
y <M>: Mask on the IP address of the multicast source( Bit number that has value
mode mroute
of ‘1’)
<source>/<M>
y <rpf-address>: IP address of PIM neighbor. PIM Joins, Grafts, and Prunes
<rpf-address>
are sent to this address.
Note: ip mroute command does not apply to DVMRP route but applies to the multicast routing protocol
that use unicast routing information.
The following example configures the specified sources within the network number 172.16.0.0
are reachable through 172.30.10.13 and all other sources are reachable through 172.30.10.14:
(config)# ip pim sparse-mode mroute 172.16.0.0/16 172.30.10.13

(config)# ip pim sparse-mode mroute 0.0.0.0/0 172.30.10.14

Configuring PIM
This section describes how to configure the following PIM parameters that apply to PIM-SM
and PIM-DM.
• Setting Hello message interval and hold time
• Setting Join/Prune message interval
• Filtering PIM neighbors
Setting Hello Message Interval and Hold Time
The Hello interval specifies how often the local router sends PIM hello messages on this PIM
interface to neighboring routers in the PIM domain. PIM routers periodically send hello
messages so that PIM neighbors can discover each other. Hello messages are multicast using
address 224.0.0.13 (all PIM routers group) and are sent on all communication links.
The default hello interval is 30 seconds and the default hello hold time is 105 (hello interval
times×3.5). To modifying the hello interval and hold time, use the following commands in
Interface configuration mode:
Command Description
ip pim hello-holdtime y <seconds> PIM Hello hold time. Valid range are 1 ~ 65535
<seconds> seconds.
ip pim hello-interval
y <seconds> PIM Hello interval. Valid range are 1 ~ 65535 seconds.
<seconds>
The following example shows how to configure PIM hello message interval and hold time for
the VLAN interface:

(config-if)# ip pim hello-interval 60
(config-if)# ip pim hello-holdtime 200
(config-if)#

Setting Join/Prune Message Interval
The Join/Prune interval is the interval at which each PIM interface on the router sends periodic
join/prune messages to its upstream neighbor.
The default Join/Prune message interval is 60 seconds. To change this interval, use the
Command Description
ip pim jp-timer
y <seconds>: Join/Prune message interval (1 ~ 65535 seconds)
<seconds>
The following example shows how to set the PIM Join/Prune message interval to 30 seconds for
the VLAN interface:
(config)# ip pim jp-timer 30

(config)#
Filtering PIM Neighbors
To prevent the Corecess S5 System from participating in PIM, use the following command in
Interface configuration mode:
Command Description
ip pim neighbor-filter y <access-list-number>: Number of a standard IP access list that

<access-list-number> denies PIM packets from a source. Valid range are 1 ~ 99.
Note: ip pim neighbor-filter command filters all PIM control messages based on the given
access-list. It can be used to administratively deny a misconfigured PIM neighbor from participating in PIM. This
command does not filter Auto-RP announcements and is only intended to filter neighbor-to-neighbor packets.
The following example denies PIM packets form the source address 10.0.0.1:
(config)# access-list 1 deny 10.0.0.1

(config-if)# ip pim neighbor-filter 1

Configuring PIM-SM
You can configure the following PIM-SM features:
• Configuring candidate BSR
• Configuring candidate RP
• Statically specifying the RP
• Filtering register messages
• Preventing join messages to false RPs
• Specifying the IP source address of register message
• Limiting the number of register messages
• Setting the register suppression timer
• Configuring RP reachability message
• Disabling switching from the RP to the STP
• Enabling router compatibility with RFC 2362
y Setting traffic load distribution using ECMP routing paths (Equal-Cost-Multi-Path)
• Configuring PIM Domain Border (Interface parameter)
• Specifying the DR Priority (Interface parameter)
Configuring Candidate BSR
Bootstrap Router (BSR) provides a fault-tolerant, automated RP discovery and distribution

mechanism. Thus, routers dynamically learn the group-to-RP mappings. BSR should be chosen
for a given range of multicast groups. PIM-SM uses the BSR to discover and announce RP-set
information for each group prefix to all the routers in a PIM domain. A BSR is elected among
the candidate BSRs automatically. They use bootstrap messages to discover which BSR has the
highest priority. This router then announces to all PIM-SM routers in the PIM domain that it is
the BSR. Routers that are configured as candidate RPs then unicast to the BSR the group range
for which they are responsible. The BSR includes this information in its bootstrap messages and
disseminates it to all PIM-SM routers in the domain. Based on this information, all routers will
be able to map multicast groups to specific RPs.

You can configure the Corecess S5 System as a candidate BSR. To configure the Corecess S5
System as a candidate BSR, use the command in Global configuration mode:
Command Description
y <if-name>: Interface name. The IP address of this interface is used as a

candidate BSR. You should specify the name of interface that PIM-SM is
enabled.
ip pim bsr-candidate
y <hash>: Hash Mask Length. This is the number of bits in a group
<if-name> [<hash>]
address that are significant when calculating the group-to-RP mapping.
[<priority>]
y <priority>: BSR Priority (0-200). When the election process for BSR
takes place, the candidate BSR with the highest priority becomes the
BSR. Default is ‘0’.
Note : The first value to be considered for BSR descision is priority and, if they have same values, then IP
addresses are compared.
The following example configures the VLAN interface as a candidate BSR:
(config)# ip pim bsr-candidate vlan id 10 24 10

(config)#
To remove the VLAN interface as a candidate BSR, use the no ip pim bsr-candidate
(config)# no ip pim bsr-candidate vlan id 10

(config)#
Configuring Candidate RP
If you configure PIM-SM, you must also choose one or more routers to be RP (Rendezvous
Point). An RP acts as the meeting place for sources and receivers of multicast data.
To elect an RP, a BSR uses candidate RP messages advertised from candidate RPs. The
candidate RP message has the IP address and priority used for selecting an RP. You can
configure the Corecess S5 System as a candidate RP for the PIM domain. The Corecess S5
System configured as a candidate RP then advertises itself as a candidate RP to the BSR.
To configure the Corecess S5 System as a candidate RP, use the following command in Global
configuration mode:

Command Description
y <if-name>: Interface name. The IP address of this interface is used

as a candidate RP. You should specify the name of interface that
ip pim rp-candidate PIM-SM is enabled.
<if-name> [<priority>] y <priority>: RP Priority (0-255). When the election process for RP
takes place, the candidate RP with the highest priority becomes the
RP. Default is ‘0’.
The following example configures the VLAN interface as a candidate RP with a priority of 100:
(config)# ip pim rp-candidate vlan id 10 priority 100

(config)#
To remove the Corecess S5 System as a candidate RP, use the no ip pim rp-candidate
(config)# no ip pim rp-candidate vlan id 10

(config)#
Static RP Configuration (Candidate direct RP )
RP for multicast group is required to set up PIM-SM. As explained above, RP can be manually
set by the user and can be set automatically. When selecting RP among the candidate RP no
additional steps are needed for the selection. In automatic option, even if the selected router is
not working properly, the router can automatically be selected. Hence, it is better to have it set
in this way for the selection whenever possible.
In case that RP is not desired to be set automatically, the PR can be set manually. This is called
static RP. Static IP may be convenient in small network but not suitable for large-scaled
network.
To set the RP router manually next line should be input in Global Setup Mode.
Command Description
ip pim rp-address
y <ip-address> IP address to be used for RP
<ip-address>
The following example shows how to set the router interface of which IP address is 30.10.10.1 as
static RP.

(config)# ip pim rp-address 30.10.10.1

(config)#
To delete the static IP use no pim rp-address command in global setup mode as shown
below.
(config)# no ip pim rp-address 30.10.10.1
(config)#
Note : When setting the Static RP all routers in the PIM-SM domain should be set under same static RP. And
it is necessary to check if the selected router is in the backbone and connected with other parts of the network
Filtering Register Messages
You can prevent unauthorized sources from registering with the RP. If an unauthorized source
sends a register message to the RP, the RP will immediately send back a register-stop message.
To configure a candidate RP router to filter PIM register messages, use the following command
Command Description
ip pim accept-register y <access-list-number> Standard access list number (1 ~ 99,

list <access-list-number> 1300 ~ 1999)
The following example shows how to restrict the RP from allowing sources in the specified
access list range of addresses to with the specified access list address range to register with the
RP:
(config)# access-list 1300 deny 232.0.0.0 0.255.255.255

(config)# ip pim accept-register list 1300
(config)#

Accept Join/Prune messages
You can take a defensive measure to prevent a misconfigured leaf router from interrupting PIM
service to the remainder of a network. To do so, configure the local router to accept Join/Prune
messages only when the group is in the group range specified by the access list.
To configure this feature, use the following command in Global configuration mode:
Command Description
y Interface for Candidate RP among interfaces
that are set up for <if-name> Corecess
ip pim accept-rp list
S5 system, with enabled PIM-SM, must be used.
<access-list-number>
y <access-list-number>: The standard access-
list number (1 ~ 99, 1300 ~ 1999)
y <ip-address> Specific RP Address
ip pim rp-address
y <access-list-number> Access List
<ip-address>
Number (1 ~ 99,
1300 ~ 1999
The following example shows how to configure the router to accept Join/Prune messages only
when the multicast group is 224.2.2.2 about static RP 10.1.1.1:
(config)# access-list 3 permit 224.2.2.2

(config)# ip pim rp-address 10.1.1.1 group-list 3
(config)#
Specifying the IP Source Address of Register Message
You should specify the IP source address of register message only when the IP source address
of a register message is not a uniquely routed address to which the RP can send packets. This
situation may occur if the source address is filtered such that packets sent to it will not be
forwarded or if the source address is not unique to the network. In these cases, the replies sent
from the RP to the source address will fail to reach the DR, resulting in PIM-SM protocol
failures.
To configure the IP source address of a register message to an interface address other than the
outgoing interface address of the DR leading toward RP, use the following command in Global
configuration mode:

Command Description
ip pim register-source y <ip-address> The IP source address of a register message

{<ip-address>| y <if-name> The name of interface that identify the IP source address
<if-name>} of a register message.
The following example shows how to configure the IP source address of the register message to
the loopback 3 interface of a DR:
(config)# ip pim register-source loopback id 3

(config)#
Limiting the Number of Register Messages
The Corecess S5 System can limit the number of register messages that the DR will allow for
each (S, G) entry.
To set a limit on the maximum number of PIM-SM register messages sent per second for each (S,
G) routing entry, use the following command in Global configuration mode:
Command Description
ip pim register-rate y <rate>: Maximum number of register messages sent per second by the
limit <rate> router. Valid range are 1 ~ 65535.
The following example shows how to configure the maximum number of PIM-SM register
messages sent per second to 2:
(config)# ip pim register-rate-limit 2

(config)#
Setting the Register Suppression Timer
The RP sends a register-stop message when it receives native multicast packets from the DR and
there are no downstream routers (receivers) to forward these packets to. The source’s DR stops
the outgoing interface from sending further register packets and sets its register suppression
timer. The register suppression timer determines how long the DR waits before sending register
messages back to the RP.

The default register suppression timer is 60 seconds. To set the register suppression timer, use
the following command in Global configuration mode:
Command Description
ip pim register- y <seconds> Register suppression timer. Valid range are 1 ~ 65535
suppression <seconds> seconds.
The following example sets the register suppression timer to 120 seconds:
(config)# ip pim register-suppression 120

(config)#
Configuring RP Reachability Message
RP reachability messages are generated by RPs periodically and distributed down the (*, G) tree
established for the group. This allows downstream routers to detect when their current RP has
become unreachable and triggers joining toward an alternate RP.
By default, the Corecess S5 System is set to not generate RP reachability message. To generate
and distribute a periodic RP reachability message, enter the ip pim register-rp-
reachability command in Global configuration mode:
(config)# ip pim register-rp-reachability

(config)#
Disabling Switching From the RP to the SPT
In a typical PIM-SM domain, there may be two or more paths from a DR for a multicast source
to a PIM group receiver. One is path through the RP and the other is Shortest Path (STP).
By default, the Corecess S5 System switches from the RP to the SPT when a source sends at a
rate greater than or equal to 1000bps rate. To configure the Corecess S5 System to send
multicast packets using the RP indefinitely and does not switch over to the SPT, use the ip pim
spt-threshold infinity command in Global configuration mode.

(config)# ip pim spt-threshold infinity
To configure the Corecess S5 System to send multicast packets using the STP when a source
sends at a rate greater than or equal to 1000bps rate, use the no ip pim spt-threshold
infinity infinity command in Global configuration mode:
(config)# no ip pim spt-threshold infinity

(config)#
Configuring PIM Domain Border1
If you configure an interface to be the PIM domain border, no PIM Version 2 BSR messages will
be sent or received through the interface. Configure an interface bordering another PIM domain
to avoid BSR messages from being exchanged between the two domains. BSR messages should
not be exchanged between different domains, because routers in one domain may elect RPs in
the other domain, resulting in protocol malfunction or loss of isolation between the domains.
To prevent BSR messages from being sent or received through an interface, enter the ip pim
bsr-border command in Interface configuration mode.
The following example configures the VLAN interface to be the PIM domain border:

(config-if)# ip pim bsr-border
(config-if)#
Note: ip pim bsr-border command does not set up multicast boundaries. It sets up only a PIM
domain BSR message border.
Specifying the DR Priority
The DR priority indicates the priority level for a DR on the LAN. The higher the number, the
higher the priority. A PIM-SM router configured with a DR election priority sends to its PIM
neighbors a Hello message that contains its priority level. The PIM-SM router with the highest
priority level is elected the DR for the LAN. Local routers not configured with a DR election
priority level elect a DR based on the highest IP address.
1 Not implemented yet.

The default DR priority is 1. To specify the DR priority, use the following command in Interface
configuration mode:
Command Description
ip pim dr-priority
y <seconds>: DR priority. Valid range are 0 ~ 4294967294.
<priority>
The following example shows how to set the DR priority for the VLAN interface to 200:

(config-if)# ip pim dr-priority 200
(config-if)#

Enabling Router Compatibility with RFC 2362
By default, the Corecess S5 System is compatible with the standard PIM-SM specification
defined in RFC 2362. However, you can enable the Corecess S5 System to interoperate with
routers configured with nonstandard PIM implementations that do not comply with RFC 2362.
To enable router compatibility with RFC 2362, use the following commands:
Table 13-5 Enabling router compatibility with RFC 2362
Command Task

2. Enable the PIM-SM router to computes checksum on the PIM header
and data portion of the register packet.
ip pim cisco-register-
y group-list: Specifies the number of a standard access list that
checksum [group-list
describes the multicast groups.
<aceess-list-number>]
y <access-list-number>: Access list number (1 ~ 99,
1300 ~ 1999)
3. Enable the PIM-SM router to send non-zero prefix count in RP

ip pim crp-cisco-prefix
advertisement messages.
ip pim ignore-rp-set- 4. Enable the PIM-SM router to use the hash mask length instead of
priority priority to elect RP.
5. Enter Interface configuration mode for the VLAN interface to

interface vlan configure.
{id <id> | name <name>} y <id>: VLAN ID (1 ~ 4094)
y <name>: VLAN name
6. Prevent the PIM-SM router from appending generation identifiers to
ip pim exclude-genid
Hello messages that it sends to its neighbors.
The following example shows how to enable router compatibility with RFC 2362:
(config)# ip pim cisco-register-checksum

(config)# ip pim crp-cisco-prefix
(config)# ip pim ignore-rp-set-priority
(config-if)# ip pim exclude-genid
(config-if)# end
(config)#
Note: Use the ip pim-sm cisco-rp-prefix-count command only when the Cisco router that
does not support RFC 2362 is elected as the BSR.

Distribution of Multicast Traffic Load Using PIM-SM
Corecess S5 system supports distribution of multicast traffic load via ECMP (Equal-Cost-Multi-
Path) routing path. To use distribution of multicast traffic load PIM-SM must be enabled for the
interface in which ECMP routing path exsits.
Distribution of multicast traffic load is done in the following process. At the router that
performs PIM Join, for (*, G) Join, each group, using different routing path, transmits by
applying hash function of which the keys are used as group address, to ECMO routing path.
For (S, G) Join, similar ways are used and it transmits Join to the traffic sources through
different routing paths
To apply distribution of multicast traffic load, following commands should be used. In this
example, basic PIM-SM setup is assumed.
Command Task
configure terminal 1. Enter the Global Setup mode.
2. Set up the function that hashes the multicast group address.

y Execute modular function with number of ECMP
ip pim sparse-mode ecmp
routing paths set asmodulo-n multi cast group address
(modulo-n|hash)
y After hashing the multicast group address with hash function, set
the number of ECMP routing paths to modular function.
The following is example of setting distribution of multicast traffic load in Corecess S5 system.
(config)# ip pim sparse-mode ecmp hash

(config)#
Note : In the hash distribution of multicast traffic load, the traffic may be distributed exactly into 1/n over
ECMP paths.

Configuring PIM-DM
This section describes how to configure the PIM-DM state refresh control message interval.
Configuring State Refresh Control Message Interval
PIM-DM builds source-based multicast distribution trees that operate on a flood and prune
principle. Multicast packets from a source are flooded to all areas of a PIM-DM network. PIM
routers that receive multicast packets and have no directly connected multicast group members
or PIM neighbors send a prune message back up the source-based distribution tree toward the
source of the packets. As a result, subsequent multicast packets are not flooded to prune
branches of the distribution tree. However, the pruned state in PIM-DM times out
approximately every 3 minutes and the entire PIM-DM network is reflooded with multicast
packets and prune messages. This reflooding of unwanted traffic throughout the PIM-DM
network consumes network bandwidth.
The PIM-DM State Refresh feature keeps the pruned state in PIM-DM from timing out, which
saves network bandwidth by greatly reducing the reflooding of unwanted multicast traffic to
pruned branches of the PIM-DM network. This feature also enables PIM-DM routers to
recognize topology changes (sources joining or leaving a multicast group) before the state
refresh timeout period.
If you enable PIM-DM on the Corecess S5 System, the state refresh feature is automatically
enabled. To disable the state refresh feature, use the ip pim state-refresh disable
command.
To configure the origination interval for the state refresh control message, use the following
command:
Command Description
ip pim state-refresh origination- y <seconds>: The number of seconds between control

interval<seconds> messages. Valid range are 4 ~ 100 seconds.
Note: The origination interval for the state refresh control message must be the same for all PIM routers on the
same LAN. Specifically, the same origination interval must be configured on each router interface that is directly
connected to the LAN

The following example shows how to configure the origination interval for the state refresh
control message to 60 seconds.

(config-if)# ip pim state-refresh origination-interval 60
(config-if)#
Configuring DVMRP
This section describes how to configure a metric for DVMRP interface.
Modifying the DVMRP Metric
The DVMRP router uses the metric when establishing reverse paths to some networks on
directly attached interfaces.
The default DVMRP metric is 1. To modify a DVMRP interface’s metric, use the following
Command Description
ip dvmrp metric
y <ip-address>: The metric for this interface. Valid range are 1 ~ 32.
<metric>
The following example shows how to set a metric of 5 for the VLAN interface:

(config-if)# ip dvmrp metric 5

Configure IGMP
You can use the Corecess S5 System without additional configuration of the IGMP. If necessary,
you may configure the following IGMP features.
y Controlling access to the multicast groups
y Configuring IGMP Static Querier
y Modifying the IGMP host query message interval
y Changing the IGMP query timeout
y Changing the maximum query response time
y Enabling IGMP immediate leave feature
y Modifying the last member query count and interval
Controlling Access to the Multicast Groups
To control the multicast groups that hosts on the subnet serviced by a VLAN interface can join,
use the following command in Interface configuration mode:
Command Description
ip igmp access-group
y <seconds> Number of a standard IP access list (1 ~ 99)
In the following example, hosts serviced by the VLAN interface can join the group 225.2.2.2
only:

(config-if)# ip igmp access-group 1
(config-if)#
To disable groups on a VLAN interface, use the no ip igmp access-group command.
(config-if)# no ip igmp access-group

(config-if)#

Configuring IGMP Static Querier2
By default, IGMP querier is selected by the automatic IGMP querier selection mechanism.
However, you can configure the specified interface to act as IGMP querier using ip igmp
querier command in interface configuration mode.
To configure IGMP static querier on a VLAN interface, use the ip igmp querier command in
Interface configuration mode.
The following example enables IGMP static querier on the VLAN whose id is ‘1’:

(config-if)# ip igmp static-querier
Note: Enabling IGMP static querier may severly affect multicast forwarding. We recommend using automatic
IGMP querier selection mechanism.
To disable IGMP static querier on a VLAN interface, use no ip igmp querier command in
the interface configuration mode.

(config-if)# no ip igmp querier
You can configure statistically the router based on priority using ip igmp non-querier and
ip igmp querier IGMP commands. Any router port can be statically configured as IGMP
querier or non-querier without changing the IP address of the router port.

(config-if)# ip igmp static-non-querier
(config-if)#
2 Not implemented yet.

Modifying the IGMP Host-Query Message Interval
Multicast routers send IGMP host-query messages to discover which multicast groups are
present on attached networks. These messages are sent to the all-systems group address of
224.0.0.1 with a TTL of 1. The IGMP query interval period defines how often a router will query
an interface for group membership. Possible values are 10 ~ 43200 seconds and the default
value is 125 seconds.
To modify the IGMP query interval, use the following command in Interface configuration
mode:
Command Description
y <seconds>: Frequency, in seconds, at which to send IGMP host-
ip igmp query-interval
query messages (10 ~ 43200, seconds). Default setting is 125
<seconds>
seconds.
The following example changes the frequency at which the designated router sends IGMP host-
query messages to 120 seconds:

(config-if)# ip igmp query-interval 120
(config-if)#
To restore the default IGMP query interval, use the no igmp query-interval command in
interface configuration mode.
(config-if)# no ip igmp query-interval

(config-if)#
Note: IGMP intervals come with preset values. The defaults work well in most networks, we recommend that
you use the default interval value.

Changing the IGMP Query Timeout
You can specify the period of time before the Corecess S5 System takes over as the querier for
the interface, after the previous querier has stopped doing so. By default, the router waits twice
the query interval specified by the ip igmp query-interval command. After that time, if
the Corecess S5 System has received no queries, it becomes the querier.
By default, the IGMP query timeout value is set to 255 seconds. To change the IGMP query
timeout, use the following command in Global configuration mode:
Command Description
y <seconds>: Number of seconds that the router waits after the
ip igmp querier-timeout
previous querier has stopped querying and before it takes over as
<seconds>
the querier. Valid range are 30 ~ 1200 seconds.
The following example changes the IGMP query timeout value to 300 seconds:

(config-if)# ip igmp querier-timeout 300
(config-if)#
To reset the IGMP query timeout value, use the no ip igmp query-timeout command.

(config-if)# no ip igmp querier-timeout
(config-if)#
Changing the Maximum Query Response Time
By default, the maximum query response time advertised in IGMP queries is 10 seconds. If the
router is using IGMP Version 2, you can change this value. The maximum query response time
allows a router to quickly detect that there are no more directly connected group members on a
LAN.

To change the maximum query response time, use the following command in Interface
configuration mode:
Command Description
ip igmp
query-max-response-time y <seconds>: The maximum query response time advertised in
<seconds> IGMP queries. Valid range are 1 ~ 20 seconds.
The following example changes the maximum query response time value to 15 seconds:

(config-if)# ip igmp query-max-response-time 15
To restore the default value, use the no ip igmp query-max-response time command.
(config-if)# no ip igmp query-max-response-time

(config-if)#
Enabling IGMP Immediate Leave Feature
Normally a router sends an IGMP group-specific query message upon receipt of an IGMPv2
group leave message. The router will stop forwarding traffic for that group only if no host
replies to the query within the timeout period. The timeout period is determined by the ip
igmp last-member-query-interval command and the IGMP robustness variable, which
is defined by the IGMP specification.
If IGMP immediate leave feature is enabled, the router assumes that only one host has joined
the group and stops forwarding the group's traffic immediately upon receipt of an IGMPv2
group leave message.
By default, IGMP immediate leave feature is disabled. To minimize the leave latency of IGMP
memberships and only one receiver host is connected to each interface, use the following
Command Description
ip igmp immediate-leave
y <access-list-number>: Access list number (1 ~ 99, 1300 ~
group-list
1999)

The following example shows how to enable the immediate leave feature on the VLAN
interfaces for the multicast groups 255.2.2.2:

(config-if)# ip igmp immediate-leave group-list 1
(config-if)#
Modifying the Last Member Query Count and Interval
When a router receives an IGMP Version 2 leave group message on an interface, it waits twice
the query interval; after which, if no receiver has responded, the router drops the group
membership on that interface.
By default, the Corecess S5 System sends the Group-Specific Queries message twice every 1000
milliseconds to the group being left.
To configure the count to which the router sends IGMP group-specific host query messages and
the frequency at which the router sends IGMP group-specific host query messages, use the
following commands in Interface configuration mode:
Command Description
ip igmp last-member-query- y <count>: The count to which the router sends IGMP group-
count <count> specific host query messages.
ip igmp last-member-query- y <interval>: The frequency at which the router sends IGMP
interval <interval> group-specific host query messages.
Specifies in tenths of a second how long the system waits after receiving an IGMP leave
message before it sends another query.
The following example shows how to modify the last member query count and interval for the
VLAN interface:

(config-if)# ip igmp igmp last-member-query-count 3
(config-if)# ip igmp igmp last-member-query-interval 2000
(config-if)#

Configuring IGMP Snooping

This section describes how to configure the IGMP snooping on the Corecess S5 System. To
configure the IGMP snooping, perform the following tasks:
y Enabling IGMP snooping.
y Configuring a multicast router port
y Enabling IGMP immediately leave feature on a port interface
y Configuring a host statically to join a group
y Changing the IGMP group membership time
Enabling IGMP Snooping
By default, IGMP snooping is globally disabled on the Corecess S5 System. When globally
enabled or disabled, it is also enabled or disabled in all existing VLAN interfaces. IGMP
snooping is by default disabled on all VLANs, but can be enabled and disabled on a per-VLAN
basis. Global IGMP snooping override the VLAN IGMP snooping. If global snooping is
disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or
disable VLAN snooping.
To globally enable IGMP snooping on the Corecess S5 System and enable VLAN IGMP
snooping, use the following command in Global configuration mode:
Command Description
ip igmp snoop
y <vlan-id>: ID of a VLAN to enable IGMP snooping.
[vlan id <vlan-id>]
First, execute ip igmp snoop command to enable igmp snooping so that igmp snooping is
applied on vlan interface. After the excution of ip igmp snoop, enable igmp snooping for each
of vlan interface.
If ip igmp snoop is not executed you cannot enable igmp snooping on vlan interface.
The following is example of eabling igmp snooping on vlan id for 2 person interface.
(config)# ip igmp snoop
(config)# ip igmp snoop vlan id 2
Execute no ip igmp snoop vlan id number to disable igmp snoop on the interface where igmp
snooping is enabled.
If you do not want to use igmp snooping on the equipment regardless of vlan interface, excute
no ip igmp snoop command. Then igmp snooping is disabled for all vlan interfaces.
(config)# no ip igmp snoop
(config)# no ip igmp snoop vlan id 2

Configuring a Multicast Router Port
If membership query messages are forwarded from the Corecess S5 System to a multicast router,
there is a possibility that the router may not operate normally. According to IGMP rules, if there
are two or more IGMP querier in one LAN, the IGMP querist with the smaller IP address
operates as the IGMP querier. This is because if two or more multicast routers are connected to
one LAN, the two routers both receive multicast traffic from outside the network, and transfer
the traffic to inside the network, resulting in the same data redundantly received and
transferred.
However, if a multicast router receives a membership query message from the Corecess S5
System, which is not a multicast route, but a system that provides IGMP snooping functions,
and recognizes it as a multicast router, it may stop its role as the IGMP querier (if the IP address
of the Corecess S5 System is smaller than the IP address of the multicast router). If this happens,
a problem may occur in which the multicast router stops forwarding multicast traffic from
outside the network into the LAN. Therefore, membership query messages must not be sent
from the Corecess S5 System to the multicast router. In order to do so, the port connected to the
multicast router must be manually set as a router port.
To configure a static router port, use the command in the Global configuration mode:
Command Description
ip igmp snoop mrouter port

gigabitethernet <slot>/<port>
[vlan id <vlan-id>]
The following example adds the Gigabit Ethernet port 5/1 as a router port:
(config)# ip igmp snoop mrouter port gigabitethernet 5/1

(config)# end
# show ip igmp snoop mrouter
---- --------------------
Vlan Port
---- --------------------
1 5/1
---- --------------------
#

To remove a multicast router, use the no ip igmp snooping mrouter command in Global
configuration mode.
(config)# no ip igmp snoop mrouter port gigabitethernet 5/1

(config)#
Note: Multicast routers that support only IGMPv1 cannot process host membership report messages received
from devices that support IGMPv2. In addition, multicast routers which support only IGMPv1 can not understand
Leave messages, which are sent by hosts leaving multicast groups. Since there is no way for IGMP snooping
devices, such as the Corecess S5 System, to automatically recognize ports connected to these IGMPv1 multicast
routers, the user must manually specify them.
Enabling IGMP Immediately Leave Feature on a Port Interface
When you enable IGMP immediately leave feature, the Corecess S5 System immediately
removes a port when it detects an IGMP version 2 leave messages on that port.
To enable IGMP immediately leave feature on a port interface, use the following command in
Global configuration mode:
Command Description
ip igmp snoop fast-leave {port

gigabitethernet <slot>/<port> | vlan
id <vlan-id>}
This example shows how to enable IGMP fast-leave processing on the Gigabit Ethernet port 5/1:
(config)# ip igmp snoop fast-leave port gigabitethernet 5/1

(config)#
To disable IGMP fast-leave processing, use the no ip igmp snooping fast-leave

command:
(config)# no ip igmp snoop fast-leave port gigabitethernet 5/1

(config)#

Configuring a Host Statically to Join a Group
Hosts normally join multicast groups dynamically, but you can also configure a host statically
on an interface.
To add a port as a member of a multicast group, use the following command in Global
configuration mode:
Command Task
ip igmp snoop mgroup

y <group-address> IP address of multicast group
<group-address> port
gigabitethernet <slot>/<port> [vlan
id <vlan-id>] y <vlan-id> VLAN ID (1 ~ 4094)
This example shows how to add the Gigabit Ethernet port 5/1 as a member of the group
01:00:5e:00:02:03:
(config)# ip igmp snoop mgroup 01:00:5e:00:02:03 port gigabitethernet 5/1

(config)# end
# show ip igmp snoop
---- ------------------ ------------------ ---------- ------- ------------
vlan mac group ip group ports type timeout left
---- ------------------ ------------------ ---------- ------- ------------
1 1:0:5e:0:2:3 0.0.0.0 5/1 static 0
---- ------------------ ------------------ ---------- ------- ------------
Total number : 1
---- ------------------ ------------------ ---------- ------- ------------
#
To remove the port from the multicast group, use the no ip igmp snooping mgroup
command.
(config)# no ip igmp snoop mgroup 01:00:5e:00:02:03 port gigabitethernet 5/1

(config)#

Changing the IGMP Group Membership Timeout
IGMP group membership time defines how long a group will remain active on an interface in
the absence of a group report. You can specify how many seconds an IP Multicast group can
remain on a Corecess S5 System interface in the absence of a group report.
To change IGMP group membership time, use the following command in Global configuration
mode:
Command Description
ip igmp snoop membership y <seconds> The IGMP group membership time in seconds
timeout <seconds> from 1 to 1200 seconds.
The following example changes IGMP membership time to 200 seconds:
(config)# ip igmp snoop membership timeout 200

(config)# end
# show ip igmp snoop membership timeout
200
#

Specifying the Maximum Number of Multicast Groups
By default, each port of the Corecess S5 System can belong to up to 1024 multicast groups. To
configure the maximum number of multicast groups that a port can belong to, use the following
command in Global configuration mode:
Command Description
ip igmp snoop group- number-

limit <number> port y <number>: The number of multicast groups (1 ~ 4096)
gigabitethernet y <slot>/<port> Slot number and port number
<slot>/<port>
The following example shows how to specify the number of multicast groups for the Gigabit
Ethernet port 5/1 to 2048:
(config)# ip igmp snoop group-number-limit 2049 port gigabitethernet 5/1 2048

(config)#
To restore the default value, enter the no ip igmp snooping group-number-limit

(config)# no ip igmp snoop group-number-limit port gigabitethernet 5/1

(config)#

Monitoring IP Multicast Routing

This section describes how to display multicast routing information on the Corecess S5 System.
Displaying the Contents of IP Multicast Routing Table

To display the contents of the IP multicast routing table, enter the show ip mroute command
in Privileged mode. This command shows the multicast group address which the device deriver
set up.
Command Description
y <address>: IP address of the multicast group.

show ip mroute
y summary: Displays a one-line, abbreviated summary of each entry in
[<address> | summary]
the IP multicast routing table.
The following example shows how to display the IP multicast routing table written down to the
device for all groups.
# show ip mroute
IP Multicast Routing Table

Flags: I - Immediate Stat, T - Timed Stat, F - Forwarder installed
N - Negative Forwarder installed, D - FILTERED BY RT_LIMIT
Timers: Uptime/Stat Expiry
Interface State: Interface (Address) TTL
(10.1.1.2, 224.1.1.1), uptime 00:05:23, stat expires 00:02:03

Owner PIM-SM, Flags: TF
Incoming interface: vlan100 (100.1.1.1)
Outgoing interface list:
vlan200 (100.1.200.1) TTL:1

To see information other than the information on the multicast routing table that was
maintained by multicast routing protocol device, and to see the information on multicast
routing table of Corecess S5, execute show ip mroute <protocol> command in the privilege
mode.
Command Description
show ip mroute y <protocol>: one of the multicast routing protocols

<protocol> (i.e. pim sparse-mode, pim dense-mode, dvmrp)
The following example shows how to display the IP multicast routing table which is maintained
by the multicast protocols for all groups.
# show ip mroute pim sparse-mode
IP Multicast Routing Table

Flags: D - PIM Dense, S - PIM Sparse, V - DVMRP, C - Connected
L - Local, P - Pruned, G - Grafting, R - RP-bit set, T - SPT-bit set
F - Register flag, J - Join SPT, N - Negative Cache
Timers: Uptime/Expires
Interface state: Interface, Next-Hop, State/Mode
(10.0.0.1, 224.1.1.1), 00:04:45/00:01:44, flags: VC

Incoming interface: vlan10 (10.0.0.254), RPF neighbor 0.0.0.0
vlan20 (20.0.0.1), Forward/Sparse, 00:04:45/00:00:00

The following table describes the fields in the show ip mroute <protocol>command output:
Table 13-6 show ip mroute Field Description
Field Description
Information about the entry:
- D Entry is operating in PIM-DM
- S Entry is operating in PIM-SM
- V Entry is operating in DVMRP
- C A member of the multicast group is present on the directly connected
interface
- L The router itself is a member of the multicast group
Flags: - P Route has been pruned
- G Route has been graft
- R Indicates that the (S,G) entry is pointing towards the RP.
- T Indicates that packets have been received on the shortest path source tree.
- F Indicates that the software is Registering for a multicast source
- J For (*, G) entries, indicates that the rate of traffic flowing down the shared
tree is exceeding the SPT-Threshold set for the group. For (S, G) entries,
indicates that the entry was created because the SPT-Threshold for the group
was exceeded.
How long in hours, minutes, and seconds the entry has been in the IP multicast
Timers::
routing table / How long in hours, minutes, and seconds until the entry will be
Uptime/Expires
removed from the IP multicast routing table on the outgoing interface
The state of incoming or outgoing interface:

- Interface Name and number of the interface
Interface state - Next-Hop Next hop specifies downstream neighbor's IP address
- State/Mod Indicates that packets will be forwarded on the interface if there are
no restrictions due to access lists / mode in which the interface is operating
IP multicast routing table. The entry consists of the IP address of the source
(10.0.0.1, 224.1.1.1)
router followed by IP address of the multicast group.
flags Information about the entry.
Expected interface for a multicast packet from the source. If the packet is not
Incoming interface:
received on this interface, it is discarded.
RPF neighbor IP address of the upstream router to the source

Displaying PIM Information

This section describes how to display PIM configuration:
y PIM configuration information
y PIM configuration information for a VLAN interface
y PIM neighbor information
y PIM-SM BSR information
y PIM-SM RP information
y PIM-SM RP hash information
Displaying PIM Configuration Information
To display basic configuration information for PIM, use the show ip pim configuration
The following example shows how to display basic configuration information for PIM on the
Corecess S5 System:
# show ip pim configuration

PIM Daemon Start Time : 1d16h43m
PIM Daemon Up Time : 00:01:19
PIM Default Hello Interval : 30 secs
PIM Default Hello Holdtime : 105 secs
PIM Join/Prune Interval : 60 secs
PIM Join/Prune Holdtime : 210 secs
PIM-SM Bootstrap Interval : 60 secs
PIM-SM C-RP Adv. Interval : 60 secs
PIM SG Keepalive Time : 210 secs
PIM RP Reg Keepalive Time : 365 secs
PIM-SM Register Probe Time : 5 secs
PIM-SM Register Supp. Time : 60 secs
PIM-DM State Refresh Interval : 60 secs
#

The following table describes the fields in the show ip pim configuration command output:
Table 13-7 show ip pim configuration field descriptions
Field Description
PIM Daemon Start Time How many seconds have passed since the router is started
PIM Daemon Up Time How many seconds have passed since the PIM is enabled
The interval at which each PIM interface on the router sends periodic
PIM Default Hello Interval
hello messages to its PIM neighbor
How many seconds the local router will wait for a hello message from
PIM Default Hello Holdtime a neighbor before determining that the neighbor is no longer present
and removing cached PIM forwarding entries for the neighbor.
The interval at which the local router sends PIM-SM Join/Prune
PIM Join/Prune Interval
messages for the multicast groups it is forwarding.
The amount of time a receiver must keep the Join/Prune state alive, in
PIM Join/Prune Holdtime
seconds.
The interval at which the BSR sends the RP set to the RPs within the
PIM-SM Bootstrap Interval
PIM-SM domain.
The interval at which the candidate PR sends candidate RP

PIM-SM C-RP Adv. Interval
advertisement messages to the BSR.
PIM-SM Register Probe Time PIM-SM Register probe timer

PIM-SM Register Supp. Time PIM-SM Register suppression timer
PIM-SM SG Keepalive Expiration Time for (S,G) Keep alive timer (sec)
PIM-SM Reg Keepalive Expiration Time for (S,G) Register of P (sec)
PIM-DM State Refresh Interval The interval for the PIM-DM state refresh feature control message.

