Escolar Documentos
Profissional Documentos
Cultura Documentos
Users Manual
Version 1.0
ZTE CORPORATION ZTE Plaza, Keji Road South, Hi-Tech Industrial Park, Nanshan District, Shenzhen, P. R. China 518057 Tel: (86) 755 26771900 800-9830-9830 Fax: (86) 755 26772236 URL: http://support.zte.com.cn E-mail: doc@zte.com.cn
LEGAL INFORMATION Copyright 2005 ZTE CORPORATION. The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners. This document is provided as is, and all express, implied, or statutory warranties, representations or conditions are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose, title or noninfringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the information contained herein. ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject matter of this document. Except as expressly provided in any written license between ZTE CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter herein. The contents of this document and all policies of ZTE CORPORATION, including without limitation policies related to support or training are subject to change without notice.
Revision History Date 2005/11/01 Revision No. R1.3 Serial No. sjzl20060311 Description
Equipment Installation Date Presentation: (Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization, Appearance) Good Your evaluation of this document Accessibility: (Contents, Index, Headings, Numbering, Glossary) Good Fair Average Poor Bad N/A Fair Average Poor Bad N/A
Intelligibility: (Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content) Good Fair Average Poor Bad N/A
Please check the suggestions which you feel can improve this documentation: Improve the overview/introduction Improve the Contents Improve the organization Your suggestions for improvement of this document Include more figures Add more examples Add more detail Other suggestions ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ # Please feel free to write any comments on an attached sheet. If you wish to be contacted regarding your comments, please complete the following: Name Postcode Telephone Company Address E-mail Make it more concise/brief Add more step-by-step procedures Add more troubleshooting information Make it less technical Add more/better quick reference aids Improve the index
Contents
About this Users Manual.................................................. xxiii
Purpose of this Users Manual........................................................ xxiv Typographical Conventions ............................................................ xxv Mouse Operation Conventions....................................................... xxvi Safety Signs ................................................................................xxvii How to Get in Touch.................................................................... xxviii
Customer Support ...................................................................................xxviii Documentation Support ...........................................................................xxviii
Sub-boards ....................................................................................45
FFEI............................................................................................................ 45 FGEI........................................................................................................... 46 FGFI ........................................................................................................... 47 FGFE .......................................................................................................... 48
Installation of Cables.......................................................................56
Installing Power Cables................................................................................ 56 Installing Configuration Cables ..................................................................... 58 Installing Network Cables ............................................................................ 59 Installing Fibers........................................................................................... 60 Labels......................................................................................................... 61
MSTP Configuration.......................................................................131
Introduction...............................................................................................131 Basic Configuration ....................................................................................133 Configuration Example ...............................................................................135
QoS Configuration.........................................................................138
Introduction...............................................................................................138 Basic Configuration ....................................................................................139 Configuration Example ...............................................................................141
QinQ Configuration........................................................................164
Introduction...............................................................................................164 Basic Configuration ....................................................................................166 Configuration Example ...............................................................................167
Introduction .............................................................................................. 169 Basic Configuration.................................................................................... 169 Configuration Example .............................................................................. 170
SSH.............................................................................................171
Introduction .............................................................................................. 171 Basic Configuration.................................................................................... 172 Configuration Example .............................................................................. 172
SNMP...........................................................................................177
Introduction .............................................................................................. 177 Basic Configuration.................................................................................... 178 Configuration Example .............................................................................. 179
RMON ..........................................................................................181
Introduction .............................................................................................. 181 Basic Configuration.................................................................................... 181 Configuration Example .............................................................................. 185
Common Troubleshooting..............................................................208
Failed to Configure through the Console Port...............................................208 Failed to Connect Through Telnet................................................................210 Failed to Log In to the Switch Through Telnet..............................................211 Missing User Name or Password .................................................................211 Missing enable Password ............................................................................215 Failed to Interconnect Two Devices in the Same VLAN.................................215
set specialVlan1 ........................................................................................ 225 show date-time......................................................................................... 225 show loginauth.......................................................................................... 225 show running-config.................................................................................. 226 show specialVlan1 ..................................................................................... 226 show start-config....................................................................................... 226 show terminal ........................................................................................... 227 show vct ................................................................................................... 227 show user ................................................................................................. 227 sysLocation............................................................................................... 228 terminal log .............................................................................................. 228 terminal monitor ....................................................................................... 228 version ..................................................................................................... 229
set port description ....................................................................................237 set port duplex ..........................................................................................238 set port flowcontrol ....................................................................................238 set port ingress_limit_mode .......................................................................239 set port macaddress ..................................................................................240 set port multicast-filter...............................................................................240 set port poe...............................................................................................241 set port priority..........................................................................................241 set port remapping-tag ..............................................................................242 set port sa-priority .....................................................................................243 set port security.........................................................................................243 set port speed ...........................................................................................244 set port speedadvertise..............................................................................244 set port user-priority ..................................................................................245 set port vlan-priority ..................................................................................246 set trunk multicast-filter .............................................................................246 show port..................................................................................................247 show port qos............................................................................................247 show port statistics ....................................................................................248 show trunk ................................................................................................248
set vlan..................................................................................................... 253 set vlan add port ....................................................................................... 253 set vlan add trunk ..................................................................................... 254 set vlan delete port.................................................................................... 255 set vlan delete trunk.................................................................................. 255 set vlan fid ................................................................................................ 256 set vlan priority ......................................................................................... 256 show vlan ................................................................................................. 257
MSTP Configuration.......................................................................277
clear stp instance.......................................................................................277 clear stp name...........................................................................................277 set stp.......................................................................................................278 set stp agemax..........................................................................................278 set stp edge-port .......................................................................................279 set stp forceversion....................................................................................279 set stp forwarddelay ..................................................................................280 set stp hellotime ........................................................................................280 set stp hmd5-digest...................................................................................281 set stp hmd5-key.......................................................................................281 set stp hopmax..........................................................................................281 set stp instance bridgeprio..........................................................................282 set stp instance port cost............................................................................282
set stp instance port priority....................................................................... 283 set stp instance trunk cost ......................................................................... 284 set stp instance trunk priority..................................................................... 284 set stp instance vlan.................................................................................. 285 set stp name............................................................................................. 286 set stp port ............................................................................................... 286 set stp port linktype................................................................................... 287 set stp port packettype.............................................................................. 287 set stp relay.............................................................................................. 288 set stp revision.......................................................................................... 288 set stp trunk ............................................................................................. 288 set stp trunk linktype................................................................................. 289 set stp trunk packettype ............................................................................ 289 show stp................................................................................................... 290 show stp instance...................................................................................... 290 show stp port............................................................................................ 291 show stp trunk .......................................................................................... 292
QoS Configuration.........................................................................292
set qos queue-schedule ............................................................................. 292 set qos priority-map user-priority............................................................... 293 set qos priority-map ip-priority................................................................... 293 show qos queue-schedule.......................................................................... 294 show qos priority-map............................................................................... 294
arp add .....................................................................................................297 arp delete..................................................................................................298 arp ipport timeout......................................................................................298 clear arp....................................................................................................299 clear ipport ................................................................................................299 clear iproute ..............................................................................................300 iproute ......................................................................................................301 set ipport...................................................................................................302 set ipport ipaddress....................................................................................302 set ipport mac ...........................................................................................303 set ipport vlan............................................................................................304 show arp ...................................................................................................305 show ipport ...............................................................................................306 show iproute..............................................................................................306
clear client ................................................................................................ 314 clear client index ....................................................................................... 314 clear client port ......................................................................................... 314 clear client vlan ......................................................................................... 315 radius isp .................................................................................................. 315 radius isp add accounting .......................................................................... 316 radius isp add authentication ..................................................................... 316 radius isp defaultisp................................................................................... 317 radius isp delete accounting....................................................................... 317 radius isp delete authentication.................................................................. 317 radius isp description................................................................................. 318 radius isp client ......................................................................................... 318 radius isp fullaccount ................................................................................. 319 radius isp sharedsecret.............................................................................. 319 radius nasname ........................................................................................ 320 radius retransmit....................................................................................... 320 radius timeout........................................................................................... 320 show aaa-control port................................................................................ 321 show dot1x............................................................................................... 321 show client................................................................................................ 321 show client index....................................................................................... 322 show client mac ........................................................................................ 322 show client port......................................................................................... 322 show radius .............................................................................................. 323
QinQ Configuration........................................................................323
set qinq customer port............................................................................... 323 set qinq tpid.............................................................................................. 324 set qinq uplink port.................................................................................... 324 show qinq ................................................................................................. 325
Remote-access Configuration.........................................................325
clear remote-access all...............................................................................325 clear remote-access ipaddress....................................................................325 set remote-access......................................................................................326 set remote-access ipaddress ......................................................................326 show remote-access ..................................................................................327
SSH Configuration.........................................................................327
set ssh ......................................................................................................327 show ssh ...................................................................................................327
RMON Configuration......................................................................333
set alarm...................................................................................................333 set event...................................................................................................336 set history .................................................................................................337 set rmon ...................................................................................................339 set statistics...............................................................................................339 show alarm ...............................................................................................341 show event................................................................................................341 show history..............................................................................................342 show rmon ................................................................................................343 show statistics ...........................................................................................343
erase member .......................................................................................... 343 reboot member......................................................................................... 344 save member............................................................................................ 344 set group add device ................................................................................. 345 set group add mac .................................................................................... 345 set group candidate................................................................................... 346 set group commander ipport...................................................................... 346 set group delete member .......................................................................... 347 set group independent............................................................................... 347 set group handtime ................................................................................... 347 set group holdtime .................................................................................... 348 set group name......................................................................................... 349 set group tftpsvr........................................................................................ 349 set zdp ..................................................................................................... 350 set zdp holdtime........................................................................................ 350 set zdp port .............................................................................................. 350 set zdp timer............................................................................................. 351 set zdp trunk............................................................................................. 352 set ztp ...................................................................................................... 352 set ztp hop................................................................................................ 353 set ztp hopdelay........................................................................................ 353 set ztp port ............................................................................................... 354 set ztp portdelay ....................................................................................... 354 set ztp timer ............................................................................................. 355 set ztp trunk ............................................................................................. 356 set ztp vlan ............................................................................................... 356 show group............................................................................................... 357 show group candidate ............................................................................... 357 show group member ................................................................................. 357 show zdp .................................................................................................. 358 show zdp neighbour .................................................................................. 358
show ztp ...................................................................................................358 show ztp device .........................................................................................359 show ztp mac ............................................................................................359 ztp start ....................................................................................................360
1. QoS functions
Cancel the function of determining priority of data packet based on static resource MAC address (SA) and VLAN priority. Cancel the support to the 802.1p subscriber priority remap function on the port. Cancel the support to the OUT port speed restriction function.
2. Cancel the support to the QINQ function. 3. Reduce eight LACP groups of 2852SLE (On the 2852S, 16 groups are supported.) 4. Only the Spanning Tree Protocol (STP) and RSTP are supported. The MSTP is not supported now.
xxiii
Except for those specified as the contents for LE serial switches, the rest common contents are applicable to all switches.
Chapter 3 Structure & Principles introduces the structure and working principles of the ZXR10 2609/2818S/2826S/2852S. Chapter 4 Installation and Debugging introduces the installation and debugging methods of the ZXR10 2609/2818S/2826S/2852S. Chapter 5 Usage & Operations introduces the configuration methods, command mode, and usage of command line. Chapter 6 System Management introduces the system management of the ZXR10 2609/2818S/2826S/2852S. Chapter 7 Basic Configuration introduces the configuration of ZXR10 2609/2818S/2826S/2852S. service data
Chapter 8 Network Management introduces the network management configuration of the ZXR10 2609/2818S/2826S/2852S. Chapter 9 Maintenance introduces the routine maintenance of the ZXR10 2609/2818S/2826S/2852S. Chapter 10 Command Reference introduces the supported by the ZXR10 2609/2818S/2826S/2852S. commands
xxiv
Appendix A Abbreviations
Typographical Conventions
ZTE documents employ the following typographical conventions.
TABLE 1 TYPOGRAPHICAL CONVENTIONS
Typeface
Meaning References to other guides and documents; parameter values Links on screens Menus, menu options, input fields, radio button names, check boxes, drop-down lists, dialog box names, window names Keys on the keyboard and buttons on screens and company name Text that you type, program code, files and directory names, and function names Optional parameters Mandatory parameters Select one of the parameters that are delimited by it Note: Provides additional information about a certain topic Checkpoint: Indicates that a particular step needs to be checked before proceeding further Tip: Indicates a suggestion or hint to make things easier or more productive for the reader
Italics
Quotes Bold
CAPS
Constant width
[] {} |
xxv
Meaning Refers to clicking the primary mouse button (usually the left mouse button) once. Refers to quickly clicking the primary mouse button (usually the left mouse button) twice. Refers to clicking the secondary mouse button (usually the right mouse button) once. Refers to pressing and holding a mouse button and moving the mouse.
xxvi
Safety Signs
TABLE 3 S AFETY SIGNS
Safety Signs
Meaning Danger: Indicates an imminently hazardous situation, which if not avoided, will result in death or serious injury. This signal word should be limited to only extreme situations. Warning: Indicates a potentially hazardous situation, which if not avoided, could result in death or serious injury. Caution: Indicates a potentially hazardous situation, which if not avoided, could result in minor or moderate injury. It may also be used to alert against unsafe practices. Erosion: Beware of erosion. Electric shock: There is a risk of electric shock. Electrostatic: The device may be sensitive to static electricity. Microwave: Beware of strong electromagnetic field. Laser: Beware of strong laser beam. No flammables: No flammables can be stored. No touching: Do not touch. No smoking: Smoking is forbidden.
xxvii
Customer Support
If you have problems, questions, comments, or suggestions regarding your product, contact us by e-mail at support@zte.com.cn. You can also call our customer support center at (86) 755 26771900 and (86) 800-9830-9830.
Documentation Support
ZTE welcomes your comments and suggestions on the quality and usefulness of this document. For further questions, comments, or suggestions on the documentation, you can contact us by e-mail at doc@zte.com.cn; or you can fax your comments and suggestions to (86) 755 26772236. You can also explore our website at http://support.zte.com.cn, which contains various interesting subjects like documentation, knowledge base, forum and service request.
xxviii
Chapter
Safety Description
In this chapter, you will learn about:
Safety instructions Sign description
Safety Instructions
Only the properly trained professional personnel are qualified for the installation, operation, and maintenance of this equipment. Observe the local safety specifications and relevant operating procedures in equipment installation, operation and maintenance, to avoid personal injury or damage to the equipment. The safety precautions in this manual can only be used as a supplement to local safety regulations. ZTE Corporation assumes no responsibility for consequences resulting from violation of general specifications for safety operations or of safety rules for design, production and use of equipment.
29
Sign Description
Contents deserving special attention when configuring the equipment are explained in the following format: Caution: Ignoring safety precautions may result in equipment faults.
Note: Contents that you need to pay special attention to besides the safety precautions.
30
Chapter
System Overview
In this chapter, you will learn about:
An overall introduction to the ZXR10 2609/2818S/2826S/2852S Rich software/hardware functions of the ZXR10 2609/2818S/2826S/2852S Networking mode of the ZXR10 2609/2818S/2826S/2852S Technical features of the ZXR10 2609/2818S/2826S/2852S Parameters of the ZXR10 2609/2818S/2826S/2852S
Product Overview
ZXR10 2609/2818S/2826S/2852S access switches are located at the access layer of the enterprise network and broadband IP metropolitan area network (MAN), providing different number of Ethernet ports. They can serve as the access equipment at the subscriber side in the information intelligent residential areas, commercial buildings, hotels, campus networks, enterprise (government) network or the convergence equipment of small-size network to provide fast, efficient, and cost-effective access and convergence solutions.
31
Functions
The ZXR10 2609/2818S/2826S/2852S adopts the Store and Forward mode and supports the layer-2 switching at wire-speed. Full wirespeed switching is implemented at all ports. The ZXR10 2609/2818S/2826S/2852S has the following functions:
1. MAC address self-learning capability. The size of the MAC address table is 8K. 2. Port MAC address bundling and address filtering. 3. Support the 802.1q-compliant VLAN and private border VLAN. The maximum number of VLANs can be up to 4094. The VLAN stacking function is also supported. 4. Priority classification by DA, SA, VID, or TOS/DSCP, multiqueue, fixed priority scheduling, weighted priority scheduling, and port multi-queue at the switch. 5. Support the STP defined in the 802.1d, RSTP defined in the 802.1w, and MSTP defined in the 802.1s. 6. Support LACP port bundling defined in 802.3ad and port static bundling. At most 16 port groups can be bundled and each group contains at most eight ports. 7. Multi-VLAN IGMP snooping. 8. Port ingress and egress mirroring. 9. 802.3x-compliant flow control (full duplex) and backpressure flow control (half duplex). 10. Port ingress and egress bandwidth restriction. 11. Single port loop test. 12. VCT function and faulty circuit test. 13. Detailed port flow statistics. 14. Broadcast storm suppression. 15. Configuration of NM static route.
32 Confidential and Proprietary Information of ZTE CORPORATION
16. 802.1x transparent transmission and authentication. 17. Support the Console configuration, Telnet remote login, SNMP network management, centralized network management of ZXNM01, trunking management technology ZGMP, and Secure shell V2.0. 18. Uploading and downloading of TFTP version.
Networking Mode
The ZXR10 2609/2818S/2826S/2852S features flexible networking mode. The following introduces two typical network modes.
33
IP backbone network
100M/1000M
ZXR10 2609/2818S/2826S/2852S
10/100M
34
The ZAN (Customer Premises Network) equipment can be included via in-band or out-band mode into the NMS of the entire MAN, or managed with the network management and service management system independently established in the residential complex. Figure 2 shows the typical networking structure.
F I G U R E 2 T Y P I C A L N E T W O R K I N G O F M AN B R O A D B A N D A C C E S S
BRAS
ZXR10 3906
100M
N 10/100M
ZXR10 2609
100M
ZXR10 2818S
10/100M 10/100M
ZXR10 2826S
1000M
ZXR10 2852S/2826S
35
Item
14
19
AC power supply: 100V~240V, 48Hz~62Hz. Wave shape distortion <5% DC power supply: 57V to 40V
36
Chapter
Working Principle
The ZXR10 2609/2818S/2826S/2852S is a series of layer-2 NMenabled low and medium-range Ethernet switching products launched by ZTE Corporation. They are intended for the access layer of the networks in the commercial buildings, residential areas, campus, and enterprise to meet users diversified requirements on the number of interfaces. This series of products features powerful functions and outstanding performance. Functionally, the switch consists of control module, switching module, interface module, and power supply module. Figure 3 shows the system principle.
1. Control module: It consists of main processor and some external functional chips. The control module controls and manages the switching module to meet the requirements of different network applications. It provides an external serial port for the data operation and maintenance.
Confidential and Proprietary Information of ZTE CORPORATION 37
2. Switching module. It consists of dedicated Ethernet switching processing chips. The switching module processes and exchanges the data packets sent by each port. In addition, the chip is integrated with data packet transceiver and can directly provide hundred megabit or gigabit service interface for users. 3. Interface module: It consists of interface board. (The interface module is used in the ZXR10 2818S and ZXR10 2826S only.) The interface module completes connection with external users and transceiving of data packets. The standard interface is used to connect the interface module and the switching module. 4. Power supply module. It adopts the 220V AC or 48V DC power supply. The power supply module supplies power for other modules of the system.
Switching module
Power module
Control module
The ZXR10 2609/2818S/2826S/2852S (except the ZXR10 2609) uses the 19 subrack that is in compliance with the international
38
standard. The subrack can be used as standalone equipment or installed in a standard cabinet.
Hardware Structure
The ZXR10 2609/2818S/2826S/2852S adopts the box structure, which is 1U high. It employs independent power supply and natural dissipation method. It has vents on the rear, right, and left sides of the box. The box is composed of a bottom case and a shell. It features light weight and simple structure. All the components or parts are installed on the bottom case, which allows easy installation and uninstallation. The interface board is inserted from the front side and is fixed with two captive screws. The insertion and removal is convenient and flexible. On the front panel or the top of the shell of the ZXR10 2609/2818S/2826S/2852S, there are power indicators, RUN indicators, fixed Ethernet electrical interfaces, Ethernet optical interfaces, and one serial configuration port. The AC or DC power socket and power switch are located on the rear panel. The major hardware of the ZXR10 2609/2818S/2826S/2852S is the Ethernet switching main board, which is indispensable in any type of configuration. The uplink port on the expansion slot of the ZXR10 2818S and ZXR102826S can be configured with different sub-boards as needed.
ZXR10 2609
Figure 4 shows the front panel of the ZXR10 2609.
FIGURE 4 FRONT P ANEL OF THE ZXR10 2609
39
Interfa ces
ZXR10 2609 provides the following types of access ports:
1. Nine fixed 10/100 Base-T Ethernet ports. These ports support full duplex/half duplex and 10/100M and MDI/MDIX auto-sensing function. Except the 9th port, other ports are also equipped with VCT auto detection function. 2. One Console port, used to realize the management and configuration of various services.
Indicators
There are 11 indicators on the top of the shell of the ZXR10 2609, including two system indicators and nine interface indicators.
1. The system indicators include power indicator (PWR) and running indicator (RUN). The following explains their status:
After the system is powered up, the PWR indicator is on and the RUN indicator is off. The BootROM starts to load the version. If the version is unavailable, the states of indicators do not change. If the version is loaded normally, the RUN indicator flashes at 1Hz.
2. The nine interface indicators correspond to the nine fixed Ethernet electrical interfaces. When the indicator is on, it indicates that the LINK is normal. If the indicator is flashing, it indicates that data sending or receiving is underway.
ZXR10 2818S
Figure 5 shows the front panel of the ZXR10 2818S.
40
The Ethernet switching main board of the ZXR10 2818S is FEBE. The ZXR10 2818S can also be configured with the following sub-boards: FFEI, FGEI, FGFI, and FGFE. For the description of the sub-boards, see Sub-boards.
Interfa ces
ZXR10 2818S provides the following types of access ports. They can be configured according to the actual application.
1. Sixteen fixed 10/100 Base-T Ethernet ports. These ports support full duplex/half duplex, 10/100M and MDI/MDIX auto-sensing function, and VCT auto detection function. 2. One expansion slot for the uplink sub-boards that can provide single/double-channel 100M optical interface, 2channel 1000M optical interface, 2-channel 1000M electrical interface, or 1000M optical-electrical interface. 3. One Console port, used to realize the management and configuration of various services.
Indicators
On the top of the shell and front panel of the ZXR10 2818S, there are 18 indicators, including 2 system indicators and 16 interface indicators. The indicators on the top of the shell and the front panel of the FEBE are the same.
1. The system indicators include power indicator (PWR) and running indicator (RUN). The following explains their states:
After the system is powered up, the PWR indicator is on and the RUN indicator is off.
41
The BootROM starts to load the version. If the version is unavailable, the states of indicators do not change. If the version is loaded normally, the RUN indicator flashes at 1Hz.
2. The 16 interface indicators correspond to the 16 fixed Ethernet electrical interfaces. When the indicator is on, it indicates that the LINK is normal. If the indicator is flashing, it indicates that data sending or receiving is underway.
ZXR10 2826S
Figure 6 shows the front panel of the ZXR10 2826S.
FIGURE 6 FRONT P ANEL OF THE ZXR10 2826S
The Ethernet switching main board of ZXR10 2818S is FEBT. The ZXR10 2818S can also be configured with the following sub-boards: FFEI, FGEI, FGFI, and FGFE. For introduction to the sub-boards, see Sub-boardsSub-boards.
Interfa ces
The ZXR10 2826S provides the following types of access ports. They can be configured flexibly according to the actual application.
1. Twenty four fixed 10/100 Base-T Ethernet ports. These ports support full duplex/half duplex, 10/100M and MDI/MDIX auto-sensing function, and VCT auto detection function. 2. One expansion slot for the uplink sub-boards that can provide single/double-channel 100M optical interface, 2channel 1000M optical interface, 2-channel 1000M electrical interface, or 1000M optical-electrical interface.
42
3. One Console port, used to realize the management and configuration of various services.
Indicators
On the front panel of the ZXR10 2826S, there are 50 indicators, including 2 system indicators and 48 interface indicators.
1. The system indicators include power indicator (PWR) and operation indicator (RUN). The following explains their states:
After the system is powered on, the PWR indicator is on and the RUN indicator is off. The BootROM starts to load the version. If the version is unavailable, the states of indicators do not change. If the version is loaded normally, the RUN indicator flashes at 1Hz.
2. There are two indicators on each fixed Ethernet electrical port. The left one is the half/full duplex indicator and the right one is the link activation indicator.
The half/full duplex indicator is on when the Ethernet electrical port works in the full duplex mode, off when the Ethernet electrical port works in the half duplex mode, and flashes when there is conflict. The link activation indicator flashes when the link is activated.
ZXR10 2852S
Figure 7 shows the front panel of the ZXR10 2852S.
FIGURE 7 FRONT P ANEL OF THE ZXR10 2852S
43
Interfa ces
ZXR10 2852S provides the following types of access ports. They can be configured flexibly according to the actual application.
1. Forty eight fixed 10/100 Base-T Ethernet ports. These ports support full duplex/half duplex, 10/100M and MDI/MDIX auto-sensing function, and VCT auto detection function. 2. Two fixed 10/100/1000 Ethernet electrical ports and two fixed 1000 Ethernet electrical ports. 3. One Console port, used to realize the management and configuration of various services.
Indicators
On the front panel of the ZXR10 2852S, there are 56 indicators, including four system indicators and 52 interface indicators.
1. The system indicators include two CONSOLE port indicators, one power indicator (PWR), and one running indicator (RUN). The following explains their status:
After the system is powered up, the PWR indicator is on and the RUN indicator is off. The BootROM starts to load the version. If the version is unavailable, the states of indicators do not change. If the version is loaded normally, the RUN indicator flashes at 1Hz.
2. The interface indicators include: i. The 48 round indicators on the upper part of the front panel correspond to 48 fixed Ethernet electrical ports. When the indicator is on, it indicates that the LINK is normal. If the indicator is flashing, it indicates that data sending or receiving is underway.
ii. The ACT1 and ACT2 on the left correspond to two fixed gigabit optical interfaces. When the indicator is on, it indicates that the LIKK is normal. If the indicator is
44
flashing, it indicates that data sending or receiving is underway. iii. Each fixed gigabit Ethernet port has two indicators. The left one is the half/full duplex indicator and the right one is the link activation indicator.
The half/full duplex indicator is on when the Ethernet electrical port works in the full duplex mode, off when the Ethernet electrical port works in the half duplex mode, and flashes when there is conflict. The link activation indicator flashes when the link is activated.
Sub-boards
The ZXR10 2816S and ZXR10 2826S can be configured with the following sub-boards according to the actual networking requirements: FFEI, FGEI, FGFI, and FGFE.