Displaying PIM Interface Information
To display information about interfaces configured for PIM, use the show ip pim
interface [detail] command in Privileged mode.
The following is sample output from the show ip pim interface command:
# show ip pim interface

Address Interface VIFindex Ver/ Nbr DR DR
Mode Count Prior
10.0.0.1 vlan10 0 v2/S 2 1 10.0.0.1
20.0.0.1 vlan20 2 v2/S 2 1 20.0.0.1
#
The following table describes the fields in the show ip pim interface command output:
Table 13-8 show ip pim interface field descriptions
Field Description
Address IP address of the VLAN interface
Interface Name of the VLAN interface
VIFindex Index number of the VLAN interface
PIM version and multicast mode in which the router is operating

Ver/Mode - v2/S: PIM version 2 / Sparse mode
- v2/D: PIM version 2 / Dense mode
Number of PIM neighbors that have been discovered through this
Nbr Count
interface
DR Priority DR priority of the VLAN interface
DR IP address of the DR (Designated Router)
The following is sample output from the show ip pim interface detail command:
# show ip pim interface detail

vlan10 (vif 0):
Address 10.10.10.20, DR 10.10.10.20
Hello period 30 seconds, Next Hello in 9 seconds
Triggered Hello period 5 seconds
PIM domain border: disabled
Neighbors: 198.92.37.1
vlan20 (vif 2):

Address 20.0.0.1, DR 20.0.0.1

Hello period 30 seconds, Next Hello in 10 seconds
Triggered Hello period 5 seconds
PIM domain border: disabled
Neighbors:
#
The following table describes the fields in the show ip pim interface detail command
output:
Table 13-9 show ip pim interface detail field descriptions
Field Description
vlan10 (vif 0) Name of the VLAN interface (Index)
Address IP address of the VLAN interface
DR IP address of the DR
Hello period Interval for the origination of the PIM hello messages
Indicates how many seconds will pass before the local router sends its next
Next Hello
hello message.
Indicates whether the interface is enabled as a PIM domain border (enable,

PIM domain border
disable)
Neighbors IP address of the PIM neighbor

Displaying PIM Neighbor Information
To display information about neighbor configured for PIM, use the show ip pim neighbor
[detail] command in Privileged mode.
The following is sample output from the show ip pim neighbor command:
# show ip pim neighbor

Neighbor Interface Uptime/Expires Ver DR
Address Priority/Mode
2.2.2.2 vlan10 00:00:05/00:01:40 v2 1 / DR
The following table describes the fields in the show ip pim neighbor command output:
Table 13-10 show ip pim neighbor field descriptions
Field Description
Neighbor Address Address of Neighbor
Interface Interface connected to Neighbor
Uptime Time that discovers Neighbor
Expires Time that lease connection when the Neighbor does not response
Version PIM version of Neighbor
DR Priority DR priority of Neighbor
Mode PIM mode of Neighbor

Displaying PIM-SM BSR Information
To display the PIM-SM bootstrap router (BSR) information, use the show ip pim bsr-
router command in Privileged mode.
# show ip pim bsr-router

PIMv2 Bootstrap information
This system is the Bootstrap Router (BSR)
BSR address: 2.2.2.2
Uptime: 00:00:57, BSR Priority: 0, Hash mask length: 10
Expires: 00:01:13
Role: Candidate BSR
State: Pending BSR
Candidate RP: 2.2.2.2(loopback1)

Advertisement interval 60 seconds
Next Candidate RP Advertisement in 00:00:59
#
The following table describes the fields in the show ip pim bsr-router command output:
Table 13-11 show ip pim bsr-router field descriptions
Field Description
BSR address IP address of the BSR
Uptime Length of time that this router has been up (in hours, minutes, and seconds
BSR Priority Priority of the BSR
Hash mask length Length of a mask (32 bits maximum)
Next Time (in hours, minutes, and seconds) in which the next candidate RP
Cand_RP_advertisement advertisement will be sent
RP List of IP addresses of RPs

Displaying PIM-SM RP Information
To display all group-to-RP mappings of which the router is aware, use the show ip pim rp
mapping command in Privileged mode.
The following is sample output from the show ip pim rp mapping command:
# show ip pim rp mapping
PIM Group-to-RP Mappings
This system is the Bootstrap Router (v2)
Group(s): 224.0.0.0/4
RP: 2.2.2.2
Info source: 2.2.2.2, via bootstrap, priority 192
Uptime: 00:02:23, expires: 00:02:10
Dynamic mapping : 1
Static mapping : 0
Total mapping : 1
#
The following table describes the fields in the show ip pim rp mapping command output:
Table 13-12 show ip pim rp mapping Field Description
Field Description
Address of the multicast group about which to display RP information (Static,

Group(s)
Dynamic)
RP Address of the RP for that group.
Info source PIM that transmits RP information
Length of time the RP has been up (in days and hours). If less than 1 day, time is
Uptime
shown in hours, minutes, and seconds.
To display which rendezvous point (RP) is being selected for a specified group, use the show
ip pim rp-hash <group-address> command in Privileged mode.
The following is sample output from the show ip pim rp-hash command with the group
address 224.0.0.0 specified.
# show ip pim rp-hash 224.0.0.0

RP: 2.2.2.2
Info source: 2.2.2.2, via bootstrap, priority 192
Uptime: 00:04:14, expires: 00:02:22 RP: 30.10.10.1

Displaying DVMRP Information

This section describes how to display DVMRP configuration:
y DVMRP configuration information
y The Status of the DVMRP Interface
y DVMRP Neighbor Information
y DVMRP Prune Information
y DVMRP Route Information
Displaying DVMRP Information
To display DVMRP information for the Corecess S5 System, use the show ip pim
configuration command in Privileged mode.
The following is sample output from the show ip pim configuration command:
# show ip dvmrp configuration

DVMRP Daemon Start Time : 1d19h14m
DVMRP Daemon Up Time : 00:00:32
DVMRP Default Metric : 1
DVMRP Probe Interval : 10 secs
DVMRP Neighbor Timeout Interval : 35 secs
DVMRP Route Report Interval : 60 secs
DVMRP Route Expiration Time : 200 secs
DVMRP Route Discard Time : 340 secs
DVMRP Holddown Period : 120 secs
#
The following table describes the fields in the show ip dvmrp configuration
command output:
Table 13-13 show ip dvmrp configuration filed descriptions
Filed Description
DVMRP Daemon Start Time How many seconds have passed since the router is started
DVMRP Daemon Up Time How many seconds have passed since the PIM is enabled
DVMRP Default Metric The metric (or cost) of all DVMRP interfaces on the router.

(Continued)
Filed Description
DVMRP Probe Interval The interval between the transmissions of probe messages.
DVMRP Neighbor Timeout If no message is received from a DVMRP neighbor during this time
Interval period, the neighbor is considered “down.”
The interval between the transmissions of route reports. A route

DVMRP Route Report Interval
report advertises all active routes.
DVMRP Route Expiration Time A route expires if it has not been refreshed within this time period.
DVMRP Route Discard Time The period of time before a route is deleted on a DVMRP router.
The period during which a deleted route is advertised with a metric

DVMRP Holddown Period
of infinity.
Displaying the Status of the DVMRP Interface
To display the status of a VLAN interface running DVMRP, use the show ip dvmrp
interface command in Privileged mode.
# show ip dvmrp interface

Address Interface Vif Ver Nbr Type Remote
Count Address
10.0.0.254 vlan10 0 v3.ff 0 SUBNET N/A
20.0.0.1 vlan20 1 v3.ff 1 SUBNET N/A
#
The following table describes the fields in the show ip dvmrp interface command output:
Table 13-14 show ip dvmrp interface field descriptions
Filed Description
Address IP address of the VLAN interface.
Interface Name of the VLAN interface.
Vif The index number of the VLAN interfaces.
Ver Version of DVMRP that is operating on the VLAN interface
Nbr Count Number of DVMRP neighbor routers.
Type Type of interface (Subnet, Tunnel)
Remote Address IP address of terminal interface

Displaying DVMRP Neighbor Information
To display information about DVMRP neighbors, use the show ip dvmrp neighbor
# show ip dvmrp neighbor

Neighbor Interface Uptime/Expires State Ver
Address
20.0.0.254 vlan20 02:46:58/00:00:27 2WAY v3.ff
#
The following table describes the fields in the show ip dvmrp neighbor command output:
Table 13-15 show ip dvmrp neighbor field descriptions
Filed Description
IP address of the DVMRP neighbor from which the interface has received Probe
Neighbor Address
messages.
Interface DVMRP interface for which neighbor information is displayed.
The amount of time the neighbor has been “up.” /

Uptime/Expires
The amount of time before the neighbor expires
State The status information of the DVMRP neighbor
Version of DVMRP that is operating on the VLAN interface. 3 indicate compliance

Ver
with the draft-ietf-idmr-dvmrp-v3-10 draft.
Displaying DVMRP Route Information
To display information about DVMRP routes, use the show ip dvmrp route command in
Privileged mode.
# show ip dvmrp route

Flags: C = ChangedRoute, D = DirectlyConnected, H = HoldDown, U = Unreachable
Route Flags Nexthop Nexthop Metric Uptime/Expires
Interface Neighbor
30.0.0/24 .... vlan20 20.0.0.254 2 02:47:17/00:03:00
20.0.0/24 .D.. vlan20 Direct Connect 1 02:47:58
10.0.0/24 .D.. vlan10 Direct Connect 1 02:48:02
#
The following table describes the fields in the show ip dvmrp route command output:

Table 13-16 show ip dvmrp route field descriptions
Filed Description
Route The route to the network.
Flags Information about the entry.
Nexthop interface The VLAN interface attached to the next hop.
Nexthop Neighbor The IP address of the next hop.
Metric The cost of DVMRP route
The amount of time the route has been saved in the DVMRP routing table /
Uptime/Expires
The amount of time before the route is removed from the DVMRP routing table
Displaying DVMRP Prune Information
To display the prunes that were received, use the show ip dvmrp prune command in
Privileged mode.
# show ip dvmrp prune

Flags: F = Forwarding, P = Pruned, G = Grafting
Source Group Flags Prune Snd Prune Rcv Prune
Address Address Interface If Counts Exptime
10.0.0.1 224.1.1.1 ... vlan10 1 01:36:27
#
The following table describes the fields in the show ip dvmrp prune command output:
Table 13-17 show ip dvmrp prune field descriptions
Field Description
Source address IP address of the source
Group address IP address of the multicast group
Flags Information about the entry.
Prune Snd Interface The interface that the local router sends the Prune message.
Prune Rcv If Counts The number of interface that receives Prune messages
Prune Exptime The amount of time before the prune message expires

Displaying IGMP Information

This section describes how to display IGMP configuration:
y IGMP information for interfaces
y IGMP multicast group information
y IGMP snooping information
y Multicast router Interface
y List of interface IGMP fast-leave is enabled
y IGMP group membership time
Displaying IGMP Information for Interfaces
To display IGMP information for interfaces configured on the Corecess S5 System, enter the
show ip igmp interface command in Privileged mode.
The following is sample output from the show ip igmp interface command:
# show ip igmp interface

Interface vlan id 10 (Index 8)
IGMP Active, Querier, Default version 2
Internet address is 10.10.10.20
IGMP querier
IGMP query interval is 125 seconds (next query in 00:00:51)
IGMP querier timeout is 255 seconds
IGMP max query response time is 10 seconds
Last member query response interval is 1000 ms
#
The following table describes the fields in the show ip igmp configuration command output:
Table 13-18 show ip igmp configuration field descriptions
Field Description
Interface Name of the interface
Internet address IP address of the interface
IGMP querier Indicates whether the interface is IGMP querier or not.

IGMP query interval The time interval between general queries.
IGMP querier timeout The timeout time before the system takes over as the querier for the interface.
IGMP max query The maximum amount of time within which a host must send a membership
response time report after it receives a query.
Last member query

The number of seconds between group-specific queries.
response interval
Last member query

The number of group-specific queries that will be sent.
count
IGMP querying router IP address of the IGMP querier
IGMP is Indicates whether IGMP is enabled or not on the interface.
Displaying Multicast Group Information
To display the multicast groups that are directly connected to the Corecess S5 System and that
were learned via IGMP snooping, use the show ip igmp snooping command in Privileged
mode.
Command Description
y <address>: Address of the multicast group for which to display
show ip igmp group host memberships.
[<address> | <if-name>] y <if-name>: Name of the interface for which to display host
memberships.
The following example displays the multicast groups that are directly connected to the Corecess
S5 System:
# show ip igmp groups

IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 vlan1 239 21 10.6.0.7

224.3.3.1 vlan1 138 122 10.9.0.5
224.3.3.2 vlan10 227 33 10.9.0.5
#
The following example shows how to display the information about the multicast group
224.3.3.2 by using the show ip igmp group <address> command:
# show ip igmp groups 224.3.3.2


224.3.3.2 vlan10 227 33 10.9.0.5
#
The following example shows how to display the information about the multicast groups on the
default VLAN interface by using the show ip igmp group <if-name> command:
# show ip igmp groups vlan id 1

224.1.1.1 vlan1 239 21 10.6.0.7
224.3.3.1 vlan1 138 122 10.9.0.5
#
The following table describes the fields in the show ip igmp group command output:
Table 13-19 show ip igmp group field descriptions
Field Description
Group Address The IP address of the multicast group.
Interface Name of the interface that belongs to the multicast group.
Uptime The amount of time that the interface has been a member of the group.
Expires The amount of time left before membership to the group expires.
Last Reporter The interface on which a membership report for the group was last received.

Displaying IGMP Snooping
To display IGMP snooping, use the show ip igmp snoop command in Privileged mode.
Command Description
y <vlan-id> VLAN ID (1 ~ 4094). Displaying IGMP snooping

show ip igmp snoop information for a specific VLAN interface.
[vlan id <vlan-id> |
y static Displays static multicast groups.
static | dynamic]
y dynamic Displays dynamic multicast groups.
The following example displays the IGMP snooping information on the Corecess S5 System.
# show ip igmp snoop

---- --------------- --------------- ---------- ------- -------
vlan mac group group ip ports type timeout
---- --------------- --------------- ---------- ------- -------
1 1:0:5e:64:64:65 239.100.100.101 5/1,5/2 static N/A
2 0:a0:cc:77:a1:8d 224.1.2.3 5/3-4 dynamic 240
---- --------------- --------------- ---------- ------- -------
Total number : 2
---- --------------- --------------- ---------- ------- -------
#
The following example displays the IGMP snooping of the default VLAN using the show ip
igmp snoop vlan command.
# show ip igmp snoop vlan id 1

---- --------------- --------------- ---------- ------- -------
---- --------------- --------------- ---------- ------- -------
1 1:0:5e:64:64:65 239.100.100.101 5/1,5/2 static N/A
---- --------------- --------------- ---------- ------- -------
Total number : 1
---- --------------- --------------- ---------- ------- -------
#
The following example displays the multicast groups that were learned via IGMP snooping:
# show ip igmp snoop vlan id 1

---- --------------- --------------- ---------- ------- -------

---- --------------- --------------- ---------- ------- -------

2 0:a0:cc:77:a1:8d 224.1.2.3 5/3-4 dynamic 240
---- --------------- --------------- ---------- ------- -------
Total number : 1
---- --------------- --------------- ---------- ------- -------
#
The following table describes the fields in the show ip igmp snooping command output:
Table 13-20 show ip igmp snooping field descriptions
Filed Description
vlan VLAN ID of the multicast group.
mac group MAC Address of the multicast group.
group ip IP Address of the multicast group. In case of a static multicast group, 0.0.0.0 is displayed.
ports Interface through which the group is reachable.
How the multicast group is registered.

type - static : Multicast groups that are directly connected to the system.
- dynamic : Multicast groups that were learned by IGMP snooping.
How long in seconds until the entry is removed from the IGMP groups table. In case of a
timeout left
static multicast group, 0 is displayed.
Displaying Multicast Router Interface
To display information on dynamically learned and manually configured multicast router

interfaces, use the show ip igmp snoop mrouter command in Privileged mode.
The following example shows how to display information on multicast router interfaces on the
Corecess S5 System:
# show ip igmp snoop mrouter

---------- ----- ---------------
port vlan router ip
---------- ----- ---------------
5/1 1 172.19.2.1
---------- ----- ---------------
Total Number : 1
---------- ----- ---------------
#

The following table describes the fields in the show ip igmp snoop mrouter command
output:
Table 13-21 show ip igmp snooping mrouter field descriptions
Filed Description
port Slot number and port number of the multicast router port
vlan ID of the VLAN that the multicast router port belongs to.
router ip IP address of multicast router that the multicast port is connected to.
Total Number The number of multicast router ports that are registered to the system.
Displaying the List of Interfaces IGMP Fast-leave is Enabled
To display the list of the VLANs and ports which IGMP immediately leave feature is enabled on,
use the show ip igmp snoop fast-leave command in Privileged mode. If you enable
IGMP immediately leave feature, the system immediately removes a port when it detects an
IGMP version 2 leave messages on that VLAN or port.
The following is the sample output from show ip igmp snoop fast-leave command:
# show ip igmp snoop fast-leave

vlan : 1
port : 5/1
#
Displaying IGMP Group Membership Time
To display IGMP group membership time which defines how long a group will remain active
on an interface in the absence of a group report, use the show ip igmp snooping
membership timeout command in Privileged mode.
# show ip igmp snoop membership timeout

260
#

IP Multicast Routing Commands

The following table lists the commands for configuring IP multicast on the Corecess S5 System
and displaying IP multicast configuration:
Table 13-22 IP multicast routing commands
Command Description
Enables DVMRP (Distance Vector Multicast Routing Protocol) on a VLAN

ip dvmrp
interface.
ip dvmrp metric Configures the interface metric for DVMRP reports.
Control the multicast groups that hosts on the subnet serviced by an

ip igmp access-group
interface can join.
ip igmp immediate- Minimizes the leave latency of IGMP memberships and only one receiver
leave host is connected to each interface
ip igmp last-member- Configures the count to which the router sends IGMP group-specific host
query-count query messages.
ip igmp last-member- Configures the frequency at which the software sends IGMP group
query-interval specific host query messages.
ip igmp querier- Configures the timeout time before the router takes over as the querier for
timeout the interface.
ip igmp query- Configures the frequency at which the software sends IGMP host query
interval messages.
ip igmp query-max-
Configures the maximum response time advertised in IGMP queries.
response-time
ip igmp static-non- Configures an interface as IGMP non-querier which will not send IGMP
querier query messages and thus will not be able to manage the IGMP hosts.
ip igmp static- Configures an interface as IGMP querier which will send IGMP query
querier messages and thus will be able to manage the IGMP hosts.
ip igmp snoop Enables IGMP snooping feature on the router.
Enables IGMP immediately leave feature which is the router immediately

ip igmp snoop
removes a port when it detects an IGMP version 2 leave message on that
fast-leave
port.
ip igmp snoop group- Configure the maximum number of multicast groups that a port can
number-limit belong to.
ip igmp snoop Specifies IGMP group membership time which defines how long a group
membership timeout will remain active on an interface in the absence of a group report.
ip igmp snoop mgroup Adds a port as a member of a multicast group.

(Continued)

Command Description
ip igmp snoop mrouter Configures a static router port.
ip mroute Adds static multicast routes.
ip multicast-routing Enables PIM or DVMRP on the router.
ip pim accept- Configures a candidate RP (Rendezvous Point) router to filter PIM

register list register messages.
Configures a router to accept Joins or Prunes destined for a specified RP

ip pim accept-rp list
and for a specific list of groups.
ip pim bsr-border Configures the interface to be the PIM domain border.
ip pim bsr-candidate Configures the router to announce its candidacy as a BSR.
ip pim cisco- Enables the PIM-SM router to computes checksum on the PIM header
register-checksum and data portion of the register packet.
ip pim crp-cisco- Enables the PIM-SM router to send non-zero prefix count in RP
prefix advertisement messages.
ip pim dense-mode Enables PIM-SM on a VLAN interface.
ip pim dr-priority Specifies PIM DR (Designated Router) priority.
Prevent the PIM-SM router from appending generation identifiers to

ip pim exclude-genid
Hello messages that it sends to its neighbors.
ip pim hello-holdtime Configures PIM hello hold time.
ip pim hello-interval Configures PIM hello message interval.
ip pim neighbor-
Prevent a router from participating in PIM.
filter
ip pim ignore-rp-set- Enable the PIM-SM router to use the hash mask length instead of
priority priority to elect RP.
ip pim jp-timer Configures PIM Join/Prune message interval.
ip pim register-rate Sets a limit on the maximum number of PIM-SM register messages sent
limit per second for each (S, G) routing entry.
ip pim register-rp-
To generate and distribute a periodic RP reachability message.
reachability
ip pim register-
Specifies the IP source address of PIM-SM Register message.
source
ip pim register-
Configures PIM-SM Register suppression timers.
suppression
ip pim rp-address Configures RP statically in PIM domain.
ip pim rp-candidate configure the local router as a candidate RP
(Continued)

Command Description
ip pim rp-register-
Set keepalive timer value to monitor PIM register message.
kat
ip pim spt-threshold
Causes all sources for the specified group to use the shared-tree.
infinity
ip pim sparse-mode Enables PIM-SM on a VLAN interface.
ip pim state-refresh
Disables PIM-DM the state refresh feature.
disable
ip pim state-refresh
Configures the origination interval for the state refresh control message.
origination-interval
show ip dvmrp
Displays DVMRP global parameters.
configuration
show ip dvmrp
Displays DVMRP interface information.
interface
show ip dvmrp
Displays DVMRP-neighbor information on a per-interface basis.
neighbor
show ip dvmrp prune Displays the DVMRP upstream prune state.
show ip dvmrp route Displays the DVMRP routing table contents.
Displays IGMP host members for a particular multicast group or for all
show ip igmp group
multicast groups
show ip igmp
Displays IGMP related information about an interface.
interface
Displays the multicast groups with receivers that are directly connected
show ip igmp snoop
to the router, and that were learned through IGMP snooping.
show ip igmp snoop display the list of the VLANs and ports which IGMP immediately leave
fast-leave feature is enabled on
Displays IGMP group membership time which defines how long a

show ip igmp snoop
group will remain active on an interface in the absence of a group
membership
report.
show ip igmp snoop Displays information on dynamically learned and manually configured
mrouter multicast router interfaces
show ip pim
Display the PIM-SM bootstrap router (BSR) information
bsr-router
show ip pim
Displays basic configuration information for PIM
configuration
show ip pim interface Displays information about interfaces configured for PIM
show ip pim neighbor Displays information about PIM neighbor.

(Continued)

Command Description
show ip pim rp
Displays all group-to-RP mappings of which the router is aware
mapping
show ip pim rp-hash Displays which RP is being selected for a specified group


Chapter 14 Configuring Routing Protocol
This chapter describes how to configure the following routing protocols supported by the Corecess S5
System:
9 Configuring Static Route 14-2
9 Configuring BGP 14-8
9 Configuring OSPF 14-59
9 Configuring IS-IS 14-84
9 Configuring RIP 14-109

Configuring Static Route

This section describes types of static route which supports the Corecess S5 System and how to
configure each static route.
Type of Static Route

The following types of static route can be configured in the Corecess S5 System.
y Standard Route
The standard route consists of a network address of a destination, a network mask and an IP
address of next hop gateway. The standard route transmits packets that destination is a
particular network or host to the specified next hop router.
y VLAN Interface Route

The VLAN interface route consists of a network address of a destination, a network mask and
a VLAN interface. The VLAN interface route transmits packets that destination is a particular
network or host to the specified VLAN interface.
y Loopback route
The loopback route consists of a network address of a destination, a network mask and an
index number of a loopback interface. The loopback route transmits packets that destination
is a particular network or host to the specified loopback interface. The loopback route is used
for testing of the loopback path.
y Null Route
The null route consists of a network address of a destination, a network mask and an index
number of the null interface. If the null route can not use the standard route, the null route is
used as a backup route for discarding traffic.
y Default Route (default gateway)

The default gateway is used for the transmission of packets that are not matched with other
routing entries. If the default route is not in the routing table, the router can not transmit
packets that are not matched with other routing table entries.

Configuring the Standard Route

The standard route transmits packets that destination is a particular network or host to the
specified next hop router. To add the standard static route to the routing table of the Corecess
S5 System, use the following commands in Privileged mode.
Table 14-1 Configuring the Standard Route
Command Task
2. Add the standard static route.

ip route <address>/<M> y <address> Network address of the destination
<gateway> [<distance>] y <M> Subnet mask of the destination (CIDR)
y <gateway> IP address of the next hop router
y <distance> Administrative distance of the route (1-255)
show ip route static 4. Verify the route configuration.
The following example shows how to add the static route. The destination address is 192.0.0.0/8,
and the IP address of the next hop router is 195.1.1.1:
(config)# ip route 192.0.0.0/8 195.1.1.1

(config)# end
# show ip route static

S 192.0.0.0/8 [1/0] via 195.1.1.1

connected 0
static 1
Total 1
Configuring Routing Protocol 14-3

Configuring the VLAN Interface Route

The VLAN interface route transmits packets that destination is a particular network or host to
the specified VLAN interface. To add the VLAN interface route to the routing table of the
Corecess S5 System, use the following commands in Privileged mode.
Table 14-2 Configuring the VLAN Interface Route
Command Task
2. Add the VLAN interface route.

vlan {id <vlan-id> | y <M> Subnet mask of the destination (CIDR)
name <vlan-name>} y <vlan-id> VLAN ID (1~4094)
[<distance>] y <vlan-name> VLAN name
Note: When you configure the VLAN interface route, the VLAN interface that is used as the next hop should be
enabled. If the VLAN interface is not enabled, the message of ‘% Malformed gateway or
interface not found.’ is displayed on the console terminal. To enable the VLAN interface, use
interface vlan id <vlan-id> command in Global configuration mode.
The following example shows how to configure the static route that uses the VLAN as the next
hop:
(config)# ip route 192.129.2.0/24 vlan id 1

(config)# end

S 192.129.2.0/24 [1/0] is directly connected, vlan1

connected 0
static 1
Total 1

Configure the Loopback Route

The loopback route transmits packets that destination is a particular network or host to the
specified loopback interface. The packet, which is transmitted to the loopback interface, is not
transmitted to the destination. The packet is immediately returned to the source instead. To add
the loopback route to the routing table of the Corecess S5 System, use the following commands
in Privileged mode.
Table 14-3 Configure the Loopback Route
Command Task
2. Add the loopback route.

loopback-id <index> y <M> Subnet mask of the destination (CIDR)
[<distance>] y <index> Index number of the loopback interface (1~32)
Note: When you configure the loopback route, the loopback interface should be enabled. If the loopback
interface is not enabled, the message of ‘% Malformed gateway or interface not
found.’ is displayed on the console terminal. To enable the loopback interface, use interface
loopback id <index> command in Global configuration mode.
The following example shows how to configure the static route that transmits the packet to the
loopback interface.
(config)# ip route 192.45.6.1/32 loopback id 1

(config)# end

S 192.45.6.1/32 [1/0] is directly connected, loopback1

connected 0
static 1
Total 1

Configuring the Null Route

The null route discards packets when receiving packets that the destination is a particular
network or host. To add the null route to the routing table of the Corecess S5 System, use the
following commands in Privileged mode.
Table 14-4 Configuring the Null Route
Command Task
2. Add the null route.

null-id <index> y <M> Subnet mask of the destination (CIDR)
[<distance>] y <index> Index number of the null interface (1 ~ 32)
y <distance> Administrative distance of the route (1~255)

Note: When you configure the null route, the null interface should be enabled. If the null interface is not
enabled, the message of ‘% Malformed gateway or interface not found.’ is displayed
on the console terminal. To enable the null interface, use interface null id <index> command in
The following example shows how to configure the static route that discards packets.
(config)# ip route 209.157.22.0/24 null id 1

(config)# end

S 209.157.22.0/24 [1/0] is directly connected, null1

connected 0
static 1
Total 1

Configuring the Default Gateway

The default gateway is used for the transmission of packets that are not matched with other
routing entries. To add the default gateway to the routing table of the Corecess S5 System, use
the following commands in Privileged mode.
Table 14-5 Configuring the Default Gateway
Command Task

2. Specify IP address of the default gateway.
ip route default
<gateway> [<distance>] y <gateway-address> IP address of the default gateway
The following example shows how to add the default route:
(config)# ip route default 172.168.99.254

(config)# end

via 172.168.99.254
S 192.0.0.0/8 [1/0] via 195.1.1.1

connected 0
static 1
Total 1

Configuring BGP
Configuring BGP
BGP(Border Gateway Protocol) Overview
BGP Introduction
The BGP (Border Gateway Protocol) is an external gateway protocol to exchange routing
information among IP routers that are in the different AS (Autonomous System). The BGP is
defined in RFC 1105, and the current version is BGP4 which is defined in RFC 1771. The BGP is
generally used for ISP (Internet Service Provider). The BGP is used not only in huge commerce
networks but also in multi home networks.
An AS is a set of network under the same routing policy and management policy, and an
enterprise intranet that consists of several networks with the same policy is an example of AS.
Routers in the same AS can use internal gateway protocols, such as RIP or OSPF, to exchange
routing information. But if the routers exchange information with routers that are in the
different AS, the routers should use external gateway protocols such as BGP4.
The following picture shows the example of BGP-4 AS. Each AS has three BGP-4 routers. BGP-4
routers of the same AS exchange information using IBGP, and BGP-4 routers of the different AS
exchange information using EBGP. Each router also uses internal gateway protocols. Routers of
AS 1 are OSPF routers, and routers of AS 2 are RIP routers. You can configure the Corecess S5
System to redistribute routes among BGP4, RIP and OSPF, and also to redistribute static routes.
AS1 AS2
OSPF RIP
EBGP
IBGP IBGP IBGP IBGP
IBGP IBGP
OSPF OSPF RIP RIP

Configuring BGP
BGP Route Table and IP Route Table
The BGP4 route table of the Corecess S5 System can have several routes for the same
destination, and these routes are received from other BGP4 neighbors. The BGP4 neighbor is a
router that is executing BGP4 routing. The BGP neighbor uses TCP port 179 to transmit
information. If the Corecess S5 System is configured to the BGP router, the network
administrator should define BGP4 neighbors first.
Even the BGP4 routing table of routers can have several routes, but the BGP4 protocol evaluates
each route and chooses an optimal route to transmit the IP route table. If a problem occurs in
the route, the BGP4 protocol updates route information of the IP route table.
The BGP route includes the following information:
y Network number (Prefix): This value consists of the network mask bit and the IP address and
is displayed as the form of ‘address/mask’. For example, ‘192.215.129.0/18’ means that the
network mask of eighteen bit is applied to the IP address of ‘192.215.129.0’. When the BGP4
router transmits routes to neighbor routers, the routes are expressed with the form.
y AS Path: The AS path of a list of AS that routes are passed. The BGP4 router can use the AS
path to detect or remove the routing loop. For example, if the route that is received from the
BGP4 router includes the AS number of the current router, the router detects the loop and
does not add the route to its BGP4 table.
y Path Attribute: The path attribute is the list of parameters that displays the attribute of route
(ORIGIN, AS-PATH, NEXT-HOP, MED, local- pref. and, aggregator, etc.).
When the Corecess S5 System connects a BGP session with neighbor routers (BGP peer)
successfully, the Corecess S5 System exchanges the BGP routing table to the neighbor. After this
initial exchange of information, the Corecess S5 System only exchanges the UPDATE message
to inform new routes, changed routes and unavailable routes.
The BGP router transmits the KEEPALIVE message periodically to maintain the BGP session
with neighbor routers.

Configuring BGP
BGP Path Selection Process
BGP selects only one path as the best path. When the path is selected, BGP puts the selected
path in its routing table and propagates the path to its neighbors. BGP uses the following
criteria, in the order presented, to select a path for a destination:
1. If the path specifies a next hop that is inaccessible, drop the update.
2. Prefer the path with the largest weight.
3. If the weights are the same, prefer the path with the largest local preference.
4. If the local preferences are the same, prefer the path that was originated by BGP running on
this router.
5. If no route was originated, prefer the route that has the shortest AS-path.
6. If all paths have the same AS-path length, prefer the path with the lowest origin type (where
IGP is lower than EGP, and EGP is lower than Incomplete).
7. If the origin codes are the same, prefer the path with the lowest MED attribute.
8. If the paths have the same MED, prefer the external path over the internal path.
9. If the paths are still the same, prefer the path through the closest IGP neighbor.
Generally, the important element is the length of AS_path because the elements about the BGP
path such as weight or the local preference are same.

Configuring BGP
Basic BGP Configuration
BGP Configuration Procedure
The BGP configuration procedure in the Corecess S5 System is as follows:

1. Enabling BGP
2. Setting Router ID
3. Configuring BGP neighbors
4. Configuring BGP peer group
5. Setting BGP neighbor Parameter
6. Setting BGP Parameter
Enabling BGP
To enable the BGP protocol on the Corecess S5 System, execute the following tasks :
1. Enabling BGP Protocol
2. Specifying Local AS Number
3. Specifying BGP Network
To enable the BGP protocol and specify the BGP network, use the following commands.
Table 14-6 Enabling BGP
Command Task
2. Enable BGP process on the system.

router bgp <as-num>
y <as-num>: AS (Autonomous System) number (1 ~ 65535)
3. Specifies the networks to be advertised by the BGP and multi protocol
BGP routing processes.
network <network- y <network-num>: Network that BGP or multi protocol BGP will
num>/<M> [multicast | advertise. This network should be connected directly or a route to
unicast multicast] the network specified must be present in the routing table.
y <M>: Network or sub-network mask
The following example enables BGP process for autonomous system 100 and sets up network
200.10.10.0 to be included in the BGP updates:

Configuring BGP
(config)# bgp router 100

(config-router)# network 200.10.10.0/24
(config-router)#
To remove a routing process, use the no router bgp command in Global configuration mode.
Specifying Router ID (Optional)
The BGP and OSPF routing protocol should use a router ID to identify each router on the
network. Therefore, the router ID should be unique. By default, the Corecess S5 System uses the
IP address of the loopback interface that has the lowest index number for the router ID. If the
loopback interface is not defined in the Corecess S5 System, the lowest number of the interface
IP address that is defined in the Corecess S5 System is used for the router ID.
The Corecess S5 System uses the same router ID as the one of BGP and OSPF. Therefore, if
OSPF is already configured in the Corecess S5 System, the router ID of OSPF is used. If OSPF is
not configured in the system, the default router ID or the static router ID can be assigned.
To specify the router ID in the Corecess S5 System, use the following commands.
Table 14-7 Specifying Router ID
Command Task
2. Enable BGP process on the system.

router bgp <as-num>
y <as-num>: AS (Autonomous System) number (1 ~ 65535)
bgp router-id 3. Specify the router ID
<router-id> y <router-id> Static router ID
The following example shows how to specify the static router ID.
(config)# router bgp 100
(config-router)# bgp router-id 1.1.1.1
(config-router)#
If you change the router ID of the BGP network that is already operating, the new ID is applied
after system rebooting or BGP process restarting. To restart BGP process manually, use the
clear ip bgp command.

Configuring BGP

Configuring BGP
Configure BGP Neighbors
Two BGP routers become neighbors once they establish a TCP connection between each other.
You should specify the IP address and AS number of the neighbor because the BGP protocol
does not search neighbors automatically to exchange routing information.
To specify a BGP neighbor, use the following command in BGP configuration mode:
Command Description
y <ip-address>: IP address of the neighbor.

neighbor <ip-address>
y <as-num>: AS (Autonomous System) number which the neighbor
remote-as <as-num>
belongs to (1 ~ 65535).
The following example adds BGP neighbors to exchange BGP routing information in each
router (RTA, RTB, RTC, and RTD):
AS100 AS300
IBGP
AS200
RTA
(config-router)# neighbor 170.16.1.2 remote-as 200
RTB
RTC

Configuring BGP
RTD
Configuring BGP Peer Group
There may be a lot of neighbors that should consist of the same update policy such as route
map, distribute list, filter list and update source. The neighbor can group together for the simple
configuration and efficiency, and the group is called ‘peer group.
With the BGP peer group, you can set the same parameters of BGP neighbors once. Also, you
can save flash memory because the fewer configuration commands are saved into the backup
configuration file.
All parameters of BGP neighbor can be set in the peer group. When a neighbor is added in the
peer group, the neighbor has the same parameter attribute that is set in the peer group. If a
parameter value is not set in the peer group, or each neighbor is not set a parameter, the
neighbor uses the default parameter value.
Reference of the BGP Peer Group Configuration

When you configure the BGP peer group, refer the following articles.
y You should configure the peer group before a neighbor is added in the peer group.
y When the parameter values that are applied to the peer group are removed, if the parameter values
are not set to each neighbor, the default values are set to the neighbor. In this case, the values that
are set to each router are applied to the router, and the default values are applied to other routers.
y When you add a neighbor to the peer group, you can not configure the following parameters in the
neighbor.
- Default-information-originate
- Next-hop-self
- route map (Outbound)
- filter list (Outbound)
- distribute list (Outbound)
- prefix list (Outbound)
- Remote AS
- Route reflector client
- Send community, Timers

Configuring BGP
- Update source
y If you change the outbound parameter of each neighbor, remove neighbors from the peer group. In
this case, you can not add the neighbors to the same peer group again and can add the neighbors to
the different peer group. Neighbors in the peer group should have the same value of outbound
parameters. If you change the outbound parameter values of all neighbors to the same values in the
peer group, change the parameters of the peer group. In this case, you do not need to remove
neighbors and change each parameter.
y If you set the outbound parameter for the peer group, the parameter is applied to all neighbors in
peer group automatically.
y When you add a neighbor to the peer group, the system software removes all outbound parameters
of the neighbor from the current configuration. Thus, if you save the current system configuration to
the backup configuration file, the backup configuration file does not include outbound parameters
for each neighbor in the peer group. The only outbound parameters that are included in the backup
configuration file are related to the peer group. But the current configuration file and the backup
configuration file can have not only each of outbound parameter but also the parameter of
neighbors in the peer group.
Defining BGP Peer group

The following example shows how to define the IBGP peer group named ‘internal’. Each
member of the peer group is in the same AS (AS 100).

(config-router)# neighbor internal peer-group
(config-router)# neighbor 172.16.232.53 peer-group internal
(config-router)#
The following example shows how to define the EBGP peer group named ‘external’. Each
member of the peer group is in the different AS (AS 200, 300, 400).

(config-router)# neighbor external-peers peer-group
(config-router)# neighbor 172.16.232.90 peer-group external-peers

Configuring BGP
(config-router)#

Configuring BGP
Setting BGP Neighbor Parameter
After the configuration of the BGP neighbor or the BGP peer group, you can set the following
BGP neighbor parameters.
Table 14-8 BGP neighbor Parameters
capability route-
Set the router to request route refresh dynamically with BGP neighbor.
refresh
default-originate Allow to use the default route of the BGP neighbor.
description Add a simple explanation for the BGP neighbor.
Filter routing information that is transmitted or received to the BGP neighbor

distribute-list
depending on the condition of the access list.
ebgp-multihop Connect the router to external node.

filter-list
using the AS-path access list.
Specify the maximum number of prefix that can be received from the BGP
maximum-prefix
neighbor.
Change the next hop of the route to its IP address when the route is transmitted to
next-hop-self
the specified BGP neighbor.
Set a TCP port that is used when connection between the BGP neighbor and the
port
BGP session.

prefix-list
using the Prefix list.
Filter route that is transmitted or received to the BGP neighbor using the route
route-map map or change the attribute of the route (weight, community, local preference,
metric, next hop, etc.)
route-reflector- Set a local router to the BGP route reflector of the specified neighbor. The route
client reflector transmits the route that is learned from other router to other routers.
Transmit the community attribute together when the route is transmitted to the
send-community
specified BGP router.
shutdown Remove all sessions and routing information for the BGP neighbor.
soft-reconfiguration Apply the changed configuration for the BGP neighbor.
timers Set the timer value for the BGP neighbor.
Allow to specify the BGP neighbor using the loopback interface instead of
update-source
physical interface from the other BGP router.
version Specify the BGP version for the communication to the BGP neighbor.
weight Specify the value of weight to the received route that is from the BGP neighbor.