FFEI
The FFEI provides one channel of 100M Ethernet uplink optical interface for the ZXR10 2818S/2826S. There are three FFEI models, providing different types of interface and transmission distance:
1. SF-1FE-S40KSC: Extend distance to 40 km over singlemode fiber cable. Figure 8 shows this sub-board.
45
2. SF-1FE-S15KSC Extend distance to 15 km over singlemode fiber cable. Figure 9 shows this sub-board.
3. SF-1FE-M02KSC Extend distance to 2 km over dual-mode fiber cable. Figure 10 shows this sub-board.
On the front panel of FFEI, there are two indicators: link activation indicator (ACT) and link status indicator (LNK). The ACT indicator flashes when data sending or receiving is underway. The LNK indicator is on when the link is normal.
FGEI
The FGEI provides two channels of gigabit Ethernet uplink electrical ports for the ZXR10 2818S/2826S. Its model number is SF-2GE2RJ45, as shown in Figure 11.
46
On the panel of the FGEI, there are four indicators. Each gigabit electrical port has two indicators: link activation indicator and link status indicator The link activation indicator flashes when data sending or receiving is underway. The link status indicator is on when the link is normal.
FGFI
The FGFI provides two channels of gigabit Ethernet uplink optical ports for the ZXR10 2818S/2826S. Its model number is SF-2GE2SFP, as shown in Figure 12.
On the panel of the FGFI, there are two indicators: ACT1 and ACT2. They correspond to two gigabit optical interfaces. When the indicator is on, it indicates that the LIKK is normal. If the indicator is flashing, it indicates that data sending or receiving is underway.
47
FGFE
The FGFE provides one channel of gigabit Ethernet uplink electrical port and one channel of gigabit Ethernet uplink optical port for the ZXR10 2818S/2826S. Its model number is SF-2GE-SFPRJ45, as shown in Figure 13.
On the panel of the FGFE, there are three indicators. The gigabit optical port has an ACT indicator. When the indicator is on, it indicates that the LIKK is normal. If the indicator is flashing, it indicates that data sending or receiving is underway. The gigabit electrical port has two indicators: link activation indicator and link status indicator. The link activation indicator flashes when data sending or receiving is underway. The link status indicator is on when the link is normal.
48
When the POE powered mode is used, a dedicated POE device is needed to split the RJ45 signals of the 48V power provided by the POE power sourcing equipment into Ethernet signal and 48V power signal and convert the power into 5V DC power needed by the ZXR10 2609.
ZXR10 2818S/2826S
ZXR10 2818S/2826S supports two power supply modes: -48V DC power supply and 110V/220V AC power supply. When the -48V DC power supply is adopted, use the 48V DC power cables. When the AC power supply is adopted, use the AC power cables. Figure 14 and Figure 15 respectively show the rear panel of the swtich when the 48V DC power supply and 110V/220V AC power supply are adopted. ZXR10 2818S also supports the POE power mode, but the powered device must be the first Ethernet port.
FIGURE 14 SUPPLY)
-48VGND
GNDP
-48V
100-240V~ 60-50Hz
ZXR10 2852S
ZXR10 2852S supports two power supply modes: -48V DC power supply and 110V/220V AC power supply. When the -48V DC power supply is adopted, use the 48V DC power cables. When the AC power supply is adopted, use the AC power cables. Figure 16 and
Confidential and Proprietary Information of ZTE CORPORATION 49
Figure 17 respectively show the rear panel of the swtich when the 48V DC power supply and 110V/220V AC power supply are adopted.
OFF
ON
OFF
ON
100-240V~ 60-50Hz
50
Chapter
51
DC 5V
Console
10
12
14
16 SF-2GE-2RJ45
ZXR10 2818S
ESD 2 RUN PWR Console 1 3 5 4 6
LNK/ACT 8 10 12 14 16
9 11 13 15
11
13
15
10
12
14
16
18
20
22
24 SF-2GE-2RJ45
ZXR10 2826S
ESD RUN PWR Console 1 3 5 7 9 11 13 15 17 19 21 23
ZXR10 2852S
TX RX TX RX
CONSOLE
52
51
50/49
2/1
4/3
6/5
8/7
10/9
12/11
14/13
16/15
18/17
20/19
22/21
24/23
26/25
28/27
30/29
32/31
34/33
36/35
38/37
40/39
42/41
44/43
46/45
48/47
1 - Box 2 - Foot
52
10
12
14
16 SF-2GE-2RJ45
ZXR10 2818S
ESD 2 RUN PWR Console 1 3 5 4 6
LNK/ACT 8 10 12 14 16
9 11 13 15
11
13
15
10
12
14
16
18
20
22
24 SF-2GE-2RJ45
ZXR10 2826S
ESD RUN PWR Console 1 3 5 7 9 11 13 15 17 19 21 23
ZXR10 2852S
TX RX TX RX
CONSOLE
52
51
50/49
2/1
4/3
6/5
8/7
10/9
12/11
14/13
16/15
18/17
20/19
22/21
24/23
26/25
28/27
30/29
32/31
34/33
36/35
38/37
40/39
42/41
44/43
46/45
48/47
On both sides of the 19 cabinet, install two symmetric holders to support the switch, as shown in Figure 20.
53
2 1
After the holders are installed, push the switch along the holders and fix the flanges onto the cabinet, as shown in Figure 21.
54
10
12
14
16 SF-2GE-2RJ45
ZXR10 2818S
ESD 2 RUN PWR Console 1 3 5 4 6
LNK/ACT 8 10 12 14 16
9 11 13 15
11
13
15
10
12
14
16
18
20
22
24 SF-2GE-2RJ45
ZXR10 2826S
ESD RUN PWR Console 1 3 5 7 9 11 13 15 17 19 21 23
ZXR10 2852S
TX RX TX RX
CONSOLE
52
51
50/49
2/1
4/3
6/5
8/7
10/9
12/11
14/13
16/15
18/17
20/19
22/21
24/23
26/25
28/27
30/29
32/31
34/33
36/35
38/37
40/39
42/41
44/43
46/45
48/47
55
Installation of Cables
Cables of the ZXR10 2609/2818S/2826S/2852S include power cables, configuration cables, network cables, and fibers.
1. Install AC power cables. AC power cables look basically the same as the standard printer power cables, except that the core diameter is smaller. Figure 22 shows the AC power cable.
One end of the AC power cable is connected to the AC power socket on the AC power supply module of the ZXR10 2818S/2826S/2852S, and the other end to the 220V AC power socket. For the ZXR10 2609, directly use the self-contained AC adapter connection equipment and socket. 2. Install DC power cables. Figure 23 shows the 48 power socket on the DC power supply module of the ZXR10 2609/2818S/2826S/2852S.
56
One end of the DC power cable is connected to the power socket on the DC power supply module of the ZXR10 2818S/2826S/2852S, and the other end to the corresponding terminal of 48V DC power supply.
57
End A 2 3 5 4 6 7 8
58
End B 3 6 4 5 7 2 8 1
End A
By the sequence of crimping the lines in the connector, the cables can be classified into: Straight-through cable RJ45, with one-to-one connection correspondence at two ends of the cable. The specific pinout is shown in Table 6.
A End 1 2 3 6
B End 1 2 3 6
59
A End 4 5 7 8
B End 4 5 7 8
Crossover cable RJ45J with two twisted pairs at two ends of the cable corresponding to each other in the crossover mode. The specific pinout is shown in Table 7.
A End 1 2 3 6 4 5 7 8
Cable Colors White/orange Orange White/green Green Blue White/blue White/brown Brown
B End 3 6 1 2 4 5 7 8
Installing Fibers
Each optical port of the ZXR10 2609/2818S/2826S/2852S is connected to two fibers: one for receiving and one for transmission. They are respectively marked as TX and RX on the panel. Note not to mis-insert the fibers. Fibers are classified into single-mode and multi-mode fibers. You can configure 6 types of fibers as listed in Table 8 according to your application requirements.
60
Mode
Type of Connector on the Switch SC-PC connector (square and flat head)
Single-mode fiber
multi-mode fiber
For fiber layout out of the cabinet, make sure to protect the fibers against any damages with plastic corrugated protection tubes. Optical fibers inside the protection tube should not entangle with one another, and they shall be bent into a round shape at the bending position, if any. The labels at the two ends of the optical fiber shall be clear and legible. The meanings of the labels shall clearly reflect the corresponding numbers and relationship between cabinets and between rows.
Labels
1. The pattern and meanings of the labels attached to the connector The label attached to the connector is called transverse English label on panels and connectors. Figure 27 shows the structure and dimensions of the label.
61
Meanings of the contents on the labels are as follows: RJ45Cable code Port AEnd A of the cable connector, corresponding to End B or another end. 5mLength of the finished cable. It refers to the straight line length of the cable from the connector at one end to the connector at the other end. TIC 10/100Base-T 1Connection position, the first 10/100Base-T network port of the TIC board. 2. The pattern and meanings of the label attached to the cable The label attached to the cable is called roll-type selfcover laser print label model II. Figure 28 shows the structure and dimensions of the label.
62
Transparent area
Transparent area
Printable area
The contents of the label in the above figure have the same meanings as those of the label in Figure 27. These two types of label are used in different places. The transverse English label on panels and connectors is only applicable to the connectors where the attachment area is larger than the label area or to panels. The roll-up selfmulching laser printing label is rolled around the cable with its own scotch adhesive tapes. It is used when the horizontal English label cannot be used because the cable connector is small or the cable does not look nice with a horizontal English label. 3. Before the cabinet equipment is delivered, all the internal interconnected cables shall be attached with flag-type direction labels. This label attached to the cable is called Transverse English Type I Label. Figure 29 shows the structure and dimensions of the label. The contents of the label in the above figure have the same meanings as those of the label in Figure 27
63
4. The meaning of the content and the structure of a fiber engineering label are as shown in Figure 30.
FIGURE 30 P ATTERN AND MEANINGS OF THE ENGINEERING LABEL ON THE OPTICAL FIBER
Optical fible(R)
Optical fible(L)
The two sides of the engineering label on the optical fiber are marked L and R with the specific meanings as follows:
When the label is pasted on the fiber at the ZXR10 2609/2818S/2826S/2852S side, the row number and column number of the cabinet at the side of the connected remote optical interface device as well as the layer No. of the fiber in
64 Confidential and Proprietary Information of ZTE CORPORATION
the cabinet and the fiber No. should be filled in the R area of the label. In this case, the row No. and column No. of ZXR10 2609/2818S/2826S/2852S where the fiber is located as well as the layer No. of the fiber and fiber number shall be filled in the L area of the label. If the label is attached on the optical interface equipment of the customer, contents filled on the label are just contrary to those at the ZXR10 2609/2818S/2826S/2852S side.
1. The Ethernet switch shall be placed in the corridor, preferably on the first floor. To avoid the direct sunshine, rains, and lightning, the switch cannot stay in an outdoor place where no weather-proof measures are taken. Ensure that all subscriber lines, except the uplink, downlink, and cascading lines, are distributed inside the building to avoid the attack of lightning induction. Figure 31 shows the cabling of Ethernet switch in a fourfloor building with three units. Where, switch A in Unit 1 is the convergence switch of the whole building, and switches B and C are access switches. Switches A, B, and C are cascaded. That is, the cascading cable of switch A is the uplink cable of switch B, and the cascading cable of switch B is the uplink cable of switch C. The rest subscriber lines are distributed inside the building and connected to the subscriber terminals from bottom to top in the corridor.
Confidential and Proprietary Information of ZTE CORPORATION 65
Unit 1
Corridor 4st floor 7 8
Unit 2
Corridor
Unit 3
Corridor
3st floor
2st floor
Switch ...
Switch ...
Switch ...
1st floor
1 Uplink cable
2 Cascading cable
B Cascading cable
In the above figure, 1 to 8 stands for subscribers. The cascading cable refers to the cable connecting two switches. 2. Reinforced lightning protection measures must be taken and lightning protection bars must be added for the uplink, downlink, and cascading Ethernet ports that are led outdoors. In special case when the common subscriber lines must be distributed outdoors, lightning protection bars must also be added. The lightning protection capability of the lightning protection bar must reach 6 KV or above and the current discharge capability must reach 5 KA. The grounding cable of the lightning protection bar must have a diameter of 16 mm2 and a length less than 30 cm. It is recommended to use the optical port as the uplink port of the convergence switch in the building. If the electrical port is used, lightning protection bars must be added.
66
Figure 32 shows the cabling of a convergence switch. Where, the uplink port is the optical port and lightning protection bars are added for the downlink or cascaded cables. The lightning bars are connected to the earth through the shell. The rest subscriber lines are distributed inside the building.
Ethernet switch
Shell ground
3. The grounding system with good ground grid is preferred for the switch. A lot of residential buildings with proper grounding have a grounding resistance of 1 ohm. If the test shows that grounding system is not satisfied, it is recommended to equip an independent grounding post and the grounding cable must be 16 mm2 in diameter and as short as possible. Whichever grounding method is used, the grounding resistance must be less than 5 ohm and cannot exceed 10 ohm. 4. It is prohibited that the switch directly gets the power from the outdoor overhead power cable. If the switch must directly get the power from the outdoor overhead power cable, special lightning protection measures, such as lightning protection socket and lightning protection bar, must be added to the power supply. The lightning
Confidential and Proprietary Information of ZTE CORPORATION 67
protection bar for the power supply must have better lightning protection index than that for the port cable. 5. Whether the Ethernet switch will suffer lightning strike is affected by a lot of factors, including grounding, power supply, and wiring. The lightning strike lead-in mechanism also varies a lot. Taking one measure is far from enough to prevent the lightning strike. Therefore, several measures must be implemented at the same time. Proper grounding, appropriate power supply, reasonable wiring, and suitable lightning protection measures will definitely reduce the chance of the switch damage resulted from lighting strike.
System Debugging
Connection Configuration
The ZXR10 2609/2818S/2826S/2852S debugging is implemented through the Console. The Console port connection configuration adopts the VT100 terminal mode. The following takes the configuration of HyperTerminal provided by the Windows operating system as an example.
1. Connect the PC to the ZXR10 2609/2818S/2826S/2852S. Click Start > Programs > Accessories > Communication > HyperTerminal to connect the HyperTerminal, as shown in Figure 33.
68
2. Select COM1 or COM2 according to the serial port connected to the configuration cable. See Figure 34.
69
3. Set the attributes of the selected serial port, as shown in Figure 35. Port attribute settings include the following contents:
Baud rate: 9600 Data bit: 8 Parity: None Stop bit: 1 Data flow control: None
70
Check that all settings are correct. Then power on the ZXR10 2609/2818S/2826S/2852S to initialize the system and then enter the configuration mode.
Power-on Procedure
Before powering on the ZXR10 2609/2818S/2826S/2852S, check the environment in the equipment room and the hardware installation.
1. Check whether the temperature, humidity, and voltage of the power supply in the equipment room meet the requirements listed in Table 9.
Confidential and Proprietary Information of ZTE CORPORATION 71
Relative Humidity (%) Short-term Working Condition (note 2) Long Term Operatin g Conditio n 30% 70% to Short Term Operatin g Conditio n 20% 90% to
Range Notes:
15C to 30C
-5C to 45C
In normal working environment of the ZXR10 2609/2818S/2826S/2852S, the temperature and humidity are measured 2m above the floor and 0.4m in front of the equipment when the front and rear protection boards are removed. The short-term working condition means that the continuous running period is no more than 48 hours, and the accumulated running period in a year is no more than 15 days.
2. Check whether the power cables and other cables are correctly and reliably connected. 3. Check other hardware conditions.
i. Equipment labels shall be complete, correct and legible. ii. Equipment is installed reliably in the 19 standard cabinet. iii. The power switch of the equipment is turned off. iv. The rack is properly grounded, with the grounding resistance meeting relevant technical requirements.
To power on the ZXR10 2852S, do as follows: 1. Turn on the external power supply. 2. Turn on the power switch at the back of the switch.
72 Confidential and Proprietary Information of ZTE CORPORATION
To power on the ZXR10 2609\2818S\2826S, do as follows: 1. Connect the power cable at the back of the Ethernet switch. 2. Turn on the external power supply.
The power-down procedure is on contrary to the power-on procedure.
To power down the ZXR10 2852S, do as follows: 1. Turn off the power switch at the back of the switch. 2. Turn off the external power supply.
To power down the ZXR10 2609/2818S/2826S, do as follows: 1. Turn off the external power supply. 2. Remove the power cable at the back of the Ethernet switch.
Indicator Status
After the switch is powered on, the system indicators change in the following way:
1. After the system is powered on, the PWR indicator is on and the RUN indicator is off. 2. The BootROM starts to load the version. If the version is unavailable, the states of indicators do not change. If the version is loaded normally, the RUN indicator flashes at 1 Hz.
73
Copyright(c) 2004-2006, ZTE Co., Ltd. System Booting...... CPU: WindBond ARM7TDMI Version: VxWorks5.5.1 BSP version: 1.2/0 Creation date: May 23 2005, 00:07:21
After the above information appears, wait for about 7 seconds and then press any key to enter the boot status. Then modify the startup parameters. If the system does not detect any input within the specified time, the system begins to automatically load the version and displays the following information: auto-booting...
: wbdEnd : 1 : 0
host name : tiger file name : vxWorks inet on ethernet (e) : 10.40.89.106 host inet (h) : 10.40.89.78 gateway inet (g) : 10.40.89.78 flags (f) : 0x80 Attaching to TFFS... done. Loading file :kernel Uncompressing... Uncompressed 2310452 bytes Ok. Loading image... 7018512 Starting at 0x108000...
login :
After the system is started successfully, the prompt character login: is displayed, requesting you to input the login user name and password. The default user name is admin and password is zhongxing.
75
76
Chapter
Command mode of the ZXR10 2609/2818S/2826S/2852S Command line usage of the ZXR10 2609/2818S/2826S/2852S
Configuration Modes
The ZXR10 2609/2818S/2826S/2852S provides several configuration modes. As shown in Figure 36, you can select a configuration mode according to the network connected.
1. Configuration through serial port connection 2. Configuration through TELNET session 3. Configuration through SNMP connection
77
Suppose the IP address of the layer 3 port is 192.168.3.1 and this address can be pinged from the local host. Then perform the remote configuration as follows:
79
3. Enter the username and password to enter the user mode of the switch.
80
foreground and background share the same MIB management database and communicate with each other via the SNMP. The background NM server must be installed with the NM software that supports SNMP. The management and configuration of the ZXR10 2609/2818S/2826S/2852S are implemented through the NM software. For the SNMP configuration on the ZXR10 2609/2818S/2826S/2852S, refer to SNMP.
Command Mode
To facilitate the configuration and management of the switch, the commands of the ZXR10 2609/2818S/2826S/28502S are allocated to different modes according to the functions and authorities. A command can be executed only in the specified mode. The ZXR10 2609/2818S/2826S/2852S command modes include:
1. User mode 2. Global configuration mode 3. SNMP configuration mode 4. Layer 3 configuration mode 5. File system configuration mode 6. NAS configuration mode 7. Cluster management configuration mode
User Mode
When you log in to the switch through the HyperTerminal or Telnet, you can enter the user mode after entering the login username and password. The prompt character in the user mode is the host name followed by >, as shown below: zte>
81
The default host name is zte. You can modify the host name by using the command hostname. In the user mode, you can execute the command exit to exit the switch configuration or execute the command show to display the system configuration and operation information. Note: The command Show can be executed in any mode.
82
In the SNMP configuration mode, you can set the SNMP and RMON parameters. To return to the global configuration mode from the SNMP configuration mode, use the command exit or press Ctrl+Z.
83
84
1. In any command mode, enter a question mark "?" behind the DOS prompt of the system, and a list of all commands in the mode and the brief description of the commands will appear. For example:
zte>? enable exit help system show zte> show config information enable configure mode exit from user mode Description of the interactive help
2. Input a question mark behind a character or string, commands or a list of keywords starting with the character or string can be displayed. Note that there is no space between the character (string) and the question mark. For example:
zte(cfg)#? config clear create
zte(cfg)#
3. Input a question mark behind a command, a keyword or a parameter, the next keyword or parameter to be input will be listed, and also a brief explanation will be given. Note
Confidential and Proprietary Information of ZTE CORPORATION 85
that a space must be entered before the question mark. For example:
zte(cfg)#? snmp router tffs nas group mode zte(cfg)# enter SNMP config mode enter router config mode enter file system config mode enter nas config mode enter group management config
4. If you enter a wrong command, keyword, or parameter and press Enter, the message Command not found will be displayed on the interface. For example:
zte(cfg)#conf ter % Command not found (0x40000066)
zte(cfg)# In the following example, the online help is used to help create a username. zte(cfg)#? create zte(cfg)#? port vlan user zte(cfg)#create user % Parameter not enough (0x40000071) create descriptive name for port create descriptive name for vlan create user
zte(cfg)#
Command Abbreviations
In the ZXR10 2609/2818S/2826S/2852S, a command or keyword can be shortened into a character or string that can uniquely identify this command or keyword. For example, the command exit can be shortened as ex, and the command show port shortened as sh po.
History Command
The user interface supports the function of recording input commands. A maximum of 20 history commands can be recorded. The function is very useful in re-invoking of a long or complicated command. To re-invoke a command from the record buffer, do one of the following. Press Ctrl+P or Ctrl+N or To Recover the last command (Roll back in the historical records of commands) Recover the next command (Roll forward in the historical records of commands)
Functional Key
The ZXR10 2609/2818S/2826S/2852S provides a lot of functional keys for the user interface to facilitate user operations. Table 10 lists the functional keys.
Functional Key
Usage records of commands). Recover the next command (Roll forward in the historical records of commands). Move left in the command line currently indicated by the prompt. Move right in the command line where the prompt is currently located. Display commands starting with the character or string. If there is only one command, make this command a complete one. Skip to the beginning of the command line. Skip to the end of the command line. Delete the characters from the cursor to the end.
Tab Ctrl-A Ctrl-E Ctrl-K Ctrl-H Backspace Ctrl-C Ctrl-L Ctrl-Y Ctrl-Z or
Delete the character on the left of the cursor. Cancel the command and display the prompt character. Clear screen. Recover the last command executed. Return to the global configuration mode.
When the command output exceeds one page, the output is split into several pages automatically and the prompt ----- more ----- Press Q or Ctrl+C to break ----- appears at the bottom of the current page. You can press any key to turn pages or press Q or Ctrl+C to stop the output.
88
Chapter
System Management
In this chapter, you will learn about:
File System Management File system and related operations TFTP Configuration Import and Export of Configuration Backup and Recovery of Files Software Version Upgrade
89
1. Enter the file system configuration mode. config tffs 2. Create a directory. md 3. Delete a file or directory. remove 4. Renaming a File rename 5. Modify the current directory. cd 6. Display the current directory list. ls 7. Upload or download a version through TFTP. tftp 8. Copy a file. copy 9. Format the FLASH memory. format
90
TFTP Configuration
The switch version file and configuration file can be backed up or restored by using TFTP. The TFTP server application software is started at the background to communicate with the ZXR10 2609/2818S/2826S/2852S (TFTP client) to implement the file backup and recovery. In the following, the FTP Server software "tftpd" is taken as an example to describe the configuration of the background FTP Server.
1. Run the tftpd software at the background host. The interface as shown in Figure 39 appears.
91
2. Click Tftpd90 > Configure. In the dialog box that appears, click Browse and select the directory for the version file or configuration file, for example, D:\IMG. Figure 40 shows the dialog box after the setting is completed.
3. Click the first Browse to select the home directory for the version file or configuration file, for example, G:\Switch. Click the second Browse to select the file. Click OK to complete the setting.
After the TFTP configuration is completed, you can perform the TFTP operations on the switch. For details, see the later sections.
92
1. Export the configuration information. You can use the command show running-config toFile to export the execution result of show running-config to a config.txt and save it in the FLASH memory. This file can also be uploaded to the TFTP server for viewing.
zte(cfg-tffs)#tftp 192.168.1.102 upload config.txt
2. Import the configuration information. You can use the command readconfig to read the configuration commands in the config.txt in the FLASH and send them to the switch for resolution and execution. Contents of the config.txt can be edited manually as needed and then downloaded to the switch by using the command tftp.
zte(cfg-tffs)#tftp 192.168.1.102 download config.txt
93
Note: It is recommended to use the command readconfig when the switch configuration is null. If the configuration command in the config.txt conflicts with the existing one of the switch, execution of the command in the config.txt will encounter errors and abort. When manually editing the config.txt, note the execution sequence of commands. (Some commands follow a certain sequence upon execution). Otherwise, the execution of readconfig may encounter errors and abort when a certain command in the config.txt is read.
1. Back up the configuration file. When a command is used to modify the switch configuration, the data is running in the memory in real time. When the switch is restarted, all the contents newly configured will be lost. Thus, you need to execute the command saveconfig to save the current configuration into the FLASH memory. The following shows the saveconfig command:
zte(cfg)#saveconfig
To prevent damage to the configuration data, back up the configuration data using the command tftp.
94
The following command can be used to back up a configuration file in the FLASH memory to the background TFTP Server:
zte(cfg-tffs)#tftp 192.168.1.102 upload running.cfg
You can also use the command show running-config toFile to write the configuration information into the config.txt and then back up the file to the TFTP server. For detailed method, refer to Import and Export of Configuration. 2. Recover the configuration file. You can execute the following command to download the configuration file in the background TFTP server to the FLASH memory:
zte(cfg-tffs)#tftp 192.168.1.102 download running.cfg
3. Back up the version file. Similar to the configuration file, you can use the command tftp to upload the foreground version file to the background TFTP server. For example:
zte(cfg-tffs)#tftp 192.168.1.102 upload kernel.z
4. Recover the version file. Version file recovery is used to retransmit the background backup version file to the foreground through TFTP. Recovery is very important in the case of upgrade failure. The version recovery operation is basically the same with the version upgrade procedure. For details, refer to Software Version Upgrade.
95
Module 0 :
96
zte(cfg)#
1. Connect Console port of the switch to the serial port of the background host using the self-contained configuration cable. Connect an Ethernet port of the switch to the network port of the background host using a network cable. Check whether the connections are correct. 2. Set the IP address of the Ethernet port on the switch. Set the IP address of the background host used for upgrade. The two IP addresses must be in the same network segment so that the host can ping the switch. 3. On the background host, start the TFTP server software and set the TFTP server as per instructions in
97
TFTP Configuration. 4. On the switch, use the command version to check the information of current operating version. 5. Enter the file system configuration mode and execute the command remove to delete the old version file in the FLASH memory. If the FLASH memory has sufficient space, change the name of the old version file and keep it in the FLASH memory.
zte(cfg)#config tffs zte(cfg-tffs)#remove kernel.z
6. Use the command tftp to upgrade the version. The following shows how to download the version file from the TFTP server to the FLASH memory:
zte(cfg-tffs)#tftp 192.168.1.102 download kernel.z ........................................................ .................................................. 1,979,157 bytes downloaded zte(cfg-typenum)#
7. Restart the switch. After successful startup, check the version under running and confirm whether the upgrading is successful.