Configuring BGP
The following section explains how to configure the BGP neighbor parameters.
Set the Dynamic Route Refresh

To set the router to request the route refresh dynamically with the specified BGP neighbor, use
the following command in BGP configuration mode.
Command Task
neighbor {<ip-address> |
y <ip-address> IP address of the BGP neighbor
<peer-group-name>}
capability route-refresh y <peer-group-name> Name of the BGP peer group
When the routing policy of a particular node is changed, the node requests the latest route
information to BGP neighbor. If you use this command, you can set the local router to renew the
route information dynamically with the specified BGP neighbor.
The BGP router, which supports the route refresh, requests the route refresh with the OPEN
message. The BGP router only transmits the route refresh information to the BGP neighbor that
requested the route information. If a BGP router does not support the route refresh, the request
is ignored, but a BGP router that supports the route refresh transmits its RIB (Routing
Information Base) to response the request.
The following example shows how to set the routers to request the route refresh.

(config-router)# neighbor 168.31.1.9 capability route-refresh
(config-router)#

Configuring BGP
Setting Whether Transmits the Default Route

To allow the BGP neighbor to become the default route of the BGP neighbor, use the following
command in BGP configuration mode.
Command Task
neighbor {<ip-address> | y <ip-address> IP address of the BGP neighbor

<peer-group-name>} default- y <peer-group-name> Name of the BGP peer group
originate always [route-map y <route-map> Route map name to apply the default route
<map-name>] (0.0.0.0)
The following example shows how to set the BGP router to transmit the default route entry .

(config-router)# neighbor 160.89.1.2 default-originate always
(config-router)#
Adding an Explanation for the BGP Neighbor

To add simple text information such as a name of the BGP neighbor, use the following
command.
Command Task
y <peer-group-name> Name of the BGP peer group
<peer-group-name>}
y <string> Explanation for the BGP neighbor (Maximum 80
description <string>
character)
The following example shows how to add an explanation to the BGP neighbor.

(config-router)# network 160.89.0.0
(config-router)# neighbor 160.89.2.3 description peer with abc.com
(config-router)#

Configuring BGP
Filtering the Route

The route filtering is a function to control the route information for the BGP neighbor. The
Corecess S5 System supports four BGP route filtering method as follows:
y Route Filtering using access list
y Route Filtering using route map
y Route Filtering using AS-path
y Route Filtering using IP prefix
You can not apply filtering lists of the access list and IP prefix to the same BGP neighbor.
Route Filtering using Access List

To filter the route information for the specified neighbor with the condition of the access list, use
the following command in BGP configuration mode.
Command Task
y <access-list-number> Number of an access list to apply (500 ~
neighbor <ip-address>
999)
distribute-list
y in Apply the access list when receiving the routing information
from the specified BGP neighbor.
{in | out}
y out Apply the access list when transmitting the routing information
from the specified BGP neighbor.
The following example shows how to set filtering with access list. When the BGP router in AS
100 receives routing information from the BGP neighbor that IP address is 163.130.0.1, the
information is filtered depending on the condition of the access list (500).

(config-router)# neighbor 160.13.0.1 distribute-list 500 in
(config-router)#
The following example shows how to set filtering with access list. When the BGP router in AS
100 transmits routing information from the BGP neighbor that IP address is 163.130.0.1, the
information is filtered depending on the condition of the access list (500).

(config-router)# neighbor 160.13.0.1 distribute-list 510 out
(config-router)#

Configuring BGP
Route Filtering using Route Map

To specify the route map that is applied to the route for the specified BGP neighbor, use the
following command in BGP configuration mode.
Command Task

y <route-map-name> Name of the route map to apply
<peer-group-name}
y in Apply the route map to the receiving route from the BGP
route-map <rout-map-
neighbor.
name> {in | out}
y out Apply the route map to the transmitting route from the BGP
neighbor.
You can filter a particular route or the attribute of the route with the route map.
AS 100 AS 200
RTA RTB
170.10.1.1 170.10.1.2
180.10.1.2
180.10.1.1
RTC
AS 300
On the network configuration as above, RTA receives information for the local network of AS
200 and the network of AS 300 through RTB. If you want RTA to receive information only for
the local network of AS 200 and want to set the weight value of the received route to 20, use the
neighbor route-map command.
First, define the route map (map1) and the AS-path access list (path1) as follows:
(config)# route-map map1 permit 10

(config-route-map)# match as-path path1
(config-route-map)# set weight 20
(config-route-map)# exit
(config)# ip as-path access-list path1 permit ^200$

Configuring BGP
Then, apply the defined route map to RTA as follows.

(config-router)# neighbor 170.10.1.2 route-map map1 in
Route Filtering using AS-path Access List

To filter route updates using as-path access list, use the following command in BGP
configuration mode:
Command Task

neighbor {<ip-address> | y <bgp-address-list> Number of the AS-path access list to
<peer-group-name} apply (500 ~ 999)
filter-list <bgp-access- y in Apply the AS-path access list to the receiving route from the
list> {in | out} BGP neighbor.
y out Apply the AS-path access list to the transmitting route from
the BGP neighbor.
The following example shows how to filter the route using the AS-path access list.
(config)# ip as-path access-list 500 deny _200_

(config)# ip as-path access-list 500 deny ^2000$
(config-router)# neighbor 192.10.10.1 filter-list 1 out
Route Filtering using Prefix List

To specify a neighbor to apply a prefix list, use the following command in BGP configuration
mode:
Command Task

y <prefix-list-name> Name of the prefix list to apply
<peer-group-name}
y in Apply the prefix list to the receiving route from the BGP
prefix-list <prefix-list-
neighbor.
name> {in | out}
y out Apply the prefix list to the transmitting route from the BGP
neighbor.

Configuring BGP
You can configure the maximum number of 1000 IP prefix list filters in the Corecess S5 System.
To configure the IP prefix list, use the ip prefix-list command in Global configuration
mode.
The following example applies the prefix list named prefix ii to incoming advertisements to
neighbor 120.10.1.1:

(config-router)# neighbor 120.10.1.1 prefix-list ii in
(config-router)#
Specifying Multihop
If you specify an external node to the BGP neighbor for the EBGP connection, use neighbor
ebgp-multihop command in BGP configuration mode.
Command Task

<peer-group-name} y <peer-group-name> Name of the BGP peer group
ebgp-multihop [<ttl>] y <ttl> Number of hop BGP between nodes to connect (1 ~ 255).
When executing the neighbor ebgp-multihop command, you can specify the number of hop (1 ~
255) between the specified neighbor and external nodes that allow the EBGP connection. The
number of hop is called TTL. If you set TTL to 1, you can not specify the node that over two
routers is in the connection to the EBGP neighbor.
The following example shows that two interface set the TCP connection for the BGP routing.
AS 100 AS 300
RTA RTB
172.16.1.2 172.16.1.3
180.25.1.1
RTA
(config-router)# neighbor 180.225.1.1 ebgp-multihop
(config-router)#

Configuring BGP
RTB
(config-router)#
Setting the Maximum Number of IP Prefix

To set the maximum number of IP prefix that is received from the specified BGP neighbor, use
the neighbor maximum-prefix command in BGP configuration mode.
Command Task

y <maximum> Maximum number of the prefix (1 ~ 4294967295)
<peer-group-name}
y <threshold> Percentage value (0 ~ 100%). The default value is
maximum-prefix <maximum>
75%. If the number of prefix exceeds the maximum number that is
[<threshold>] [warning-
set in <maximum>, the warning log is stored.
only]
y warning-only the number of prefix exceed the value of
<maximum> and <threshold>, the warning log is stored.
The following example shows how to set the maximum number of prefix.

(config-router)# network 131.108.0.0
(config-router)# neighbor 129.140.6.6 maximum-prefix 1000
(config-router)#
Changing The Next Hop to IP Address

To change the next hop of the route to its own IP address, use the neighbor next-hop-self
Command Task
<peer-group-name}
next-hop-self y <peer-group-name> Name of the BGP peer group

Configuring BGP
For an example of the network as follows, network information of 60.1.1.0 is transmitted to RTB
and RTC through RTA. At this time, the next hop of 60.1.1.0 is specified to 50.1.1.1. After RTB
receives network information of 60.1.1.0 from RTA, RTB transmits network information to RTC
with next hop information.
AS 100 RTA
AS 200
RTB
60.1.1.0/24
6 4
(nextt-hop: 50.1
1.1.1)
50.1.1.1 EBGP 50.1.1.2
60.1.1.0/24 10.1.1.1
60.1.1.0/24
(ne
ext-hop: 50.1.1.1) IBGP
10.1.1.2
RTC
AS 300
When the network of 20.1.1.0 transmits a packet to the network of 60.1.1.0, RTC try to connect to
50.1.1.1, which is the next hop of 60.1.1.0. Since RTC can not be connected to the network of
50.1.1.1, the packet is dropped. To prevent above situation, use the neighbor next-hop-
self command. If the neighbor 10.1.1.2 next-hop-self command is executed in RTB,
when network information of 60.1.1.0 is transmitted from RTB to RTC, RTB changes the next
hop to 10.1.1.1, which is its own IP address. Then, when the packet is transmitted from RTC to
the network of 60.1.1.0, RTC is connected to 10.1.1.1, and the packet can be transmitted to the
network of 60.1.1.0.
When the neighbor next-hop-self command is executed, if the BGP peer group is set as a
parameter, the command is applied to all members of the BGP peer group. However, the value
by IP address of the BGP neighbor is prior than the value by the BGP peer group.
The following example shows how to change the next hop to its own IP address.

(config-router)# neighbor 192.10.10.1 next-hop-self
(config-router)#

Configuring BGP
Setting TCP Port

To set TCP port for the connection between the specified BGP neighbor and the BGP session,
use the neighbor port command in BGP configuration mode. By default the number of 179 port
is used.
Command Task
neighbor <ip-address> y <ip-address> IP address of the BGP neighbor

port <port-number> y <port-number> Number of TCP port (0 ~ 65535)
The following example shows how to set the TCP port.

(config-router)# neighbor 192.10.10.1 port 1024
(config-router)#
Configuring Route Reflector

Solution for the explosion of IBGP peering within an autonomous system is Route Reflectors
(RR). A BGP speaker will not advertise a route learned via another IBGP speaker to a third IBGP
speaker. By relaxing this restriction a bit and by providing additional control, we can allow a
router to advertise (reflect) IBGP learned routes to other IBGP speakers. This will reduce the
number of IBGP peers within an AS.
In normal cases, all Interior Border Gateway Protocol (IBGP) speakers in an autonomous system
must be fully meshed. By utilizing the route reflector concept, not all IBGP speakers need be
fully meshed. In the route reflector model, an internal BGP peer is configured to be a route
reflector responsible for passing IBGP learned routes to IBGP neighbors. This scheme eliminates
the need for each router to talk to every other router.
To configure the local router as the route reflector and the specified neighbor as one of its clients,
use the following command in BGP configuration mode:
Command Task
y <ip-address> IP address of the BGP neighbor being identified

as a client
<peer-group-name}
y <peer-group-name> name of the BGP peer group being
route-reflector-client
identified as a client

Configuring BGP
In the following example, the local router that belongs to autonomous system 100 is a route
reflector. It passes learned IBGP routes to the neighbor at 192.20.16.1:

(config-router)# neighbor 192.20.16.1 route-reflector-client
(config-router)#
Specifying Community Attribute

To send the community attribute with the route to the BGP neighbor, use the neighbor send-
community command in BGP configuration mode.
Command Task
neighbor {<ip-address> | y <peer-group-name> Name of the BGP peer group
<peer-group-name} y both Transmit the extend community and standard community
send-community [both | of the BGP route
extended | standard] y extended Transmit the extend community of the BGP route
y standard Transmit the standard community of the BGP route.
The following example shows how to use the neighbor send-community command:

(config-router)# neighbor 120.10.1.1 send-community both
Shut Down BGP Neighbor

You can shut down the specified BGP neighbor not to start the session connection between the
BGP neighbor and the Corecess S5 System. This feature is useful to set the parameters of the
neighbor when the BGP neighbor is not ready for the operation.
To shut down the neighbor, use the neighbor shut down command in BGP configuration mode.
Command Task
<peer-group-name}
shutdown y <peer-group-name> Name of the BGP peer group
After the configuration of the BGP neighbor parameters, use the no neighbor shutdown
command to connect the session with the neighbor again.

Configuring BGP
The following example shows how to shut down the connected session or routing information.

(config-router)# neighbor 192.10.1.1 shutdown
Configuring Soft Reconfiguration

BGP receives the BGP table from the BGP neighbor when the new policy or the filtering is
applied. When BGP receives the BGP table, the new policy is applied. Since BGP does not
update the table between BGP neighbors periodically, and transmits and receives the
KEEPALIVE message, BGP disconnects and reconnects the session to get the new BGP table.
But, if the session is disconnected and reconnected whenever applying new policy, packet loss
might occur. To solve this problem, the Corecess S5 System supports the soft reconfiguration
feature.
The soft reconfiguration stores all BGP tables from the BGP neighbor into the memory. When
applying new policy, the soft reconfiguration uses tables which are in the memory instead the
session reset or receiving tables from the BGP neighbor.
If the soft reconfiguration is set in the Corecess S5 System, and the BGP neighbor supports the
dynamic refresh, the Corecess S5 System transmits the refresh message to neighbors. But, if the
BGP neighbor does not support the dynamic refresh, the Corecess S5 System resets the session
of neighbors.
This is a process to confirm that the Corecess S5 System has complete tables, and this process
occurs once when you set the soft reconfiguration feature to operate.
To use the soft reconfiguration feature, use the neighbor soft-reconfiguration

Command Task
<peer-group-name} y <ip-address> IP address of the BGP neighbor
soft-reconfiguration y <peer-group-name> Name of the BGP peer group
inbound
The following example shows how to set the soft reconfiguration feature to operate.

(config-router)# neighbor 130.10.10.1 soft-reconfiguration inbound

Configuring BGP
To apply new policy, use the clear ip bgp command in Privileged mode. Then, the Corecess S5
System updates tables dynamically comparing to the stored table and route policy.
# clear ip bgp 130.10.10.1 soft in

#
Setting Timer
There are three timer of the BGP neighbor as follows:
Table 14-9 BGP neighbor Timer
Timer Description Default

Transmission time interval of the KEEPALIVE message that is transmitted to
60
keepalive confirm the operation status of the specified BGP neighbor (0 ~ 65535
seconds
seconds).
Time interval for receiving the next message after receiving KEEPALIVE
message from the BGP neighbor (0 ~ 65535 seconds). If the KEEPALIVE 180
hold
message is not received within the time interval, the Corecess S5 System seconds
disconnects the TCP session and removes the entire received route.
Waiting time that the Corecess S5 System tries to reconnect with the BGP 60
connect
neighbor after disconnection of BGP neighbor (0 ~ 65535 seconds) seconds
To set the timers of the BGP neighbor, use the following commands in BGP configuration mode.
Command Task
<peer-group-name>}
y <keepalive-timer> Value of the keepalive timer (0 ~ 65535
timer <keepalive-timer>
seconds)
<hold-timer>
y <hold-timer> Value of the Hold timer (0 ~ 65535 seconds)
neighbor <ip-address> y <ip-address> IP address of the BGP neighbor
timers connect <connet- y <connet-timer> Value of the Connect timer (0 ~ 65535
timer> seconds)
The following example shows how to set timers of the BGP neighbor.
(config-router)# neighbor 190.10.1.14 timers 50 150
(config-router)# neighbor 190.10.1.14 timers connect 100
Setting Update Source

To allow other BGP routers to specify the BGP neighbor using the loopback interface instead of
their physical interface, use the neighbor update-source command in BGP configuration
mode. This command is used only in IBGP (Internal BGP).

Configuring BGP
Command Task
neighbor {<ip-address>| <peer-

group-name}
update-source {loopback id
y <loopback-id> Loopback interface ID (1 ~ 32)
<loopback-id> | port
y <slot>/<port> Number of slot/port
gigabitethernet <slot>/<port>|
vlan id <vlan-id>|
vlan name <vlan-name>}
The loopback interface is an interface that IP address is assigned, and is not related to a physical
port. Since the physical port is not assigned, the loopback interface can not transmit and receive
a packet.
If the loopback is used when a neighbor is specified using the neighbor remote-as
command, the neighbor should allow to use its loopback interface using the neighbor
update-source command.
The following example shows how to set a neighbor using the loopback interface.
AS 100
RTA RTB
172.16.1.2
loopback: 192.10.1.1
(vlan-1)
RTA
RTB
(config-router)# neighbor 172.16.1.2 update-source vlan id 1

Configuring BGP
Setting the Weight

To set the weight value to the route that is received from the specified BGP neighbor, use the
neighbor weight command in BGP configuration mode.
Command Task

<peer-group-name>} y <peer-group-name> Name of the BGP peer group
weight <weight> y <weight> Weight value (0 ~ 65535).
The weight is an attribute that is set to the route that is registered in a local router, and is not
transferred to other routers. If the router learns several routes for the same destination, the
route that has higher weight value is chosen.
The default weight that is learnt from other BGP neighbors is ‘0’, and the default weight that is
learnt from local routers is ‘32768’.
The following example shows how to configure routes to set weight.

(config-router)# neighbor 210.10.1.0 weight 50
Setting BGP Version

To set the BGP version that is used to communicate with the BGP neighbors, use the neighbor
version command in BGP configuration mode.
Command Task
y <version> BGP version (4, 4-)
<peer-group-name>}
- 4 : BGP version 4
version <version>
- 4- : Multi protocol extension version of BGP version 4
(previous version)
The following example shows how to set the BGP protocol to BGP version 4.

(config-router)# neighbor 210.126.9.8 version 4
(config-router)#

Configuring BGP
Configuring Parameters of BGP Path Selection
BGP considers values of parameters such as MED (Multi Exit Discriminator), the length of AS-
path or router ID, and chooses the best path. Users can set how to use values of parameters
when the selection of path.
Setting to Always Compare MED Value

The MED is one of parameters that are used when a router selects a path. The router basically
chooses a path that has lower MED value comparing to MED values of paths in the same AS.
To allow the comparison of the MED for paths from neighbors in different AS, use the bgp
always-compare-med command in BGP configuration mode.
The following example shows how to set the BGP router to compare paths from the different AS
when selecting the path.

(config-router)# bgp always-compare-med
(config-router)#
Setting the Infinity Value to Missing MED

You can set the infinity value to the missing MED so that the path can not be chosen.
The following example shows that the BGP router regards missing MED as assigning the
infinity value so that the BGP router does not choose the path.

(config-router)# bgp bestpath med missing-as-worst
(config-router)#
Setting to Ignore the Length of AS-path

To prevent the router from considering the as-path length when selecting a route, use bgp
bestpath as-path ignore command in BGP configuration mode.
By default, the Corecess S5 System considers the as-path length when selecting a route.
The following example shows how to configure the route to ignore as-path length in selecting a
route.
(config)#router bgp 100

(config-router)# bgp bestpath as-path ignore
(config-router)#

Configuring BGP
Setting to Compare to Router ID

To compare similar routes received from external BGP routers and switch the best path to the
route with the lowest router ID, use the bgp best compare-routerid command in BGP
configuration mode.
The following example shows how to compare similar routes and chose the best path that has
the lowest ID.

(config-router)# bgp bestpath compare-routerid
Configuring BGP Parameters
The following BGP parameters can be configured.
Table 14-10 BGP Parameters
Distance is used to compare routes of different protocols for the same

Distance destination. It can be changed that the proper route is chosen depending on the
network.
When routes are redistributed to other routing protocols, you can set route
redistribution metric
metric values to be changed.
bgp client-to-client
Set BGP neighbors not to be operated as route reflectors.
reflection
Cluster-id Configure the cluster ID if the BGP cluster has more than one route reflector.
default ipv4-unicast Enable the IP version 4 unicast address family on all neighbors
Default local-preference Change default local preference value when selecting exit point.
Configure a router to deny an update received from an external BGP router

Enforce-first-as that does not list its AS number at the beginning of the AS_SEQUENCE in the
incoming update
Scan time Configure scanning interval of BGP routers for next hop validation
The following section describes how to configure BGP parameters.

Configuring BGP
Setting Distance
Distance is a value to compare routes of different routing protocols for the same destination.
The lower value is preferred . To change the distance value for topology or retribution, use the
distance command in BGP configuration mode.
Command Task
y <distance> Distance of the BGP route to specify newly (1 ~ 255)

distance <distance>
y <ip-address>/<M> IP address/subnet mask of the network that the
<ip-address>/<M>
BGP router is included.
[<access-list-num>]
y <access-list-num> Number of access list to apply (500 ~ 999)
The following example shows dhow to set the distance value.

(config-router)# distance 100 192.10.10.0/24
(config-router)#
Setting Redistribution Metric

To apply different metric values to external routes that are redistributed to BGP depending on
routing protocol or route map, use the redistribute command in BGP configuration mode.
Command Task
redistribute <protocol> y <protocol> Type of route to redistribute

[metric <metric>] y <metric> metric value of route entry (1 ~ 16)
[route-map <route-map-name>] y <route-map-name> Name of route map to be applied
The following example shows how to change metric of RIP route that is satisfied to the
condition of route map (rip-map) to 200.

(config-router)# redistribute rip metric 200 route-map rip-map
(config-router)#
Setting Router Reflector

Clients of a router reflector do not need direct connections since clients can receive route
information by the route reflector. However, if clients is connected each other, clients do not
need the connection with the route reflector. In this case, use the no bgp client-to-client
reflection command not to operate the route reflector.

Configuring BGP
The following example shows how to set the route reflector not to operate.

(config-router)# no bgp client-to-client reflection
(config-router)#
Setting Cluster ID
To configure the cluster ID if the BGP cluster has more than one route reflector, use the bgp
cluster-id command.
The following example shows how to configure the cluster ID.

(config-router)# bgp cluster-id 50000
(config-router)#
Enabling IPv4 Unicast Address Family

To enable the IP version 4 unicast address family on all neighbors, use the bgp default
ipv4-unicast command in BGP configuration mode.
The following example shows how to enable IP version 4 unicast address family on all neighbor.
(config-router)# bgp default ipv4-unicast

(config-router)#
Setting Default Local Preference

The local preference is an attribute to select an exit point when there are several exit points that
are from other AS in the same AS. The local preference, which is different from weight, is
exchanged among routers in the local AS.
To change the default local preference value, use the bgp default local-preference
Command Task
bgp default local- y <value> Value of default local preference (0 ~ 4294967295). The higher
preference <value> value is more preferred.

Configuring BGP
The following example shows how to change the local preference.

(config-router)# bgp default local-preference 200
(config-router)#
Setting enforce-first-as
To configure a router to deny an update received from an external BGP router that does not list
its AS number at the beginning of the AS_SEQUENCE in the incoming update, use the bgp
enforce-first-as command in BGP configuration mode.
The following example shows how to configure a router to receive update message.
(config-router)# bgp enforce-first-as

(config-router)#
Setting Scan time

To configure scanning interval of BGP routers for next hop validation, use the bgp scan-time
Command Task
bgp scan-time
y <interval> Time interval (5 ~ 60 seconds)
<interval>
By default, the default scanning interval is 60 seconds in the Corecess S5 System. The following
example shows how to set the scanning interval.

(config-router)# bgp scan-time 20
(config-router)#
Configuring BGP Equal Cost Multipath Routing

BGP ECMP Routing supports multiple equal-cost paths between routers, and distributes the
traffics among the possible paths. Maximum 4 links can working with one ECMP link and the
traffic can be shared on a basis of IP address destination session.
Corecess S5 system uses bgp equal-cost-multipath command in BGP configuration mode to

distribute the load with Equal Cost Multipath Routing

Configuring BGP
The following example show how BGP routers execute load balancing by the Equal Cost
Multipath Routing Protocol

(config-router)# bgp equal-cost-multipath
(config-router)#

Configuring BGP
Displaying BGP Configuration Information

This section describes how to display various BGP configuration information.
Displaying BGP Rout Entry
To display the route entry of the BGP routing table, use the show ip bgp command in
Privileged mode.
# show ip bg
BGP table version is 0, local router ID is 172.18.30.124

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
NetworkNext HopMetricLocPrfWeightPath
* 2.2.2.0/242.2.2.10100i
*>0.0.0.032768i
* i3.3.3.0/243.3.3.21000i
*>0.0.0.032768i
*> 10.10.10.0/240.0.0.032768?
*2.2.2.10100i
*> 130.10.0.02.2.2.10100i
*> 140.10.0.00.0.0.032768i
*> i150.10.0.03.3.3.21000i
*>=i80.0.4.0/24 35.35.35.2 0 10 0 1000 i
*>=i 25.25.25.2 0 10 0 1000 i
Total number of prefixes 11
When executing the show ip bgp command, the following entry information of the BGP
route:
Table 14-11 show ip bgp field description
Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
local router ID IP address of the router
Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
Status codes y s – The table entry is suppressed.
y * - The table entry is valid.
y > - The table entry is the chosen path (the shortest distance)

Configuring BGP
y i – The table entry was learned via an IBGP session.

(Continued)
Field Description
Origin of the entry. The origin code is placed at the end of each line in the table. It
can be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was
registered with a network command in BGP configuration mode.
Origin codes
y e – Path originated from an EBGP neighbor
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.
y = – ECMP(Equal Cost Multi Path)
Network IP address of destination.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.
Display Attribute of BGP Route
To display information of the BGP route attribute, use the show ip bgp attribute-info
# show ip bgp attribute-info

attr[2] nexthop 0.0.0.0
attr[2] nexthop 172.28.3.92
attr[1] nexthop 172.28.3.176
When executing the show ip bgp attribute-info command, the following information of
the BGP route attribute is displayed.

Configuring BGP
Table 14-12 show ip bgp attribute-info Field Description
Field Description
Origin of the entry. The origin code is placed at the end of each line in the table. It can
be one of the following values:
y i – Path originated from an IGP(Interior Gateway Protocol) and was registered
with a network command in BGP configuration mode.
Origin codes
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP from an
IGP.
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Local preference value of the route (default: 100). This value is specified with the bgp
LocPrf
default local-preference command in BGP configuration mode.
AS paths to the destination network. There can be one entry in this field for each AS
Path
in the path.
Display CIDR Route
To display CIDR (Classless Interdomain Routing) routes, use the show ip bgp cidr-only
# show ip bgp cidr-only

* 2.2.2.0/242.2.2.10100i
*>0.0.0.032768i
* i3.3.3.0/243.3.3.21000i
*>0.0.0.032768i
*> 10.10.10.0/240.0.0.032768?
*2.2.2.10100i
*>=i80.0.4.0/24 35.35.35.2 0 10 0 1000 i
*>=i 25.25.25.2 0 10 0 1000 i

Configuring BGP
When executing the show ip bgp cidr-only command, the following information of the CIDR
route is displayed.
Table 14-13 show ip bgp cidr-only Field Description
Field Description
BGP table version
Status of the table entry. The status is displayed at the beginning of each line in the
table. It can be one of the following value:
y s – The table entry is suppressed.
Status codes y * - The table entry is valid.
Origin codes registered with a network command in BGP configuration mode.
y ? – Origin of the path is not clear. Usually, this is redistributed into BGP from
an IGP.
this network.
LocPrf
Path
AS in the path.

Configuring BGP
Display BGP Community Information
To display information of all BGP community, use the show ip bgp community-info
command.
# show ip bgp community-info

Address Refcnt Community
[0x101ad150](1)no-export
When executing the show ip bgp community-info command, the following information of the
BGP community is displayed.
Table 14-14 show ip bgp community-info Field Description
Field Description
Version number of the BGP routing table. This number is incremented

BGP table version
whenever the table changes. The default value is 0.

Display Routes that belong to BGP Communities
To display routes that belong to specified BGP communities, use the show ip bgp
community local-AS command in Privileged mode.
# show ip bgp community local-AS

Status codes: s suppressed, d damped, h history, p stale, * valid, > best, i -
internal
Network Next Hop Metric LocPrf Weight Path

*> 10.10.10.0/24 2.2.2.1 0 100 i

Configuring BGP
*> 20.20.20.0/24 2.2.2.1 0 100 i

#
When executing the show ip bgp community local-AS command, the following
information of BGP routes that belong to specified communities is displayed:
Table 14-15 show ip bgp community Field Description
Field Description
BGP table version
from an IGP.
to this network.
LocPrf
Path
AS in the path.

Configuring BGP
Display Routes that are permitted by BGP Community List
To display routes that are permitted by the BGP community list, use the show ip bgp
community-list command in Privileged mode.
The following example shows how to display information of the route that is in the community
list of 20.
# show ip bgp community-list 2

internal
*> 10.10.10.0/242.2.2.10100i
*> 20.20.20.0/242.2.2.10100i

#
When executing the show ip bgp community-list command, the following information is
displayed:
Table 14-16 show ip bgp community-list Field Descriptions
Field Description
BGP table version
Origin codes y i – Path originated from an IGP(Interior Gateway Protocol) and was

Configuring BGP
Field Description
from an IGP.
to this network.
LocPrf
Path
AS in the path.
Display Routes that are matched with condition of access list
To display routes that are matched with condition of access list, use the show ip bgp
filter-list command in Privileged mode.
The following example shows how to display routes that is filtered with condition of as-path
access list named 2 in the BGP routing table.
# show ip bgp filter-list 2

# show ip bgp filter-list 1

internal
*> 2.2.2.0/240.0.0.032768i
*> 3.3.3.0/240.0.0.032768i
*> 140.10.0.00.0.0.032768i

Configuring BGP
When executing the show ip bgp filter-list command, the following information is
displayed:
Table 14-17 show ip bgp filter-list Field Descriptions
Field Description
BGP table Version number of the BGP routing table. This number is incremented whenever
version the table changes. The default value is 0.
an IGP.
this network.
LocPrf
Path
AS in the path.

Configuring BGP
Display Routes of BGP neighbor
To display route information that is transmitted and received from the BGP neighbor, use the
show ip bgp neighbors command in Privileged mode.
The following example shows how to display routes that is transmitted to the neighbor of
172.16.232.178 using the show ip bgp neighbors advertised-routes command.
# show ip bgp neighbors 3.3.3.2 advertised-routes

Network Next Hop Metric LocPrf Weight Path

*> 2.2.2.0/24 3.3.3.1 32768 i
*> 3.3.3.0/24 3.3.3.1 32768 i
*> 10.10.10.0/24 3.3.3.1 0 100 i
*> 20.20.20.0/24 3.3.3.1 0 100 i
*> 140.10.0.0 3.3.3.1 32768 i

#
When executing the show ip bgp neighbors command, the following route information is
displayed.
Table 14-18 show ip bgp neighbors Field Description
Field Description
BGP table Version number of the BGP routing table. This number is incremented whenever
version the table changes. The default value is 0.
Origin codes be one of the following values:

Configuring BGP
Field Description

an IGP.
this network.
LocPrf
Path
AS in the path.

Configuring BGP
Displaying BGP Path
To display information of all BGP paths that stored in the database, use the show ip bgp paths
# show ip bgp paths
Address Refcnt Path

[0x101ab9e0:0] (6)
[0x101abba0:203] (3) 200
[0x101b7050:249] (2) 200 300
When executing the show ip bgp paths command, the following information is displayed.
Table 14-19 show ip bgp neighbors path Filed Descriptions
Field Description
Address Internal address where the path is stored.
Refcnt Number of routes using that path.
Path AS number path for this route, followed by the origin code for that route.
Retrieving Routes using Regular Expression
You can retrieve BGP routes, which a particular string is included in AS paths, using BGP
regular expression as follows:
y. : Matches any single character.
y* : Matches zero or more sequences of the character preceding the asterisk.
y+ : Matches one or more sequence of the character preceding the plus sign.
y? : Matches zero or one occurrence of the pattern.
y^ : Matches the character null string at the beginning of an input string.
y$ : Matches the character or null string at the end of an input string.
y| : Matches one of the characters or character patterns on either side of the vertical bar.
y space : Matches two of the characters or character patterns on both side of the space.

Configuring BGP
To display routes matching the AS path regular expression, use the show ip bgp regexp
# show ip bgp regexp 300$

internal
*> 30.30.30.0/242.2.2.20200 300i
*> 150.10.0.02.2.2.20200 300i

When executing the show ip bgp regexp command, the following information is displayed.
Table 14-20 show ip bgp regexp Field Descriptions
Field Description
BGP table version


Configuring BGP
Field Description
from an IGP.
to this network.
LocPrf
Path
AS in the path.
Displaying Scan Time
To display information of scan time, use the show ip bgp scan command in Privileged mode.
The scan time is time interval that BGP routers check valid next hop.
# show ip bgp scan
BGP Instance: (Default) AS 100, router-id 40.40.40.40

BGP scan interval is 60
Current BGP nexthop cache:
25.25.25.2 valid [IGP metric 0]
35.35.35.2 valid [IGP metric 0]
When executing the show ip bgp scan command, the following information is displayed.
Table 14-21 show ip bgp scan Field Description
Field Description
BGP Instance Status of Current BGP setting
BGP scan interval Time interval that the BGP router check valid next hop
Current BGP nexthop cache Cache for list that is registered as next hop
BGP connected route Network information that local interface of the BGP router is included.

Configuring BGP
Displaying BGP Connection Status
To display the status of all BGP connections, use the show ip bgp summary command in
Privileged mode.
# show ip bgp summary

BGP router identifier 151.100.1.1, local AS number 100
10 BGP AS-PATH entries
7 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

193.100.1.1 4 100 26 22 199 0 0 00:14:23 Active
194.100.1.1 4 100 21 51 199 0 0 00:13:40 Active
Total number of neighbors 2

#
When executing the show ip bgp summary command, the following information is
displayed.
Table 14-22 show ip bgp summary Field Descriptions
Field Description
BGP router
BGP router ID. The router identifier is specified by the bgp router-id command.
identifier
Neighbor IP address of the neighbor
V BGP version
AS AS Number
MsgRcvd BGP message received from the neighbor
MsgSent BGP message sent from the neighbor
TblVer Last version of the BGP database that was sent to the neighbor
InQ Number of messages queued to be processed from the neighbor
OutQ Number of messages queued to be sent to the neighbor
The length of time that the BGP session has been in the Established state, or the
Up/Down
current status if not in the Established state.
Current state of the BGP session, and number of prefixes that have been received
from a neighbor or peer group. When the maximum number is reached, the string
State/PfxRcd
‘PrxRcd’ appears in the entry, the neighbor is shut down, and the connection is set to
Idle.

Configuring BGP
BGP Commands
The BGP commands in the Corecess S5 System are as follows:
Table 14-23 BGP Commands
Command Description
Enter Address-family configuration mode to configure BGP routing session

address-family ipv4
that used standard IPv4 multicast address prefix.
aggregate-address Specify aggregate route entry in BGP.
bgp always-compare- Allow the comparison of the MED (Multi Exit Discriminator) for paths from
med neighbors in different AS.
bgp bestpath
Ignore the AS path length when calculating preferred paths.
as-path ignore
bgp bestpath Compare identical routes received from external BGP peers during the best
compare-routerid path selection process and select the route with the lowest router ID.
bgp bestpath med

Enable MED comparison among paths learned from confederation peers.
confed
bgp bestpath med

Set the infinity value to the missing MED so that the path can not be chosen
missing-as-worst
bgp client-to-
Enable reflection of routes between route-reflection via a BGP route reflector.
client reflection
bgp cluster-id Configure the cluster ID if the BGP cluster has more than one route reflector.
bgp default
Enable the IP version 4 unicast address family on all neighbors
ipv4-unicast
bgp default local-

Change the default local preference value.
preference
bgp deterministic- Allow the comparison of the MED variable when choosing routes advertised by
med different peers in the same AS.
bgp equal-cost- Configuration for the purpose of load balancing for the traffic with Equal Cost
multipath Multipath BGP Routing
Configure a router to deny an update received from an external BGP router

bgp that does not list its AS number at the beginning of the AS_SEQUENCE in the
enforce-first-as incoming update, use the bgp enforce-first-as command in BGP configuration
mode.
bgp router-id Apply a fixed router ID to the BGP router.
bgp scan-time Configure scanning interval of BGP routers for next hop validation
bgp soft-restart-
Apply the changed BGP configuration to the system directly.
auto
distance bgp Specify administrative distance of external route, internal routes and

Configuring BGP
Command Description
local routes.
neighbor activate Allow exchanging routing information to the specified BGP neighbor.
neighbor capability
Allow requesting route refresh dynamically with the specified BGP neighbor.
route-refresh
neighbor Allow a BGP speaker to send the default route 0.0.0.0 to a neighbor for use as a
default-originate default route.
neighbor
Add a simple explanation of a BGP neighbor.
description
neighbor Filter the route information for the specified neighbor with the condition of the
distribute-list access list
neighbor Accept and attempt BGP connections to external peers residing on networks
ebgp-multihop that are not directly connected.
neighbor
Define BGP filter using access list.
filter-list
neighbor maximum- Specify the maximum number of prefix that a local router can be received from
prefix BGP neighbors.
neighbor Configure the router as the next hop for a BGP-speaking neighbor or peer
next-hop-self group.
neighbor
Configure BGP peer group.
peer-group
Set TCP port for the connection between the specified BGP neighbor and the
neighbor port
BGP session.
neighbor Apply routes that are received and sent from the specified BGP neighbor to the
prefix-list specified prefix list.
neighbor remote-as Define BGP neighbors.
Apply a route map to incoming or outgoing routes for filtering or changing

neighbor route-map
attributes.
neighbor route-
Configure the router as a BGP route reflector.
reflector-client
neighbor send-
Send the community attribute with the route to the BGP neighbor.
community
Remove all operating sessions and routing information for the specified BGP
neighbor shutdown
neighbor.
neighbor soft-
Apply the changed configuration to the system for the specified BGP neighbor.
reconfiguration
neighbor timers Set timer values for the specified BGP neighbor.
neighbor timers
Set the connect timer value for the specified BGP neighbor.
connect

Configuring BGP
Command Description
neighbor Allow other BGP routers to specify the BGP neighbor using the loopback
update-source interface instead of their physical interface.
neighbor version Specify the BGP version for the communication of BGP neighbors.
Set the weight value to the route that is received from the specified BGP
neighbor weight
neighbor.
network Specify the networks to be advertised by the BGP.
network backdoor Set high route priority of the specified network.
redistribute Redistribute received routes of different routing protocols.
show ip bgp Display route entries of the BGP routing table.
show ip bgp
Display information of BGP route attributes.
attribute-info
show ip bgp
Display the CIDR(Classless Interdomain Routing) route.
cidr-only
show ip bgp
Display information of routes that is included in the specified BGP community.
community
show ip bgp
Display information of all BGP communities.
community-info
show ip bgp
Display routes that are permitted by the BGP community list.
community-list
show ip bgp filter-

Display routes that are matched with condition of access list.
list
show ip bgp Display route information that is transmitted and received from the BGP
neighbors neighbor
show ip bgp paths Display information of all BGP paths that stored in the database.
show ip bgp regexp Display routes matching the AS path regular expression.
show ip bgp scan Display information of scan time.
show ip bgp summary Display the status of all BGP connections

Configuring OSPF
Configuring OSPF
OSPF (Open Shortest Path First) Overview
Introduction
OSPF (Open Shortest Path First) protocol is an internal gateway protocol that sends and
receives routing information in AS (Autonomous System). The Corecess S5 System supports
OSPF version 2.0 defined in RFC 2328.
OSPF protocol provides equal cost multipath routing that can transmit packets simultaneously
to a particular destination through more than one interface. Thus, OFPF is appropriate for
complicated networks.
OSPF protocol uses SPF (Shortest Path First) algorithm to select the shortest path. SPF algorithm
calculates status of network interface and path cost that is used in the interface and connected
network, and selects a path that has the lowest cost. SPF algorithm only delivers routing
information when the network is changed. Thus, unnecessary traffic is not delivered. Also, SPF
algorithm can control the complicated and sophisticated network.
OSPF protocol can divide a network to several regions and can communicate link status
information in limited regions. The limited region is called ‘area’. OSPF can limit appropriate
number of routers in the area to maintain the link status database.
OSPF protocol supports VLSM (Variable Length Subnet Mask). Thus, OSPF protocol can assign
and use IP address efficiently. OSPF protocol can save the router memory and bandwidth and
can improve performance because of communicating summarized information.
OSPF Routing Topology
OSPF protocol has a topology to apply routing algorithm different from RIP protocol. The
largest topology is an AS (Autonomous System), and an AS is a group of networks that shares
the common routing policy and managed by one structure. An AS is divided to several areas,
and an area is a group of sequential networks and connected hosts. The network that connects
areas in an AS is called ‘backbone’.
The following picture shows the typical network structure of OSPF topology.