1. Connect Console port of the switch to the serial port of the background host using the self-contained configuration cable. Connect an Ethernet port of the switch to the
98 Confidential and Proprietary Information of ZTE CORPORATION
network port of the background host using a network cable. Check whether the connections are correct. 2. Restart the switch. At the HyperTerminal, press any key as prompted to enter the [VxWorks Boot] state.
Welcome to use ZTE eCarrier!!
Copyright(c) 2004-2006, System Booting...... CPU: WindBond ARM7TDMI Version: VxWorks5.5.1 BSP version: 1.2/0
[ZxR10 Boot]:
3. Enter c in the [ZxR10 Boot] state and press Enter to enter the parameter modification status. Set the IP addresses of the Ethernet port and the TFTP server. Generally, these two addresses are set to the same network segment.
[ZxR10 Boot]: c
^D =
99
boot device
: wbdEnd1
*/Use the default value./* */ Use the default value./* */Use the default value./* */Use the default value./* */ IP address of
inet on ethernet (e) : 10.40.89.106 the Ethernet port /* inet on backplane (b): host inet (h) TFTP server/* gateway inet (g) value./* user (u) : 10.40.89.78
: 10.40.89.78
ftp password (pw) (blank = use rsh): value) flags (f) target name (tn) startup script (s) other (o) [ZxR10 Boot]: : 0x80 : : :
*/Use the default value./* */Use the default value./* */Use the default value./* */Use the default value./*
4. Set the IP address of the background host as the same with the IP address of the above TFTP server. 5. Start the TFTP server software on the background server and configure the TFTP server as per description in
100
TFTP Configuration. 6. In the [ZxR10 Boot] state, input zte to enter the [BootManager] state of the switch. Input ? to display the command list for this state.
[ZxR10 Boot]: zte Load wbdEnd Begin W90N740 MAC0: 10MB - Full Duplex
Board 2818s ! Marvell has been initialized ! boot device unit number processor number host name file name : wbdEnd : 0 : 0 : tiger : vxWorks
inet on ethernet (e) : 10.40.89.106 host inet (h) gateway inet (g) flags (f) : 10.40.89.78 : 10.40.89.78 : 0x80
Attached TCP/IP interface to wbdEnd0. Warning! no netmask specified. Attaching network interface lo0... done. Attaching to TFFS... test flash passed perfectly! Welcome to boot manager! Type for help
[BootManager]:?
ls directory list./*
101
pwd absolution path. /* devs information. /* show mac address./* reboot format del file_name
file./* md mf cd dir_name file_name absolue-pathname */Create a directory./* */Create a file./* */Change the current
[BootManager]:
7. In the [BootManager] state, use the command tftp to upgrade the version. The following shows how to download the version file from the TFTP server to the FLASH memory:
[BootManager]:tftp 10.40.89.78 kernel.z Loading... done! [BootManager]:ls RUNNING.CFG KERNEL.Z [BootManager]:
102
In the [BootManager] state, execute the command reboot to restart the switching by using the new version. If the switch is started normally, use the command version to check whether the new version is running in the memory. If the switch cannot be started normally, it indicates the version upgrade fails. In this case, repeat the above upgrade procedure.
103
104
Chapter
Service Configuration
In this chapter, you will learn about:
Configuration methods for various services of the ZXR10 2609/2818S/2826S/2852S
Port Configuration
Basic Configuration
On the ZXR10 2609/2818S/2826S/2852S, you can configure the following port parameters: auto negotiation, duplex mode, rate, flow control, port priority, MAC address number restriction, and so on. Port parameters are configured in the global configuration mode. The configuration includes the following contents:
1. Set the port status. set port 2. Set the port auto-sensing function. set port auto The auto-sensing function is enabled by default. After the duplex mode or rate of the port is set, the auto-sensing function is disabled automatically.
Confidential and Proprietary Information of ZTE CORPORATION 105
3. Set the duplex mode of the port. set port duplex For all the Ethernet optical port and the Ethernet electrical port working at 1000 Mbps, the duplex mode can only be full duplex and cannot be changed. 4. Set the port rate. set port speed The rate of 100M/1000M Ethernet optical port cannot be changed. 5. Set the port bandwidth. set port bandwidth The port bandwidth restriction is set by the unit of kbps. The ingress bandwidth and egress bandwidth of the port can be set separately according to actual requirements. There are three methods to set the ingress bandwidth restriction:
To restrict the rate of connectionless data packets, for example, filtering the broadcast packets, the granularity shall be 1K when the configured value is relatively small. To restrict the rate of connection-oriented data packets, for example, data packets of TCP connection, the granularity of rate restriction shall be 64K and the range shall be from 64K to 1536K. If the flow control is used to restrict the rate of connectionless or connection-oriented data packets, the port must be set to the 10M half duplex mode and the granularity shall be 1K when the configured value is relatively small.
For the ingress rate restriction, you can use the command set port ingess_limit_mode to select the type of the filtering data packets for the rate restriction.
106
Note: Setting the type of filtering packet of ingress bandwidth restriction to the broadcast packets can be use to perform the broadcast suppression function. When the ingress or egress bandwidth restriction is set, the rate restriction range is between 64k and 256M. For a 100M port, the maximum bandwidth is 100M. When the rate configured is relatively small, the accuracy of bandwidth restriction is rather high. As the restriction rate increases, the accuracy of bandwidth restriction decreases gradually. When the restriction rate configured is larger than the maximum bandwidth of the port, the port rate becomes the maximum rate of the port. The port egress bandwidth restriction function is not supported on the ZXR10 2609/2818SLE/2826SLE/2852SLE.
Configuration example (use the port bandwidth restriction to realize the suppression of broadcast storm): Set the broadcast suppression function for port 1, and restrict the broadcast packet to 500K.
zte(cfg)# set port 1 bandwidth ingress on rate 500 zte(cfg)# set port 1 ingess_limit_mode broadcast zte(cfg)# show port 1 qos Port: 1
PortQoSParams: IngressRateLimit : 500 IngressType broadcast SAPriority disable UserPriority disable DefaultPriority : 0
Confidential and Proprietary Information of ZTE CORPORATION 107
EgressRateLimit: 0 RateLimitMode :
: normal
: disable
VlanPriority
: enable
DscpPriority
6. Set the flow control of a port. set port flowcontrol 7. Set the priority of a port. set port default-priority 8. Set the address learning function of a port. set port security When the setting is enable, the MAC address learning function is disabled. When the setting is disable, the MAC address learning function is enabled. 9. Set the multicast filter of a port. set port multicast-filter 10. Set the external power supply mode of a port. set port poe 11. Set the port rate advertisement. set port speedadvertise 12. Set the number of MAC addresses. set port macaddress By default, the number of MAC addresses is 0, that is, no restriction. 13. Create a port name. create port name 14. Add the port description.
108 Confidential and Proprietary Information of ZTE CORPORATION
set port description 15. Port QOS function Each port supports the configuration of data packet priority. The priority of the data packets entering the port is determined by the parameters of the data packets and settings of the port. You can enable or disable any type of priority determination mechanism on the port. The priority determination mechanism of the received data packets on the port can be different. (The sequence of various priority determination modes is described in QoS Configuration.
Enable/Disable port source MAC priority function
set port sa-priority The configured source MAC address priority can be used to determine the priority of the data packets when and only when the source MAC address of the received data packets is a static MAC address, and the source MAC priority determination function is enabled. The queue priority of data packets is mapped with the SA priority in the following way: (0,1) 0; (2,3) 1; (4,5) 2; (6,7) 3
Enable/Disable the port VLAN priority.
set port vlan -priority The configured VLAN priority can be used to determine the priority of data packets when and only when the priority of VLAN of the received data packets is enabled, and the port VALN priority determination function is enabled. The queue priority of data packets is mapped with the SA priority in the following way: (0,1) 0; (2,3) 1; (4,5) 2; (6,7) 3
Enable/Disable the port 802.1P user priority.
set port user -priority The port 802.1P user priority can be used to determine the priority of data packets when and only when the
Confidential and Proprietary Information of ZTE CORPORATION 109
received data packets are TAG ones and the port 802.1P user priority determination function is enabled. The queue priority of data packets is determined by the 802.1P user priority and queue priority mapping table.
Enable/Disable the port layer 3 DSCP priority.
set port dscp -priority The port layer 3 DSCP priority can be used to determine the priority of data packets when and only when the received data packets are IP ones and the layer 3 DSCP determination function is enabled. The queue priority of data packets is determined by the IP DSCP priority and queue priority mapping table.
Set the port 802.1P user priority remapping table.
set port remapping-tag When the data packets received by the port are TAG data packets, the switch first uses this mapping table to re-map the priority in the data packets, and then use this priority as the new 802.1P user priority for future priority determination. The default value of this mapping table is: 0 0, 1 1, 2 2, 3 3, 4 4, 5 5, 6 6, 7 7 It is not recommended to change the default values.
Note: The ZXR10 2609/2818SLE/2826SLE/ 2852SLE does not support the sa-priority, vlanpriority, and remapping-tag functions.
110
Parameter Port status Auto-sensing function Flow control Bandwidth restriction Port priority
Port Information
You can use the command show to view the port information.
1. Display the configuration and duplex mode of the port. show port View the configuration and current duplex mode of the port 1.
zte(cfg)#show port 1 Port: 1 PortParams: PortEnable DefaultVlanId : enabled : 1 PortAutoNeg FlowControl Security : enabled : disabled : disabled MediaType : 100BaseT
Multicastfilter: disabled SpeedAdvertise : MaxSpeed PortMacLimit PortStatus: PortClass Duplex : 802.3 : half : disabled
Link Speed
: down : 10 Mbps
zte(cfg)#
111
2. Display the QoS configuration data of the port. show port qos View the QoS configuration data of port 1.
zte(cfg)#show port 1 qos Port: 1
PortQoSParams: IngressRateLimit: 0 IngressType SAPriority UserPriority : normal : disable : enable : 0 EgressRateLimit: 0 RateLimitMode VlanPriority DscpPriority : broadcast : disable : disable
DefaultPriority
Note: If the IngressRateLimit or EgressRateLimit is set to 0, it indicates that the port is not configured with the bandwidth restriction function.
3. Display the statistics data of the port. show port statistics View the statistics data of port 24 (port name: uplink)
zte(cfg)#show port 1 statistics Port: 1 PortName: ReceivedBroadcastFrames: 0 ReceivedMulticastFrames: 0 InPause : 0
112
: 0 : 0
Jabber UndersizeFrames
: 0 : 0 : 0
: 0 Frames256_511Bytes Frames1024_UpBytes : 0 : 0
: 0 : 0 : 0 : 0 : 0 : 0
zte(cfg)#
4. Remove the statistics data of the port. You can use the command clear por to remove the statistics data of the port. After the command is executed, all the statistics data of the port will be cleared.
Port Mirroring
Introduction
Port mirroring is used to mirror the data packets of the switch port (ingress mirroring port) to an ingress destination port (ingress monitoring port), or mirror the data packets of the switch port (egress mirroring port) to an egress destination port (egress monitoring port).
Confidential and Proprietary Information of ZTE CORPORATION 113
Through mirroring, the data packets flowing in or out of a certain port can be monitored. Port mirroring provides an effective tool for the maintenance and monitoring of the switch. The switch can be configured with only one ingress monitoring port and one egress monitoring port. The ingress monitoring port and the egress monitoring port can be configured on the same port. But multiple source ingress monitoring ports and source egress monitoring ports can be configured at the same time.
Note: In the default case, the switch does not have the mirroring port. Port 1 is the ingress and egress monitoring ports. The GOOD data packets received by the ingress mirroring port are mirrored onto the monitoring ports. But the data packets directly discarded on the ingress port (for example, because of CRC errors) are not mirrored.
Basic Configuration
The configuration of the port mirroring function includes the following contents:
1. Set a monitoring port. set mirror dest-port 2. Add a mirroring port. set mirror add source-port 3. Delete a mirroring port set mirror delete source-port 4. Display the port mirroring configuration. show mirror
114
Configuration Example
To mirror the data packets received by port 1 and port 16 onto the monitoring port 10, configure as follows: zte(cfg)# set mirror dest-port 10 ingress zte(cfg)# set mirror add source-port 1,16 ingress Use the command show mirror to view the port mirroring configuration. zte(cfg)#show mirror Ingress mirror information: source-port: 1,16 destination -port: 10 Egress mirror information: source-port: none destination -port: 1 zte(cfg)# To mirror the data packets received by port 2 and port 3 onto the monitoring port 4, configure a follows: zte(cfg)# set mirror dest-port 4 ingress zte(cfg)# set mirror add source-port 2,3 egress
VLAN Configuration
Introduction
The Virtual Local Area Network (VLAN) protocol is a basic protocol of layer-2 switching equipment, which enables the administrator to
Confidential and Proprietary Information of ZTE CORPORATION 115
divide a physical LAN to multiple VLANs. Each VLAN has a VLAN ID to identify it uniquely in the entire LAN. Multiple VLANs share the switching equipment and links of the physical LAN. Logically, a VLAN is like an independent LAN. All frame flows in the same VALN are restricted in this VLAN. Cross-VLAN visit can only be implemented through forwarding on layer 3. Direct multi-VLAN visit is impossible. In this way, the network performance is improved, and the overall flow in the physical LAN is effectively lowered. The VLAN has the following functions: Reduce the broadcast storms of network. Enhance the network security. Provide centralized management and control. The ZXR10 2609/2818S/2826S/2852S also supports the taggedbased VLAN. This is a mode defined in IEEE 802.1Q and also is a universal working mode. In this mode, the division of VLAN is based on the VLAN information about the port (PVID: port VLAN ID) or the information in the VLAN tag.
Basic Configuration
The VLAN configuration on the switch includes the following contents:
1. Enable/Disable the VLAN. set vlan 2. Add a specified port to the VLAN. set vlan add port 3. Delete a specified port to the VLAN. set vlan delete port 4. Add a specified trunk to the VLAN. set vlan add trunk
116
5. Delete a specified trunk to the VLAN. set vlan delete trunk 6. Set the port PVID. set port pvid 7. Set the trunk PVID. set trunk pvid 8. Set the VLAN priority. set vlan priority 9. Set the VLAN FID. set vlan fid VLANs with the same FID can share the forwarded items. Most equipment suppliers do not provide the configuration of FID and use the VID as the default FID. 10. Create a VLAN name. create vlan name 11. Remove a VLAN name. clear vlan name 12. Display the VLAN information. show vlan
Configuration Example
Note: It is recommended to delete the default VLAN before the configuration.
1. Configure a VLAN.
Confidential and Proprietary Information of ZTE CORPORATION 117
Configure VLAN 100. Add untagged ports 1 and 2 and tagged ports 11 and 12. The detailed configuration is as follows:
zte(cfg)#set vlan 100 add port 1,2 untag zte(cfg)#set vlan 100 add port 7,8 tag zte(cfg)#set port 1,2 pvid 100 zte(cfg)#set vlan 100 enable zte(cfg)#show vlan 100 VlanId : 100 Fid : 100 Priority: off
zte(cfg)#
2. Configure overlapping VLAN. As shown in Figure 41, port 16 of the switch is connected to the server and ports 1 to 3 are connected to the clients. It is required that ports 1 to 3 are isolated from each other, but all three ports can access the server.
118
3. Configure the VLAN transparent transmission. As shown in Figure 42, switch A is connected to switch B through port 16. Port 1 of switch A and port 2 of switch B belong to VLAN2, and port 3 of switch A and port 4 of switch B belong to VLAN3. Members of the same VLAN can communicate with each other.
Switch B p2
p3
p4
zte(cfg)#set vlan 3 add port 16 tag zte(cfg)#set vlan 3 add port 3 untag zte(cfg)#set port 1 pvid 2 zte(cfg)#set port 3 pvid 3 zte(cfg)#set vlan 2-3 enable
120
Configuration of the MAC filter function and static address binding function can effectively prevent the illegal access to the network and fraudulent use of key MAC addresses, and play an important role in ensuring the network security.
Basic Configuration
1. Set the filter address of fdb. set fdb filter 2. Add the static binding address to the address table. set fdb add 3. Delete a record in the table. set fdb delete 4. Set the aging time of MAC address. set fdb agingtime 5. Display the aging time of fdb address. show fdb agingtime 6. Display the fdb information. show fdb dynamic port 7. Display the MAC-based fdb information. show fdb mac 8. Display the port-based fdb information. show fdb port 9. Display the VLAN-based fdb information. show fdb vlan
121
LACP Configuration
Introduction
Link Aggregation Control Protocol (LACP) is a standard protocol defined in IEEE 802.3ad. Link aggregation means that physical links with the same transmission media and transmission rate are bound together, making them look like one link logically. This concept is also known as Trunking. It allows parallel physical links between the switches or between the switch and the server to increase the bandwidth in multiples and simultaneously. As a result, it becomes an import technology in broadening link bandwidth and creating link transmission flexibility and redundancy. Aggregated link is also called trunk. If a port of the trunk is blocked or faulty, the data packets will be distributed to other ports of this trunk for transmission. If this port recovers, the data packets will be re-distributed to all the normal ports of this trunk for transmission. The ZXR10 2609/2818S/2826S/2852S supports a maximum of 16 aggregation groups. In each aggregation group, the number of links participating in the aggregation does not exceed eight. Links participating in the aggregation must have the same transmission media type and the same transmission rate. Note: The ZXR10 2852SLE supports a maximum of eight aggregation groups.
Basic Configurations
LACP configuration on the switch includes the following contents:
By default, the LACP function is disabled. 2. Add a specified port to the aggregation group. set lacp aggregator add port 3. Delete a specified port to the aggregation group. set lacp aggregator delete port If the port is in the self-negotiation mode or in the duplex mode, the aggregation is allowed. If the port is in the half duplex mode, the aggregation is prohibited. 4. Set aggregation mode of the aggregation group. set lacp aggregator mode If the aggregation group is set to the dynamic mode, the switch can only be connected with the in-service LACP device. If the aggregation group is set to the static mode, and the peer end is the static trunk that does not run the LACP protocol, the static aggregation is performed. If both the static trunk and LACP exist on the peer end, the LACP aggregation is preferred. 5. Configure the timeout information of the port participating in the aggregation. set lacp port timeout The timeout information refers to the expiration time, after which the port in the aggregation state exits the aggregation if it does not receive the LACP protocol packets from the peer end. The short timeout time is 3 seconds and the long timeout time is 90 seconds. 6. Set the mode used by the port to participate in the aggregation. set lacp port mode When the aggregation group is set to the dynamic mode, the switch can only be connected with the in-service LACP device. If the aggregation group is set to the static mode, the switch and the peer end use the static mode for
Confidential and Proprietary Information of ZTE CORPORATION 123
aggregation. In this case, more than two switches in the static mode are aggregated. If the aggregation group is set to the hybrid mode, and the peer end is the static trunk that does not run the LACP protocol, the static aggregation is performed. If both the static trunk and LACP exist on the peer end, the LACP aggregation is preferred. 7. Set the priority of LACP. set lacp priority 8. Display the LACP configuration information. show lacp 9. Display the aggregation information about the LACP aggregation group. show lacp aggregator 10. Display the information of the port where the LACP is involved in the aggregation. show lacp port
After the configuration of the aggregation group, you can perform various settings on it, such as setting the PVID, adding it to the VLAN, setting the static binding MAC address, and so on.
Configuration Example
As shown in Figure 43, switch A and switch B are connected through the aggregation port (binding the port 15 and port 16). Port 1 of swtich A and port 2 of swtich B belong to VLAN2. Port 3 of swtich A and port 4 of swtich B belong to VLAN2. Members of the same VLAN can communicate with each other.
124
Switch A p1
p15 p16
p15 p16 p2
Switch B
p3
p4
The detailed configuration of switch A is as follows: zte(cfg)#set lacp enable zte(cfg)#set lacp aggregator 3 add port 15-16 zte(cfg)#set lacp aggregator 3 mode dynamic zte(cfg)#set vlan 2 add trunk 3 tag zte(cfg)#set vlan 2 add port 1 untag zte(cfg)#set vlan 2 add trunk 3 tag zte(cfg)#set vlan 3 add port 3 untag zte(cfg)#set port 1 pvid 2 zte(cfg)#set port 3 pvid 3 zte(cfg)#set vlan 2-3 enable The detailed configuration of switch B is as follows: zte(cfg)#set lacp enable zte(cfg)#set lacp aggregator 3 add port 15-16 zte(cfg)#set lacp aggregator 3 mode dynamic zte(cfg)#set vlan 2 add trunk 3 tag zte(cfg)#set vlan 2 add port 2 untag zte(cfg)#set vlan 3 add trunk 3 tag zte(cfg)#set vlan 3 add port 4 untag zte(cfg)#set port 2 pvid 2
125
Basic Configuration
Configuration of IGMP Snooping on the switch includes the following contents:
1. Enable/Disable the IGMP Snooping function. set igmp snooping By default, the IGMP Snooping function is disabled. When the IGMP Snooping is disabled, you can use the command set port multicast to handle the multicast flow. If the parameter forward is selected, the multicast
126 Confidential and Proprietary Information of ZTE CORPORATION
messages will be forwarded to the corresponding port. If the parameter discard is selected, the multicast messages will be discarded on the corresponding port After the IGMP Snooping function is enabled, the multicast flow is first forwarded according to the snooped multicast forwarding table. If the multicast forwarding table is not found, use the above configuration to determine whether to forward or discard the multicast messages for the port.
Note: When the IGMP Snooping function is disabled, it is recommended to disable the multicast forwarding function for the non-router ports and enable the multicast forwarding function for the router ports.
2. Add the IGMP Snooping function for the specified VLAN. set igmp snooping add vlan 3. Delete the IGMP Snooping function for the specified VLAN. set igmp snooping delete vlan The multicast forwarding table can be snooped only when the IGMP Snooping function is added for the specified VLAN. The switch can support the snooping of up to 256 VLANs simultaneously. 4. Enable/Disable the specified VLAN. IGMP snooping function for the
set igmp snooping query vlan After the IGMP Snooping function is enabled, if the IGMP snooping router does not exist, the normal IGMP Snooping function cannot be completed. In this case, enable the IGMP snooping function of the switch. If the snooped VLAN has the IGMP snooping router, it is recommended to disable the IGMP snooping function of the switch. The switch runs the IGMP snooping V2.0,
Confidential and Proprietary Information of ZTE CORPORATION 127
which supports the V2.0 IGMP snooping router election function. If the layer 3 IP address and MAC address are set, the source IP address and source MAC address of the IGMP snooping are determined by the layer 3 configuration. Otherwise, use 0.0.0.0 and the MAC address of the switch as the source of the IGMP snooping. 5. Add a static multicast group. set igmp snooping vlan add group 6. Delete a static multicast group. set igmp snooping vlan delete group After the IGMP Snooping function is running, the static multicast group can be registered in the name of the local switch. The switch supports the registration of up to 64 static multicast groups.
Note: The register multicast groups can only use the user multicast group address, which ranges from 224.x.x.x to 239.x.x.x, instead of the reserved multicast addresses. It is prohibited to register the following multicast addresses: 224.0.0.x.
7. Set multicast member/route timeout. set igmp snooping timeout 8. Set the snooping interval. set igmp snooping query_interval 9. Set the snooping response interval. set igmp snooping response_interval 10. Set the last member snooping interval. set igmp snooping lastmember_query 11. Enable/Disable the IGMP fastleave function.
128 Confidential and Proprietary Information of ZTE CORPORATION
set igmp snooping fastleave After the IGMP Snooping is running and the correct port that the host is added in can be snooped, if the IGMP fastleave function is disabled when this port receives the IGMP fastleave message, the switch will send a specified group snooping message to this port twice to confirm that this port is removed from the multicast forwarding table. If the IGMP fastleave function is enabled, the specified group snooping is not performed and the port is directly removed from the multicast forwarding table. If the state of multi-VLAN multicast snooping is changed from enabled to disabled, some snooping results of the multi-VLAN multicast snooping can be deleted after the related timeout period. 12. Enable/Disable the multi-VLAN IGMP snooping function. set igmp snooping crossvlan After the IGMP Snooping function is running and the PVID (default vlan_id) is used to correctly configure the one-tomultiple port forwarding mode, the multi-VLAN IGMP snooping function of the local switch can be used to snoop the IGMP information between VLANs and to carry out the multi-VLAN multicast forwarding. 13. Display the configuration of IGMP snooping. show igmp snooping 14. Display the multicast snooping results. show igmp snooping vlan
Configuration Example
As shown in Figure 44, ports 1, 3, and 5 are connected to the host. Port 10 is connected to the router. The one-to-multiple communication mode is implemented. That is, port 10 can communicate with ports 1, 3, and 5, but ports 1, 3, and 5 cannot communicate with each other. The IGMP Snooping function of the switch is enabled and the snooping results are displayed.
Confidential and Proprietary Information of ZTE CORPORATION 129
The detailed configuration is as follows: zte(cfg)#set vlan 200 add port 1,3,5,10 untag zte(cfg)#set vlan 210 add port 1,10 untag zte(cfg)#set vlan 230 add port 3,10 untag zte(cfg)#set vlan 250 add port 5,10 untag zte(cfg)#set port 10 pvid 200 zte(cfg)#set port 1 pvid 210 zte(cfg)#set port 3 pvid 230 zte(cfg)#set port 5 pvid 250 zte(cfg)#set vlan 200,210,230,250 fid 200 zte(cfg)#set vlan 200,210,230,250 enable zte(cfg)#set igmp snooping enable zte(cfg)#set igmp snooping add vlan 200,210,230,250 zte(cfg)#set igmp snooping crossvlan disable Display the multicast snooping results: zte(cfg)#show igmp snooping vlan
Num
VlanId
Group
Last_Report
PortMember 1
130
210
224.1.1.1
192.168.1.1
2 3
230 250
224.1.1.1 224.1.1.1
192.168.1.2 192.168.1.3
3 5
Enable the multi-VLAN IGMP snooping function of the switch and display the snooping results: zte(cfg)#set igmp snooping crossvlan enable zte(cfg)#show igmp snooping vlan Num VlanId Group Last_Report
PortMember 1 2 3 4 210 230 250 200 224.1.1.1 224.1.1.1 224.1.1.1 224.1.1.1 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.3 1 3 5 1,3,5,10
MSTP Configuration
Introduction
The Spanning Tree Protocol (STP) applies to the network with loops. A path is obtained by using some algorithms and the redundant path is blocked. In this way, the network with loops is trimmed into a tree network without loops, and the growth and infinite circulation of packets in the network with loops are avoided. When this path works normally, other paths are blocked. When this path is faulty, a new path is obtained through re-calculation. Rapid Spanning Tree Protocol (RSTP) is on the basis of common STP, added with the mechanism that the port state can be rapidly changed from Blocking to Forwarding, which increases the topology convergence speed. Multiple Spanning Tree Protocol (MSTP) is on the basis of RSTP and STP, added with the forwarding processing of frames with VLAN ID. The whole network topology structure can be planned into a
Confidential and Proprietary Information of ZTE CORPORATION 131
Common and Internal Spanning Tree (CIST), which is divided into Common Spanning Tree (CST) and Internal Spanning Tree (IST), as shown in Figure 45.