Configuring OSPF
area 0.0.0.0 Backbone AS1 AS2
RTA RTB
ABR
Virtu
rtual link
area 192.5.1.0 area 200.5.0.0
a area 192.5.0.0
RTC RTD RTH
RTG
RTI RTJ
ABR
RTE RTF
ASBR
The type of the router is classified by OSOF topology as follows:
y IR (Internal Router)
Routers connected directly to a network in a particular area (RTC, RTE)
y ABR (Area Border Router)

Routers connected to an area and backbone network. ABRs summarize path information for
the connected area and deliver the information to a backbone network. The backbone
delivers the path information to other ABRs (RTB, RTG).
y BR (Backbone Router)
Routers connected to a backbone network. ABRs and routers that are included in a backbone
network are BRs (RTA, RTB, RTG).
y ASBR (Autonomous System Boundary Router)

Routers that send and receive path information from routers in other AS. The path
information is AS external path and is delivered to all routers in the AS (RTI).

Configuring OSPF
Configuring OSPF
OSPF Configuration Procedure
The following procedure describes how to configure OSPF routing protocol in the Corecess S5
System.
1. Specifying OSPF Operating Status

Enable OSPF protocol in the Corecess S5 System.
2. Setting Router ID
Set the router ID of the Corecess S5 System. The router ID is used to identify each router in
OSPF.
3. Configuring OSPF Area

Divide the OSPF network to several areas to exchange link status information in limited
areas.
4. Configuring OSPF Parameters

Configure OSPF parameters such as distance, default metric, metric of external route,
passive interface and timer.
5. Configuring OSPF Interface Parameters

Configure OSPF interface parameters such as authentication, interface cost and transmission
interval of various packets.
6. Configuring Virtual Link

If an ABR is not connected to a backbone area physically, the ABR configures a virtual link
with other router in the same area. The router should be connected to the backbone area
physically.
7. Display OSPF Configuration Information

Display information of OSPF configuration in the Corecess S5 System.

Configuring OSPF
Specifying OSPF Operating Status
Set the Corecess S5 System to operate OSPF protocol, use the router ospf command in Global
configuration mode.
(config-router)#
When executing the above command, OSPF routing protocol operates and enter OSPF
configuration mode.
Set Router ID
A router ID is used to classify each router in OSPF. A router ID is needed to set the relation of
adjacent router or to control messages between copies of SPF algorithm.
To set a router ID in OSPF, use the router-id command in OSPF configuration mode.
Command Description
router-id y <router-id> Fixed router ID (A.B.C.D in IP address format). Each router ID

<router-id> must be unique.
The following example shows how to set the router ID to 1.1.1.1.

(config-router)# router-id 1.1.1.1
If the fixed router ID is not assigned to the Corecess S5 System, the largest number of IP address
of loopback interface is used as the router ID. If a loopback interface is not assigned to the
Corecess S5 System, the largest number of IP address of an interface that is defined in the
system is used as the router ID. When changing a router ID, the OSPF router transmits its all
LSA to adjacent routers. In the Corecess S5 System, after assigning the fixed router ID, the
router ID is not changed even if all interfaces are down.
When the router ID of OSPF network that is already operating is changed, the new router ID is
applied directly to the system and is reconnected to adjacent routers. If you restart OSPF
process manually, use the clear ip ospf command.

Configuring OSPF
Configuring OSPF Area
If networks are increased, the size of link state database is increased, and required time is also
increased for calculating of the shortest path tree. Thus, it affects performance of total network.
To solve above problems, a network can be divided to several areas in OSPF protocol, and link
state information can be exchanged in the limited area.
Areas in OSPF are configured to be connected to the area 0 as follows:
Area 1 Area 2
Area 6 Area 3
Area 0 (Backbone)
Area 5 Area 4
The area 0 is a central area that receives link state information from each area and sends link
state information to each area again. The area 0 is called ‘backbone area’, and other areas are
called ‘leaf area’. The backbone area includes all ABR (Area Border Router). In the Corecess S5
System, several OSPF areas can be configured, but at least one area must be configured as
backbone.
There are stub area and NSSA except backbone area and leaf area in OSPF area. Features of stub
area and NSSA are as follows:
y Stub area
Stub area does not receive LSA that notifies external network information, the traffic is
transmitted through the interface that is specified to the default route to external networks.
The area that is specified to the stub area can reduce size of topology database and memory
that is for the database.
y NSSA (Not-So-Stubby Area)

NSSA has the feature of stub area and allow incoming external routing information

Configuring OSPF
selectively. NSSA is generally used to deliver external routing information to other areas.
This section describes how to configure OSPF area including stub areas and NSSAs.
Configuring Area
To define the interfaces on which OSPF runs and to define the area ID for those interfaces, use
the network area command in OSPF configuration mode.
Command Task
y <network-address> IP address to operate OSPF routing
protocol.
network <network-
y <area-id> Area that is to be associated with the OSPF address
address> area <area-id>
range. It can be specified as either a decimal value or as an IP
address.
The following example shows how to set the network of 172.16.1.1/32 and the network of
172.162.1/32 to operate OSPF protocol and how to specify interfaces of the two networks to be
included in the area 0.

Configuring OSPF
Configuring Stub area

You should specify a stub area that there is only one connected point for external networks.
There are two types of stub area. One is a stub area that does not receive external network
information from ASBR. Other is a totally stub area that does not receive both external network
information from ASBR and routing information from ABR.
For example, the area of 0.0.0.1 can be specified as the stub area in the following picture.
area 0.0.0.1
192.168.4.10/24
RTA
192.168.3.10/24
192.168.3.9/24 (eth0)
RTB
area 0.0.0.0
172.16.1.3/24
RTC
172.16.1.2/24 (vlan1)
172.16.1.2/24 (vlan2)
To define an OSPF stub area, use the following command in OSPF configuration mode.
Command Task
y <area-id> Area that is to be associated with the OSPF address range. It

area <area-id> stub can be specified as either a decimal value or as an IP address.
[no-summary] y no-summary Prevents an ABR from sending summary link advertisements
into the stub area.
The following example shows how to specify the area of 0.0.0.1 as the stub area.
(config-router)# area 0.0.0.1 stub

Configuring OSPF
Configuring NSSA
NSSA has the feature of stub area and allow incoming external routing information selectively.
NSSA is generally used to deliver external routing information to other areas.
For the following example, external routing information from RIP cloud must be passed
through the area of 0.0.0.5 to be delivered to other network in the domain. At this time, the area
of 0.0.0.5 becomes NSSA.
area 0.0.0.4
192.168.4.10/24
RTA
192.168.3.10/24
192.168.3.9/24 (eth0)
RTB
area 0.0.0.5
172.16.1.3/24
RTC
RIP
RIP Cloud
172.16.1.2/24 (vlan1)
172.16.1.2/24 (vlan2)
The following example shows how to set the area of 0.0.0.5 to the NSSA.

(config-router)# area 0.0.0.5 nssa

Configuring OSPF
Configuring Route Summarization

OSPF uses summary-LSA to notify information of an area to other areas. Summary-LSA that is
generated in each network is transmitted to other areas by ABR. If network addresses in an area
are assigned in sequence, information of these networks can be summarized with one summary
LSA. ABR transmits the integrate summary LSA like information of one network. This feature is
called route summarization, and can reduce amount of routing information.
To use route summarization in the Corecess S5 System, use the area range command in
OSPF configuration mode. The area range command can be only used in ABR.
Command Task
y <area-id> Identifier of the area about which routes are to be

summarized. It can be specified as either a decimal value or as an IP
area <area-id> address.
range <address>/<M> y <address>/<M> IP address of the network range to be summarized
[advertise| /number of 1 in subnet mask.
not-advertise| y advertise Set the address range status to advertise and generates a
substitute summary-LSA.
<address>/<M>] y not-advertise Set the address range status no to advertise.
y substitute Substitute other address range status for the address
range status.
The following example shows how to summarize the host information of network from 160.10.8.0 to
160.10.15.0 in area 2. To specify one range of networks from 160.10.8.0 to 160.10.15.0, subnet mask
should be 255.255.248.0 which has twenty one of number 1.

(config-router)# area 2 range 160.10.8.0/21
(config-router)#

Configuring OSPF
Setting OSPF Parameters
The Corecess S5 System provides the following parameters.
Table 14-24 OSPF Parameters
Default Route Information advertise a default route of an OSPF routing domain
change the specified OSPF distance value for topology property or

Distance
redistribution
Default Metric change the default metric value
Metric of External Route specify metric values depending on routing protocols
filter routes when transmitting route entries using access-list to other

Filtering List
protocols
Passive Interface Specify passive interface.
Refresh Timer Specify the refresh period of OSPF LSA database.
SPF Timer Set SPF (Shortest Path First) timer.
The following section describes how to configure each OSPF parameter.
Setting Default Route Information

A router can be configured to advertise default route information of OSPF routing
automatically to neighbor routers. This feature is called default information origination.
By default, the Corecess S5 System does not advertise a default route of an OSPF routing
domain. To advertise a default route of an OSPF routing domain, use the default-
information originate command in OSPF configuration mode.
Command Task
default-information y always Even if a default route is not configured, ASBR generates

originate [always] and advertises a default route.
[metric <metric>] y <metric> Cost of the default route entry (1 ~ 16777214)
[metric-type <type>] y <type> Type of external route (1, 2)
The following example shows how to configure a router to advertise a default route of an OSPF
routing domain to neighbor routers.

(config-router)# default-information originate
(config-router)#

Configuring OSPF
Setting Distance
Distance is a value that is used for comparing routes of different routing protocols that have the
same destination. The default value of the distance is 110 in the Corecess S5 System.
To change the specified OSPF distance value for topology property or redistribution, use the
distance command in OSPF configuration mode.
Command Task
distance <distance> y <distance> Distance of OSPF route (1 ~ 255)
The following example shows how to specify the OSPF route distance of the OSPF router to 100
in area 1.

(config-router)#
Setting Default Metric Value

When route entries received from different routing protocols are redistributed to OSPF
networks, the default metric value should be set to be applied without the type of routing
protocol. The default metric can solve problems that occur when redistributing routes that have
inappropriate values. Whenever the metric is not changed, the default metric is used for
providing proper value to proceed redistribution.
The default metric value of OSPF route is 10. To change the default metric value, use the
default-metric command in OSPF configuration mode.
Command Task
default-metric <number> y <number> default metric value (0 ~ 16777214)
The following example shows how to change the default metric value of OSPF route to 4.

(config-router)# default-metric 4

Configuring OSPF
Setting Metric Value of External Route

To use static routes or routes from networks that use different routing protocols in OSPF
networks, metric values of the routes should be changed to other values that can be used in
OSPF networks. To specify metric values depending on routing protocols, use the redistribute
command in OSPF configuration mode.
Command Task

[metric <metric>] y <metric> Cost of the route entry (1 ~ 16777214)
[metric-type <type>] y <type> Type of the external route (1, 2)
[route-map <route-map-name>] y <route-map-name> Name of route map
There are two types of methods (type 1, type 2) to calculate cost in an external route. Type 1 of
an external route adds external cost and internal cost to calculate cost. Type 2 of an external
route only uses external cost. If there are two external routes that have the same destination,
OFPF chooses type 1 of the external route.
There are an example that the external route E1 (Type 1) and E2 (Type 2) area 0
is redistributed as the right network. The cost of E1 and E2 are
calculated as follows: C
Cost of E1 = a + b + c c
Cost of E2 = a
B
The redistribute command is used when you specify different

metric values depending on types of routing protocol or the condition of area 1 b
route map. The other hand, the default-metric command is used

when you specify the metric value that is applied to all route entry from A
different type of routing protocols.

a a
E1 E2
The following example shows how to change the metric value that is
advertised from BGP network to ‘10’, and how to set the route type to type 1.

(config-router)# redistribute bgp metric 10 metric-type 1

Configuring OSPF
Filtering OSPF Route

To filter routes when transmitting route entries using access-list to other protocols, use the
distribute-list command in OSPF configuration mode.
Command Task
distribute-list y <access-list-number> Number of the access list to apply

<access-list-number> out (500 ~ 999)
[<protocol>] y <protocol> Protocol to transmit the route entry.
The following example shows how to filter routes matched the condition of access list 550.

(config-router)# distribute-list 550 out bgp
Specifying Passive Interface

A passive interface is an interface that receives routing information from connected neighbor
routers but does not transmit its routing information. A passive interface is used for filtering
routing information.
To specify a passive interface in the Corecess S5 System, use the passive-interface

command in OSPF configuration mode.
Command Task
y loopback id Specify the loopback interface that is used as the

passive interface.
passive-interface
y <loopback-id> Loopback interface ID that is set to the passive
{loopback id
interface (1 ~ 32).
<loopback-id>|
y port Specify the port that is set to the passive interface.
y <slot>/<port> Slot of the port/Number of the port
<slot>/<port>|
y vlan Specify the VLAN interface that is set to the passive interface.
vlan id <vlan-id>|
y <vlan-id> VLAN interface ID that is set to the passive interface (1 ~
vlan name
4094).
<vlan-name>}
y <vlan-name> VLAN interface name that is set to the passive
interface.
The following example shows how to specify the VLAN interface that ID is 2 as the passive
interface.

(config-router)# passive-interface vlan id 2

Configuring OSPF
Setting Refresh Period

The default refresh period of OSPF LSA database is ten seconds in the Corecess S5 System. To
change the refresh period of OSPF LSA database, use the refresh timer command in OSPF
configuration mode.
Command Task
refresh timer <seconds> y <seconds> Refresh period (10 ~ 1800 seconds)
The following example shows how to set the refresh period of OSPF LSA database to sixty
seconds.

(config-router)# refresh timer 60
Setting SPF Timer

OSPF protocol uses two timers to decide when SPF (Shortest Path Fist) is calculated after
receiving information of changed topology. The feature of two timer and default values are as
follows:
Table 14-25 SPF Timer
Default
Timer Description
Value
Waiting time until calculating SPF after an OSPF router receives information of
5
delay changed topology. If the timer is set to ‘0’, calculation of SPF is immediately
Seconds
started when receiving the information.
Waiting time until calculation the next SPF after a SPF is calculated. If the timer
10
holdtime is set to ‘0’, calculation of the next SPF is immediately started after calculating
Seconds
the SPF.
To change values of the OSPF timers, use the timers spf command in OSPF configuration
mode.
Command Task
y <delay-timer> Value of the delay timer (0 ~ 4294967295

timers spf <delay-timer> seconds)
<holdtime-timer> y <holdtime-timer> Value of the Holdtime timer (10 ~ 1800
seconds)
The following example shows how to set the timers.

Configuring OSPF

(config-router)# timers spf 10 20
Configuring Virtual Link
All ABR must be connected to the OSPF backbone area either directly or indirectly. If an ABR is
not connected to the backbone area physically, the ABR can configure a virtual link with other
ABR that is connected to the backbone area physically in the same area.
RTA is an ABR that is not physically connected to the backbone area (area 0) as follows. To
connect RTA to the backbone, a virtual link should be configured between ATA and ARC using
area 1 (transit area). The virtual link should be defined in routers that are located in the end of
the link, and routers that are in transit area do not need any configuration about the virtual link.
area 0
0.0.0.0
RTC
(209.157.22.1)
area 1 area 2
(transit area) 0.0.0.0
0.0.0.2
RTB
RTA
(10.0.0.1)
To define the virtual link, use the area virtual-link command in OSPF configuration mode.
Command Task
y <area-id> Area ID assigned to the transit area for the virtual link.
area <area-id>
This can be either a decimal value or a valid IP address.
virtual-link <router-
y <router-id> Router ID that is connected to the virtual link.
id> [authentication-
y authentication-key <key> Set simple password method to be
key <key> | message-
used when authenticating with neighbors, and specify the password.
digest-key <key-id>
y message-digest-key <key-id> md5 <key> Set MD5
md5 <key>]
authentication method to be used when authenticating with

Configuring OSPF
Command Task
neighbors, and specify the password.
RTA
RTA(config)# router ospf
RTA(config-router)# area 0.0.0.2 virtual-link 209.157.22.1
RTC
RTC(config)# router ospf
RTC(config-router)# area 0.0.0.2 virtual-link 10.0.0.1
Setting Parameters for Virtual Link

To configure parameters of the virtual link that is already defined, use the following command
in OSPF configuration mode.
Command Task
y <area-id> Area ID assigned to the transit area for the virtual link.
area <area-id>
This can be either a decimal value or a valid IP address.
virtual-link <router-
y <router-id> Router ID that is connected to the virtual link.
id>
y dead-interval Time that hello packets are not seen before a
{dead-interval|
neighbor declares the router down. This value must be the same for all
hello-interval|
routers.
retransmit-interval|
y hello-interval Time between the hello packets. This value must
transmit-delay}
be the same for all routers.
<seconds>
y retransmit-interval Time between link-state advertisement
[{dead-nterval|
(LSA) retransmissions for adjacencies belonging to the interface. The
hello-interval|
value must be greater then the expected round-trip delay
retransmit-interval|
y transmit-delay Estimated time required to send a link-state
transmit-delay}
update packet on the interface.
<seconds> ...]
y <seconds> Time interval (1 ~ 65535 seconds)

Configuring OSPF
Displaying OSPF Configuration Information

This section describes how to display various OSPF information.
Displaying OSPF Configuration Information
To display OSPF configuration information, use the show ip ospf command in Privileged
mode.
# show ip ospf
Routing Process "ospf 0" with ID 3.3.3.1

Process uptime is 10 days 20 hours 37 minutes
Process bound to VRF default
Conforms to RFC2328, and RFC1583Compatibility flag is disabled
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Refresh timer 10 secs
Number of incomming current DD exchange neighbors 0/5
Number of outgoing current DD exchange neighbors 0/5
Number of external LSA 6. Checksum 0x02790F
Number of opaque AS LSA 0. Checksum 0x000000
Number of non-default external LSA 6
External LSA database is unlimited.
Number of LSA originated 46
Number of LSA received 1089
Number of areas attached to this router: 2
Area 0 (BACKBONE)
Number of interfaces in this area is 4(5)
Number of fully adjacent neighbors in this area is 2
Area has no authentication
SPF algorithm last executed 00:15:39.691 ago
SPF algorithm executed 295 times
Number of LSA 11. Checksum 0x0473bc
Area 1 (Inactive)
Number of interfaces in this area is 0(0)
Number of fully adjacent neighbors in this area is 0
Number of fully adjacent virtual neighbors through this area is 0
SPF algorithm executed 0 times
Number of LSA 0. Checksum 0x000000

Configuring OSPF
When executing the show ip ospf command, the following information is displayed.
Table 14-26 show ip ospf command Field Description
Field Description
Router ID OSPF route ID
Supports ... Number of types of service supported (type 0)
Whether RFC 1583 is used when calculating cost of summary route. If

RFC1583 Compatibility flag
the value is ‘disable’, RFC 2328 is used.
Waiting time until calculating SPF after a OSPF router receives

SPF schedule delay
information of changed topology
Hold time between two SPFs Waiting time until calculation the next SPF after a SPF is calculated.
Refresh timer Refresh period of LSA
Number of external LSA Number of external LSA
Number of areas attached to

Number of areas that this router is connected to.
this router
Area ID Area ID that this router is connected to.
Number of interfaces in this

Number of interfaces in this area
area
Number of fully adjacent

Number of fully adjacent neighbors in the area
neighbors in this area
SPF algorithm executed Number of calculation of SPF in the router of the Area
Number of LSA Number of LSA
This field is displayed when the area does not use authentication
method.
Display Information of ABR and ASBR
To display the routing table of ABR and ASBR, use the show ip ospf border-routers
# show ip ospf border-routers

OSPF process 0 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 25.25.25.3 [10] via 25.25.25.3, vlan41, ABR, ASBR, Area 0.0.0.0

i 35.35.35.3 [10] via 35.35.35.3, vlan53, ABR, ASBR, Area 0.0.0.0
#

Configuring OSPF
When executing of the show ip ospf border-routers command, the following

information of the route entry are displayed.
Table 14-27 show ip ospf border-routers Field Description
Field Description
Destination Router ID of the destination
Next Hop Next hop toward the destination
Cost Cost of using this route
Type Router type of the destination (ABR, ASBR)
Rte Type Type of route (Interarea route, Intra-area route)
Area The area ID of the area from which this route is learned
SPF No Information of area in which the router is included such as number and address
Display OSPF Database Information
To display OSPF database information, use the show ip ospf database command in
Privileged mode. You can specify several options with the show ip ospf database command,
and different database information is displayed depending on each option
Table 14-28 show ip ospf database Command Option
Option Description
nssa-external Display information only about the external NSSAs.
Display information only about the ASBR(Autonomous System Boundary Router)

asbr-summary
summary LSAs.
external Display information only about the external LSAs.
network Display information only about the network LSAs.
router Display information only about the router LASs.
summary Display information only about the summary LSAs.
Display OSPF Interface Information
To display OSPF interface information, use the show ip ospf interface command in
Privileged mode.

Configuring OSPF
# show ip ospf interface

Interface management is up
line protocol is up
OSPF not enabled on this interface
Interface vlan id 53 is up
line protocol is up
Internet Address 35.35.35.1/24, Area 0.0.0.0, MTU 1500
Process ID 0, Router ID 3.3.3.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 3.3.3.1, Interface Address 35.35.35.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:10
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 1183083345
Hello received 120 sent 188, DD received 2 sent 4
LS-Req received 1 sent 1, LS-Upd received 1 sent 5
LS-Ack received 5 sent 1, Discarded 0
When executing the show ip ospf interface command, the following information about
OSPF interface is displayed.
Table 14-29 show ip ospf interface Filed Description
Field Description
Interface name, line protocol Physical status of the interfaces and status of the protocol
Internet Address IP address of the interfaces and subnet mask
Area IP address of the area in which the interfaces are included.
Router Id Router ID
Network Type Network type
Cost Cost of LSA
Transmit Delay Transmission period of LSA
State Interface state
Priority Router priority
Designated Router DR ID and IP address of the interface
Backup Designated router Backup DR ID and IP address of the interface
Timer types and values

- Hell : Transmission period of the Hello packets
Timer intervals configured
- Dead : Maximum waiting time of the Hello packet (second)
- Retransmit : Retransmission period of the Hello packets

Configuring OSPF
Hello Number of seconds until next hello packet is sent out the interface
Neighbor Count Number of Neighbors and adjacent neighbors

Configuring OSPF
Display OSPF Neighbor Information
To display OSPF routing information, use the show ip ospf neighbor command in
Privileged mode.
# show ip ospf neighbor

OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface
25.25.25.3 0 Full/DROther 00:00:39 25.25.25.3 vlan41
35.35.35.3 0 Full/DROther 00:00:38 35.35.35.3 vlan53
#
When executing the show ip ospf neighbor command, the following information about OSPF
neighbors is displayed.
Table 14-30 show ip ospf neighbor Field Description
Field Description
Neighbor ID Neighbor ID
Pri Router priority of the neighbor
State OSPF state
Dead Time Waiting time until the router infers that the neighbor is down
Address IP address of Neighbors
Interface Interface name that is connected to the neighbor

Configuring OSPF
Display OSPF Route Information
To display OSPF route information, use the show ip ospf route command in Privileged
mode.
# show ip ospf route

OSPF process 0:
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
C 3.3.3.0/24 [10] is directly connected, vlan51, Area 0.0.0.0

O 90.0.0.0/26 [11] via 35.35.35.3, vlan53, Area 0.0.0.0
O 90.0.0.128/25 [11] via 35.35.35.3, vlan53, Area 0.0.0.0
O 90.0.1.0/25 [11] via 25.25.25.3, vlan41, Area 0.0.0.0
O 90.0.2.0/24 [11] via 35.35.35.3, vlan53, Area 0.0.0.0
O 90.0.3.0/24 [11] via 25.25.25.3, vlan41, Area 0.0.0.0
IA 90.0.4.0/24 [20] via 35.35.35.3, vlan53, Area 0.0.0.0
IA 90.0.5.0/24 [20] via 35.35.35.3, vlan53, Area 0.0.0.0
IA 90.0.6.0/24 [20] via 35.35.35.3, vlan53, Area 0.0.0.0
IA 90.0.7.0/24 [20] via 25.25.25.3, vlan41, Area 0.0.0.0
IA 90.0.8.0/24 [20] via 25.25.25.3, vlan41, Area 0.0.0.0
E1 90.0.9.0/24 [1010] via 35.35.35.3, vlan53
E1 90.0.10.0/24 [1010] via 35.35.35.3, vlan53
E1 90.0.11.0/24 [1010] via 35.35.35.3, vlan53
E1 90.0.12.0/24 [1010] via 25.25.25.3, vlan41
E1 90.0.13.0/24 [1010] via 25.25.25.3, vlan41
#
When executing the show ip ospf route command, the following information is displayed.
Table 14-31 show ip ospf route Field Description
Low of
Description
Routing Table
1 LSA type (N : Network, R : Router)
2 IP address and net mask of the destination
3 Area ID

Configuring OSPF
Interface name that is connected and connection state

4
(directly : Direct connection, via <ip> : Connection via IP)
OSPF Commands
OSPF commands supported in the Corecess S5 System are as follows:
Table 14-32 OSPF Commands
Command Description
area
Enable authentication for an OSPF area.
authentication
area default-cost Specify a cost for the default summary route sent into a stub or NSSA.
Limit routing information that is transmitted from the specified area to other
area export-list
areas.
area import-list Limit particular routing information that is received from other areas.
area range Specify the network range to use summary LSA.
Define the specified area as the stub area not to receive information about the
area stub
external network.
area virtual-link Define OSPF virtual links.
default-information
Generate a default external route into an OSPF routing domain.
originate
default-metric Set default value for the OSPF routing protocol.
distance Specify administrative distances of OSPF route.
distribute-list Specify the route filtering to be applied when transmitting route entries.
Specify the network that operates OSPF routing protocol, and specify area in
network
which the interface connected to the network is included.
Configure the specified interface not to transmit OSPF routing information to

passive-interface
other routers.
redistribute Redistribute routes from other routing domain into OSPF routing domain.
refresh Specify refresh interval of OSPF LSA.
router-id Assign a fixed router ID.
timers spf Change values of the OSPF timers
ip ospf Assign a password to be used by neighboring routers that are using the OSPF
authentication-key simple password authentication.
ip ospf cost Specify cost of OSPF interfaces.
ip ospf Set the interval during which at least one hello packet must be received from a
dead-interval neighbor before the router declare that neighbor down.

Configuring OSPF
Command Description
ip ospf
Specify the interval between hello packets that are sent on the interface.
hello-interval
ip ospf message-
Specify a ID and a password when enabling OSPF MD5 authentication
digest-key
ip ospf priority Set the router priority, which helps determine the DR for this network.
ip ospf retransmit- Specify the time between LSA retransmissions for adjacencies belonging to the
interval interface.
ip ospf transmit- Set the estimated time required to send a link-state update packet on the
delay interface.
clear ip ospf Clear information learnt from OSPF.
show ip protocols Display information of IP protocol that is operating in the system.
show ip ospf Display basic information of OSPF.
show ip ospf Display the internal OSPF routing table entries to an ABR (Area Border
border-routers Router) and ASBR (Autonomous System Boundary Router).
show ip ospf
Display information about OSPF database of the router.
database
show ip ospf Display OSPF configuration information for interfaces that are defined in the
interface system.
show ip ospf
Display OSPF neighbor information on a per-interface basis.
neighbor
show ip ospf route Display information of OSPF network, routers and external routing tables.

Configuring IS-IS
Configuring IS-IS
IS-IS Overview
Introduction
IS-IS (Intermediate System to Intermediate System) protocol is the same type of link-state
routing protocol as OSPF. IS-IS can exchange routing information among routers in a particular
domain. IS-IS is defined in RFC 1195 and is usually used for exchanging routing information
among multi-protocol stack such as IP and OSI.
IS-IS network consist of ES (End System) and IS (Intermediate System). ES is an object that
sends and transmits packet as a host. IS is such a router that sends, transmits packets.
IS-IS can be configured to exchange link-state information in limited region because a domain
can be divided to several regions. The limited region is called ‘area’. Routing among areas is
consisted hierarchically, and a domain is divided to small areas and is managed. Level 1 routers
and level 2 routers can be configured for the hierarchical structure. Level 1 routers take charge
of routing in an area. If destination of packets is external area, level 1 routers route packets to
level 2 router. Level 2 router take charge of routing among areas or other domains.
IS-IS protocol selects the shortest path using SPF (Shortest Path First) algorithm. SPF algorithm
calculates status of network interface and path cost that is used in the interface and connected
network, and selects a path that has the lowest cost. SPF algorithm only delivers routing
information when the network is changed. Thus, unnecessary traffic is not delivered. Also, SPF
algorithm can control the complicated and sophisticated network.

Configuring IS-IS
Type of IS-IS System
There are three types of IS (Intermediate System) as follows:
y Level 1 Router : A router that can not be connected to other areas.

- Exists in a particular area.
- Operates the same as an internal OSPF backbone router.
- Does not have information about a destination that is out of its area.
y Level 2 Router : A router that is connected to other areas.

- Connected to several areas.
- Allowed to be connected to other level 2 routers.
- Operates the same as an OSPF Backbone router.
y Level 1 / Level 2 Router : A router that can be connected to Level 1 routers and Level 2 routers.
- Maintains additional link status for connection of level 1 and level 2.
- Operates the same as an OSPF ABR.
The following picture shows IS-IS hierarchical structure.
area 49.0001
L1
Level-1
Area
L1 / L2
Level-2
area 49.0002 Backbone area 49.0003
L1 / L2 L1 / L2
Level-1 Level-1
Area Area
L1 L1

Configuring IS-IS
IS-IS Network Address
IS-IS uses an ISO network address. Each network address plays a role as NSAP (Network
Service Access Point) to distinguish network connection point.
ES can have several NSAP addresses that value of last byte (n-selector) is different. Each NASP
indicates services that can be used on a node. Therefore, ES can have several services, and a
node can be included in several areas.
A IS has specific network address called NET (Network Entity Title). NET is a NSAP address
that last byte (n-selector) is 0x00. Most IS has one NET. However, IS that is configured by
several areas can have several NETs.
The following is the typical structure of NET.
49.0001.00a0.c96b.c490. 00
n o p q
Table 14-33 IS-IS NET Structure
Field Size (byte) Description
n AFI 1 Area ID. The area ID is used for level 1 routing, and each router
o Area address Variable (1~12) can define three of area ID.
System ID. The system ID is used for level 2 routing. The system
p System ID 6 ID must be unique. The system ID generally uses type of MAC
address.
q NSEL 1 N-selector (This value is always 0x00.)
IS-IS Addressing Rule

y At lest one NET should be assigned for each node.
y All routers that are in the same area should use the same area ID.
y All nodes that are in the same area should use the same system ID.
y System ID length of all nodes that are in the same domain should be the same.

Configuring IS-IS
IS-IS Packet Type
The following types of packets are used in IS-IS for exchanging routing information.
Hello Packet
The Hello packet establishes and maintains relation of adjacent IS-IS systems. There are three
types of hello packet as follows:
y Level 1 LAN IS-IS Hello Packet: Used by level 1 routers on a broadcast LAN.
y Level 2 LAN IS-IS Hello Packet: Used by level 2 routers on a broadcast LAN.
y Point-to-point Hello Packet: Used by medias that do not have broadcasting feature such as a Point-to-Point
link.
LSP (Line State Packet)

The LSP has link-state information and operates the same as the LSA of OSPF protocol. There
are two types of LSP.
y Level 1 LSP: Level 1 routing LSP

y Level 2 LSP: Level 2 routing LSP
Level 1 routers transmit Level 1 LSPs. However, level 2 routers transmit both level 1 LSPs and
level 2 LSPs.
CSNP (Complete sequence number Packet)

The CSNP includes all list of LSP in the IS-IS database. The CSNP is transmitted periodically to
all links, and systems that received the CSNP use information of CSNP to update or
synchronize their LSP database. There are two types of CSNP.
y Level 1 CSNP: Level 1 routing CSNP

y Level 2 CSNP: Level 2 routing CSNP
PSNP (Partial sequence-number Packet)

The PSNP is a packet that is sent among routers that receive CSNPs. The PSNP is used for
request of updated LSP when a checksum error occurs in LSP packet, or LSP information is
changed. Routers that are received PSNP broadcast requested LSP. There are two types of
PSNP.
y Level 1 PSNP: Level 1 routing PSNP

y Level 2 PSNP: Level 2 routing PSNP

Configuring IS-IS
Configuring IS-IS
IS-IS Configuration Procedure
The following procedure describes how to configure IS-IS routing protocol.
1. Enabling IS-IS
Enable IS-IS protocol in the Corecess S5 System.
2. Configuring IS-IS Interface Parameters

Configure IS-IS interface parameters such as routing level, transmission period of various
packets, mesh group, authentication password and priority.
3. Configuring IS-IS Parameters

Configure IS-IS parameters such as routing level, distance, password, external route metric,
passive interface and timer.
4. Display IS-IS Configuration Information

Display IS-IS configuration information of the Corecess S5 System.
Enable IS-IS
To enable IS-IS protocol in the Corecess S5 System, the following tasks should be executed.
1. Creating IS-IS Routing Process

2. Configuring NET
3. Specifying IS-IS Interface
By default, IS-IS is set not to be operated in the Corecess S5 System. To enable IS-IS protocol in
the Corecess S5 System, use the following commands.
Table 14-34 Enabling IS-IS
Command Task
2. Enable IS-IS routing process, and enter IS-IS configuration mode.

router isis y <area-tag> Name of IS-IS routing process. <area-tag> is used
[<area-tag>] when configuring several IS-IS area. Also, <area-tag> classify each
area.

Configuring IS-IS
Command Task
3. Configuring NET of IS-IS routing process.

net
<network-entity-title> y <network-entity-title> Area address and system ID of IS-IS
routing process. This argument can be either an address or a name.
exit 4. Return Global configuration mode.
interface 5. Enter Interface configuration mode.
ip router isis 6. Assign the IS-IS routing process to the interface.

[<area-tag>] y <area-tag> Name of IS-IS routing process
The following example shows how to configure IS-IS protocol and IS-IS NET and how to enable
the IS-IS process in the default VLAN interface.
(config)# configure terminal

(config)# router isis
(config-router)# net 49.0001.0000.0000.000a.00
(config-router)# exit
(config-if)# ip router isis
(config-if)#
The following example shows how to set the area tag to classify each process when creating
over two IS-IS process in the system.
(config)# router isis corecess

(config-router)# net 19.0001.0000.0000.0020.00
(config-if)# ip router isis corecess
(config-if)#

Configuring IS-IS
Configuring IS-IS Parameters
The Corecess S5 System provides the following IS-IS parameters.
Table 14-35 IS-IS Parameters
adjacency-check performs consistency checks on hello packets
area-password Set IS-IS area authentication password.
default-information Set default route of IS-IS routing domain to be transmitted to neighbors.
distance Change distance value of IS-IS.
domain-password Set authentication password of IS-IS.
dynamic-hostname Set host name or area tag to be used.
hostname dynamic Set mapping information to be displayed.
ignore-lsp-errors Allow the router to ignore checksum errors of LSP.
is-type Set IS-IS routing level of a router.
lsp-gen-interval Set LSP (Link-State Packet) generation interval.
lsp-refresh-interval Set LSP(Link-state packet) refresh interval.
max-area-addresses Set the maximum number of IS-IS area.
max-lsp-lifetime Set the maximum LSP(Link-state packet) life time.
Specify a passive interface that dose not transmit routing information to

passive-interface
other routers.
Apply different values to external route, which is redistributed to IS-IS,

redistribute
depending on types of protocol or the condition of route map.
Set overload bit not to use the local router as an intermediate router in their
set-overload-bit
SPF calculations.
spf-interval Set SPF (Shortest Path First) calculation interval of IS-IS.
summary-address Add the aggregate route entry of IS-IS.
Configure IS-IS Routing Level

To set the IS-IS routing level of the Corecess S5 System, use the following command in IS-IS
configuration mode.
Command Description
is-type {level-1 | y level-1 Router performs only level 1 (intra-area) routing.

level-1-2 | level- y level-1-2 Router performs both level 1 and level 2 routing.
2-only} y level-2-only Router performs only level 2 routing.

Configuring IS-IS
The following example shows how to set the Corecess S5 System to the level 1 (intra-area)
router.

(config-router)# is-type level-1
(config-router)#
Verify Protocol Version of Adjacent Routers

IS-IS performs consistency checks on hello packets and will form an adjacency only with a
neighboring router that supports the same set of protocols. A router running IS-IS for both IPv4
and IPv6 will not form an adjacency with a router running IS-IS for IPv4 only.
To performs consistency checks on hello packets, use the adjacency-check command in IS-IS
configuration mode.
The following example shows how to configure IPv4 IS-IS router to form an adjacency with
IPv4 or IPv6 routers.

(config-router)# no adjacency-check
(config-router)#
Configuring LSP Generation Interval

By default, the Corecess S5 System is configured to generate IS-IS LSP (Link-State Packet) every
five seconds. To change LSP generation interval, use the following command in IS-IS
configuration mode.
Command Description
lsp-gen-interval y level-1 Apply the specified interval to level 1 (intra-area) routing.

[level-1 | level-2] y level-2 Apply the specified interval to level 2 (inter-area) routing.
<seconds> y <seconds> LSP generation interval (1 ~ 120 seconds)
The following example shows how to IS-IS LSP generation interval to 6 seconds.

(config-router)# isis-gen-interval 6
(config-router)#

Configuring IS-IS
Configuring LSP Refresh Interval

The default LSP refresh interval is 900 seconds in the Corecess S5 System. To set LSP refresh
interval, use the following command in IS-IS configuration mode.
Command Description
lsp-refresh- y level-1 Apply the specified interval to level 1 (intra-area) routing.

interval [level-1 | y level-2 Apply the specified interval to level 2 (inter-area) routing.
level-2] <seconds> y <seconds> LSP refresh interval (1 ~ 65535 seconds)
The following example shows how to IS-IS LSP refresh interval to 800 seconds.