CST
IST
In the whole MSTP topology structure, an IST can serve as a single bridge (switch). In this way, the CTS can serve as an RSTP for the interaction of configuration information (BPDU). Multiple instances can be created in an IST area and these instances are valid only in this area. An instance is equivalent to an RSTP, except that the instance needs to perform BPDU interaction with bridges outside this area. When creating an instance, you must include one or more VLAN IDs into this instance. The ports that are on the bridge in this IST area and belong to these VLANs finally form an STP structure through the BPDU interaction. (Each instance corresponds to a STP structure.)
132
In this way, the bridge in this area forwards the data frames with thee VLAN IDs according to the STP structure of the corresponding instance. For data frames that shall be forwarded out of this area, no matter what VLAN ID they carry, these data frames will be forwarded according to the RSTP structure of CST. Compared with the RSTP, the MSTP has the following advantages: In a certain IST area, the data frames carrying a VLAN ID can be forwarded according to the spanning tree structure set by the user and no loop will be resulted.
Note: The ZXR10 2609/2818SLE/2826SLE/2852SLE supports the STP and RSTP, instead of the MSTP.
Basic Configuration
In the default configuration, the MSTP only has the instance with ins_id as 0. This instance always exists and you cannot manually delete it. This instance is mapped with VLANs 1 to 4094.
1. Enable/Disable the STP. set stp 2. Set the STP forced version. set stp forceversion 3. Set the mapping relation between the VLAN and instance. set stp instance vlan You can use this command to create an instance and set the mapping between the VLAN and this instance. These VLANs will be removed automatically from the VLAN mapping table of instance 0 and added to the VLAN mapping of the new instance. 4. Set the bridge priority. set stp instance bridgeprio
133
5. Set the port priority of the instance. set stp instance port priority 6. Set the trunk priority of the instance. set stp instance trunk priority 7. Set port cost of the instance. set stp instance port cost 8. Set trunk cost of the instance. set stp instance trunk cost 9. Set the port Link type of the instance set stp port linktype 10. Set the trunk Link type of the instance set stp trunk linktype 11. Set the port packet type of the instance set stp instance port packettype 12. Set the trunk packet type of the instance set stp instance trunk packettype 13. Set the MSTP time parameters.
Set the STP hello time.
set stp agemax 14. Set the maximum number of hop between any two terminals of MST. set stp hopmax 15. Set the MST area name.
134 Confidential and Proprietary Information of ZTE CORPORATION
set stp name 16. Set the MST version. set stp revision The versions of MSTs in the same area must be the same. 17. Enable/Disable the STP relay. set stp relay 18. Set the edge port. set stp egde-port port 19. Display related STP information.
Display the STP information.
show stp
Display the STP instance information.
Configuration Example
The following is an example of MSTP configuration.
1. Create instance 1, set up mapping relations with VLANs 10 to 20, and set the name as zte. The MST version is 10.
zte(cfg)#set stp instance 1 add vlan 10-20 zte(cfg)#set stp name zte zte(cfg)#set stp revision 10
Confidential and Proprietary Information of ZTE CORPORATION 135
zte(cfg)#show stp The STP ForceVersion is MSTP ! Revision: 10 Cisco key: Cisco digest: Huawei key: Huawei digest: Instance VlanMap -------- ------------------0 1 zte(cfg)# 1-9,21-4094 10-20 Name: zte 0x13ac06a62e47fd51f95d2ba243cd0346 0x00000000000000000000000000000000 0x13ac06a62e47fd51f95d2ba243cd0346 0x00000000000000000000000000000000
zte(cfg)#show stp instance 0 MST00 Spanning tree enable protocol mstp Root: Priority Address :00.d0.d0.f0.12.35 :2 MaxAge(s) MaxHops : 20 :20 :32768
HelloTime(s)
:32768
Address
:00.d0.d0.f0.12.39
:32768
Address
:00.d0.d0.f0.12.39
HelloTime(s)
:2
: 20 :20
Role
Bound Linktype
------- ------ ------ ------- ------- ----- -------- ---- --------2 IEEE 128.2 Disabled 200000 Forward Root MSTP P2P
zte(cfg)#show stp instance 1 MST01 Spanning tree enable protocol mstp RootID: Priority HelloTime(s) : 28672 :2 Address MaxAge(s) MaxHops :00.d0.d0.f0.12.39 : 20 :20
------- ------ ------ ------- ------- ----- -------- ---- --------2 IEEE 112.2 Disabled 200000 Forward Designated MSTP P2P
zte(cfg)#show stp port 2 Only the following port is physical up! MstInstance PortId Cost PortEdged -------- ------ ------- ------- --------- -------- ----Confidential and Proprietary Information of ZTE CORPORATION 137
Status
Role
Linktype
Pkt
-- --------MST00 Disabled MST01 Disabled 112.2 200000 Forward Designated P2P IEEE 128.2 200000 Forward Root P2P IEEE
QoS Configuration
Introduction
The switch provides the QoS function and the priority control function. The priority of the data packets can be determined by the source MAC address priority of the data packets, VLAN priority, 802.1P user priority, layer 3 DSCP priority, or the default port priority. The priority of a data packet is determined in the following sequence:
1. Priority of the data packets sent by CPU (determined by CPU). 2. Priority of the MGMT data packets (management data packets such as the BPDU packets). The priority of the management packets is determined by the initialization. 3. Priority of the static source MAC address. 4. VLAN priority. 5. 802.1P user priority. 6. Layer 3 DSCP priority. 7. Default port priority.
After the data packet priority is determined by the previous priority determination policy, the later policies are ignored. To use the default port priority to decide the priority of the data packets received by the port, all the following conditions shall be satisfied.
138
data
packets
sent
by
CPU
or
The source MAC address of the data packets cannot be the static address or the port source priority function is disabled. Priority of the VLAN that the data packets belong to is disabled, or Priority of the VLAN of the port belongs to is disabled. The 802.1P user priority of the port is disabled, or the data packets are not TAG data packets. Port DSCP priority is disabled. After the priority control policy of the switch is configured, if the switch receives the data frames, the data frames with higher priority can be transmitted first to ensure the key applications.
Note: By default, the port DSCP priority is enabled and other priority determination policies are disabled. You can enable or disable other priority determination policy according to the actual requirements. If both the port 802.1P user priority and layer 3 DSCP priority policies are enabled, and the data packets received by the ports contain the IP data packet with 802.1P user priority, the switch uses the port 802.1P user priority to decide the priority of the data packets. The ZXR10 2609/2818SLE/2826SLE/2852SLE does not support the static source MAC address priority and VLAN priority.
Basic Configuration
QoS configuration of the switch includes the following contents:
If the queue scheduling mode is set to wfq, the weights of four egress queues are as Follows:
Priority Queue 0 1 2 3 Weight 1 2 4 8
2. Set the mapping of the 802.1P user priority into the queue priority. set qos priority-map user-priority Be default, the mapping from the 802.1P user priority to the queue priority is as follows: (0,3) 1; (1, 2) 0: (4,5) 2: (6,7) 3 This mapping is used to determine the queue for the data packets when the 802.1P user priority or the default priority is used to decide the priority of the data packets. 3. Set the mapping of the IP DSCP priority into the queue priority. set qos priority-map ip-priority Be default, the mapping from the IP DSCP priority to the queue priority is as follows: (015) 0; (16-31) 1; (3247) 2; (48~63) 3 This mapping table is used to determine the queue for the data packets when the layer 3 DSCP priority is used to decide the priority of the data packets. 4. Display the queue scheduling configuration. show qos queue-schedule
140
5. Display the QoS mapping of the 802.1P user priority into the queue priority and that of the IP DSCP priority into the queue priority. show qos priority-map
Configuration Example
Set the QoS mode to sp. The detailed configuration is as follows: Zte(cfg)#set qos queue-mode sp zte(cfg)#sho qos queue-schedule
Queue-schedule mode is SP(Strict Priority). zte(cfg)# Configure the mapping of 802.1P user priority into the queue priority as follows: (06) 0, 7 2. If the port UserPriority is enabled, the data packets received on the port are TAG data packets, and the TAG priority is 0-6, the data packets will go to the queue 0 on the egress. If the TAG priority is 7, the data packets will go to the queue 2 on the egress. The detailed configuration is as follows: zte(cfg)# set qos priority-map user-priority 0 trafficclass 0 zte(cfg)# set qos priority-map user-priority 1 trafficclass 0 zte(cfg)# set qos priority-map user-priority 2 trafficclass 0 zte(cfg)# set qos priority-map user-priority 3 trafficclass 0 zte(cfg)# set qos priority-map user-priority 4 trafficclass 0 zte(cfg)# set qos priority-map user-priority 5 trafficclass 0 zte(cfg)# set qos priority-map user-priority 6 trafficConfidential and Proprietary Information of ZTE CORPORATION 141
class 0 zte(cfg)# set qos priority-map user-priority 7 trafficclass 2 zte(cfg)#sho qos priority-map user-priority
Map of user priority to traffic class: COS(802.1p user priority), TC(Traffic-Class) COS 0 TC 0 1 0 2 0 3 0 4 0 5 0 6 0 7 2
Configure the mapping of IP DSCP priority into the queue priority as follows: (031) 1, (32,33) 3. Use default values for other mappings. If the port IpPriority is enabled, the data packets received on the port are IP data packets, and the DSCP priority is 0-31, the data packets will go to the queue 1 on the egress. If the DSCP priority is 32 or 33, the data packets will go to the queue 2 on the egress. The detailed configuration is as follows: Zte(cfg)# set qos priority-map ip-priority 0-31 trafficclass 1 Zte(cfg)# set qos priority-map ip-priority 32,33
Map of ip dscp priority to traffic class: DSCP(ip dscp priority), TC(Traffic-Class) DSCP 0 13 14 1 1 15 1 1 1 1 1 1 1 1 1 1 1 1 1 2 3 4 5 6 7 8 9 10 11 12
TC 1 1
DSCP 16 17 29 30 1 1 31 1
18
19
20
21
22
23
24
25
26
27
28
TC 1 1
142
DSCP 32 33 45 46 47 3 2 3
34
35
36
37
38
39
40
41
42
43
44
TC 2 2
DSCP 48 49 61 62 63 3 3 3
50
51
52
53
54
55
56
57
58
59
60
TC 3 3
PVLAN Configuration
Introduction
Private VLAN (PVLAN) is a port-based VLAN. PVLAN consists of several shared ports and several isolated ports. Isolated ports cannot visit each other. But an isolated and a shared port can visit each other. At present, the switch supports one PVLAN. The PVLAN can be applied if the users are only allowed to visit the server and prohibited to visit other subscribers. Thus, the PVLAN configuration can only be valid in a complete PVLAN that contains both shared and isolated ports. If only the shared or isolated ports are configured, the PVLAN configuration is invalid. On the ZXR10 2609/2818S/2826S/2852S, setting of shared ports is restricted by the following condition: All shared ports must be in the same group. The ZXR10 2609 only has one group. Thus, all ports are in the same group. The ZXR10 2818S has two groups. Ports 1 to 8, and port 18 belong to the first group, and ports 9 to 16 and port 17 belong to the second group.
Confidential and Proprietary Information of ZTE CORPORATION 143
The ZXR10 2826S has three groups. Ports 1 to 8 belong to the first group. Port 9 to 16, and port 25 belong to the second group. Ports 17 to 24, and 26 belong to the third group. The ZXR10 2852S has three groups. Ports 1 to 8 belong to the first group. Port 9 to 16 belong to the second group. Ports 17 to 24 belong to the third group. Ports 25 to 32 belong to the fourth group. Ports 33 to 40 belong to the fifth group. Port 44 to 48 belong to the sixth group. Ports 49 to 52 belong to the seventh group.
Basic Configuration
PVLAN configuration on the switch includes the following contents:
1. Add/delete an isolated/shared port to the PVLAN. set pvlan session 2. Show the PVLAN configuration. show pvlan
Configuration Example
As shown in Figure 46, add shared port 16 and isolated ports 1, 2, and 3 to the PVLAN.
144
The detailed configuration is as follows: zte(cfg)#set pvlan session 1 add promiscuous-port 16 zte(cfg)#set pvlan session 1 add isolated-port 1-3 zte(cfg)#show pvlan pvlan session : 1
the
802.1x
transparent
transmission
configuration
of
802.1x
transparent
show dot1xrelay
145
Layer 3 Configuration
Introduction
The ZXR10 2609/2818S/2826S/2852S provides a few layer 3 functions for the remote configuration and management. To realize the remote access, an IP port must be configured on the switch. If the IP port of the remote configuration host and that of the switch are not in the same network segment, it is also necessary to configure the static route. Static route is a simple unicast route protocol. The next-hop address to a destination network segment is specified by the user, where next hop is also called bridge. Static route involves destination address, destination address mask, next-hop address, and egress interface. The destination address and destination address mask describe the destination network information. The next-hop address and egress interface describe the way that the switch forwards the destination packet. The ZXR10 2609/2818S/2826S/2852S allows the addition and deletion of entries in the static ARP table.The ARP table records the mapping between the IP address of each node in the same network and the MAC address. When sending the IP packets, the switch first checks whether the destination IP address is in the same network segment. If yes, the switch checks whether there is a peer end IP address and MAC address mapping entry in the ARP table.