(config-router)# lsp-refresh-interval 800
(config-router)#
Setting Maximum LSP Lifetime

Maximum lifetime of IS-IS LSP (Link-State Packet) is time that IS-IS state packets persist
without being refreshed. Maximum LSP lifetime decides how long LSPs can be transmitted.
When IS-IS LSP lifetime reaches maximum lifetime, the packets are not transmitted any more.
To set maximum LSP lifetime, use the following command in IS-IS configuration mode.
Command Description
max-lsp-lifetime
y <seconds> maximum LSP lifetime (1 ~ 65535 seconds)
<seconds>
The following example shows how to set maximum LSP lifetime to 1000 seconds.

(config-router)# max-lsp-lifetime 1000
(config-router)#

Configuring IS-IS
Ignoring LSP Checksum Error

By default, when receiving packets that include checksum errors, IS-IS purges the packets in the
Corecess S5 System. To allow the Corecess S5 System to ignore checksum errors of LSP (Link-
State Packet), use the ignore-lsp-errors command in IS-IS configuration mode.
The following example shows how to ignore LSP that include checksum errors.

(config-router)# ignore-lsp-errors
(config-router)#
Setting Maximum Number of IS-IS Static Area

By default, the maximum number of three IS-IS static area can be configured. To change the
maximum number of IS-IS static area, use the following command in IS-IS configuration mode.
Command Description
max-area-addresses
y <number> Maximum number of IS-IS static area (3 ~ 254)
<number>
The following example shows how to set the maximum number of IS-IS static area to 10.

(config-router)# max-area-addresses 10
(config-router)#
Setting Authentication Password of IS-IS Area

To set the authentication password of IS-IS area, use the following command in IS-IS
configuration mode.
Command Description
area-password
y <string> Authentication password of IS-IS area
<string>
The following example shows how to set the authentication password to ‘corecess’.

(config-router)# area-password corecess
(config-router)#

Configuring IS-IS
Setting Default Route Information

A router can be configured to transfer a default route information of IS-IS routing domain
automatically to neighbor routers. This feature is called default information origination.
By default, the Corecess S5 System is configured not to transfer a default route. To transfer a
default route to neighbor routers, use the default-information originate command in IS-
IS configuration mode.
The following example shows how to transfer a default route of a IS-IS routing domain
automatically to neighbor routers.
(config)# router is-is

(config-router)# default-information originate
(config-router)#
Setting Distance
To change the specified IS-IS distance value for topology property or redistribution, use the
distance command in IS-IS configuration mode.
Command Description
distance {level-1 |
level-2} <distance>
distance level-1 y level-1 Set distance value of IS-IS level 1 route (intra-area route).
<distance> level-2 y level-2 Set distance value of IS-IS level 2 route (inter-area route).
<distance> y <distance> Distance of IS-IS route (1 ~ 255)
y <prefix> Prefix of the network in which the router is included or
distance level-2 IP address of the router
<distance> level-1 y <M> Subnet mask of <prefix>
<distance> y <access-list-number> Number of access list to be applied to
received routing information (500 ~ 999).
distance <distance>
[<prefix>/<M>
[<access-list-number>]]
The following example shows how to set IS-IS route distance of the router which is operating on
the network of 198.10.1.0 to 130. The IP address of the router is 198.10.1.3.
(config)# router rip
(config-router)#

Configuring IS-IS
Setting Domain Password

To set the authentication password of IS-IS routing domain, use the following command in IS-IS
configuration mode.
Command Description
domain-password
y <string> Authentication password of IS-IS routing domain
<string>
The following example shows how to the authentication password of IS-IS routing domain to
‘corecess’.

(config-router)# domain-password corecess
(config-router)#
Specify Value for IS-IS Node Name

IS-IS uses the 6-byte system ID to display nodes in a network. Because this system ID is
displayed in hexadecimal, it is hard to remember or input when a network administrator
monitors status of a particular IS-IS adjacency. To solve this problem, the Corecess S5 System
can use host name or area tag of the node instead of the hexadecimal system ID. The router
stores and manages the mapping table for dynamic host names and system IDs.
To use a host name or an area tag for displaying a particular node in IS-IS networks, use the
following command in IS-IS configuration mode.
Command Description
dynamic-hostname
y area-tag Use the area tag as the host name.
[area-tag]
The following example shows how to use the host name of a particular node.

(config-router)# dynamic-hostname
(config-router)#

Configuring IS-IS
Setting Mapping Information to Display

To display mapping information for a host name and a system ID when executing the show isis
command, use the hostname dynamic command in IS-IS configuration mode.
The following example shows how to display mapping information for the host name and the
system ID when executing the show isis command.

(config-router)# hostname dynamic
(config-router)#
Specify Passive Interface

The passive interface is an interface that receives IS-IS routing information from connected
neighbor routers, but does not transmit its routing information. The passive interface is used for
filtering routing information.
To specify the passive interface, use the following command in IS-IS configuration mode.
Command Description
passive interface.
passive-interface
{loopback id
interface (1 ~ 32).
<loopback-id>|
port <port-type>
gigabitethernet |
y vlan Specify the VLAN interface that is set to the passive
vlan id <vlan-id>|
interface.
vlan name <vlan-name>}
y <vlan-id> VLAN interface ID (1 ~ 4094)
y <vlan-name> VLAN interface name
The following example shows how to specify the VLAN interface as the passive interface.
(config)# router isis net1

(config-router)# net 49.0001.0000.0000.0020.00
(config-router)#

Configuring IS-IS
Setting Overload Bit

The overload bit can be set not to use the local router as an intermediate router in their SPF
calculations in the Corecess S5 System. Then, paths through the local router become invisible to
other routers in the area.
To set the overload bit, use the following command in IS-IS configuration mode.
Command Description
y on-startup <seconds> Set the overload bit only after a system
reload
- <seconds>: Period after the reload during which the overload
set-overload-bit bit is set (5 ~ 86400 seconds)
[on-startup seconds>] y suppress Set IP prefix of the specified type not to transmit when
[suppress {external| overload bit is already set.
y external Set IP prefix learnt from other protocols not to transmit
interlevel | when overload bit is already set
external interlevel | y interlevel Set IP prefix learnt from other IS-IS routing levels not
interlevel external}] to transmit when overload bit is already set.
y external interlevel, interlevel external Set IP prefix
learnt from either other protocols or other IS-IS routing levels not to
transmit when overload bit is already set.
The following example shows how to set overload bit to 60 seconds.

(config-router)# set-overload-bit on-startup 60 suppress interlevel
(config-router)#

Configuring IS-IS
Setting Redistribution Metric

In the Corecess S5 System, different metric values can be applied depending on types of routing
protocol or the condition of the route map when route entries that received from different types
of routing protocols are distributed to IS-IS networks.
To apply different metric values to external route, which is redistributed to IS-IS, depending on
types of protocol or the condition of route map, use the following command in IS-IS
configuration mode.
Command Description
y <protocol> Type of route to redistribute (bgp, connected,

kernel, ospf, ppp, rip, static)
y <level> Route level
- level-1: Routes that are redistributed to level 1(intra-area)
redistribute <protocol> - level-1-2: Routes that are redistributed to both level 1(intra-
{[<level>] area) and level 2(interarea)
[metric <metric>] - level-2: Routes that are redistributed to level 2 (interarea)
[metric-type <type>]} y metric <metric> <protocol> Specify cost of the external
route entry that was received from the specified routing protocol.
- <metric> : Cost of the route entry (0 ~ 4261412864)
y metric-type <type> Specify the external route type.
- <type> : The external route type (internal, external)
The following example shows how to redistribute RIP routes to IS-IS level 1 routes.

(config-router)# net 01.0000.0000.0001.00
(config-router)# redistribute rip metric 40 level-1
(config-router)#

Configuring IS-IS
Summarizing Address Range

If addresses are aggregated in IS-IS, the number of LSP and database can be reduced. To
aggregate several routes, use the following command in IS-IS configuration mode.
Command Description
y <prefix> IP route prefix

y <M> Subnet mask of IP route
summary-address y level-1 Aggregate routes that are matched to the specified to level 1
<prefix>/<M> [level- routes.
1 | level-1-2 | y level-1-2 Aggregate routes that are matched to the specified to
level-2] level 1 and level 2 routes.
y level-2 Aggregate routes that are matched to the specified to level 2
routes.
The following example shows how to aggregate addresses.

(config-router)# summary-address 13.1.0.0/16
(config-router)#
Setting SPF Calculation Interval

The SPF (Shortest Path First) calculation interval is waiting time until the next SPF is calculated.
The default SPF calculation interval is 5 seconds. To change the SPF calculation interval, use the
following command in IS-IS configuration mode.
Command Description
y level-1 Apply the specified SPF calculation interval to level 1 (intra-

area) routing.
spf-interval
y level-2 Apply the specified SPF calculation interval to level 1 (intra-
[level-1 | level-2]
area) and level 2 (interarea) routing.
<seconds>
y <seconds> Waiting time until the next SPF is calculated (1 ~ 120
seconds)
The following example shows how to set the SPF calculation interval to 10 seconds.

(config-router)# spf-interval 10
(config-router)#

Configuring IS-IS
Displaying IS-IS Configuration Information

This section describes how to display various IS-IS information and displayed information.
Displaying IS-IS Status Information
To display status information of all IS-IS routing processes, use the show isis counter
# show isis counter

Area No Area Tag:
IS-IS Level-1 isisSystemCounterEntry:
isisSysStatCorrLSPs: 0
isisSysStatAuthTypeFails: 0
isisSysStatAuthFails: 0
isisSysStatLSPDbaseOloads: 0
isisSysStatManAddrDropFromAreas: 0
isisSysStatAttmptToExMaxSeqNums: 0
isisSysStatSeqNumSkips: 0
isisSysStatOwnLSPPurges: 0
isisSysStatIDFieldLenMismatches: 0
isisSysStatMaxAreaAddrMismatches: 0
isisSysStatPartChanges: 0
isisSysStatSPFRuns: 0
IS-IS Level-2 isisSystemCounterEntry:

isisSysStatCorrLSPs: 0
isisSysStatAuthTypeFails: 0
isisSysStatAuthFails: 0
isisSysStatLSPDbaseOloads: 0
isisSysStatManAddrDropFromAreas: 0
isisSysStatAttmptToExMaxSeqNums: 0
isisSysStatSeqNumSkips: 0
isisSysStatOwnLSPPurges: 0
isisSysStatIDFieldLenMismatches: 0
isisSysStatMaxAreaAddrMismatches: 0
isisSysStatPartChanges: 0

Configuring IS-IS
isisSysStatSPFRuns: 0
When executing the show isis counter command, the following information is displayed.
Table 14-36 show isis counter Field Description
Field Description
isisSysStatCorrLSPs Number of damaged LSPs
isisSysStatAuthTypeFails Number of authentication type fail for a process
isisSysStatAuthFails Number of authentication fail for a process
isisSysStatLSPDbaseOloads Number that the LSP database are overloaded
isisSysStatManAddrDropFromAreas Number that static addresses are discarded in the area.
isisSysStatAttmptToExMaxSeqNums Number that IS exceeds the maximum sequence number
isisSysStatSeqNumSkips Number of the sequence number skips
isisSysStatOwnLSPPurges Number of receiving LSPs that are created in the system
Number of receiving IS-IS control PDUs that have different length

isisSysStatIDFieldLenMismatches
of ID field from length of the receiving system ID field
Number of receiving IS-IS control PDUs that have different value

isisSysStatMaxAreaAddrMismatches
of MaximumAreaAddresses from the value of the system
isisSysStatPartChanges Number that partition is changed
isisSysStatSPFRuns Number of SPF calculation
Displaying IS-IS Database Information
To display IS-IS routing database information, use the show isis database command in
Privileged mode.
The following example shows how to display the detail information of IS-IS routing database
using the show isis database detail command.
# show isis database detail

Area No Area Tag:
Area corecess:
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

Configuring IS-IS
0000.0000.0020.00-00* 0x0000000E 0xE7BE 1167 0/0/0

Area Address: 19.0001
NLPID: 0xCC
IP Address: 10.1.1.1
Metric: 10 IP 10.1.0.0 255.255.0.0
When executing the show isis database command, the following information is displayed.
Table 14-37 show isis database Field Description
Field Description
LSPID LSP ID. The first six octets form the system ID of the router that originated the LSP.
LSP sequence number. This LSP sequence number is increased whenever LSP is
LSP Seq Num
updated.
LSP Checksum Checksum of all LSP packets.
Amount of time the LSP remains valid (in seconds). If this value becomes zero, the
LSP Holdtime
LSP is removed from LSDB of all routers.
Attach bit. If this value is 1, it means that the router is connected to at least one area
ATT
through level 2 router.
P P bit. If this value is 1, it means that the router provides area partition-repair feature.
Overload bit. If this value is 1, it means the router is overloaded. Therefore, other
OL
routers can not use the router as an intermediate router when SFP calculation.
Area Address Area address that the router can reach.
NLPID NLP(Network Layer Protocol) ID
IP Address IP address of the interface
Metric IS-IS metric value and IP prefix/subnet mask of the interface

Configuring IS-IS
Displaying IS-IS Interface Information
To display IS-IS routing process information of all interfaces, use the show isis interface
# show isis interface

management is up, line protocol is up
IS-IS not enabled on this interface
vlan1 is up, line protocol is up
Routing Protocol: IS-IS (corecess)
Circuit Type: level-1-2
Local circuit ID: 0x01
Local SNPA: 0090.ac0b.0002
IP interface address:
10.1.1.1/16
Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.0020.01
Number of active level-1 adjacencies: 0
Next IS-IS LAN Level-1 Hello in 6 seconds
#
When executing the show isis interface command, the following information is
displayed.
Table 14-38 show isis interface Field Description
Field Description
State Operating state of the interface
Routing protocol Routing Protocol that is operating on the interface (area tag)
Circuit Type IS-IS routing level that is operating on the interface
Local circuit ID Index number of the interface
Local SNPA MAC address of the interface
IP interface address IP address of the interface
Level-1 Metric Level 1 IS-IS metric value of the interface

Number of active Total number of operating level 1 neighbor routers that are connected to
level-1 adjacencies the interface.
Next IS-IS LAN Level-1 Hello Time until the next level 1 hello packet is transmitted (second).

Configuring IS-IS
Displaying IS-IS Topology Information
To display the list of routers that are connected to IS area, use the show isis topology
# show isis topology
Area corecess:
IS-IS paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
0000.0000.0020 --
0000.0000.000a 10 0000.0000.000a vlan1 00e0.b064.46ec
IS-IS paths to level-2 routers
System Id Metric Next-Hop Interface SNPA
0000.0000.0020 --
0000.0000.000a 10 0000.0000.000a vlan1 00e0.b064.46ec
0000.0000.000b 20 0000.0000.000b vlan1 00e0.b064.46ec
#
When executing the show isis topology command, the following information is displayed.
Table 14-39 show isis topology Field Description
Field Description
System Id System ID that is listed at level 1 and level 2 transfer tables.
Metric IS-IS metric value of routes
Next-Hop System ID of the lowest cost next-hop
Interface Interface that learns next-hop system
SNPA SNPA (Subnetwork Point of Attachment) of next-hop

Configuring IS-IS
IS-IS Commands
The following IS-IS commands are provided in the Corecess S5 System.
Table 14-40 IS-IS Commands
Command Description
adjacency-check Perform consistency checks on hello packets.
area-password Set the IS-IS area authentication password.
Reset IS-IS (Intermediate System-to-Intermediate System) configuration

clear isis
information.
distance Specify administrative distance value of IS-IS routes.
domain-password Set authentication password of a IS-IS routing domain.
Set a host name or an area tag to be used for displaying a particular node in
dynamic-hostname
IS-IS networks.
Display mapping information for a host name and a system ID when

hostname dynamic
executing the show isis command.
ignore-lsp-errors Allow the router to ignore checksum errors of LSP.
ip router isis Enable IS-IS routing protocol on the interface.
is-type Set IS-IS routing level of the router.
isis circuit-type Set IS-IS routing level on the specified interface.
isis csnp-interval Set IS-IS CSNP (Complete Sequence Number PDUs) transmission interval.
isis hello padding Enable the padding function.
isis hello-interval Set transmission interval of IS-IS hello packets on the specified interface.
isis Specify multiplier value that is used when calculating transmission interval
hello-multiplier of IS-IS hello packets.
isis lsp-interval Set transmission interval of IS-IS LSPs.
isis mesh-group Set the specified interface to a member of the specified mesh group.
isis metric Specify the metric value of the specified interface.
isis password Set IS-IS authentication password of the specified interface.
isis priority Set priority of the DR (Designated Router).
isis
Set retransmission interval of IS-IS LSPs (Link-state packet).
retransmit-interval
max-area-addresses Set the maximum number of IS-IS areas that can be configured as static area.
Set maximum LSP lifetime that IS-IS LSP(Link-state packet) persist without
max-lsp-lifetime
being refreshed.

Configuring IS-IS
Command Description
net Configure NET of the IS-IS routing process
Specify a passive interface that dose not transmit routing information to

passive-interface
other routers.
Apply different values to external route, which is redistributed to IS-IS,

redistribute
depending on types of protocol or the condition of route map.
Redistribute IS-IS level 1 routes to level 2 routes, or redistribute level 2 routes

redistribute isis
to level 1 routes.
router isis Enable IS-IS routing protocol, and enter IS-IS routing configuration mode.
Set overload bit not to use the local router as an intermediate router in their
set-overload-bit
SPF calculations.
spf-interval Set SPF (Shortest Path First) calculation interval of IS-IS.
summary-address Add the aggregate route entry of IS-IS.
show clns is-

Display all lists of IS (Intermediate System) that is connected to the router.
neighbors
Display all lists of ES (End System) and IS (Intermediate System) that are
show clns neighbors
connected to the Corecess S5 System.
show isis counter Display status information of all IS-IS routing processes.
show isis database Display IS-IS routing database information.
show isis interface Display IS-IS routing process information of the interface.
show isis topology Display lists of routers that are connected to the IS-IS area.

Configuration RIP
Configuration RIP
RIP (Routing Information Protocol) Overview
Introduction
RIP (Routing Information Protocol) is a dynamic routing protocol that exchange routing
information in internal AS (Autonomous System). RIP is used for small-scale networks.
Dynamic routing protocol exchanges messages with routers and applies changed network
status to routing tables when a topology is changed, or an error occurs. RIP transmits its routing
information (RIP message) periodically to all of connected neighbor routers through number
520 of UDP port. And, RIP receives routing information from neighbor routers and modifies its
routing table. When routing information is advertised as above, all router of internal AS can
exchange their routing information.
If there are several routes that have the same destination in the routing table, RIP selects the
shortest path using the distance-vector algorithm. The distance-vector algorithm selects the
shortest next hop and the shortest distance (or cost) of the destination as the best path. A
routing protocol can be easily configured using the algorithm, and less system memory is used.
The distance of each path is called metric in RIP. The network administrator can specify the
metric depending on path state or speed. The default metric value is 1. RIP selects the path that
has the lowest value of metrics as the best path. Therefore, the metric is the basic value to select
paths in RIP.
The disadvantage of RIP is the occurrence of a routing loop. The routing loop occurs when
routers consider that the routers can reach the destination through each other and exchange
routing information continuously. To prevent this situation, RIP limits metric value to less than
15. If there is a path that metric value is over 15, RIP considers the path unreachable, and the
path can not be transmitted to neighbors. For this reason, RIP is generally used in single AS
(Autonomous System). Split Horizon or triggered update is used to solve the routing loop.

Configuration RIP
RIP Version
The Corecess S5 System supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2). The
difference of two versions is as follows:
Table 14-41 Differences of RIPv1 and RIPv2
Item RIPv1 RIPv2
RFC RFC1923 RFC2453
Subnet Mask Support Class A, B, C, D. Support CIDR
Authentication Does not support authentication. Support authentication for RIP messages.
y AFI (2) : Address Family Identifier

y AFI (2) : Address Family Identifier
Message y IP address(4) : IP address of destination
y IP address(4) : IP address of destination
Form y subnet mask(4) : Subnet mask
y metric(4) : metric value of path
(RTE part) y next hop(4) : IP address of next hop
y Stuff rest 10bytes with ‘0’
y metric(4) : metric value of path
Transmits RIP messages to multicast

RIP Message address of 224.0.0.
Broadcast RIP messages to all neighbor
Transmission Routers that are connected to networks
can only receive.
By default, RIPv2 is operated in the Corecess S5 System. RIPv1 does not support subnet mask.
Thus, RIPv2 is recommended.
RIP Routing Table
Each route entry in RIP routing table consist of the following fields.
Table 14-42 Fields of RIP Route Entry
Field Description
Destination IP address and subnet mask of destination
Next hop The IP address of neighbor router to reach the destination.
Route change flag Flag for indicating the recent change of the route entry
Timer The last time the route was updated

Configuration RIP
RIP Operation
When a RIP router is booted, the following procedures proceed.
1. RIP Request Transmission

When booting the router, the router requests routing information to all neighbor routers
using the RIP request message.
2. RIP Response Receiving

When neighbors receive the RIP request message, neighbor routers send their routing
information (routing table) to the router using the RIP response message.
3. Routing Table Update

When the router receives RIP response messages from neighbor routers, the router update
its routing table with the received information. First, the router verifies that each entry of the
received tables is valid path. Then, if the entry is not in its routing table, the entry is better
path, or the entry is a new route entry, the router adds the entry into its routing table.
4. Routing Information Exchange Periodically

After routing table update, the router sends its routing table periodically to neighbor routers.
This message is called RIP message or update message. By default, the Corecess S5 System
sends the update message every 30 seconds.

Configuration RIP
RIP Timer
RIP uses numerous timers to regulate its performance. These include a routing-update timer, a
route-timeout timer, and a route-flush timer.
The following table lists the timers used for RIP:
Table 14-43 Timers for RIP
Timer Description
Interval between periodic routing updates. Generally, it is set to 30 seconds, with a small
Update random amount of time added whenever the timer is reset. This is done to help prevent
Timer congestion, which could result from all routers simultaneously attempting to update their
neighbors.
Interval in seconds during which routing information regarding better paths is suppressed.
It should be at least three times the value of update. A route enters into a holddown state
Holddown when an update packet is received that indicates the route is unreachable. The route is
Timer marked inaccessible and advertised as unreachable. However, the route is still used for
forwarding packets. When holddown expires, routes advertised by other sources are
accepted and the route is no longer inaccessible. The default is 180 seconds.
Amount of time in seconds that must pass before the route is removed from the routing
Flush table; the interval specified should be greater than the invalid value. If it is less than this
Timer sum, the proper holddown interval cannot elapse, which results in a new route being
accepted before the holddown interval expires. The default is 240 seconds.

Configuration RIP
Split Horizon and Triggered Update
The Split Horizon and the Triggered Update prevent the routing loop.
Router A Router B Router C
10.1.1.0
For example, the router A is connected to the network of 10.1.1.0 as above. The router B is
connected to the network of 10.1.1.0 through the router A, and the router C is connected to the
network of 10.1.1.0 through the router A and the router B.
Let’s assume that the link between the router A and the network of 10.1.1.0 is disconnected.
When the router A detects link disconnection, the router A removes this route entry from its
routing table. But, the router B does not realize the link disconnection and sends its routing
table to the router A using the update message. The router A finds the route entry of 10.1.1.0
from the received routing entry and increases metric value of the route entry, then adds the
route entry into its routing table. After that, the router B also receives the route entry of 10.1.1.0
from the router C and increases the metric value of the route entry, then adds the route entry
into its routing table. The router B sends its routing entry to the router A. If this situation is
continued, although the routers can not actually reach to the network of 10.1.1.0, the routers
increase the metric values and update their routing table. Finally, the entry of 10.1.1.0 becomes
the invalid route when the metric value is 16, and the network becomes unreachable destination.
The above situation is called routing loop, and the routing loop is solved when the metric value
of route entry is 16. There are two solutions to solve the routing loop.
First solution is that the router does not allow information, which is transmitted by itself, to be
transmitted to other routers. If this solution is used in the above network, because network
information of 10.1.1.0 is transmitted through the router A to the router B, the router B transmits
the rest information to router A except the route entry of 10.1.1.0 network. This solution is
called split horizon. Split horizon with poisoned reverse, which is similar to split horizon, sets
the metric value to 16 instead of removing the entry.
Second solution, triggered update, is that the router transmits changed information
immediately to other routers when the router receives new routing information or detects
change of existing routing information by a physical cause. If this solution is used in the above
network, when the router A detects the link disconnection, the router informs the router B
immediately that the network of 10.1.1.0 is unreachable.

Configuration RIP
Configuring RIP
RIP Configuration Procedure
The configuration procedure of RIP routing protocol is as follows:
1. Enabling RIP
Enable RIP in the Corecess S5 System.
2. Configuring RIP Parameter

Configure RIP parameters such as distance, default metric, external route metric, passive
interface, timer and version.
3. Configuring RIP Interface Parameter

Configure RIP interface parameter such as authentication, version and split horizon.
4. Display RIP Configuration Information

Display RIP configuration information of the Corecess S5 System.
Enable RIP
By default, RIP is disabled in the Corecess S5 System. To enable RIP, use the router rip
command in Configure configuration mode.
(config-router)#
After enabling RIP in the Corecess S5 System, specify network in that RIP is operated. To
operate RIP on the specified network, use the network command in RIP configuration mode.
Command Task
y <network-address> IP address of the network of directly

network
connected networks.
<network-address>/<M>
y <M> Subnet mask of network
The Corecess S5 System can only exchange RIP update messages with neighbor routers through
interfaces of the network that is specified using the network command.

Configuration RIP
The following example shows how to enable RIP on the network of 128.9.0.0/24 and
192.31.7.0/24.

(config-router)#
Configuring RIP Parameters
The Corecess S5 System provides the following RIP parameters.
Table 14-44 RIP Parameters
Distance Specify administrative distance value of the RIP route.
Specify default metric values that are applied when redistributing all routing entries
Default metric
to RIP networks.
Passive Interface Set the specified interface not to transmit RIP routing information to other routers.
Distribute list Filter routes that are matched with condition of the specified access list
Change metric values of RIP route entries that are matched with condition of the
Offset list
specified access list.
Timer Specify RIP timer (update, holddown, flush) values.
RIP version Specify RIP protocol version.
This section describes how to configure RIP parameters.
Setting Distance
Lower distance value is higher priority. To change the specified RIP distance value for topology
property or redistribution, use the distance command in RIP configuration mode.
Command Task
y <distance> Distance of RIP route (1 ~ 255)

distance <distance>
y <ip-address> IP address of the network or router
[<ip-address>/<M>
y <M> Subnet mask
[<access-list-number>]]
y <access-list-number> Access list number to apply to the

Configuration RIP
received routing information (500 ~ 999)
The following example shows how to set the RIP route distance of 192.16.10.3 to 100 on the
network of 192.16.10.0.

(config-router)#
Specifying Passive Interface

The passive interface is an interface that receives RIP routing information from connected
neighbor routers, but does not transmit its routing information. The passive interface is used for
filtering routing information.
To specify the passive interface, use the passive-interface command in RIP configuration
mode.
Command Description

passive-interface
passive interface.
{loopback id
<loopback-id>|
interface (1 ~ 32).
<slot>/<port>|
vlan id <vlan-id>|
y vlan Specify the VLAN interface that is set to the passive interface.
vlan name
y <vlan-id> VLAN interface ID (1 ~ 4094)
<vlan-name>}
y <vlan-name> VLAN interface name
The following example shows how to specify the 1/1 port as the passive interface.

(config-router)# passive-interface port vlan id 1

Configuration RIP
Setting Metric Value

In the Corecess S5 System, different metric values can be applied depending on types of routing
protocol or the condition of the route map when route entries that received from different types
of routing protocols are distributed to RIP networks.
When external routes are distributed to RIP, metric values of external router are change to other
values that can be used in RIP network. It is because concept of metric is different between RIP
and other protocols.
There are two methods to change metric values of external routers to metric values of RIP
network.
y Apply the same metric value without types of routing protocols
y Apply different metric values without types of routing protocols or condition of route map
Apply the same metric value without types of routing protocols

In the Corecess S5 System, the same metric value can be applied to all external route entries
from other types of routing protocol when redistributing external entries to RIP networks. This
metric is called the default metric. The default metric can solve the redistribution problem
which routes have inappropriate metric values. Whenever the metric does not be changed, the
proper default metric is provided.
To specify the default metric, use the default-metric command in RIP configuration mode.
Command Task
default-metric <number> y <number> default metric value (0 ~ 16)
The following example shows how to set the default metric value of RIP to 10:
(config-router)# default-metric 10
(config-router)#

Configuration RIP
Apply different metric values without types of routing protocols or condition of route map
In the Corecess S5 System, different metric values can be applied to external route entries from
other types of routing protocol when redistributing external entries to RIP networks.
To apply different values to external routes that are redistributed depending on types of routing
protocol or condition of route map, use the redistribute command in RIP configuration mode.
Command Description

[metric <metric>] y <metric> Cost of the route entry (1 ~ 16)
[route-map <route-map-name>] y <route-map-name> Name of route map
In the following network, if you set each router (RTA, RTB, RTC) of the RIP network to receive
routing information from OSPF network, use the following commands.
RIP RIP
RTA RTB
1/1 1/1
0/0 1/2 1/2 0/0
OSPF
1/1 1/2
RTC
0/0
RIP
RTA, RTB, RTC

(config-router)# redistribute ospf metric 10
(config-router)# redistribute rip
(config-router)#

Configuration RIP
Filtering Route
To filter routes that are matched with particular condition of access list, use the distribute-
list command in RIP configuration mode.
Command Description
distribute-list y <acess-list-num> Number of the access list to apply (500 ~ 999)

<access-list-num> y in Filter route that are matched with the specified condition of access
{in | out} {port list when receiving routing information.
gigabitethernet y out Filter route that are matched with the specified condition of access
<slot>/<port>| list when transmitting routing information.
vlan id <vlan-id>| y <slot>/<port> slot number/port number
vlan name y <vlan-id> VLAN interface ID to apply access list (1 ~ 4094)
<vlan-name>} y <vlan-name> VLAN interface name to apply access list
The following example shows how to filter routes that are matched with condition of access list
500 in routing information from which port 5/1 of the system receives.
(config)# access-list 500 permit 172.16.40.0/24

(config-router)# distribute-list 500 in vlan id 51
(config-router)#
The following example shows how to filter routes that are matched with condition of access list
500 in routing information to which port 5/1 of the system transmits.

(config-router)# distribute-list 500 out vlan id 51
(config-router)#
Apply Offset list to Rout Metric Value

An offset list is the mechanism for increasing incoming and outgoing metrics to routes learned
via RIP.
To define an offset list, use the offset-list command in RIP configuration mode.
Command Description
offset-list y <acess-list-num> Access list number to apply (500 ~ 999).

<access-list-num> y in Applies the access list to incoming metrics.
{in | out} <offset> y out Applies the access list to outgoing metrics.
[port gigabitethernet y <offset> Positive offset to be applied to metrics for networks
<slot>/<port>| matching the access list. If the offset is 0, no action is taken.

Configuration RIP
Command Description
vlan id <vlan-id>| y <slot>/<port> Slot number/port number of the port.

vlan name y <vlan-id> Id of the VLAN to which the offset-list is applied.
<vlan-name>] y <vlan-name> Name of the VLAN to which the offset-list is
applied.
The following example shows how to add 10 to metric value of route entries that are matched
with condition of access list 21 when transmitting routing information through all interfaces.
(config-router)# offset-list 21 out 10
The following example shows how to add 5 to metric value of route entries that are matched
with condition of access list 22 when receiving routing information from port 5/1 of the system.
(config-router)# offset-list 22 in 5 vlan id 51
Setting Timer
Routing protocols use several timers that determine such variables as the frequency of routing
updates, the length of time before a route becomes invalid, and other parameters. You can
adjust these timers to tune routing protocol performance to better suit your internetwork needs.
You can make the following timer adjustments:
Table 14-45 RIP Timers
Timer Function Default
Time in seconds between updates (The rate at which routing updates are 30
Update timer
sent). seconds
Holddown 180
The interval of time (in seconds) after which a route is declared invalid.
timer seconds
The amount of time (in seconds) that must pass before a route is removed 120
Flush timer
from the routing table. seconds

Configuration RIP
To change values of RIP timers, use the timers basic command in RIP configuration mode.
Command Description
y <update> Update timer value (1-4294967295 seconds)

timers basic <update>
y <holddown> Hold down timer value (1-4294967295 seconds)
<holddown> <flush>
y <flush> Flush timer value (1-4294967295 seconds)
The following example shows how to set the timers.
(config-router)# timers basic 30 100 50
Specifying RIP Version

The Corecess S5 System supports both RIPv1 and RIPv2. The RIPv2 supports authentication
and CIDR including features of RIPv1. By default, RIPv2 is operated in the Corecess S5 System.
If connected neighbor routers use RIPv1, RIP version of the router should be changed to RIPv1.
To change RIP version of all interfaces that are defined in the router, use the version
command in RIP configuration mode.
Command Description
version <version> y <version> RIP version (1, 2)
The following example shows how to set RIPv1 to all interfaces.
(config-router)# version 1
(config-router)#

Configuration RIP
Configuring RIP Equal Cost Multipath Routing
RIP ECMP Routing supports multiple equal-cost paths between routers, and distributes the
traffics among the possible paths. Maximum 4 links can working with one ECMP link and the
traffic can be shared on a basis of IP address destination session.
The following example show how RIP routers execute load balancing by the Equal Cost
Multipath Routing Protocol.
Displaying RIP Configuration Information

This section describes how to display various RIP configuration information.
Display RIP Routing Table
To display RIP routing tables, use the show ip rip command in Privileged mode.
# show ip rip
Codes: R - RIP, C - connected, O - OSPF, B - BGP, S - static
(n) - normal, (s) - static, (d) - default, (r) - redistribute,
(i) - interface
Network Next Hop Metric From Time

R 10.10.10.0/24 210.126.40.2 1 210.126.40.2 02:32
R 20.20.20.0/24 210.126.40.2 2 210.126.40.2 02:32
B 30.30.30.0/24 0
O 40.40.40.0/24 0 01:47
R 210.126.10.0/24 210.126.40.2 1 210.126.40.2 02:32
B 210.126.30.0/24 0
C 210.126.40.0/24 0
#
When executing the show ip rip command, the following information is displayed.
Table 14-46 show ip rip Field Description
Field Description

Configuration RIP
Entry code, destination network address or host ip address / bit number of subnet mask
Types of entry code are as follows:
Network
R : RIP Entry C : Connected Entry
O : OSPF Entry B : BGP S : Static Entry
IP address of the next system that is used when forwarding a packet to the destination
Next
network. If the router connects directly to the destination, ‘0.0.0.0’ is displayed.
Metric Metric value of path (number of hop)
From IP address of the interface that transmits the route entry.
Remain time to remove the path. Holddown timer value is displayed for the first time.
Time Then, after holddown timer value becomes zero, flush timer value is displayed. After even
flush timer value becomes zero, the path is removed from the routing table.

Configuration RIP
Display RIP Interface Information
To display RIP configuration information for all interfaces that are defined in the system, use
the show ip rip interface command in Privileged mode.
# show ip rip interface

management is up, line protocol is up
RIP is not enabled on this interface
vlan53 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
35.35.35.1/24
#
When executing the show ip rip interface command, the following information is
displayed.
Table 14-47 show ip rip interface Field Description
Field Description
Interface Display interface name and state

Routing
Activate routing protocol of the interface
Protocol
Passive
Configuring status of the Passive interface on the interface
interface
Split
Configuring status of Splitte horizon and Poisoned Reversed
horizon
IP interface
IP address and subnet mask of interface
address
Display RIP Version Information
To display the current RIP version, use the show ip protocols command in Privileged
mode.
# show ip protocols
Routing Protocol is "rip"

Sending updates every 30 seconds with +/-50%, next due in 10 seconds

Configuration RIP
Timeout after 180 seconds, garbage collect after 120 seconds

Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing:
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
vlan53 2 2
vlan41 2 2
Routing for Networks:
25.25.25.0/24
35.35.35.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
25.25.25.4 120 00:00:27 0 0
35.35.35.4 120 00:00:27 0 0
Distance: (default is 120)
RIP Commands
The following RIP commands are provided in the Corecess S5 System.
Table 14-48 RIP Commands
Command Description
default-information Allow the router to advertise RIP default route information to neighbor
originate routers
Specify default metric values that are applied when redistributing all routing
default-metric
entries to RIP networks.
distance Specify administrative distance value of the RIP route.
distribute-list Filter routes that are matched with condition of the specified access list
network Specify the network to operate RIP routing protocol.
Change metric values of RIP route entries that are matched with condition of
offset-list
the specified access list.
Set the specified interface not to transmit RIP routing information to other
passive-interface
routers.
Redistribute routing information of other routing protocols to routing

redistribute
information of RIP network.
route Add a RIP static route.
timers basic Specify RIP timer (update, holddown, flush) values.
version Specify RIP protocol version.
Enable authentication process for RIPv2, and define keys for interfaces.
key-chain

Configuration RIP
ip rip
Specify authentication method for RIPv2 packets.
authentication mode
ip rip authentic-
Specify authentication string for RIPv2 packets.
cation string
ip rip receive
Specify RIP version of packets from which the interface receives.
version
ip rip send version Specify RIP version of packets to which the interface transmits.
clear ip rip Reset information that is learnt from RIP.
Configuration for the purpose of load balancing for the traffic with Equal Cost
equal-cost-multipath
Multipath Routing
show ip protocols Display IP protocol information that is operating in the system.
show ip rip Display the contents of RIP routing table.
show ip rip Display RIP configuration information for all interfaces that are defined in
interface the system.

Chapter 15 Configuring LACP
This chapter describes how to configure a trunking group by using LACP (Link Aggregation Control
Protocol).
9 Port Trunking Overview 15-2
9 Configuring LACP Trunk 15-4

Port Trunking Overview

In the Corecess S5 System, several physical links can be configured to single logical link to
connect backbone devices that request high bandwidth or to connect networks that bottle neck
of traffic might occur. This feature is called port trunking or link aggregation, and the group of
port in the same trunk is called trunk group. The one logical port supports the same amount of
bandwidth as the total amount of bandwidth that adds each physical port.
For example, the maximum bandwidth of the port that connects the system A and the system B
is 1Gbps, but the amount of data that receives and transmits between two systems can exceed
1Gbps. In this case, it is considered that several ports are connected between two systems. But,
if there are several connections (links) between systems, only one link is used automatically by
STP protocol because a loop can occur. If STP protocol is not used to prevent this situation,
communication might not operate because loops can not be detected.
Port trunking can be used in the case. Several ports act as single port, so it can be easily
managed by VLAN, STP and IGMP. Port trunking also effects stability of the system. Even if
some ports that are included in a trunking group are not operating normally, communication
can be continued by rest ports.
In the Corecess S5 System, port trunking can be implemented by 802.ad link aggregation, and
802.3ad link aggregation uses LACP (Link Aggregation Control Protocol). LACP allows ports
that have the same link aggregation key value to configure themselves into a trunking group.

Notes for LACP Trunk Configuration

When configuring and connecting the LACP trunk on the Corecess S5 System, be aware of the
following:
y You can configure up to 256 trunking groups on the Corecess S5 System.
y You can configure up to 16 ports in a trunking group.
y If you do not use STP, you should complete port trunking configuration to prevent loops
before connecting network cables between systems.
y All trunk group members (ports) should have the same media type (10/100Base-T, 100FX, or
Gigabit)
y All trunk group members (ports) should be set to the same port speed, duplex mode, and
operation mode.
y All trunk group members (ports) should be set to the full-duplex mode.
y If LACP operation mode is set to active on a port that is located in the end of a trunk, trunk is
set automatically.
y STP, IGMP and QoS are configured for all trunks.
y Configured trunking groups by LACP can be connected without a vendor of devices.
QoS of Trunk Group

When QoS is configured, a trunk group acts as single port. Instead, the maximum bandwidth
that is the same as total bandwidth of ports can be specified to the trunk group. QoS
configuration that was configured to ports before aggregation is not applied after aggregation.
If ports are released from the trunk group, previous QoS configuration is applied to ports again.
When a QoS trunk is specified, the aggregated ID of the trunk group is used. The aggregated ID
is decided by the following rules.
y Odd number of port > Gigabit Ethernet port > Even number of port (Up Î Down)
y The same add or even number : Higher number of port (Right Î Left)
For example, if 1/1, 1/2, 1/3 and 1/4 ports aggregates, odd number of ports (1/1, 1/3) is
selected properly, then higher port (1/3) is decided to the aggregated ID.
Configuring LACP 15-3

Configuring LACP Trunk

This section describes how to configure LACP trunk on the Corecess S5 System.
The configuration procedure of LACP trunk is as follows:
1. Setting LACP key and operation mode
2. Setting LACP partner Key
Setting LACP Key and Operation Mode

Link aggregation support is disabled by default. You can enable link aggregation on the
Corecess S5 System by assigning the LACP admin key and by setting the LACP mode.
LACP Key
LACP key is used to identify the trunk in which the port is included. All ports that are in the
single trunk have the same key value.
LACP Operation Mode
You can enable the feature on an individual port basis, in active, passive, or passive manual
mode.
y Active mode (Default)

When you set LACP operation mode to active, the Corecess S5 System can exchange
standard LACP Protocol Data Unit (LACPDU) messages to negotiate trunk group
configuration with the port on the other side of the link. In addition, the Corecess S5 System
port actively sends LACPDU messages on the link to search for a link aggregation partner at
the other end of the link, and can initiate an LACPDU exchange to negotiate link aggregation
parameters with an appropriately configured remote port.
y Passive mode
When you enable a port for passive link aggregation, the Corecess S5 System port can
exchange LACPDU messages with the port at the remote end of the link, but the Corecess S5
System port cannot search for a link aggregation port or initiate negotiation of an aggregate
link. Thus, the port at the remote end of the link must initiate the LACPDU exchange.

y Manual mode
When you enable a port for manual link aggregation, you can manually configure aggregate
links containing multiple ports
To configuring a dynamic LACP trunk, one end of ports should be configured to LACP active
mode and the other end of ports should be configured to LACP active or LACP passive mode.
Switch A Switch B
Port X : LACP mode : Active Port X : LACP mode : Active

Active Active
Port Y : LACP mode : Active Port Y : LACP mode : Passive
Active Passive
To configure a trunk manually, both ends of the ports should be configured to LACP manual
mode.
Switch A Switch B
Port X : LACP Mode : Manual Port X : LACP Mode : Manual

Passive Passive
To assign the LACP key and set LACP operation mode, use the following commands:
Table 15-1 Setting LACP Operation Mode
Command Task
2. Assign LACP key and specify the LACP operation mode for the
specific ports.
y <key-num> LACP key value (0 – 65535).
(1 ~ 65535)
lacp key <key-num>
y active Enable active mode. Aggregation link is created, channels are
<slot>/<port> mode
initialized in active mode. If the remote LACP mode is active of
{active | passive |
passive, aggregation link is created.
manual}
y passive Enable passive mode. Channels are not initialized in
passive mode, but LACP packets can be processed.
y manual Enable manual mode. Aggregation link can be
configured without LACP in manual mode.
show lacp port

gigabitethernet 4. Verify LACP configuration.
<slot>/<port>

The following example shows how to assign 10 of LACP key to the Gigabit Ethernet port 5/1
and how to set the LACP operation mode to active.
(config)# lacp key 10 port gigabitethernet 5/1 mode active
(config)# end
# show lacp port gigabitethernet 5/1
Link State: down

Port Index: 769
Oper Mode: Active
Actor Port Admin Key: 10
Actor Admin State: 0x07
Partner Port Admin Key: 769

Partner Admin State: 0x06
# write memory
[OK]
#

Setting LACP Partner Key

When you connect the Corecess S5 System and other manufacture’s device, you may need to
configure LACP partner key. All LACP ports in an aggregate link have both actor key and
partner key. The Corecess S5 System uses these keys internally but some other devices don’t.
These devices can configure an aggregation link only when the partner key of the port on the
device matches the actor key of the port on the other side of the link. To connect the Corecess S5
System and these devises, you should set the partner key.
System A (Corecess) System B (Riverstone)

Aggregation
Port X : y Actor Key : 10 Port X : y Actor Key : 33
y Partner Key: 33 y Partner Key: 10
To configure LACP partner key to be assigned to the port on the other side of the aggregation
link, perform this task in the Privileged mode:
Table 15-2 Setting LACP Partner key
Command Task
lacp force-partner-key 2. Configure LACP partner key of the specified port.

<key-num> port
y <key-num> Link aggregation to be assigned (1 ~ 65535).
gigabitethernet
<slot>/<port> y <slot>/<port> Slot/Port number
show lacp lag all 4. Verify LACP configuration.
The following example shows how to assign 15 of LACP key value to the remote port connected
to the Gigabit Ethernet port 5/1.
(config)# lacp force-partner-key 15 port gigabitethernet 5/1
(config)# end
# show lacp port gigabitethernet 5/1
Link State: down

Port Index: 769
Oper Mode: Active
Actor Port Admin Key: 10

Actor Admin State: 0x07
Partner Port Admin Key:15

Partner Admin State0x06
# write memory
[OK]
#

LACP Configuration Example

This section describes how to configure two physical links to single logical link using the
Corecess S5 System.
System A
Trunk Group
y Port : 5/1-4 on System A
5/1-4 on System B
y LACP admin key : 33
System B
System A
The following shows how to configure the LACP trunk on the System A:
System A# configure terminal

System A(config)# lacp key 33 port gigabitethernet 5/1-4 mode active
System A(config)# end
System A# write memory
[OK]
System A#
System B
The following shows how to configure the LACP trunk on the System B:
System B# configure terminal

System B(config)# lacp key 33 port gigabitethernet 5/1-4 mode passive
System B(config)# end
System B# write memory
[OK]
System B#


Chapter 16 Configuring STP and RSTP
This chapter describes how to configure STP (Spanning Tree Protocol)/RSTP (Rapid Spanning Tree
Protocol) on the Corecess S5 System.
9 Understanding STP and RSTP 16-2
9 Configuring STP 16-10
9 Configuring RSTP 16-22
9 STP and RSTP Configuration Commands 16-30

Understanding STP and RSTP
STP Overview
Introduction
A network that has several paths for one destination is fault-tolerant. It is because packets can
be transmitted through other paths even if one of paths can not be used on the network. But,
loops might occur on the network. If a loop is occurs between two nodes, when packets are
broadcasted, the packet transmission is repeated infinitely. Because of the loop, the network can
be congested, then the network becomes instable.
In the following network configuration, there are two paths from Switch A to Switch C. One of
the path is path 2 connected directly and the other path is path 1 and path 2 through Switch B.
A loop is formed in this network because multiple active paths exist between Switch A and
Switch C. In this network, end stations might receive duplicate messages. For example, if Switch
A broadcasts packets, Switch C broadcasts the received packets to Switch A, and Switch A
broadcast the packets again.
Switch A
Path 1 Path 2
Path 3
Switch B Switch C
STP (Spanning Tree Protocol) prevents the loop on the network in which several paths are
existed. STP defines a tree with a root switch. When two interfaces on a switch are part of a loop,
the spanning-tree port priority and path cost settings determine which interface is put in the
forwarding state and which is put in the blocking state. Spanning tree forces redundant data
paths into a standby (blocked) state. Therefore, when traffic is processed, packets are only
transmitted through paths of non-blocking state.

If the path 3 is blocked in the network configuration mentioned previously, you can have a
loop-free path between Switch A and Switch C as follows:
Switch A
Path 2
(Forwarding)
Path 1
(Forwarding)
Path 3
Switch B (Blocking) Switch C
Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at
regular intervals. The switches do not forward these frames, but use the frames to construct a
loop-free path.
If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree
algorithm recalculates the spanning-tree topology and activates the standby path.
BDPU(Bridge Data Protocol Unit)
Spanning tree consists of a root switch, designated switches, root port, and designated ports.
The root switch is the logical center of the spanning-tree topology in a switched network. A
designated switch is a switch used to forward packets from that LAN to the root switch. A root
port is a forwarding port elected for the spanning-tree topology. A designated port is a
forwarding port elected for every switched LAN segment.
Root Switch
Root Port Root Port
Designated Designated
Switch Switch
Designated Port
Designated
Switch
Configuring STP and RSTP 16-3

When the switches in a network are powered up, each function operates as the root switch.
Each switch sends a configuration BPDU through all of its ports. The BPDUs communicate and
compute the spanning-tree topology. Each configuration BPDU contains this information:
- Unique bridge ID of the switch that the sending switch identifies as the root switch
- Spanning-tree path cost to the root
- Bridge ID of the sending switch
- Aging time of BPDU
- Interface ID that transmits BPDU
- Spanning tree timer values (Hello, Forward delay, Max-age)
Bridge ID determines the selection of the root switch. Each VLAN on the switch has a unique 8-
byte bridge ID; the two most-significant bytes are used for the switch priority, and the
remaining six bytes are derived from the switch MAC address. The switch with the highest
switch priority (the lowest numerical priority value) is elected as the root switch. If all switches
are configured with the default priority (32768), the switch with the lowest MAC address in the
VLAN becomes the root switch.
Path cost determines the selection of the root port and designated switch. The port that provides
the best path (lowest cost) when the switch forwards packets to the root switch is called the root
port. The switch that provides the lowest path cost when forwarding packets from that LAN to
the root switch is called the designated switch. The port through which the designated switch is
attached to the LAN is called the designated port.
A root port is selected for each switch (except the root switch). This port provides the best path
(lowest cost) when the switch forwards packets to the root switch.
BPDU has three spanning-tree timers (hello, forward delay, max age). The following table
describes the timers that affect the entire spanning-tree performance:
Table 16-1 STP Timers
Timer Description
When this timer expires, the interface sends out a Hello message to the neighboring
Hello timer
nodes.
Forward delay Determines how long each of the listening and learning states last before the
timer interface begins forwarding.
Determines the amount of time the switch stores protocol information received on an
Max age timer
interface.

Spanning-Tree Port States
Each port on the switch using spanning tree exists in one of these states:
• Blocking: The port does not participate in frame forwarding. (Default state)
• Listening: The first transitional state after the blocking state when the spanning tree
determines that the port should participate in frame forwarding.
• Learning: The port prepares to participate in frame forwarding.
• Forwarding: The port forwards frames.
• Disabled: The port is not participating in spanning tree because of a shutdown port, no link on
the port, or no spanning-tree instance running on the port.
The following picture shows process of five port states.
Blocking State
BPDU Transmission
Listening State Disabled

리스닝 상태 State
Forward delay (Listening State)
Learning State
Forward delay
Forwarding State
A port that STP is operating always starts at the blocking state. When a switch is initialized, the
switch assumes that the switch is the root switch and transmits BPDU to connected devices
through all ports. Ports of the blocking state discards all frames except BPDU. Ports that receive
BPDU become the listening state.
Ports of the listening state exchange BPDUs with other devices and select the root switch. Then,
after forward delay time is passed, the listening state becomes the learning state.

Ports of the learning state learn MAC addresses to transmit frames. Then, after forward delay
time is passed, the learning state becomes the forwarding state. Frames that are received before
ports become the forwarding state are discarded. After the forwarding, received frames are
transmitted through ports.
Ports of the disabled state do not participate in the spanning tree. These ports neither transmit
or receive BPDUs and do not transmit frames.
Selecting Path
The STP uses a spanning-tree algorithm to select one switch of a redundantly connected
network as the root of the spanning tree. The algorithm calculates the best loop-free path
through a switched Layer 2 network by assigning a role to each port based on the role of the
port in the active topology.
When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost
settings determine which interface is put in the forwarding state and which is put in the
blocking state. The port priority value represents the location of an interface in the network
topology and how well it is located to pass traffic. The path cost value represents media speed.
Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment
in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates
the spanning-tree topology and activates the standby path.

RSTP (Rapid Spanning Tree Protocol)

While STP is enabled, and BPDU is spread, topology is changed continuously on other parts of
the network. It takes a lot of time that the changed topology is applied to spanning tree. RSTP
802.1W improve disadvantage of STP.
The key difference between STP and RSTP is the transition states of a port. STP moves a port
from the blocking state to the forwarding state after the listening and the learning state. RSTP
reduces the transition steps by moving directly a port from the blocking state to the forwarding
state. This allows rapid reconfiguration capability when the topology has changed.
Port State of RSTP
There are three port states - discarding, learning, forwarding - in RSTP 802.1W. The learning
state and the forwarding state are the same as the states of STP, and the discarding state
includes the disable state, the blocking state and the listening state of STP. The following table
provides a comparison of STP and RSTP port states.
Table 16-2 Comparison of STP and RSTP port states
Is Port Included in the Is port learning MAC

STP Port State RSTP Port State Operational Status
Active Topology? Addresses?
Blocking Discarding Enabled No No
Listening Discarding Enabled No No
Learning Learning Enabled No Yes
Forwarding Forwarding Enabled Yes Yes
Disabled Discarding Disabled No No

Default STP Configuration

By default, RSTP is enabled on all VLANs of the Corecess S5 System. The following table shows
the default STP configuration.
Table 16-3 Default STP Configuration
Feature Default Setting
VLAN STP State RSTP is enabled by default on all VLANs.
Port STP State Disabled
VLAN ID (Switch priority) 32768
Spanning-tree port priory 128
10Mbps 2,000,000
Spanning-tree port 100Mbps 200,000

cost 1Gbps 20,000
10Gbps 2,000
Encoding method for port cost 32 bit (1 ~ 200,000,000)
Hello time 2 seconds
Timer Forward delay 15 seconds
Max age 20 seconds
Admin Edge Disabled
STP Version RSTP version 2

Configuring STP
Configuring STP
This section describes how to configure spanning-tree features on the Corecess S5 System.
Procedures for STP Configuration

You can configure the following STP features on the Corecess S5 System:
y Enable STP
y Enabling or Disabling STP on a port
y Setting the bridge ID
y Configuring the path cost
y Configuring STP encoding
y Configuring the port priority
y Setting spanning tree timers (Hello time, Max age, Forward delay)
Enabling STP
You can enable or disable STP on a per-VLAN basis. RSTP is enabled by default on the default
VLAN and on all newly created VLANs. By default, RSTP is enabled in the Corecess S5 System.
To operate STP, enable STP first, then set protocol version to STP.
To operate STP, use the following commands.
Table 16-4 Enabling STP on a VLAN
Command Task
2. Enable STP on the specified VLAN.

stp vlan id <vlan-id>
stp protocol-version 3. Set spanning tree protocol to STP.

stp vlan id <vlan-id> y <vlan-id> VLAN의 ID (1 ~ 4094)
end 4. Enter Privileged mode.
show stp vlan {all |

5. Verify STP configuration.
id <vlan-id>}

Configuring STP
The following example shows how to enable STP on a VLAN:
(config)# stp vlan id 1
(config)# stp protocol-version stp vlan id 1
(config)# end
# show stp vlan id 1
VLAN ID: 1
Protocol Operation: enabled
STP version: stpCompatible(0)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001020000DB
Time since topology change: 1539(s)
.
.
.
#
Disable STP only if you are sure there are no loops in the network topology . When STP is
disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance. To disable STP on a per-VLAN basis,
enter the no stp vlan command in Global configuration mode. The following example
shows how to disable STP on the VLAN whose ID is 1:
(config)# no stp vlan id 1

(config)#
If you disable STP on a VLAN, STP is disabled on all ports belongs to the VLAN.

Configuring STP
Enabling or Disabling STP on a Port

If you enable STP on a VLAN, the change does not affects all ports belong to the VLAN.
Therefore you should enable STP on all Ethernet ports within the VLAN.
To enable STP on a port, use the following commands.
Table 16-5 Enabling STP on a port
Command Task
Port gigabitethernet 2. Enable STP on the specified Ethernet port.

<slot>/<port> stp y <slot>/<port> Slot/port number of the port
show stp port <port-

type> <slot>/<port>
The following example enables STP on the port 5/1 and 5/2:
(config)# port gigabitethernet 5/1 stp

(config)# port gigabitethernet 5/2 stp
(config)# end
# show stp port gigabitethernet 5/1
Link State: up
Port Number(logical): 257
Port Priority: 0x08
.
.
To disable STP on a specific port, enter the no stp port command in Global configuration
mode. The following example disables STP on the Gigabit Ethernet port 5/1 ~ 5/2:
(config)# no stp port gigabitethernet 5/1-2

(config)#

Configuring STP
Setting the Bridge ID (Priority)

You can configure the bridge ID for individual VLANs. Bridge ID is used to identify the root
bridge in a spanning tree. The default bridge priority for all VLANs on the Corecess S5 System
is ‘32768’. The bridge with the lowest value has the highest priority and is the root. To make the
switch the root bridge, set the bridge ID to the lowest value. If you change the bridge ID, the
spanning tree for the VLAN is reconfigured.
To change the bridge IS of a VLAN, use the following commands.
Table 16-6 Setting the Bridge ID
Command Task
stp bridge-priority 2. Set the bridge ID for a specific VLAN.

<priority> vlan id y <priority> Priority of the bridge (0 ~ 65535)
<vlan-id> y <vlan-id> VLAN ID (1 ~ 4094)
show stp vlan id

<vlan-id>
The following example shows how to set bridge ID for a VLAN to 3000 (hexa-decimal : 0x0BB8):
(config)# stp bridge-priority 3000 vlan id 2
(config)# end
VLAN ID: 2
Root Bridge: yes
STP version: rstp(2)
BridgeID: 0x0BB8-0001AB0DEF11
Topology changes: 2
Designated Root BridgeID: 0x8000-0001AB0DEF11
Root Path Cost: 0
.
.
#

Configuring STP
To restore the bridge ID for a VLAN to the default priority (32768, hexa decimal : 0x8000), enter
the no stp bridge-priority command.
(config)# no stp bridge-priority vlan id 2

(config)# end
VLAN ID: 2
Root Bridge: yes
BridgeID: 0x8000-0090A3000004
Topology changes: 0
.
.
.
#
Configuring the Path Cost

When spanning tree is configured, if there are over two paths, lower cost of the path is selected.
By default, path cost of a port is decided by physical link speed as follows:
y Ethernet link (10Mbps): 100
y Fast Ethernet link (100Mbps): 19
y Gigabit Ethernet link (1Gbps): 4
If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.
To configure the path cost for the specified port, use the following commands.
Table 16-7 Configuring the path cost
Command Task
port <port-type> 2. Set the path cost for a specific port..

gigabitethernet y <slot>/<port> slot/port number of a port

Configuring STP
Command Task
pathcost <path-cost> y <path-cost> path cost of a port (1 ~ 65525).

type> <slot>/<port>
The following example shows how to set the path cost for the Gigabit Ethernet port 5/1 to 10:
(config)# port gigabitethernet 5/1 pathcost 10

(config)# end
Link State: up
Port State: forwarding(5)
Port Role: RootPort
Mother BridgeID: 0x8000-0090A3000003
Port Priority: 0x8
Designated Root BridgeID: 0x8000-004455CCDD00
Designated Path Cost: 10
Designated BridgeID: 0x8000-0090A3040000
Designated PortID: 0x8018
AdminEdge: false
OperEdge: false
AdminPointToPoint: auto(2)
OperPointToPoint: true
#
Recommendation: We recommend that you set the path cost as follows according to the running STP
protocol version and the media speed of the port:
Port Speed Range

10Mbps 50~ 600
100Mbps 10 ~ 60
1Gbps 3 ~ 10
10Gbps 1~5

Configuring STP
Configuring STP Encoding

While STP calculates path cost using 16 bits (1~65,535), RSTP calculates path cost using 32 bits
(1~200,000,000). Therefore the path cost is not compatible between STP and RSTP. You can not
configure the STP encoding mode for individual VLANs and the change affects to all spanning
trees.
Table 16-8 Configuring STP encoding mode
Command Task
stp pathcost-encoding
2. Configure the type of STP encoding mode.
stp8021d1998
show stp vlan id

<vlan-id>
The following example shows how to configure the type of STP encoding mode to 16 bits:
(config)# stp pathcost-encoding stp8021d1998

(config)# end
VLAN ID: 1
Root Bridge: yes
BridgeID: 0x8000-0090A3000003
.
.
#

Configuring STP
Configuring the Port Priority

If all ports have the same path cost, spanning tree uses the port priority when selecting a port to
put into the forwarding state. You can assign higher priority values (lower numerical values) to
ports that you want selected first, and lower priority values (higher numerical values) that you
want selected last.
To configure priority of the specified port, use the following commands.
Table 16-9 Configuring the port priority
Command Task
port gigabitethernet 2. Set priority of a port.

<slot>/<port> y <slot>/<port> slot number/port number
priority <priority> y <priority> Priority of a port (0 ~ 15).

type> <slot>/<port>
The following example shows how to configure the port priority of the Gigabit Ethernet port
5/1 to ‘1’:
(config)# port gigabitethernet 5/1 priority 1

(config)# end
Link State: up
Port Role: RootPort
Port Priority: 0x1
.
.

Configuring STP
Setting Spanning Tree Timers

BPDU contains spanning tree timers (hello, forward delay, and max-age timers) that affect the
performance of the entire spanning tree. By default, the following values are set to the timers:
y Hello Timer : 2 seconds

y Max age Timer : 20 seconds
y Forward delay Timer : 15 seconds
You can set spanning tree timers for individual VLANs. To set STP timers for a specified VLAN,
use the following commands.
Table 16-10 Setting spanning tree timers
Command Task
2. Set STP hello timer for the specified VLAN.

stp hello-time <value>
y <value> STP Hello Time (1 ~ 10 seconds)
vlan id <vlan-id>
3. Set STP max age timer for the specified VLAN

stp max-age <value>
vlan id <vlan-id> y <value> STP Max Age time (6 ~ 40 seconds)
4. Set STP forward delay timer for the specified VLAN.
stp forward-delay <value>
y <value> STP forward delay time (4 ~ 30 seconds)
vlan id <vlan-id>
show stp vlan id

<vlan-id>
The following example shows how to set spanning tree timers for a VLAN:
(config)# stp hello-time 5 vlan id 2

(config)# end
VLAN ID: 2
Root Bridge: yes
BridgeID: 0x8000-0001AB0DEF11

Configuring STP

Topology changes: 2
Root Path Cost: 0
Root Port Number(logical): 0
MaxAge: 20(s)
HelloTime: 2(s)
ForwardDelay: 15(s)
Bridge MaxAge: 20(s)
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 15(s)
.
.
#
To return the STP hello timer value to the default value, use the no stp hello-time
(config)# no stp hello-time vlan id 2

(config)#
The following example shows how to set the STP forward delay timer to 20 seconds for the
VLAN that ID is 2.
(config)# stp forward-delay 20 vlan id 2

(config)# end
VLAN ID: 2
Root Bridge: yes
.
.
ForwardDelay: 15(s)
.
.
#

Configuring STP
To return the STP forward delay timer value to the default value, use the no stp forward-
time command in Global configuration mode.
(config)# no stp hello-delay vlan id 2

(config)#
The following example shows how to set the STP max age timer to 30 seconds for the specified
VLAN that ID is 2.
(config)# stp max-age 30 vlan id 2

(config)# end
VLAN ID: 2
Root Bridge: yes
Topology changes: 2
Root Path Cost: 0
Root Port Number(logical): 0
MaxAge: 20(s)
HelloTime: 2(s)
ForwardDelay: 15(s)
.
.
#
To return STP max age timer value to the default value, use the no stp max-age command in
(config)# no stp max-age vlan id 2

(config)#

Configure RSTP
Configure RSTP
This section describes how to configure RSTP on the Corecess S5 System.
Configuration Procedure of RSTP

The following procedure describes how to configure RSTP.
y Enabling RSTP on a VLAN
y Enable STP on a port
y Setting the bridge ID
y Configuring the path cost
y Configuring STP encoding
y Configuring the port priority
y Setting spanning tree timers (Hello time, Max age, Forward delay)
y Configuring spanning tree protocol type
y Configuring edge port
In the configuration procedure, ‘Enable STP on a port’, ‘Setting the bridge ID’, ‘Configuring the port priority’
and ‘Setting spanning tree timers (Hello time, Max age, Forward delay)’ are explained in the previous
section.
Enabling RSTP on a VLAN

You can enable or disable RSTP on a per-VLAN basis. RSTP is enabled by default on all VLANs
and on all newly created VLANs. Because RSTP is enabled by default, there is no additional
configuration. If you disable RSTP and enable RSTP again on a VLAN, use the following
commands.

Configure RSTP
Table 16-11 Enabling RSTP on a VLAN
Command Task
2. Enable RSTP on a specified VLAN.

stp vlan id <vlan-id>
show stp vlan {all | id

<vlan-id>}
The following example shows how to enable RSTP on the VLAN whose ID is 2:
(config)# stp vlan id 1
(config)# end
VLAN ID: 1
BridgeID: 0x8000-0001020000DB
Topology changes: 0
.
.
#
Disable RSTP only if you are sure there are no loops in the network topology . When RSTP is
disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance. To disable RSTP on a per-VLAN basis,
enter the no stp vlan command in Global configuration mode. The following example
shows how to disable RSTP on the VLAN whose ID is 2:
(config)# no stp vlan id 1

(config)#
If you disable RSTP on a VLAN, STP is disabled on all ports belongs to the VLAN.

Configure RSTP
Configuring the Path Cost

When spanning tree is configured, if there are over two paths, lower cost of the path is selected.
By default, path cost of a port is decided by physical link speed as follows:
y Ethernet link (10Mbps): 2,000,000
y Fast Ethernet link (100Mbps): 2000,000
y Gigabit Ethernet link (1Gbps): 20,000
If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.
To configure the path cost for the specified port, use the following commands.
Table 16-12 Configuring the path cost
Command Task
port gigabitethernet 2. Set the path cost for a specific port..

<slot>/<port> y <slot>/<port> slot/port number of a port
pathcost <path-cost> y <path-cost> path cost of a port (1 ~ 65525).
show stp port

gigabitethernet 4. Verify the configuration result.
<slot>/<port>
The following example shows how to set the path cost for the Gigabit Ethernet port 5/1 to
20000:
(config)# port gigabitethernet 5/1 pathcost 20000

(config)# end
Link State: up
Port Role: RootPort

Configure RSTP

Port Priority: 0x8
AdminEdge: false
OperEdge: false
#
Recommendation: We recommend that you set the path cost as follows according to the running RSTP
protocol version and the media speed of the port:
Port Speed Range

10Mbps 200000 ~ 20000000
100Mbps 20000 ~ 2000000
1Gbps 2000 ~ 200000
10Gbps 200 ~ 20000

Configure RSTP
Configuring RSTP Encoding

While STP calculates path cost using 16 bits (1~65,535), RSTP calculates path cost using 32 bits
(1~200,000,000). Therefore the path cost is not compatible between STP and RSTP. By default,
RSTP is enabled, so path cost of 32 bits are used in the Corecess S5 System, but encoding of path
cost can generally be changed to 16 bits for STP compatible. To change path cost to 16 bits, refer
table 15-8 Configuring STP encoding mode. You can not configure the STP encoding mode for
individual VLANs and the change affects to all spanning trees.
To change path cost of 16 bits to path cost of 32 bits again, use the following commands.
Table 16-13 Configuring RSTP encoding mode
Command Task
stp pathcost-encoding
2. Configure the type of RSTP encoding mode.
stp8021t2001
show stp vlan id

<vlan-id>
The following example shows how to configure the type of STP encoding mode to 32 bits:
(config)# stp pathcost-encoding stp8021t2001

(config)#

Configure RSTP
Configuring Spanning Tree Protocol Type

The Corecess S5 System supports both 802.1D STP and 802.1W RSTP. By default, spanning tree
protocol that is operating on a VLAN is 802.1W TSTP. For compatible of other device or other
reasons, you can set STP to operate on a particular VLAN.
To set spanning tree protocol to STP on a particular VLAN, use the following commands.
Table 16-14 Configuring Spanning Tree Protocol Type
Command Task
stp protocol-version 2. Set spanning tree protocol to STP on the specified VALN.
stp vlan id <vlan-id> y <vlan-id> VLAN ID (1 ~ 4094)
show stp vlan id

<vlan-id>
The following example shows how to set spanning tree protocol to STP on the VLAN whose ID
is 2:
(config)# stp protocol-version stp vlan id 2

(config)# end
VLAN ID: 2
Root Bridge: yes
STP version: stpCompatible(0)
.
.
.
#

Configure RSTP
Configuring an Edge Port

The Corecess S5 System allows ports that are configured as Edge ports to be present in an RSTP
topology. STP edge ports are bridge ports that do not need STP enabled, where loop protection
is not needed out of that port or an STP neighbor does not exist out of that port.
Edge ports assume designated port roles. Port flapping does not cause any topology change
events on Edge ports since RSTP does not consider Edge ports in the spanning tree calculations.
However, if any incoming BPDU is received from a previously configured Edge port, RSTP
automatically makes the port as a non-edge port. This is extremely important to ensure a loop
free Layer 2 operation since a non-edge port is part of the active RSTP topology.
To configure an edge port, use the following commands:
Table 16-15 Configuring an Edge Port
Command Task
stp adminEdge port

2. Configures a port as an Edge port.
gigabitethernet
y <slot>/<port> The slot number and port number of the port
<slot>/<port>

type> <slot>/<port>
The following example shows how to configure the Gigabit Ethernet port 5/1 as an Edge port:
(config)# stp adminEdge port gigabitethernet 5/1

(config)# end
Corecess # show stp port gigabitethernet 5/1
Link State: up
Port Role: DesignatedPort
Mother BridgeID: 0x8000-0001AB0DEF11
Port Priority: 0x8

Configure RSTP

Designated BridgeID: 0x8000-0001AB0DEF11
AdminEdge: true
OperEdge: true
.
.
#

STP and RSTP Configuration Commands
STP and RSTP Configuration Commands

The following table lists the commands for configuring STP or RSTP on the Corecess S5 System:
Table 16-16 STP and RSTP Configuration Commands
Command Description
port pathcost Sets the spanning-tree port path cost for the specified port.
port priority Sets the spanning-tree port priority for the specified port.
Enables or disables STP(Spanning Tree Protocol) on the specified

port stp
Ethernet port.
show stp port Displays spanning-tree information for the specified port.
show stp vlan Displays spanning-tree information for the specified VLAN interface.
stp adminEdge port Configures a port as an Edge port.
stp bridge-priority Sets the bridge ID for a VLAN.
stp forward-delay Sets the bridge forward delay for a VLAN.
stp hello-time Sets the bridge hello time for a VLAN.
stp max-age Sets the bridge maximum aging time for a VLAN.
stp pathcost-encoding Configures the type of Spanning Tree Protocol encoding mode.
Configure the type of Spanning Tree Protocol mode to run for a specific
stp protocol-version
VLAN.
stp vlan Enables the spanning tree algorithm for a specific VLAN.

Chapter 17 Configuring VRRP
This Chapter describes how to configure VRRP (Virtual Router Redundancy Protocol) on the Corecess S5
System.
9 Configuring VRRP 17-2
9 Displaying VRRP Information 17-13
9 VRRP Commands 17-14

Configuring VRRP
Configuring VRRP
This section overviews VRRP (Virtual Router Redundancy Protocol) and describes how to
configure VRRP on the Corecess S5 System.
VRRP (Virtual Router Redundancy Protocol) Overview

VRRP is a protocol that provides redundancy to routers within a LAN. VRRP allows you to
provide alternate router paths for a host without changing the IP address or MAC address by
which the host knows its gateway.
The VRRP router controlling the IP addresses associated with a virtual router is called the
Master. The Master forwards packets on behalf of these IP addresses. VRRP supports one IP
address for each virtual router. VRRP provides redundant gateways without any changes to the
host's configuration while supporting standard based routing protocols. As a result, any of the
virtual router's IP addresses on a LAN can then be used as the default first hope router by end
host.
The following figure shows a basic VRRP configuration uses a single VRID (VRID 1):
Subnet 2
RTA (Master) RTB (Backup)
Interface address: 10.0.0.1/8 Interface address: 10.0.0.2/8

VRID 1 address: 10.0.0.1 VRID 1 address: 10.0.0.1
VRID 1
10.0.0.1
Default gateway:
Subnet 1 10.0.0.1/8

Configuring VRRP
Because RTA is the address owner, it serves as the master. RTB is the backup. The three end
hosts on subnet 1 are configured to use 10.0.0.1/8 as the default router. IP address 10.0.0.1 is
associated with VRID 1.
As shown in this example, if RTA becomes unavailable, RTB takes over VRID 1 and its
associated IP addresses. Packets sent to IP destinations outside the 10.x.x.x subnet using 10.0.0.1
as the router are then forwarded by RTB. Even though RTB assumes RTA's forwarding
responsibilities, it never processes any packet with destination address (DA) 10.0.0.1. When
RTA becomes active again, it takes over as the master and RTB reverts to backup.
Configuring VRRP 17-3

Configuring VRRP
Configuring VRRP
This section describes how to configure VRRP on the Corecess S5 System.
Configuration Rules for VRRP
When configuring VRRP on the Corecess S5 System, consider the following contents.
y The interfaces of all routers in a VRID must be in the same IP sub-net.
y The IP addresses associated with the VRID must already be configured on the router that will be
the Master router.
y The IP addresses associated with the VRID must be on only one router
y The VRRP advertisement interval must be set to the same value on both the Master and Backups
for the VRID.
VRRP Configuration Task List
To configure VRRP, perform the following tasks:
1. Configuring IP interfaces
2. Creating a virtual router
3. Configuring IP address and operation mode for the virtual router
4. Setting priority for the virtual router (Optional)
5. Setting the time interval for the advertisement packet. (Optional)
6. Setting priority for the virtual router (Optional)
7. Setting authentication mode of the VRRP router. (Optional)
8. Enabling the virtual router

Configuring VRRP
Configuring the IP Interface
Before you configure VRRP, you must configure an IP interface and assign a primary IP address
and subnet mask. To configure an IP interface and IP address, use the following commands:
Table 17-1 Configuring the IP interface
Command Task
interface vlan {id <vlan- 2. Enter Interface configuration mode.

id> | name <vlan-name>} y <vlan-id> VLAN ID (1 ~ 4094)
3. Assigns IP address and subnet mask to the VLAN interface.
ip address <ip-address/<M> y <ip-address> IP address for the VLAN interface
y <M> Subnet mask
show interface 5. Verify the IP interface configuration.
The following example shows how to configure the VLAN interface and assign a primary IP
address and subnet mask:

(config-if)# end
# show interface
index 0 kernel index 2 metric 1 mtu 1514 <BROADCAST,MULTICAST>
HWaddr: 00:90:a3:27:48:3c
collisions 0
Interface vlan1
HWaddr: 00:90:ac:0b:00:02
inet 10.0.0.1/8 broadcast 10.255.255.255
collisions 0

Configuring VRRP
Creating a Virtual Router
To create a VRRP virtual router on the Corecess S5 System, use the following command:
Table 17-2 Creating a virtual router
Command Task
router vrrp 2. Create a VRRP virtual router and enter VRRP configuration mode.
<virtual-router-id> y <virtual-router-id>: The identifier of the virtual router to create.
(1 ~ 255)
show vrrp 4. Verify the VRRP virtual router configuration.
The following example creates a virtual router with an identifier (VRID) of 1 and enters VRRP
configuration mode:
(config)# router vrrp 1
(config-vrrp)# end
# show vrrp
VrId <1>
State is Initialize
Virtual IP is unset
Interface is unset
Priority is unset
Advertisement interval is unset
Preempt mode is TRUE
#
Note: To remove a virtual router, use the no router vrrp command.

Configuring VRRP
Configuring the IP Address and Operation Mode
After creating a virtual router, specify the IP address and operation mode for the virtual router.
If the operation mode for the virtual router is master, you should specify the IP address for the
Master router to the real IP address configured on the Master router.
To configure the IP address and operation mode for the virtual router, use the virtual-ip
command in VRRP configuration mode:
Command Description
virtual-ip y <ip-address>: IP address for the VRRP virtual router

<ip-address> {master y master: Specifies the virtual router as the Master router.
| backup} y backup: Specifies the virtual router as the Backup router.
The following example configures the IP address for the Master router to the IP address 10.0.0.1
of the default VLAN interface:
(config-vrrp)# virtual-ip 10.0.0.1 master

(config-vrrp)#
Setting Priority for the Virtual Router
The priority for the virtual router is used to elect the Master router. If two backup routers have
the same priority, the router that has the highest primary address becomes the master.
The default value for the Master is 255 and the default value for the Backups is 100. To
configure priority for the virtual router, use the priority command in VRRP configuration
mode.
Command Description
priority <priority> y <priority>: Priority value of the VRRP router. The range is 1 ~ 255.
The following example sets the priority for the virtual router to 254:

(config-vrrp)# priority 254
(config-vrrp)#

Configuring VRRP
Setting the Time Interval for the Advertisement Packet
VRRP Advertisement packet is transmits periodically to advertise operation status of a router.
The advertisement interval must be the same across the set of VRRP routers that are associated
with a single VRID. Backup routers must have the same advertisement interval as the Master
router.
The default VRRP advertisement interval is 1 second. To configure the VRRP advertisement
interval time, use the advertisement-interval command in VRRP configuration mode.
Command Description
advertisement-interval
y <seconds>: VRRP advertisement period in seconds (1 ~ 10 seconds)
<seconds>
The following example Sets the interval time between sending advertisement packets to 5
seconds:

(config-vrrp)# advertisement-interval 5
(config-vrrp)#
Preempting the Master Virtual Router
Even if the master router has already been decided, if there is a backup router that has higher
priority, preempt mode decides whether the backup router should be specified as a master
router.
By default, preemption is enabled. To configure preemption, use the preempt-mode

command in VRRP configuration mode:
Command Description
y true If there is a backup router that has higher priority, the backup router is
preempt-mode specified as a master router.
{true | false} y false Even if there is a backup router that has higher priority, the backup
router can not be specified as a master router.

Configuring VRRP
The following example shows how to set the preempt mode to false:
(config-vrrp)# preempt-mode false

(config-vrrp)#
Configuring Authentication for the Virtual Router
The Corecess S5 System supports the following authentication types:
y None : Transmit/receive VRRP packets without authentication.
y Simple Password : Authenticate using the specified characters (authentication key). When a
VRRP packet is transmitted and received, compare the authentication key and VRRP packet
key. If the VRRP packet has no key, or the authentication key does not match with the VRRP
packet key, the VRRP packet is discarded.
The Corecess S5 System uses Simple Password by default. To set the authentication type and
(optionally) an authentication key to be used by a VRRP virtual router, use the following
commands in Interface configuration mode:
Command Description
ip vrrp authentication y <auth-mode> : VRRP authentication mode

mode <auth-mode> - text : Simple text password.
ip vrrp authentication y <key> : The authentication key to use when sending and
string <key> receiving VRRP packets. (1 ~ 8 character)
The following example shows how to specify simple password for VRRP authentication on the
default VLAN interface whose ID is 1.
(config)# interface vlan_id 1

(config-if)# ip vrrp authentication mode text
(config-if)# ip vrrp authentication string corecess
(config-if)#
Note: To disable authentication, use the no ip vrrp authentication command in Interface

configuration mode.

Configuring VRRP
Enabling the Virtual Router
After configure all VRRP parameters, enable the virtual router on the interface owns the IP
address of the virtual router as follows:
Table 17-3 Enabling the virtual router
Command Task

{id <vlan-id> | y <vlan-id>: VLAN ID (1 ~ 4094)
name {vlan-name>} y <vlan-name>: VLAN name
ip vrrp 2. Enable a specific VRRP instance on the VLAN interface.
<virtual-roiter-id> y <virtual-router-id>: Virtual router ID (1 ~ 255)
exit 3. Return to Privileged mode.
router vrrp 4. Verify the virtual router configuration.
The following example enables the VRRP instance 1 on the VLAN interface:

(config-if)# ip vrrp 1
(config-if)# end
# show vrrp
VrId <1>
State is Shutdown
Virtual IP is 10.0.0.1 (IP owner)
Interface is vlan1
Priority is 255
Advertisement interval is 1 sec
#
Setup VRRP tracking interface
When Uplink interface of VRRP master router becomes down due to failure, VRRP backup
router should be enabled to converted to new VRRP master. For this, monitor Up/Down
function of Uplink interface by setting VRRP Track function on Uplink interface.
VRRP tracking interface sets VRRP Virtual Router Id on Uplink Interface to monitor failure, and
when interface is down, sets Priority Delta value to be decreased. When relevant interface of
VRRP master router is down, decrease priority value as much as Priority Delta value, and when
priority value of VRRP backup router is higher than mater router, backup router is converted to

Configuring VRRP
new VRRP master router.
VRRP Tracking interface is activated by following commands
Command Operation
interface vlan 1. Enter Interface configuration mode

{id <vlan-id> | name {vlan- y <vlan-id> VLAN ID (1 ~ 4094)
name>} y <vlan-name> Name of VLAN
2. Activate Tracking of VRRP assigned in Uplink interface.
ip vrrp <virtual-router-id> y <virtual-router-id> ID of virtual router(1 ~ 255)
tracking decrement <1-253> y <1-253> Priority Delta
exit 3. Return to Privileged mode

show vrrp 4. Check virtual router configuration
The followings are examples of activating Tracking interface on VRRP virtual router.
(config-if)# ip vrrp 1 tracking decrement 50
(config-if)# end
# show vrrp
VrId <1>
State is Shutdown
Interface is vlan1
Priority is 255
Tracking Interface vlan10, Priority Delta 50, Status UP
#
The following are example of releasing setup of VRRP Tracking interface.
(config-if)# no ip vrrp 1 tracking
(config-if)# end

Configuring VRRP
VRRP Configuration Example
Internet Internet
RTA (Master) RTB (Backup)
Interface: VRRP_1 (VLAN ID:2) Interface: VRRP_2 (VLAN ID:3)

GE 5/1 GE 5/1
IP address: 192.53.5.1/32 IP address: 192.53.5.3/32
VRID: 1 VRID: 1
IP address: 192.53.5.1 IP address: 192.53.5.1
Priority: 255 Priority: 100
Default gateway:
192.53.5.1/16
RTA
(config)# vlan id 2 name VRRP_1
(config-if)# exit
(config-vrrp)# virtual-ip 192.53.5.1 master
(config-vrrp)# exit
(config-if)# end
# show vrrp
VrId <1>
State is Master
Interface is vlan2

Configuring VRRP
Priority is 255
#
RTB
(config)# vlan id 3 name VRRP_2
(config-if)# exit
(config-vrrp)# virtual-ip 192.53.5.1 backup
(config-vrrp)# exit
(config-if)# end
# show vrrp 1
VrId <1>
State is Backup
Virtual IP is 192.53.5.1 (Not IP owner)
Interface is vlan3
Priority is 100
#

Displaying VRRP Configuration Information

This section describes how to display the VRRP configuration information on the Corecess S5
System.

To display the VRRP configuration information, use the show vrrp command in Privileged
mode. The following example displays configured VRRP information:
# show vrrp 1
VrId <1>
State is Master
Interface is vlan2
Priority is 255
Tracking Interface vlan10, Priority Delta 50, Status UP
#
The following table describes the fields in the show vrrp command output:
Table 17-4 show vrrp Field Description
Field Description
The VRID configured on this interface. If multiple VRIDs are configured on

VrId
the interface, information for each VRID is listed in a separate row.
The VRRP state for the VRID. The state can be one of the following:
State - Backup: This switch is a Backup for the VRID.
- Master: This switch is the Master for the VRID.
Virtual IP The virtual IP address that is being backed up by the VRID.
The interface on which VRRP is configured. If VRRP is configured on

Interface
multiple interfaces, information for each interface is listed separately.
Priority The current VRRP priority for the VRID (0 ~ 255)
Advertisement interval VRRP advertisement packet interval (1 ~ 10 seconds)
preempt mode Indicates whether to preemption is enabled or not.
Tracking Interface Tracking interface of virtual router

VRRP Commands
VRRP Commands
The following table lists the commands for configuring VRRP on the Corecess S5 System and
displaying VRRP configuration:
Table 17-5 VRRP commands
Command Description
advertisement-interval Configures the VRRP advertisement interval time.
clear ip vrrp Clears VRRP configuration.
ip vrrp Configures a VRRP virtual router on an interface.
ip vrrp authentication
Configures the authentication type for a virtual router interface.
mode
ip vrrp authentication Sets the authentication key or password to be used by a VRRP

string virtual router.
preempt-mode Configures preemption for a virtual router.
priority Configures priority for a virtual router.
router vrrp Creates a VRRP virtual router and enter VRRP configuration mode.
shutdown Shutdowns a VRRP router.
show vrrp Displays VRRP information.
virtual-ip Configures the IP address and operation mode for a virtual router
ip vrrp tracking
Activate Tracking interface of VRRP virtual router
decrement

VRRP Commands

Chapter 18 Redundancy Configurating
This chapter explains how to Redundancy in Corecess S5 system
9 Redundancy Configurating 18-2
9 Redundancy Configuration Information Outputting 18-15
9 Redundancy Configuration Instructions 18-17

Redundancy Configurating
This clause introduces the ‘Redundancy’ provided from Corecess S5 System, and reviews how
to configure redundancy.
Redundancy
Corecess S5 System supports various redundancies such as POWERE, FAN, Control

Module, EPON LineCard and others.
The Control Module Redundancy of Corecess S5 System redundates the two Control
Modules between No.9 slot (A-Side SCM) and No.10 slot (B-Side SCM) of S518 in
order that the cutoff of service may not be minimized in case a Control Module fails.
To secure more stable service, the redundancy of Epon LineCard redundates two Epon
Linecards (or two Epon Ports) so that the cutoff of service may be minimized in case an
Epon LineCard (or two Epon Ports) fails.

Redundancy Mode Setting in Control Module
Redundancy modes are divided into cold-startup mode and hot-start mode.
1. cold-startup mode
This mode synchronizes only startup configuration when system is rebooted, but does not
synchronize running configuration and session information so that minimal redundancy
may be operated.
2. hot-startup mode
This mode supports the redundancy of Starttup configuration and running configuration,
and supports the redundancy of Layer 2 protocol and IP Routing.
In case the redundancy mode is differently set, the equipment should be rebooted.
Instruction Job
configure terminal 1. Global Configuration Mode is set in.
systenm redundancu mode 2. Redundancy mode is set up.

{cold-startup|hot-startup} y{cold-startup | hot-startup} Redundancy Mode
End 3. Privileged mode is restarted.

show system redundancy mode 4. The configuration state of redundancy mode is checked.
Notice: In case the redundancy mode is differently set, the equipment should be rebooted.
The followings are the examples of setting the redundancy of Corecess S5 System.
(config)# system redundancy mode hot-startup
(config)# end
# show system redundancy mode
% system redundancy mode is hot-startup.
Redundancy Configurating 18-3

System Switchover
The followings are how to manually switch Standby Control Module over Active in Corecess S5
System.
Instructions Jobs
system redundancy
switchover 2. This instruction switches Standby Controle Module over new Active.
show system redundancy 3. This instruction checks the state information of redundancy.
The followings are the examples of switching over S5 System and checking results.
localhost (config)# system redundancy switchover
localhost#
% BEGIN CoreCMR SWITCHOVER(ACTIVE => STANDBY)
% END CoreCMR SWITCHOVER(ACTIVE => STANDBY)
localhost (sby) # show system redundancy
My Side Info.
------------------------------------------------------
State ................................... Standby
Version ................................. $Revision: 1.1 $
Other Side Info.

------------------------------------------------------
State ................................... Active
Board ................................... Equipped
localhost (sby)#
Reference: The switchover instruction can be operated only in Active Control Module. Standby Controle
Module cannot be forcibly switchover.

Redundancy Setting on Uplink Port of Control Module
In case the uplink port of Active Control Module fails and so the service cannot run to the
uplink port, Redundancy on the uplink port of Control Module automatically switches Standby
Control Module over new Active Control Module.
The following instructions should be used to set the Redundancy of Uplink Port.
Instructions Jobs
system redundancy 2. New uplink port is redundated.
uplink port
y{fastethernet|gigibitethernet|epon|tengigabitethernet
{fastethernet|gigibitet
hernet|epon|tengigabite } Sorts of uplink port
thernet} WORD y{required|} In case a port is down, it is immediately switched
{required|} over.
show system redundancy
uplink 3. The information of the redundated uplink is checked.
The followings are the examples of setting redundancy to two ports (18/1 and 18/2) of the uplink
port of S5 System.
(config)# system redundancy uplink port gigabitethernet 18/1-2 required

(config)# end
# show system redundancy uplink
Uplink Port Status.
Port Redundancy Local Remote

------------------------------------------------------
17/1 Disable X X
17/2 Disable X X
17/3 Disable X X
17/4 Disable X X
18/1 Enable o o
18/2 Enable o o
18/3 Disable X X

18/4 Disable X X
------------------------------------------------------
The above example means that the uplink port 18/1 and 18/2 were redundated and the prots of
two control modules are upped.
Reference : In case two or more redundancies are set, the required instruction is used to determine which port
to be switched over in case a special port or all uplink ports are downed. The port set to be required is
immediately switched over upon being downed.
Redundated System Booting
In botting redundated system, the whole system can be booted as well as Active control Module
or Standby Control Module can be selectively booted.
1. System Rebooting
The function, which is to reboot Corecess S5 System, is just provided from Active Control
Module. In case the rebooting instruction is executed in Standby Control Module, Standby
Control Module is just rebooted.
Instruction Explanation
reset system y System is rebooted
The followings are the examples of executing system rebooting instructions

localhost# reset system
halt system now
U-Boot 1.1.1 (12:38:22 Mon. 03/07/2006 KST)

SCM20G u-Boot Temporary Version (gorilla@eyecatcher)
IBM PowerPC 440 GP Rev. C

Board: Corecess SCM20G
VCO: 800 MHz
CPU: 400 MHz
PLB: 133 MHz

OPB: 66 MHz
EPB: 66 MHz
I2C: ready
DRAM: 256 MB
FLASH: 512 kB
PCI: Bus Dev VenId DevId Class Int
00 01 14e4 b504 0280 00
00 02 14e4 b504 0280 00
00 03 14e4 b502 0280 00
In: serial
Out: serial
Err: serial
IDE: Bus 0: OK
Device 0: Model: SanDisk SDCFB-128 Firm: HDC 2.13 Ser#: 009623I0304S0310
Type: Removable Hard Disk
2. Control Module Rebooting
This instruction reboots only the related Control Module. In case just Actie Control Module is
rebooted, Standby Control Module is switched over new Active Control Module.
reset control-module y Only the related Control Module is rebooted.
The following is an example of rebooting control module.

local# reset control-module
3. Standby Module Rebooting
This instruction is used to reboot Standby Control Module in Active Control Module. In case
this instruction is used in Standby Control Module, Standby Control Module itself is rebooted.
reset standby y Standby Control Module is rebooted.

The following is an example of rebooting stanby module.

local# reset standby
Image & Configuration File Management Setting
The following instructions are used to manage Upgrade of Standby Module Software (Image
Upgrade) and Configuration Fle.
1. Flash Information Viewing in Standby Module
The following instruction shows the file information of Standby Module in Active Module.
Instruciton Explnation
The file list in the flash of Standby Module is

show standby flash
shown.
The followings are the examples of executing standby flash.

localhost# show standby flash
waiting ...
standby configs:
Configuration flash directory:
----- --------------- ------------------------------------------
1 6962 config-0626
2 1407 config- 0626.cfg
[total 9523 Kbytes, 5328 Kbytes available usages(45%)]
standby images:
----- --------------- ------------------------------------------

1 3893985 ss5-ep4g-osapp-c20070126.img
2 3157479 ss5-base-osapp-REL1.1.1.img (*)
3 4415952 ss5-base-osapp-REL1.1.2.img
2. File management of standby module in active module
The following instructions control the image of standbly module and configuration information
in Active module.
Instruction Job
This instruction copies the configuration information file into

copy flash config <file- standby.
name> standby y <file-name> Name of the configuration
information file to be copied
This instruction copies the software image file of Active module
copy flash image <file-name> into standby.
standby y <file-name> Name of the software image file to
be copied
copy standby factory-default This instruction initializes the configuration information of
startup-config Standby module.
This instruction saves the configuration information of Standby

copy standby flash config module into startup-config file.
<file-name> startup--config y <file-name> Name of the configuration
information file to be saved.
This instruction saves startup-config of Standby module into new

copy standby startup-config configuration information file.
flash config <file-name> y <file-name> Name of the configuration
information file to be saved.
This instruction deletes the configuration information file of
delete standby flash config Standby module.
<file-name> y <file-name> Name of the configuration
information file to be deleted
This instruction deletes the software image file of Standby
delete standby flash image module.
<file-name> y <file-name> Name of the software image file to
be deleted
This instruction applies new software image of Standby module.
update standby flash image
<file-name> y <file-name> Name of the software image file to
be applied
The followings are the examples of execution.

localhost# copy flash image ss5-base-osapp-REL1.1.3.img standby

copying... done.
localhost#
localhost# show standby flash

waiting ...
standby configs:
Configuration flash directory:
----- --------------- ------------------------------------------
1 6962 config-0626
2 1407 config- 0626.cfg
[total 9523 Kbytes, 5328 Kbytes available usages(45%)]
standby images:
----- --------------- ------------------------------------------
1 3893985 ss5-ep4g-osapp-c20070126.img
2 3157479 ss5-base-osapp-REL1.1.1.img (*)
localhost#

Epon LineCard Redundancy Setting
The following instructions are used to manage the redundancy of Epon LineCard.
1. Epon LineCard Redundancy Setting
The following instructions are used to set the redundancy of Epon LineCard.
configure terminal 1. Global configuration mode is set in
2. This instruction activates the redundancy of new Epon LineCard.
redundancy epon-module
y<active slot> Line Card Number to provide the present service
<active slot>
y<standby slot> Line Card number to be used as the
<standby slot>
backup of <active slot>
show redundancy This instruction checks the list of redundated Epon LineCards and those
epon-module state.
※ Active/Standby roles of two Epon LineCards are changed with each
<active slot>
other.
<standby slot> switch

localhost# con t
localhost(config)# redundancy epon-module 1 6
localhost# show redundancy epon-module
Epon Module Redundancy Table

active state standby state
------------------------------------------------------------
1 insert,up 6 insert,up,optic-disable
localhost# con t
localhost(config)# redundancy epon-module 1 6 switch


------------------------------------------------------------
6 insert,up 1 insert,up,optic-disable
localhost# con t
localhost(config)# no redundancy epon-module 6 1

------------------------------------------------------------
localhost#
Epon Port Redundancy Setting
The following are used to manage the redundancy of Epon Port. It is basically identical to the
redundancy of Epon LineCard. The two ports on the same Epon LineCard can be redundated as
well as the redundancy between different Epon LineCards can be possible.
1. Epon Port Redundancy Setting
The following instructions set the redundancy of Epon Port.
2. This instruction activates the redundancy of new Epon Port.
port epon
y<active slot/port> Epon Port number to provide the present
<active slot/port>
service
redundancy
y<standby slot/port> Epon Port number to be used as
<standby slot/port>
the backup of <active slot/port>
show redundancy 3. This instruction checks the list of redundated Epon LineCards and
epon-port those state.

port epon
<active slot/port> ※ Active/Standy roles of two Epon LineCards are changed with each
redundancy other.
<standby slot/port>

localhost# config terminal
localhost(config)# port epon 6/1 redundancy 6/2
localhost# show redundancy epon-port
Epon port Redundancy Table

------------------------------------------------------------
6/1 insert,up 6/2 insert,up,optic-disable
localhost# con t
localhost(config)# port epon 6/1 redundancy 6/2 switch

------------------------------------------------------------
6/2 insert,up 6/1 insert,up,optic-disable
localhost# con t
localhost(config)# no port epon 6/2 redundancy 6/1

------------------------------------------------------------
localhost#

Redundant Configuration Information Outputting

This clause explans how to output redundant information and the information to be outputted
in case the order is executed.
Redundant Configurtion Information Outputting

Instruction Job
show system The state information of redundancy is shown
show system redundancy The state information of redundancy is shown
To output the configuration information of redundancy, show system or show system

redundancy should be executed in Privileged mode. The followings are the examples of
execution.
localhost# show system

System Information
-----------------------------------------------------------------------------
CoreCMR(Control Module Redundancy)
side : B(M1)
local status : active
remote status : standby
mode : hot-startup
Subscriver/Service Interface Board(s)

SIB [ 2] Unequipped
SIB [ 3] Normal
SIB [ 4] Unequipped
SIB [ 5] Unequipped
SIB [ 6] Unequipped
SIB [ 7] Unequipped
SIB [ 8] Unequipped
SIB [ 9] Unequipped
SIB [ 10] Unequipped

SIB [ 18] Normal

SIB [ 19] Normal
FAN [ 1] Normal
FAN [ 2] Normal
FAN [ 3] Normal
FAN [ 4] Normal
FAN [ 5] Normal
FAN [ 6] Normal
FAN [ 7] Normal
FAN [ 8] Normal
Auxiliary Information
-----------------------------------------------------------------------------
Fan (`C(`F)) -
Max/Min Threshold : 33/ 25 ( 91/ 77)
Temperature (`C(`F)) -
Current Temperature : 42 (107 )
Max/Min Threshold : 90/ 80 (194/176)
-----------------------------------------------------------------------------
MIB-II: System Group
Contact: support@corecess.com
Name: Corecess S5
Location: Corecess Inc.
Descr: Switched Router
ObjectID(36): 1,3,6,1,4,1,2971,50,46
localhost#
localhost# show system redundancy
My Side Info.
------------------------------------------------------
State ................................... Active
Version ................................. $Revision: 1.1 $
Other Side Info.

------------------------------------------------------
State ................................... Standby
Board ................................... Equipped

Instructions of Redundancy
The following table shows sorts of the instructions, related with the redundancy supported
from Corecess S5 System, and their functions.
Table 16-2 Sorts and Functions of Redundancy Instructions
Instruction Function
systenm redundancu mode This instruction sets redundancy mode.

This instruction converts Standby Control Module into new
system redundancy switchover
Active.
system redundancy uplink port This instruction activates the redundancy of uplink port.
reset system This instruction reboots system.
reset control-module This instruction reboots just the related Control Module.
reset standby This instruction reboots Standby control module.

This instruction shows the file list of
show standby flash
Standby Module.
This instruction copies the configuration information file of
copy flash config standby
Active module into standby.
This instruction copies the software image file of Active

copy flash image standby
module into standby.
copy standby factory-default This instruction initializes the configuration information of

startup-config Standby module.
copy standby flash config This instruction saves the configuration information of
startup—config Standby module into startup-config.
copy standby startup-config This instruction saves startup-config of Standby module

flash config into new configuration information file.
This instruction deletes the configuration information file of
delete standby flash config
Standby module.
This instruction deletes the software image file of Standby
delete standby flash image
module
This instruction applies new software image of Standby
update standby flash image
module.
show system redundancy This instruction check the state information of redundancy.
show system redundancy mode This instruction checks the setup of redundancy mode.
This instruction checks the state information of redundant
show system redundancy uplink
uplink.

This instruction checks the state information of redundant

show system redundancy uplink
uplink.
This instruction redundates two Epon LineCards
<active slot> <standby slot>
This instruction changes active/standby roles of two Epon
LineCards with each other.
switch
no redundancy epon-module
This instruction unsets the redundancy of Epon LineCard.
This instruction checks the list of redundated Epon
show redundancy epon-module
LineCards and those states.
port epon <active slot/port>
This instruction redundates two Epon Ports.
redundancy <standby slot/port>
port epon <active slot/port>
This instruction changes active/standby roles of two Epon
redundancy <standby slot/port>
Ports with each other.
switch
no port epon
<active slot/port> redundancy This instruction unsets the redundancy of two Epon Ports.
<standby slot/port>
This instruction checks the list of redundated Epon Ports
show redundancy epon-port
and those states.


Chapter 19 M5 SuperPON MUX Platform
This chapter introduces the Corecess M5 SuperPON MUX Platform functions and features and installation.
9 Overview 19-2
9 Examining Hardware 19-9
9 Before Installing 19-25
9 Installation 19-32
Overview
Overview
CORECESS provides a new service called SuperPON, which applies DWDM technologies to the
S5 platform. The M5 SuperPON MUX Platform is a DWDM Mux/DeMux platform that is in
charge of multi and reverse-multi transmissions through ONT and ONU of the Gigabit Ethernet
and GE-PON service through the DWDM channel provided at the S5.

Overview
SuperPON Operation Principles

The operation principle for providing the SuperPON service by combing M5 and S5 is as shown
in the below illustration.
< GW-PON (DWDM GbE) Operation>
< WE-PON (DWDM GE-PON) Operation >
M5 SuperPON MUX Platform 19-3

Overview
M5 Platform Operating Environmental Characteristics
y Operating Temperature ⇒ 0℃ to 50℃ (Default)
y Operating Humidity ⇒ 10~95%@40℃, Non-condensing
SuperPON (S5 & M5) Platform Key Applications
SuperPON maximizes the usefulness of existing fibers in order to ensure maximum subscribers
without additional attachments of fibers.

Overview
A maximum of 512 subscribers can be accommodated using just one pair of fiber.
The above illustration describes the typical application of the SuperPON.

Overview
M5 SuperPON MUX Chassis

The M5 SuperPON MUX Chassis is combined with the S5 system as the basic chassis for the M5
platform that configures the SuperPON service provided by Corecess.
The M5 platform is made so that it can take one type of chassis and depending on the type of
ULO board, the GW-PON and WE-PON can be accommodated simultaneously.
The M5 chassis offers two SLU (Seed light source unit) slots, eight OLU (optical link unit) slots
and two power slots. In addition, it also provides a slot that can attach one fan module. The SLU
can be dual-composed and depending on the situation, each SLU can be composed to be in
charge of four OLUs. The power slot is dual-composed and it is designed so that the system can
be operated with just one power. The Fan module can be removed and hot swap functions are
standard installed.
Product Ordering & Specifications

Product Ordering
Module Specifications
Information
Slots: totally 12 slot, ( 2slot for SLU, 8 slot for OLU, 2 slot for Power)
Size: 6RU, 266mm (H) x 483mm (W) x 240mm (D)
M5 chassis M5-CH Weight: TBD
Power connections: -48V @ 7.25 A, ±10%, redundant feeds
All front access
FAN M5-FAN M5 SuperPON MUX FAN Tray (Include FAN Filter)
M5-
Power supply M5 SuperPON MUX Power, 350W, -48VDC
PPD350
Slot Composition
The Corecess M5 system chassis is composed of two SLU slots and eight OLU slots.
The below modules can be attached to these 10 slots.
Table 19-1 Corecess M5 System Slot Composition
Slot (No.) Module Description
SLU Slot M5 MUX Seed Light Unit,16 Channel (Include Seed Light &
M5-SLU-16CH
(SLU1, 2) Management Processor)

Overview
M5 MUX Seed Light Unit,8 Channel (Include Seed Light &

M5-SLU-8CH
Management Processor)
M5-OLU-WE16CH WEPON 16 Channel (Include AWG Mux/DeMux & Amplifier)
OLU Slot M5-OLU-WE8CH WEPON 8 Channel (Include AWG Mux/DeMux & Amplifier)
(1, 2, 3, 4 M5 MUX Optical Link Unit, WEPON 16 Channel (Include
5, 6, 7, 8) M5-OLU-GW16CH
AWG Mux/DeMux & Amplifier)
M5 MUX Optical Link Unit, WEPON 8 Channel (Include AWG
M5-OLU-GW8CH
Mux/DeMux & Amplifier)
Dual-Power Functions
The Corecess M5 system can be mounted with two power supplies in order to safely supply
power. When the two power supplies are attached, it shares the load across the two power
supplies and distributes power to the system. When problems with a power supply occur, it
supplies all power for the system from the other power supply without causing any interference
in the equipment’s operation.
Hot-swap
The Corecess M5 system offers hot swap functions for attaching or removing all modules
without having to turn off the power.
y SLU modules and OLU modules attached on the slot
y Fan module
y DC module POWER
Convenient Expandability
The Corecess M5 system hardware is designed in a moduler system, making it easy to add or
remove modules depending on the increase/decrease of subscribers.

Hardware description
This chapter introduces the front and back composition of the Corecess M5 system chassis and also
introduce the types and functions of modules that can be attached to the Corecess S5 system.
System Chassis
This chapter introduces the names and functions of each part on the front, back and side exterior
of the Corecess M5 system.
Front
On the front of the Corecess S5 system are a total of 10 slots, two DC power slots, rack bracket,
fan tray and fan filter. SLU modules and OLU modules can be attached to the Corecess M5
system slots and there is also a (back-plane) board that connects the SLU module and OLU
module inside of the system.

Rack Bracket
The rack brackets on the two sides are the area for fixing the Corecess M5 system to the rack
using bolts when attaching Corecess M5 system to the 19 inch rack. Use the bolts provided with
the Corecess M5 system when mounting it to the rack.
Fan Tray
The Fan Tray is located in the cooling fan that adjusts the internal temperature of the Corecess
M5 system. The LED in the Fan tray displays the status of the cooling fan and when it is
operating normally a green light appears, and in the event that operations are stopped by the
user or there is a problem with the fan, a red light turns on.
Slot
In the Corecess M5 system slots, the Seed light source is connected to the two dual SLU (Seed
Light Unit) modules and the S5 that are in charge of the system control functions, or OLU
(Optical Link Unit) modules that Mux/Demux the Gigabit Ethernet or GE-PON Link in 8
channel or 16 channel units can be mounted. The types of Corecess M5 system slots and the
numbers of each slot are as seen below. The slot number is used for configuring the system or
for monitoring through CLI commands.

Table 19-2 Corecess M5 System Slot
Slot Description
SLU Slot Provides the Seed Light Source for the WDM system and mounts the SLU modules that
(SLU1, 2) provide the M5 system management functions.
OLU Slot
Gigabit Ethernet or Gigabit Ethernet PON is mounted to the Mux/Demux OLU modules
(1, 2, 3, 4,
in 8 channel or 16 channel units.
5, 6, 7, 8)
The Corecess M5 system slots support hot-swap functions and when attaching or removing
modules from the slot, you do not have to turn the system power off.
Fan Filter
The fan filter filters out the dusts that flow into the system through the heat-resistance vent.
Depending on the cleanliness level of the location where the system is installed for inspecting
the fan filter, you should replace or clean it.
DC Power Module (M5-PPD350)
This is the module that receives DC-48V power and supplies it to the Corecess M5 system. The
dual power module safely supplies power from one module in the event that one of the power
modules has a problem. In the case that both modules are working, it performs load sharing.
F.G. Terminal
This is the terminal for grounding the system. In order to prevent electric shocks and damages
to the product caused by electric leaks, use the grounding wire and connect the ground terminal
to an external ground.

Back
There is a ground terminal on the back of the Corecess M5 system to prevent damages to the
product.
F.G. Terminal
This is the terminal for grounding the system. In order to prevent electric shocks and damages
to the product caused by electric leaks, use the grounding wire and connect the ground terminal
to an external ground.
Side

Heat Resistant Vent
The heat-resistant vent is used for sending heat created by Corecess M5 system operations and
to bring in cold air from the outside. When the vent is clogged by dust, air cannot ventilate
properly and cause overheating.

System Module
In the 10 slots of the Corecess M5 system, two SLU modules and up to eight OLU modules can
be mounted.
SLU Module
The Corecess M5 system provides the below SLU module types.
Table 19-3 Corecess M5 System SLU Module
Module Name Specification
M5-SLU-16CH M5 MUX Seed Light Unit,16 Channel (Include Seed Light & Management Processor)
M5-SLU-8CH M5 MUX Seed Light Unit,8 Channel (Include Seed Light & Management Processor)
OLU Module
The Corecess M5 system supports the below OLU modules.
Table 19-4 Corecess M5 System OLU Module
Module Name Specs

M5-OLU- M5 MUX Optical Link Unit, WEPON 16 Channel (Include AWG Mux/DeMux &
WE16CH Amplifier)
M5-OLU- M5 MUX Optical Link Unit, WEPON 8 Channel (Include AWG Mux/DeMux &
WE8CH Amplifier)
M5-OLU- M5 MUX Optical Link Unit, Gigabit WDM (GW) PON 16 Channel,(Include AWG
GW16CH Mux/DeMux)
M5-OLU- M5 MUX Optical Link Unit, Gigabit WDM (GW) PON 8 Channel,(Include AWG
GW8CH Mux/DeMux)
This part introduce in detail the functions of each module and the front panel composition.

M5-SLU-16CH
The M5-SLU-16CH provides DWDM Seed light Source to the system and performs system
management. The seed light source provides C-Band broadband light source. It provides
console port and Ethernet port for management.
The functions of each part of the front panel of the M5-SLU-16CH are as seen below.
M5-SLU-8CH
The M5-SLU-8CH provides DWDM Seed light Source to the system and performs system
management. The seed light source provides C-Band broadband light source. It provides
console port and Ethernet ports for management.
The functions of each part of the front panel of the M5-SLU-8CH are as seen below.

System Status LED (Run, Master)
The system status LED displays the Corecess M5 system and SLU module status.
Table 19-5 M5-SLU-16CH and M5-SLU-16CH module system status LED
LED Color Status Status
On Initializing system.
Run Green Blink System initialized and processor is working normally.
Off Power is not properly supplied to the system.
On Module is operating in master mode.

ACT Green
Off Module is operating in slave mode.
Seed Light port
This is the optical connector for supplying BLS (Broadband Light Source) to each OLU.
Reset Switch
The reset switch is used for rebooting the Corecess M5 system. When the reset switch is pressed,
all configuration data that were not saved are deleted and connection with the equipment for
each port is disconnected. Use an object with a sharp edge (i.e. ball point pen) to press the reset
switch.
Console Port
The console port is the port for connecting to the console terminal that can perform the Corecess
M5 system local management operations. To connect the console port to a console terminal, use
the included console cable. PCs, workstations or VT-100 terminals that have terminal emulator
programs can be used as console terminals.

The Ethernet management port is the port for connecting the system that manages the Corecess
M5 system to the local network from a remote location via NMS or Telnet. The Ethernet
management port is the 10/100Base-TX port and is automatically set to 10/100Mbps speed and
full-dual/half-dual mode depending on the counterparts speed and activation mode. The cables
used for connecting the Ethernet management port are the twisted pair category-3, 4 and 5
cables, which is the RJ-45 connector.
The status LED functions at the Ethernet management port are as seen below.
Table 19-6 M5-SLU-16CH and M5-SLU-8CH module Ethernet Management Port LED functions
LED Color Status Description
On Port is operating and is connected with other equipment.

Link/
Green Blink Data is being transmitted through the port.
Act
Off Port is not operating or it is not connected to the equipment.
On Port is operating at a speed of 100Mbps.

10/100 Yellow
Off Port is operating at a speed of 10Mbps.

M5-OLU-WE16CH
The M5-OLU-WE16CH is a Mux/Demux model for WE-PON and receives BLS source from the
SLU and provides seed light to each OLT Port. In addition, it is a module the DWDM
Mux/Demux 16 channel E-PON link to transmit to ONT or ONU.
The M5-OLU-WE16CH module’s front panel composition part functions are as seen below.
M5-OLU-WE8CH
The M5-OLU-WE8CH is Mux/Demux module for WE-PON and it receives a BLS source from
the SLU to provide seed light to each OLT Port. In addition, , it is a module the DWDM
Mux/Demux 8 channel E-PON link to transmit to ONT or ONU.
The functions of each part that compose the front panel of the M5-OLU-WE8CH module are as
shown below.

LED
The Run LED displays the M5-OLU-WE16CH and M5-OLU-WE8CH module status.
Table 19-7 M5-OLU-WE16CH and M5-OLU-WE8CH module Run LED functions
LED Color Status Status
On Power is being supplied normally to the module.

PWR Green
Off Power is not being supplied normally to the module.
On Model is being initialized.

CON Green
Blink Module initialization is complete and it is operating normally.
SOA On The SOA temperature has exceeded its standard temperature.

Red
Temp
Off The SOA temperature is in its normal range.
EDFA On EDFA output is not normal.

Red
Low
Off EDFA output is normal.
Down-1 Port
This port connects with MPO part of the M5-MPO-8SA Cable (cable with MPO connector to 8
SC/APC connector). And this port connects the OLT GE-PON 8 port’s downward signal to the
M5-OLU-WE16CH or M5-OLU-WE8CH. In other words, it uses the Down-1 port for the 8 port
GE-PON downward signal to be entered in the OLU board.
Down-2 Port
SC/APC connector). And this port connects the OLT GE-PON 8 port’s downward signal to the
M5-OLU-WE16CH (It does not exist in the M5-OLU-WE8CH). In other words, it uses the Down-
2 port for the 8 port GE-PON downward signal to be entered in the OLU board.
Up-1 Port
SC/APC connector). And this port connects the GE-PON 8 port’s upward signal from the M5-
OLU-WE16CH or M5-OLU-WE8CH to S5 OLT board. In other words, it uses the Up-1 port for
the 8 port GE-PON upward signal to be entered in the S5 OLT board.

Up-2 Port
SC/APC connector). And this port connects the GE-PON 8 port’s upward signal from the M5-
OLU-WE16CH to S5 OLT board. In other words, it uses the Up-2 port for the 8 port GE-PON
upward signal to be entered in the S5 OLT board.
Seed light Port
This is an SC/APC connector and is the input port that receives the seed light source entered by
the SLU. This received Seed light source is separated and uses 16 channel or 8 channel DWDM
light source.
Down Port
This is an SC/APC connector and it is used for DWDM muxing 16 channel or 8 channel GE-
PON downward signals to transmit to the ONTs/ONUs. It is connected to the RN of the
ONUs/ONTs.
Up Port
This is an SC/APC connector and is the port where the GE-PON upward data from each ONTs
or ONUs are entered to the M5-OLU. 16 channel or 8 channel DWDM data is entered.

M5-OLU-GW16CH
The M5-OLU-GW16CH is a GW-PON Mux/Demux module and provides seed light to each
OLT port. In addition, it DWDM Mux/Demux 16 channel Gigabit Ethernet links and transmits
it to the ONT or ONU.
The function of each part that composes the front panel of the M5-OLU-GW16CH module is as
seen below.
M5-OLU-GW8CH
The M5-OLU-GW8CH is a GW-PON Mux/Demux module and receives BLS source from each
SLU and provides seed light to each OLT port. In addition, it DWDM Mux/Demux 8 channel
Gigabit Ethernet links and transmits it to the ONT or ONU.
The function of each part that composes the front panel of the M5-OLU-GW8CH module is as
seen below.
The M5-OLU-GW16CH and M5-OLU-GW8CH is only composed of manual devices and it does
not sense power nor does it display it on the LED.

Down-1 Port
SC/APC connector). And this port connects the OLT Gigabit Ethernet 8 port’s downward signal
to the M5-OLU-GW16CH or M5-OLU-GW8CH. In other words, it uses the Down-1 port for the
8 port Gigabit Ethernet downward signal to be entered in the OLU board.
Down-2 Port
SC/APC connector). And this port connects the OLT Gigabit Ethernet 8 port’s downward signal
to the M5-OLU-GW16CH (It does not exist in the M5-OLU-GW8CH). In other words, it uses the
Down-2 port for the 8 port Gigabit Ethernet downward signal to be entered in the OLU board.
Up-1 Port
SC/APC connector). And this port connects the Gigabit Ethernet 8 port’s upward signal from
the M5-OLU-GW16CH or M5-OLU-GW8CH to S5 OLT board. In other words, it uses the Up-1
port for the 8 port Gigabit Ethernet upward signal to be entered in the S5 OLT board.
Up-2 Port
SC/APC connector). And this port connects the Gigabit Ethernet 8 port’s upward signal from
the M5-OLU-GW16CH to S5 OLT board. In other words, it uses the Up-2 port for the 8 port
Gigabit Ethernet upward signal to be entered in the S5 OLT board.
Seed light Port
This is an SC/APC connector and is the input port that receives the seed light source entered by
the SLU. This received Seed light source is separated and uses 16 channel or 8 channel DWDM
light source.
Optical Link Port
This is an SC/APC connector where the 16 channel or 8 channel Gigabit Ethernet upwards two-
directional signals are DWDM muxed for transmitting between the ONTs/ONUs and OLU
board. It is connected to the RN of the ONUs/ONTs.

Before Installing
Before Installing
This chapter explains precautions for installation and uses as well as the installation
environment that should be well understood prior to installing the Corecess M5 system.
Precautions
Warning: This chapter explains th precautions that the user must be familiar with in order to prevent physical
injuries when installing and using the Corecess M5 system. Therefore, please read and become familiar with this
chapter before installing or using the Corecess M5 system.
General Precautions
y Make sure that the area where the product is installed is clean and free from dust during and after
installation.
y When the product cover is opened, place the cover in a safe location.
y Do not leave tools or cables in the aisles in order to prevent physical injuries.
y When installing the product, loose-fitting clothes, neckties, scarf and sleeves may be caught in the
product. Therefore, do not wear loose-fitting clothes, take care of your necktie or scarf and fold your
sleeves.
y Take precautions not to injure the people or damage the equipment.
y When the product cover must be opened in order to expand the product performance or when having to
operate on the equipment while the cover is opened, always contact the place of purchase and receive
assistance from an expert.
Precautions related to Power
y Make sure there is no overload on the wiring when connecting the product power.
y When connecting the product power, take off accessories such as rings, necklaces and watches. If
these come in contact with the power or ground, it may burn up the parts.
y Always check if danger may occur in the place of operation. Make sure that you check for wet floors,
power extension cables that are not grounded, power cords that are worn out and whether the floor has
safety grounding facilities.

Before Installing
DC Power
y The DC power supplier should be connected to an outside DC power supply or rectifier that satisfies the
SELV (Safety Extra-Low Voltage) conditions as per UL 1950, CSA 950, EN 60950 and IEC 60950.
y Connect DC stationary wiring to a bipolar (-48VDC, GND) breaker that can be immediately used when
emergencies such as fires occur.
y Before installing or removing a DC power supply, always check if power has been cut off to the DC
circuits. For the sake of safety, turn the DC circuit breaker switch OFF and tape it so that it will not be
accidentally turned ON.
y The DC power cable finishing device must fit the wiring size and the insulator and conductor must be
able to be tightened.
y Make sure that there are no exposed areas of the DC power cable that is connected to the DC terminal
block caused by wear and tear. There is a dangerous amount of electricity flowing in the exposed parts
of the cable and take special precaution not to touch it.
Reserve Power
Connect the two power supplies to different input powers. Doing this will allow you to
continue to operate the equipment even when one power supply malfunctions.

Before Installing
Precautions related to Static Electricity

Static electricity can cause heavy damages to the machine or circuit. It may cause the product to
temporarily malfunction or make it not usable at all. Thus, when touching the circuits, follow
the below steps to prevent static electricity.
y Wear a static electricity-prevention strap and on one side of the strap connect an iron element that is not
coated such as a static discharge jack or a bolt included with the product.
y When you do not have a static electricity-prevention strap, hold a metal part of the product to ground the
user.
y Never touch the card parts or connector pins and when touching the board, use the board’s corners or
front panel.
y Do not let the card and clothing touch. Static electricity-prevention straps protect the board only against
static electricity and the static electricity occurring from clothing may cause damages to the product.
y For the sake of safety, regularly check if the static electricity-prevention strap’s resistance is between 1 ~
10Mohms.
Precautions for Installation and Services
y When installing the product turn the power switch off (0) and remove all cables connected to the cables
and ports.
y When connecting the product power, take off accessories such as rings, necklaces and watches. If
these come in contact with the power or ground, it may burn up the parts.
y Do not touch back-plane board with your hands or metal tools.
y Never work alone in places where there is potential danger.
y Avoid doing anything that can potentially cause injuries or make the equipment unstable.

Before Installing
Power Off
When blocking power to the product, pay attention to the below points.
y Before operating machine prepare an emergency stop switch.
y When working with parts that cannot be immediately replaced or when working near the back-plane
board, always turn the power off and disconnect the power to the circuit. When there is no ON/OFF
switch on the product, remove the power cord before working on it.
y In order to completely remove power supplied to the product, remove all power connections for all power
supply devices.
y Do not touch the power supply when the power cable is connected. When the cable is connected even
when the power switch is turned off, there will still be a line voltage in the power supply.
Ground
y Ground the system.
Laser
Pay attention to the below when purchasing a product with optical ports.
y Never look into the system’s optical port. If there is no optical cable connected, a strong light is
discharged from the port and can cause eye injuries.
y When a certain optical port of the system in operation is not used for prolonged period of times, always
cover the port and keep it closed or connect it to the optical cable.
Electromagnetic Interference (EMI)
When wired at a certain distance from the electromagnetic field, EMI (electromagnetic
interference) between the electromagnetic field and signals can occur. Therefore, please pay
attention to the below.
y Wrongful wiring can cause RFI (radio frequency interference).
y In particular, EMI from radio transmitters can destroy the system’s signal device and conduct electricity
through the wire and system to cause an electrical accident.
y If there are high EMI at the installation area, consult with an RFI expert to solve it.

Before Installing
Blank Slot
When using without mounting board in the slot, always mount a blank bracket in order to
prevent the below situations.
y Prevent exposure of voltage and electricity inside the system.
y Block off EMI that can disturb other equipment.
y Direct distribution of cooling currents via system
Precautions related to Installation

Pay attention to the below points when installing the 19 inch racks.
y It is recommended to use an open rack that is opened on both sides, top and bottom. When having to
install the product on a closed rack, make sure it is well ventilated.
y When using closed rack, make sure there is an appropriate ventilation device on the rack. It must have
air intakes on the side and a fan must be attached to supply cool air.
y For closed racks with vent fans on top, the heat from the system on the bottom can rise up and go into
the system. Please be aware of this.
y Adjust the position so that the equipment or cable installed on the rack does not interfere with the power
supply or cooling fan’s air flow.
y Firmly fix bolt to the ground to safely mount the product.
y When equipment is heavy, mount on the lower part of the rack.
y When other equipment is mounted on the rack, select the position to mount on the rack by taking into
consideration the size of the product.
Precautions when transporting the product

When taking product out of the box and transporting or changing the installation location,
please be aware of the following when lifting the product.
y Turn power off when moving the product and remove all cables connected to the ports.
y For workers moving the product, plant your legs firmly on the floor and make sure that the product’s
weight is evenly distributed to your two legs.
y With your back straight, slowly lift the product. You can injure your back if you bend it while lifting the
product. Therefore, lift it by bending your knees.

Before Installing
y The board attached to the product or the handles on the power supply are not designed to withstand the
weight of the product, so do not use the handles to lift the product.
y The below number of workers are needed depending on the product weight, so work together or use a
hoist.
Table 19-8 Required manpower according to product weight
Product weight Needed Manpwer
18Kg or less 1
18~32Kg 2
32~55Kg 3
55Kg or higher Use hoist
Precautions when disposing product

When disposing the product, comply with the government and local regulations to throw away
the system main frame, power supply and other various parts.

Before Installing
Installation Location
Installation Location Environment
The installation location must have the below conditions for the safe installation and use of the
Corecess M5 system.
y When installing or after installing the system, make sure there is no dust and is clean.
y Install the system in a cool area that is not in direct sunlight. Also, keep it away from areas where people
frequently pass by to avoid injuries.
y Location must always have a constant temperature and humidity as shown below.
Table 19-9 System Use Environment
Section Range
Operation Temp. 0 ~ 50℃
Storage Temp. -40 ~ 80℃
Operation Humidity 10 ~ 95% (40℃, non-freezing)
Power Supply
Table 19-10 System Power Specs
Section DC Power (M505)
Input Voltage -48VDC
Input Voltage Range -36 ~ -72VDC
Frequency -
y Make sure that the power supplied to the installation location is clean. Use power adjusting device when
power that has a lot of sparks or noise is supplied.
y Have a power outlet near the system to make it easy to connect to the power cables.
y Take care when connecting power supply device so that there is no overload on the wiring.

Installation
Installation
This chapter deals with the methods for installing the Corecess M5 system on the rack and how to mount
the SLU module and OLU module on the system slot. In addition, it also describes ways to connect cables
to each network port.
Installation Process
Caution: Before installing the Corecess M5 system
y In order to avoid problems while operating the system, install the switch at an installation location that satisfies
the conditions defined in ‘Chapter 3 / Before Installing’
y Turn power switch OFF (O) and remove all cables connected to the power cables and ports.
The following is the order for installing the Corecess M5 system. How to execute each process is
explained in the next section.
Installing on 19 inch rack

1
Before mounting the Corecess M5 system on a 19 inch rack, check that you have enough space.
Installing module
2 Attach SLU module and OLU module on the Corecess M5
system rack.
Connecting to network equipment
3 Connect SLU module and OLU module connector of the Corecess M5 system with the S5
system.
Connecting system management equipment
4 Connect each console terminal and Ethernet LAN to

the console port and Ethernet management port for the purpose of managing the Corecess M5
system.
Connecting Power
5
After installing Corecess M5 system, connect to nearby power.
Running the system
6 Turn the Corecess M5 system power on and confirm if
it is operating properly.

Installation
Installing on Rack
The Corecess M5 system is designed to be mounted on any type of standard 19 inch rack. This
section explains how to install the Corecess M5 system on a 19” rack.
Caution: Before mounting the Corecess M5 system on a 19” rack, read the precautions for rack installation on
Chatper 3: Before Installing.
Installing on Rack
When mounting the Corecess M5 system on a 19” rack, the below tools are needed.
y Cross-tip screwdriver
y Static electricity-prevention strap
y Four bind head bolts provided with the product
Cautions: For details on the static electricity-prevention strap, see “Chapter 3 / Before Installing – Precautions for
static electricity”
When tools are prepared to mount the Corecess M5 system on a 19” rack as below.
1. Place the Corecess M5 system on top of the closest possible rack and on a floor with
sufficient work space or a sturdy table. Check for all required tools.
2. Lift the Corecess M5 system to where it will be installed on the 19” rack.
3. Fit the Corecess M5 system rack bracket on the 19” rack holes and fix it by tightening the
four bind head bolts.
Caution: When installing the Corecess M5 syste on the rack, please pay attention to the below points in order to
prevent dangers caused by the rack.
y When the rack is empty, mount the Coecess M5 system on the lower part of the rack.
y In order to make the center of the rack’s weight go towards the bottom, attach the heavier equipment on the
bottom parts.

Installation
Mounting the Module

The Corecess M5 system has 10 slots and each slot can be attached to the types of modules as
seen below.
Table 19-11 Types of modules that can be attached to each system slot
Slot (No) Module Description
M5 MUX Seed Light Unit,16 Channel (Include Seed Light &

M5-SLU-16CH
SLU Slot Management Processor)
(SLU1, 2) M5 MUX Seed Light Unit,8 Channel (Include Seed Light &
M5-SLU-8CH
Management Processor)
WEPON 16 Channel (Include AWG Mux/DeMux &
M5-OLU-WE16CH
Amplifier)
WEPON 8 Channel (Include AWG Mux/DeMux &
OLU Slot M5-OLU-WE8CH
Amplifier)
(1, 2, 3, 4
5, 6, 7, 8) M5 MUX Optical Link Unit, WEPON 16 Channel (Include
M5-OLU-GW16CH
AWG Mux/DeMux & Amplifier)
M5 MUX Optical Link Unit, WEPON 8 Channel
M5-OLU-GW8CH
(Include AWG Mux/DeMux & Amplifier)
This section explains how to attach modules to the Corecess M5 system slots.

Installation
Attaching modules to slot
Methods for attaching both the SLU and OLU modules to the Corecess M5 system are the same.
See the below descriptions to attach modules to the Corecess M5 system slots.
1. Select slot to attach module depending on the module type.
2. When modules are already attached to slot, remove all cables connected to the module and
remove the bolts on the sides of the attached modules. Fold the ejectors on the sides of the
module away from the system and carefully remove ejector by pulling from module.
Caution: Place modules ejected from the slot where there is no static electricity or store it in a static electricy-
prevention envelope.
3. When attaching modules to empty slots, remove the bolts on the sides of the blank bracket
using a screwdriver and remove the blank bracket.
Caution: When mounting OLU module on the system, it is easiest for the sake of system operation and
management to remove sequentially starting from OLU slot 1.
4. After opening box and taking out the new module to be attached, carefully examine the
exterior of the module to make sure there are no damaged parts.
5. Fit the modules according to the guardrails on both sides of the slot and carefully push in
the module until it is attached to the back-plane connector. Press the ejectors on the sides of
the module to tighten the module.
6. Use a cross-tipped screwdriver to tighten the bolts on the sides of the module.
7. When the Run LED on the module turns green and blinks, it is properly attached. Connect
cables to the module port and when needed, use CLI commands to configure the attached
module ports.
Note: The Corecess M5 system offers hot-swap functions and therefore, the power does not have to be turned off
when attaching modules.

Installation
Connecting to S5 and WDM system

This section describes how to connect the SLU and OLU modules of the Corecess M5 system to
the S5 OLT and ONTs/ONUs.
The types of cables used for connecting the ports are described in Attachment B: Connector and
Cable Specs.
Caution: In the event that the distance between the equipment connected to cables are farther than the max
distance presented in this manual, there is a risk of losing transmitted data.

Installation
Connecting with SLU and OLU (Seed Light supply)
This is the module for supplying the SLU and WDM seed light source to the system. This seed
light is entered to each OLU and distinguished based on the WDM wavelength to be used per
link. The SLU is dualized and the seed from the dual SLU is made single through the coupler
and passes by the 1:8 splitter to be entered to each OLU. The coupler and splitter position the
excess cable in the FDF. SLU and OLU Seed light source connectors are connected using the
SC/APC cable.
Connecting Optical Module to S5
The S5 LIM is categorized into two types.. One is the LIM-EP4G-GR+ that provides GE-PON
OLT 4 ports and the other is LIM-D4GF that provide the Gigabit Ethernet 4 port. When a
Gigabit Ethernet Optic Transceiver on the LIM-D4GF module is attached it performs Gigabit
Ethernet Service, or when GW-PON optical modules are attached, it is activated with the Giga
WDM-PON (GW-PON) OLT. Likewise, when GE-PON optical modules are attached to the LIM-
EP4G-GR+, it activates via GE-PON OLT and when a WE-PON optical module is attached, it
activates through the WDM E-PON (WE-PON) OLT.

Installation
Connecting M5-OLU and S5
The M5-OLU and S5 OLT is connected via M5-MPO-8SA cable. One side of the M5-MPO-8SA
cable is an MPO type connector as seen in the below illustration, while the other side is compose
of eight SC/APC.
The S5 OLT port is put in a group of eight and conformed to the M5-OLU for DWDM mux and
Demux. The optical modules used by the S5 OLT provide two SC/APC connectors: the red
cable is the down (TX) port and the yellow cable is the UP (RX) port.

Installation
The MPO connector’s Down-1, Down-2, Up-1 and Up-2 ports are attached and the eight
SC/APC connectors are connected to the S5’s corresponding port optical transceiver’s Down
(TX) and Up (RX) port. The Down-1 port and Up-1 port are activated in pairs. Therefore, it must
be connected to the Up-1 port in the same order that the Down-1 port and S5 port are connected.
Furthermore, it must also be connected to the Up-2 port in the same connection order as that of
the S5 OLT port to the Down-2 port. The below illustration is an example of the connection.
Down Up
1 2 3 4 5 6 7
1 2 3 4 5 6 7 8
8
RX TX

Installation
Connecting the M5-OLU’s Down, Up and Optical Link port
The M5-OLU Mux/Demux the 8 channel or 16 channel GW-PON and/or WE-PON signals and
transmits to the ONUs/ONTs via two optical cables. The M5-OLU-WE16CH and M5-OLU-
WE8CH are WE-PON OLU that transmits WDM signals to the ONUs/ONTs via the Down port
and receives the signals through the Up port. The M5-OLU-GW16CH and M5-OLU-GW8CH are
GW-PON OLU, which is used by the Optical Link port to send and receive via one optical cable.
The below picture is an example of the connection.
Splitter
ONT
RN
10Km
Down Up
1 2 3 4 5 6 7
1 2 3 4 5 6 7 8
8
RX TX

Installation
Connecting System Management Equipment
The Corecess M5 system supports two types of system management methods as shown below.
Local Management (Console)

The Corecess M5 system directly connects console ports in the SLU module to the console
terminal in order to allow CLI commands for the equipment through the terminal emulator. The
console terminal can use the PC or VT-100 terminal.
Remote Management (Ethernet)

When the Ethernet management ports in the Corecess M5 system’s SLU module are connected
to the Ethernet LAN, the equipment is managed by the PC that has installed Viewlinx, which is
the NMS of Corecess, or can use CLI commands of the equipment remotely via Telnet sessions.
In order to use this method, the Corecess M5 system management IP address and subnet mask
must be designated.
Connecting Console Port
Using the console cable provided with the product, the console port in the Corecess M5 system’s
SLU module and the serial port of the PC or VT-100 terminal to be used as the console terminal
is connected.

Installation
Connecting Ethernet Management Port
Each connector prepares the twisted pair cable, which is the RJ-45, to connect the Ethernet
management port located in the Corecess M5 system’s SLU module to the local network
(Ethernet LAN).
Note: Because the M5-SLU-16CH,8CH Ethernet management port supports automatic MDIX functions, crossover
cables or straight-through cables can be used regardless of the type of equipment.

Installation
Connecting Power
Connecting DC power to Corecess M5
There are two power modules for the Corecess M5. In order to use the dual power functions, the
two power modules must supply different power.
When looking from the front, the power on the left is called Power module A and the power on
the right is called Power Module B.
Caution: Before connecting power to the Corecess M5

y Confirm that power is appropriate according to Chapter 3: Before Installing – Precautions for Power.
y Make sure that the external power supply’s power switch is turned off (0).
1. For the sake of safety, a clear plastic cover is placed on the terminal block at time of
shipment. Remove the cover and connect the power.
2. Connect the DC power cable to Power module A. First, remove the bolt on the terminal
block and fit a round loop for the power cable and tighten the bolt. Pay attention to the
power polarity (+,-) as shown in the illustration below and connect the cable.
-48V (-)
0V(GND, +)
F.G
3. Connect the DC power cable connected to Power module A with outside power supplies or
rectifiers.

Installation
4. Connect the DC power cable to terminal block B. First, remove the bolt on the terminal
block and fit a round loop for the power cable and tighten the bolt. Pay attention to the
power polarity (+,-) as shown in the illustration below and connect the cable.
-48V (-)
0V(GND, +)
F.G
5. Connect the DC power cable connected to terminal block B to outside power supplies or
rectifiers. In order for dual power, at step 3, connect it to a different power supply from
that of the external power supply.

Installation
Running the System

After completing installation, run the Corecess M5 system as seen below.
1. Before running the system, check the below points.
y Confirm that modules are properly fitted into each system slot.
y Confirm that cables are properly connected to each system port.
y Confirm that the power cables are properly connected.
2. Turn on the console terminal power and execute the installed terminal emulator program.
3. Supply power to the Corecess M5 system. Turn the power module switch towards ON to
turn on the power.

Appendix A Product Specifications
Appendix A describes the specifications of the Corecess S5 System.
9 Hardware Specifications A-2
9 Software Specifications A-4
9 Optical Splitter Specifications A-7

Hardware Specifications
Table A-1 Corecess S5 System hardware specifications
Switching Fabric
y Switching throughput : 40Gbps full-duplex (SCM-20G)
48Gbps full-duplex (SCM-B24G)
144Gbps full-duplex (SCM-B72G)
y MAC address : Maximum 16K (Layer 2)
y Unicast route : Maximum 8K (Layer 3)
y Multicast route : Maximum 4K (Multicast routing)
Memory
y Main memory : 256MB (DDR SDRAM)

Hardware y Boot ROM : 512KB (EEPROM)
y Flash memory : 128MB
System Dimension and Weight

y Size : 440 x 133 x 255.2mm (W x H x D)
y Weight : S505 :14.3Kg
S506 : 20.5Kg
S518 : TBD
y Size : S505 - 133mm (H) x 483mm (W) x 240mm (D)
S506 - 176mm (H) x 483mm(W) x 240mm (D)
S518 - 533mm (H) x 483mm (W) x 240mm (D)
SCM Module
y SCM-20G : Four Gigabit Ethernet Uplink Port (RJ-45 or SFP)
One Console Port (RJ-45)
One Ethernet Management Port (RJ-45)
y SCM-B24G : Four Gigabit Ethernet Uplink Port (SFP)
Four Gigabit Ethernet Uplink Port(RJ45, Optional)
Module y SCM-B72G : Four Gigabit Ethernet Uplink Port (SFP)
Configuration Four Gigabit Ethernet Uplink Port(RJ45, Optional)
Two 10G Ethernet Uplink Port (XFP, Optional)
LIM Module
y LIM-EP4G-GR: 4 Gigabit Ethernet PON Port
y LIM-D4(8,16)GF: 4(8,16) Gigabit Ethernet Port
y LIM-D8(16)GT: 8(16) Gigabit Ethernet Port
y LIM-GW16GF: 1 Core Fiber Optical Link, 2 Seed Linght Ports(1 Redundancy Port)
Power DC Power Supply (Default specification)
A-2 Corecess S5 System User's Guide

y Input Voltage : -48VDC

y Input Voltage Range : -42.5V ~ -56.5V
AC Power Supply (External )
y Frequency : 50/60Hz
y Input Voltage : 100 ~ 240VAC
y Input Voltage Range : 88 ~ 264VAC
Power Redundancy
y Two power supply installation available
Temperature
y Operating Range : Commercial Version : 0℃ ~ 50℃

Extended Commercial Version : - 20℃ ~ 60℃
Operational Hardened version : - 40℃ ~ 65℃
Environment y Storage Range : -40 ~ 80°C
Humidity
y Operating Range : 10 ~ 95% (40°C, non-condensing)

y Storage Range : 10 ~ 95% (65°C, non-condensing)
Rack Installation Kit
y Four binder-head screws
Cables
Packages y Console Cable (RJ-45 – DB-9)
y DC Power Cable (5m)
Manual
y User Reference Manual
Product Specifications A-3

Software Specifications
Table A-2 Corecess S5 System software specifications
VLAN Function
y Support Port based VLAN, IEEE 802.1q tagged VLAN and overlap VLAN (Maximum
4,096)
y Support Spanning Tree and Multicast per VLAN
Link aggregation Function
y IEEE 802.3ad Link aggregation

y Support the maximum 16 of aggregation Groups
Routing Function
y Static
y RIP
y OSPF
y IS-IS
y BGP4
y VRRP
Multicasting Function
y IGMP v2.0
y IGMP snooping
y PIM-SM/DM
Function
y DVMRP
QoS Function
y Multi field packet classification

y Rate-Limiting : Support the maximum 2,048 of flow (Minimum 6Kbps)
y DiffServ: Support the maximum 2,048 of flow
y 802.1p CoS Marking, Reclassification
y TOS Marking, Reclassification
y DSCP Marking, Reclassification
y Scheduling: SP (Strict Priority), WFQ (Weighted Fair Queuing)
Security Function
y Access List
y MAC Filtering
y DHCP Filtering
y NetBIOS Filtering
Internet Access Function
y DHCP (Dynamic Host Control Protocol)

y DHCP Server and Relay
y NTP (Network Time Protocol)

(Continued)
Management Function
y Console
- Local : RJ-45 Console Port (Out-band)
- Remote : Telnet and Web based Console (In-band)
y CLI (In-band, Out-band)
y NMS (ViewlinX Manager/EMS)
y Port mirroring
Function
y SNMP v1/v2c
y RMON
- Group 1 (Statistics), Group 2 (History), Group 3 (Alarm), Group 9 (Events)
- Extended RMON
y System log file (configuration log)
y Remote software upgrade (FTP/TFTP)
y System fan status monitoring and control
y RFC 768 UDP
y RFC 791 IP
y RFC 792 ICMP
y RFC 826 ARP
y RFC 768 UDP
y RFC 783 TFTPv2
y RFC 793 TCP
y RFC 826 ARP
y RFC 854 Telnet
y RFC 927 TACACS+
y RFC 951 BOOTP
y RFC 1058 RIP v1
y RFC 1075 DVMRP
y RFC 1112 Host Extensions for IP Multicasting
y RFC 1157 SNMPv1
y RFC 1165 NTP
y RFC 1195 IS-IS
IETF Standard
y RFC 1245 OSPF Protocol Analysis
y RFC 1246 Experience with the OSPF Protocol
y RFC 1256 ICMP Router Discover Message
y RFC 1265 BGP Protocol Analysis
y RFC 1266 Experience with the BGP Protocol
y RFC 1349 Type of Service in the Internet Protocol Suite
y RFC 1403 BGP OSPF Interaction
y RFC 1519 CIDR: an Address Assignment and Aggregation Strategy
y RFC 1541 DHCP(Dynamic Host Configuration Protocol)
y RFC 1542 Clarifications and Extensions for the Bootstrap Protocol
y RFC 1583 OSPF v2
y RFC 1587 OSPF NSSA Option
y RFC 1656 BGP v4
y RFC 1657 Definitions of Managed Objects for BGP-4 using SMIv2
y RFC 1723 RIP v2
y RFC 1745 BGP-4/IDRP for IP and OSPF Interaction
y RFC 1765 OSPF Database Overflow

(Continued)
y RFC 1771 BGP-4
y RFC 1772 Application of BGP in the Internet
y RFC 1773 Experience with the BGP-4 Protocol
y RFC 1774 BGP-4 Protocol Analysis
y RFC 2453 RIPv2
y RFC 2519 A Framework for Inter-Domain Route Aggregation
y RFC 2573 SNMP Applications
y RFC 2796 BGP Route Reflection Alternative to full mesh IBGP
y RFC 2842 Capabilities Advertisement with BGP-4
y RFC 2858 Multi-protocol Extensions for BGP-4
y RFC 2865 Remote Authentication Dial In User Service (RADIUS)
y RFC 2866 RADIUS Accounting
y RFC 2918 Route Refresh Capability for BGP-4
y RFC 3046 DHCP Relay agent
y RFC 3065 Autonomous System Confederations for BGP
y RFC 3137 OSPF Stub Router Advertisement
IETF Standard y RFC 3195 Syslog
y RFC 1793 Extending OSPF to Support Demand Circuits
y RFC 1812 Router Requirements
y RFC 1901 SNMP v2
y RFC 1966 BGP Route Reflection Alternative to full mesh IBGP
y RFC 1997 BGP Communities Attribute
y RFC 1998 BGP Community Attribute in Multi-home Routing
y RFC 2082 RIP-2 MD5 Authentication
y RFC 2131 DHCP
y RFC 2178 OSPF
y RFC 2236 Internet Group Management Protocol, Version 2
y RFC 2328 OSPFv2
y RFC 2338 VRRP
y RFC 2362 PIM-SM
y RFC 2370 OSPF Opaque LSA Option
y RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option
y RFC 2439 BGP Flap Damping
y CORECESS-BASIC-MIB
y CORECESS-SMI
y CORECESS S5 MIB
y RFC 1213 MIB-II
y RFC 1253 OSPF-MIB
y RFC 1354 IP Forwarding MIB
y RFC 1493 BRIDGE-MIB
y RFC 1657 BGP4-MIB
MIB y RFC 1724 RIP v2 MIB
y RFC 1850 OSPF2 MIB
y RFC 1757 RMON-MIB
y RFC 1907 SNMPv2-MIB
y RFC 2011 IP-MIB
y RFC 2012 UDP-MIB
y RFC 2096 IP-FORWARD-MIB
y RFC 2233 IF-MIB
y RFC 2328 OSPF-MIB

Optical Splitter Specifications
Table A-3 Corecess 4500 Optical Splitter Specification
Number of
32
Branched
y Average : 17.0 dB
y Maximum : 18.0 dB
Insertion Loss
y Uniformity : ≤ 1.9 dB
y PDL : ≤ 0.3 dB
Optical Return Loss > 55dB
Specification
Directivity > 55dB
Operating
1.26 ~ 1.60 um
wavelength
y Input : Diameter 250μm
Pigtails y Output : Ribbon fiber
y Average length: 1M
Temperature
y Operating Range : Commercial Version : 0℃ ~ 50℃
Extended Commercial Version : - 20℃ ~ 60℃
Environment Hardened version : - 40℃ ~ 65℃
y Storage Range : -40 ~ 80°C
Humidity
y Operating Range : 0 ~ 100% (40°C, non-condensing)


Appendix B Connector and Cable Specifications
Appendix B describes the specifications of the ports on the Corecess S5 System. In addition,
the kinds and specifications of cables needed for the connection of each port.
9 Connector Specifications B-2
9 Cable Specifications B-4

Connector Specifications
RJ-45 Connector
10/100/1000Base-T Port
10/100/1000Base-T port on the SCM,LIM module has an 8-pin RJ-45 connector. The
cable used for connecting 10/100/1000Base-T port is twisted-pair cable with RJ-45
8 1 connectors at both ends.
Pin configuration of 10/100/1000Base-T port is as follows:
Table B-1 Pin Configuration of 10/100/1000Base-T Port
Pin Signal Pin Signal
1 Tx, Rx+ (1 pair) 5 Tx, Rx+ (3 pair)
2 Tx, Rx- (1 pair) 6 Tx, Rx- (2 pair)
3 Tx, Rx+ (2 pair) 7 Tx, Rx+ (4 pair)
4 Tx, Rx- (3 pair) 8 Tx, Rx- (4 pair)
Ethernet Management port on the SCM module has an 8-pin RJ-45 connector. The cable
used for connecting Ethernet Management port is twisted-pair cable with RJ-45
8 1 connectors at both ends.
Pin configuration of Ethernet Management port is as follows:
Table B-2 Pin Configuration of Ethernet Management Port
Pin Signal
1 Rx+
2 Rx-
3 Tx+
6 Tx-
B-2 Corecess S5 System User's Guide

Console Port for SCM-20G

1 8 Console port on the SCM module has an 8-pin RJ-45 connector. The cable used for
connecting console port is serial cable with an RJ-45 connector and a DB-9 at each
end.
Pin configuration of Console port is as follows:
Table B-3 Pin Configuration of Console Port
Pin Signal
2 Tx
3 Rx
5 GND
Console Port for SCM-B24G, SCM-B72G

1 8 Console port on the SCM-B24,SCM-72G module has an 8-pin RJ-45 connector. The
cable used for connecting console port is serial cable with an RJ-45 connector and a
DB-9 at each end.
Pin configuration of Console port is as follows:
Table B-4 Pin Configuration of Console Port
Pin Signal
3 Tx
4 GND
5 GND
6 Rx
Connector and Cable Specifications B-3

LC Connector
1000Base-SX/LX/LH/ZX Transceiver
In the case that 1000BASE-SX/LX/LH/ZX optical transceiver is applied to the

optical port for GbE, the receiving and transmitting wavelength is the same and
Duplex LC connector is to be used.
SC Connector
1000Base-PX and 1000Base-BX Transceiver
In the case that 1000BASE-PX optical transceiver is applied to the optical port for
EPON and 1000BASE-BX optical transceiver is to the optical port for GbE, the
recieving and transmitting wavelength are 1310/1490 nm in each. In that case,
blue-colored SC connector is generally used.
Caution : When it comes to optical connection vulnerable to reflection, green-colored connector is generally
used.
- Video overlay optical connection
- Connection of WDM multiplexed or dimultiplexed port

Cable Specifications
Twisted Pair Cable

The Ethernet Management port and 10/100/1000Base-T port on the SCM-20G module are connected
by using twisted pair cables with RJ-45 connectors at both ends.
There are two types of twisted pair cables: UTP (unshielded twisted pair) cable and STP
(shielded twisted pair) cable. The following figure shows a twisted pair cable with RJ-45
connectors at both ends.
According to the speed of devices to be connected: Category-3, 4, 5,

5+, 6
The category of twisted pair cable to be used is determined by the speed of the devices to be
connected to RJ-45 port. In case of connecting with a device that operates at 10Mbps, category 3
and 4 cable is used. In case of connecting with a device that operates at 100Mbps, category 5
cable is used. In case of connecting with a device that operates at 1000Mbps, category 5+ or
category 6 cable is used.
According to the kinds of devices to be connected: Straight-through,

Crossover
Either straight-through cable or crossover cable is used according to the kinds of devices to be
connected to RJ-45 port. In case the device to be connected is such terminal (MDI) as PC
equipped with NIC (Network Interface Card), straight-through cable is used. On the other hand,
crossover cable is used for connecting the ports of network devices (MDI-X) such as hub or
switch.

Fiber Optic Cable

The system modules with fiber optic ports are connected using fiber optic cables as follows:
Table B-5 System Modules with Fiber Optic Ports Duplex LC Fiber Optic Cable
Fiber Optic
Module Connector Interface Wave Length(nm)
Cable
1000Base-SX Multi-mode y Rx/Tx : 850nm
SCM-20G Duplex LC
1000Base-LX Single mode y Rx/Tx : 1310nm

SCM-B24G Duplex LC

SCM-B72G Duplex LC 10GBASE-SR Multi-mode y Rx/Tx : 850nm
10GBASE-LR Single mode y Rx/Tx : 1310nm
10GBASE-ER Single mode y Rx/Tx : 1550nm

LIM-D4(8,16)GF Duplex LC
y Rx : 1310nm
LIM-EP4G-GR Simplex SC/PC 1000Base-PX Single mode
y Tx : 1490nm
GW-PON
LIM-GW16GF Simplex SC/APC Single mode y Rx/Tx:1535~1560nm
(16CH GbE)

Multi Mode Fiber(MMF)
The orange-colored multi-mode fiber(MMF) is used for the 1000Base-SX transceiver in the
transporting distance less than 550m.
Orange
Single Mode Fiber(SMF)
The yellow-colored single-mode fiber(SMF) is used for the 1000Base-LX/ZX/BX/PX transceiver

in the transporting distance more than 550m.
Single Mode Fiber(SMF) LC Connector

Yellow
Single Mode Fiber(SMF) SC Connector

Console Cable for SCM-20G

Console cable is used to connect the console port to a console terminal (ASCII terminals or PCs
equipped with terminal emulation programs). Console cable has an RJ-45 connector and a DB-9
connector at each ends.
Console Port DB-9 Connector
Console Port DB9 Connector
<Pin Configuration>
Note: Before connecting the console port, ensure that console terminal is configured as follows:
Baud rate Data bit Parity Stop bit Flow control
9600 8 None 1 None

Console Cable for SCM-B24G,SCM-B72G

Console cable is used to connect the console port to a console terminal (ASCII terminals or PCs
equipped with terminal emulation programs). Console cable has an RJ-45 connector and a DB-9
connector at each ends.


Appendix C Maintaining
This chapter describes how to maintain the Corecess S5 System.
9 Replacing Module C-2
9 Replacing Fan Tray C-4
9 Cleaning Fan Filter C-5
Caution: Before you install the Corecess S5 system, read ‘Chapter3 Before Installation’. ‘Chapter 3’ contains
important safety information you should know before working with the system.
Replacing Module
Replacing Module
If a module installed in a slot has a problem, the module can replace new one. This section
describes how to replace SCM modules and LIM modules on the Corecess S5 System.
Location of Module Installation

There are five slots in the chassis of the Corecess S5 System, and types of module are as follows:
Example: S506-CH
Corecess S506
SCM Slot (5)
LIM Slot (1 ~ 4)
Caution : Be careful not to install modules into the wrong slots when you replace several modules. Be sure to
confirm module location before installation.
C-2 Corecess S5 System User's Guide

Replacing Module
Required Tool
If you replace modules installed in the Corecess S5 System, the following tools are required.
Before replacing modules, prepare the tools.
y A screwdriver
y Electrostatic discharge (ESD) grounding strap
Replacing Modules
The replacing procedure of installed module in the Corecess S5 System is as follows:
Note: Since the Corecess S5 System provides the hot-swap functions, the system power doesn’t have to be
turned off.
Warning: Do NOT put your fingers into slots if the system is not turned off. You might receive an electric shock
by the back-plain or power supply.
1. Execute the write memory command in the Telnet session which is connected to the
Corecess S5 System to store current system configuration in the backup configuration file.
2. Disconnect cables that are connected to the replaced module.
3. Loosen two screws on the replaced module using a screwdriver.
4. Push the ejector levers on the both side of the module to release locked state, then pull the
ejector levers outward and extract the module carefully from the chassis.
5. Prepare a module that is to be installed. Place the module to the guide rail that is located in
the both sides of the slot. Then, insert the module carefully until it gets installed in the
connector of the back plane.
6. Push the ejector levers inward, then the module installed completely with the connector of
back plain.
7. Fasten the module firmly by tightening the two screws using a screwdriver.
8. If the module is installed successfully, the Run LED on the module is turned on with green.
Maintaining C-3
Replacing Fan Tray
Replacing Fan Tray

Fan tray installed in the Corecess S5 System chassis has cooling fans. The cooling fan extracts
heat that is generated into the system and flows cool air into the system.
The replacing procedure of fan tray is as follows:
Caution: Do NOT operate the system when you replace the fan tray. If the fan tray is not operating, the system
can be damaged by the overheat.
1. Check the Fan LED on the system fan tray. The Fan LED is turned on with red when the
fan tray has a problem.
2. Loosen a screw on the front of the fan tray using a screwdriver.
3. Grasp the handle of the fan tray and gently pull it.
4. Prepare new fan tray. Slide the new fan tray into the chassis until the rear of the fan tray
plugs into the corresponding connector on the back-panel.
5. Fasten the fan tray firmly by tightening the screw using a screwdriver.
6. If the fan tray is installed successfully, the LED on the fan tray is turned on with green.
C-4 Corecess S5 System User's Guide

Cleaning Fan Filter
Cleaning Fan Filter

In the Corecess S5 System, a fan filter that can be reused are installed. If the fan filter is dirty or
clogged by dust, cool air can not be flowed into the system chassis through the fan filter. The
system can be overheated as the result. Therefore, please check fan filter state once a month -
depends on the site environment, and clean the fan filter.
The following procedure describes how to clean the fan filter in the Corecess S5 System.
1. Grasp the handle of the fan filter, and gently pull it forward until the fan filter is
separated from the chassis. At this time, be sure not to scatter dust of the fan filter.
2. Check the fan filter state. If there is a lot of dust or dirty in the fan filter, remove dust
with a vacuum machine or wash the fan filter with a neutral detergent. When you clean
the fan filter with water, install spare fan filter in the chassis.
3. If you wash the fan filter with a neutral detergent, dry the fan filter in cool place over
eight hours.
4. After cleaning, insert the fan filter into the slot of the chassis.
Maintaining C-5

Manual Olt s5 Gepon Cianet

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Manual Olt s5 Gepon Cianet

Enviado por

Direitos autorais:

Formatos disponíveis

Edition: 0003

Corecess Scalable Broadband Service Platform

No Part of this book shall be reproduced, stored in a retrieval system, or

The specifications and information regarding the products in this manual

Other product names or company names mentioned in this manual are

y Introduction to functions and features

y Name and function of each part

y How to install on a rack and connect cable to each port

y How to configure the Corecess S5 System

Notations in Console Screen

y Text displayed on console screen is shown in Courier New.

y Values entered by user are displayed in bold Courier New.

Notations in Command Syntax

y Console commands are indicated in bold Courier New.

y Parameters that need to be entered are indicated in Courier New.

y Parameters in [ ] are parameters that can be ignored.

Acronyms & Terminology

IV Corecess S5 System User's Guide

Recommendation: Introduces recommendatory item for the use of product.

Chapter 2 Hardware Description

Chapter 3 Before Installation

Chapter 5 Configuring Basic Features

Chapter 6 Configuring Ports and Links

Chapter 7 Configuring VLAN

Chapter 8 Configuring SNMP and RMON

VI Corecess S5 System User's Guide

Chapter 9 Configuring QoS

Chapter 10 Configuring DHCP

Chapter 11 Configuring NetSnoop

Chapter 12 Configuring Security

Chapter 13 Configuring Multicast

Chapter 14 Configuring Routing Protocol

Chapter 15 Configuring LACP

Chapter 16 Configuring STP and RSTP

Chapter 17 Configuring VRRP

Chapter 18 Redundancy Configuration

Chapter 19 M5 SuperPON MUX Platform

Appendix A Product Specifications

Appendix B Connector and Cable Specifications

Appendix C Operation and Maintenance

VIII Corecess S5 System User's Guide

Manual Contents ..................................................................................................III

Chapter 1 Overview 1-1

Chapter 2 Hardware Description 2-1

Reset Switch (Reset) .............................................................................................................. 2-13

Chapter 3 Before Installation 3-1

Chapter 4 Installation 4-1

X Corecess S5 System User's Guide

Line Interface Module............................................................................................................. 4-5

Chapter 5 Configuring Basic Features 5-1

Chapter 6 Configuring Ports and Links 6-1

Chapter 7 Configuring VLAN 7-1

Chapter 8 Configuring SNMP and RMON 8-1

XII Corecess S5 System User's Guide

Configuring SNMP ................................................................................................................. 8-6

Chapter 9 Configuring QoS 9-1

Chapter 10 Configuring DHCP 10-1

Defining Subnet for DHCP Relay Configuration........................................................... 10-15

Chapter 11 Configuring Netsnoop 11-1

Chapter 12 Configuring Security 12-1

XIV Corecess S5 System User's Guide

Access Lists............................................................................................................................. 12-6

Chapter 13 Configuring Multicast 13-1

Chapter 14 Configuring Routing Protocol 14-1