1. If yes, the switch directly sends the IP packets to this MAC address. 2. If the MAC address corresponding to the peer end IP address cannot be found in the ARP table, an ARP Request broadcast packet is sent to the network to query the peer end MAC address.
Generally, entries of the ARP table on the switch are dynamic. The static ARP table entry is configured only when the connected host cannot respond to the ARP Request.
146
To configure the Layer 3 function, you need to use the command config router to enter the Layer 3 configuration mode first.
IP Port Configuration
IP port configuration of the switch includes the following contents:
1. Set the IP address and mask of the layer 3 port. set ipport ipaddress 2. Bind the VLAN for the layer 3 port. set ipport vlan 3. Set the MAC address of the layer 3 port set ipport mac If the MAC address is not set, the MAC address of the switch is used instead. 4. Enable/Disable the layer 3 port. set ipport
When modifying the configuration of an IP port, you need to set the port to disabled state first, and then modify the configuration. The new settings will overwrite the original ones. You can use the command clear ipport to clear one or all the parameters of the port. Before clearing parameters, you need to set the port to disabled state first. For example: Configure an IP port on the switch. Set the IP address of the port to 192.1.1.1 and the mask to 24 digits. Bind the port to VLAN 100. The port uses the default address of the switch. The detailed configuration is as follows: zte(cfg)#config router zte(cfg-router)#set ipport 1 ipaddress 192.1.1.1/24 zte(cfg-router)#set ipport 1 vlan 100
Confidential and Proprietary Information of ZTE CORPORATION 147
zte(cfg-router)#set ipport 1 enable zte(cfg-VLAN2)#exit zte(cfg)# After the configuration is completed, you can use the command show ippor to view the IP port configuration.
Switch
192.1.1.1/24 192.1.1.2/24
Router
192.1.2.0/24
As shown in Figure 47, the remote host is located in the network segment 192.1.2.0/24, which is not the same as the switch. To enable the communication between the switch and the host on the network segment 192.1.2.0/24, configure the following static route. zte(cfg)#config router zte(cfg-router)#iproute 192.1.2.0/24 192.1.1.2 You can use the command show iproute to view the direct routes and static routes on the switch.
148
The command result displays the destination network segment, next-hop address, route metric and egress interface of the static route. The following shows the result. zte(cfg-router)#show iproute Type IpAddress Mask Gateway
Metric IPport ------ --------------- ------------- --------------- ----- -----direct 192.1.1.0 static 192.1.2.0 Total 2 You can use the command clear iproute to delete one or more static routes. 255.255.252.0 255.255.255.0 192.1.1.1 192.1.1.2 0 0 0 0
1. Add a static ARP table entry. arp add 2. Delete a static ARP table entry. arp delete 3. Delete all static ARP table entries. clear arp 4. Set the ARP table entry aging time of the IP port. arp ipport timeout If the existence period (during this period, packet of this IP address is not received) of an ARP table entry on the switch is larger than the aging time on the IP port, the switch will delete this ARP table entry.
Confidential and Proprietary Information of ZTE CORPORATION 149
1. The client system is generally a user terminal system installed with the client software. A subscriber originates the IEEE802.1x protocol authentication process through this client software. To support the port-based network access control, the client system must support the Extensible Authentication Protocol Over LAN (EAPOL). 2. The authentication system is generally network equipment that supports the IEEE802.1x protocol, for example, the switch. Corresponding to the ports of different subscribers (the ports could be physical ports or MAC address, VLAN, or IP address of the user equipment), the authentication
150 Confidential and Proprietary Information of ZTE CORPORATION
logical
ports:
controlled
port
and
The uncontrolled port is always in the state that the bidirectional connections are available. It is used to transfer the EAPOL frames and can ensure that the client can always send or receive the authentication. The control port is enabled only when the authentication is passed. It is used to transfer the network resource and services. The controlled port can be configured as bidirectional controlled or input controlled to meet the requirement of different applications. If the subscriber authentication is not passed, this subscriber cannot visit the services provided by the authentication system.
The controlled port and uncontrolled port in the IEEE 802.1x protocol are logical ports. There are no such physical ports on the equipment. The IEEE 802.1x protocol sets up a local authentication for each subscriber that other subscribers cannot use. Thus, there will not be such a problem that the port is used by other subscribers after the port is enabled. 3. The authentication server is generally a RADIUS server. This server can store a lot of subscriber information, such as VLAN that the subscriber belongs to, CAR parameters, priority, subscriber access control list, and so on. After the authentication of a subscriber is passed, the authentication server will pass the information of this subscriber to the authentication system, which will create a dynamic access control list. The subsequent flow of the subscriber will be monitored by the above parameters. The authentication system communicates with the RADIUS server through the RADIUS protocol.
RADIUS is a protocol standard used for the authentication, authorization, and exchange of configuration data between the Radius server and Radius client. RADIUS adopts the Client/Server mode. The Client runs on the NAS. It is responsible for sending the subscriber information to the
151
specified Radius server and carrying out operations according to the result returned by the server. The Radius Authentication Server is responsible for receiving the subscriber connection request, verifying the subscriber identity, and returning the configuration information required by the customer. A Radius Authentication Server can serve as a RADIUS customer proxy to connect to another Radius Authentication Server. The Radius Accounting Server is responsible for receiving the subscriber billing start request and subscriber billing stop request, and completing the billing function. The NAS communicates with the Radius Server through RADIUS packets. Attributes in the RADIUS packets are used to transfer the detailed authentication, authorization, and billing information. The attributes used by this switch are primarily standard attributes defined in the rfc2865, rfc2866, and rfc2869. The EAP protocol is used between the switch and the subscriber. Three types of identity authentication methods are provided between the RADIUS servers: PAP, CHAP, and EAP-MD5. Any of the methods can be used according to different service operation requirements. Password Authentication Protocol (PAP)
PAP is a simple plain text authentication mode. NAS requires the subscriber to provide the username and password and the subscriber returns the subscriber information in the form of plain text. The server checks whether this subscriber is available and whether the password is correct according to the subscriber configuration and returns different responses. This authentication mode features poor security and the username and password transferred may be easily stolen. Figure 48 shows the process of using the PAP mode for identity authentication.
152
F I G U R E 4 8 U S I N G P AP M O D E F O R I D E N T I T Y A U T H E N T I C A T I O N
Switch User terminal system EAPOL EAPOL-Start EAP-Request/Identity Connection setup EAP-Response/Identity EAP-Request/PAP EAP-Response/PAP Successful access EAP-Success Access-Request/PAP Access-Accept RADIUS RADIUS server
CHAP is an encrypted authentication mode and avoids the transmission of the users real password upon the setup of connection. NAS sends a randomly generated Challenge string to the user. The user encrypts the Challenge string by using the own password and MD5 algorithm and returns the username and encrypted Challenge string (encrypted password). The server uses the user password it stores and the MD5 algorithm to encrypt the Challenge string. Then it compares this Challenge string with the encrypted password of the server and returns a response accordingly. Figure 49 shows the process of using the CHAP mode for identity authentication.
153
Switch User terminal system EAPOL EAPOL-Start EAP-Request/Identity Connection setup EAP-Response/Identity EAP-Request/Challenge EAP-Response/MD5Challenge Successful access EAP-Success Access-Request/CHAP Access-Accept RADIUS RADIUS server
EAP-MD5 is a CHAP identity authentication mechanism used in the EAP framework structure. Figure 50 shows the process of using the EAP-MD5 mode for identity authentication.
154
F I G U R E 5 0 U S I N G E AP - M D 5 M O D E F O R I D E N T I T Y A U T H E N T I C A T I O N
Switch User terminal system EAPOL EAPOL-Start EAP-Request/Identity Connection setup EAP-Response/Identity Access-Request Access-Challenge EAP-Request/Challenge EAP-Response/MD5Challenge Successful access EAP-Success Access-Request Access-Accept RADIUS server RADIUS
Basic Configuration
The 802.1x configuration on the switch includes the following contents:
1. Enable/Disable the port 802.1x function. aaa-control port dot1x 2. Configure the authentication control mode of the port. aaa-control port port-mode The available modes include:
155
auto: Subscriber access from the port configured as auto must go through the authentication. The subscriber access is successful only when the authentication is successful. force-authorized: The subscriber can be connected to the network through this port without authentication. force-unauthorized: The subscriber cannot be connected to the network through this port.
The default authentication control mode is auto. 3. Allow/Prohibit multi-subscriber access of the port. aaa-control port multiple-host 4. Set the maximum number of subscribers connected through the port. aaa-control port max-hosts A port can allow the access of multiple subscribers and each subscriber has own independent authentication and billing processes. The aaa-control port max-hosts command is valid only when the port allows the access of multiple subscribers. 5. Enable/Disable re-authentication mechanism. dot1x re-authenticate 6. Set the re-authentication interval. dot1x re-authenticate period To judge whether the accessed subscriber maintains the connection all the time, the NAS can periodically request the re-authentication of this subscriber. Re-authentication needs to initiate a complete authentication process for each on-line subscriber. If the number of subscribers is large, there will be a lot of authentication packets, which brings a heavy burden to the switch. 7. Enable/Disable the abnormal off-line detection mechanism of the port. aaa-control port keepalive
156 Confidential and Proprietary Information of ZTE CORPORATION
8. Set the abnormal off-line detection period of the port. aaa-control port keepalive period Besides the re-authentication mechanism, the NAS module also introduces the abnormal off-line detection mechanism to judge whether the subscriber still keeps the connection. The abnormal off-line detection mechanism only requires a few packet interactions to determine whether the subscriber is still on line. The abnormal off-line detection mechanism is implemented in this way: The device takes the initiative to send a detection request periodically to the client. The EAPOL/EAP RepId packet defined in the 802.1x protocol is used as the request packet. If the EAPOL/EAP RepId response is received from the client, it means that the subscriber is still on line. Otherwise, the subscriber is off line. 9. Set the authentication mode of the port. aaa-control port protocol During the subscriber access authentication, there are three subscriber identity authentication methods between the authentication server and the authentication system: PAP, CHAP, and EAP-MD5. The default one is EAP-MD5. 10. Set the protocol parameters.
Set the interval between the first authentication failure of the authentication system and the next authentication request.
dot1x quiet-period
Set the time that the authentication system needs to wait before it can resend the EAPOL data packet because it does not receive the response from the client.
dot1x tx-period
Set the timeout time for the authentication system to receive the data packets from the authentication client system.
dot1x supplicant-timeout
Confidential and Proprietary Information of ZTE CORPORATION 157
Set the timeout time for the authentication system to receive the data packets from the authentication server.
dot1x server-timeout
Set the maximum times of request resending when the timer expires before the authentication system receives the Challenge response from the client.
dot1x max-request The 802.1x realizes the access control by exchanging EAPOL data packets between the client system and authentication system and the RADIUS data packets between the authentication system and authentication server. During the exchange of data packets, the following parameters are used for control purpose:
quietPeriod refers to the period before which the authentication system will not receive the authentication request from the client system after the first authentication failure. This function can prevent the subscribers continuous authentication attempts. txPeriod refers to the time after which the authentication system will resend the EAPOL data packets to the client system when it does not receive the response from the client system. supplicant Timeout and serverTimeout respectively refer to the time during which the authentication system shall receive the data packet from the client system and the authentication server. max-request refers to the maximum times of request resending when the timer expires before the authentication system receives the Challenge response from the client system.
11. Display the 802.1x configuration of the port. show aaa-control port 12. Display the 802.1x protocol parameters. show dot1x
158
RADIUS configuration on the switch includes the following contents; Add/Delete an ISP domain.
radius isp In the RADIUS configuration, the concept of isp-domain is introduced. Different domains may be operated by different ISPs. The access equipment identifies the domain that the subscriber belongs to according to the domain name in the subscriber name (username@DomainName) input by the subscriber and sends the authentication and billing requests of the subscriber to the authentication server and billing server of the corresponding domain. Each domain has its own RADIUS server. After a domain is deleted, all the configurations related to this domain are deleted. 13. Add the authentication server to the domain. radius isp add authentication 14. Delete the authentication server from the domain. radius isp delete authentication A domain can be configured with up to three authentication servers. The priority of the server is determined by the configuration order. The first server configured enjoys the highest priority, and the last server has the lowest priority. When a server is deleted, the priorities of the related servers rise in sequence. 15. Add an accounting server to the domain. radius isp add accounting 16. Delete an accounting server from the domain. radius isp delete accounting A domain can be configured with up to three accounting servers. The priority of the server is determined by the configuration order. The first server configured enjoys the highest priority, and the last server has the lowest priority.
Confidential and Proprietary Information of ZTE CORPORATION 159
When a server is deleted, the priorities of the related servers rise in sequence. 17. Set the IP address of the client in the domain. radius isp client The IP address of the client in the domain must be the IP address of an interface on the switch. 18. Set the shared password. radius isp sharedsecret The shared password is used for the data encryption between the RADIUS client and RADIUS server. The setting of shared password must be consistent on the client and the server. 19. Specify a default domain. radius isp defaultisp Only one domain can be specified as the default domain in the system. The system will send the subscriber authentication requests without the domain name specified on the RADIUS authentication server in the default domain. 20. Set the full account of the domain. radius isp fullaccount When it is specified to use the full account, the RADIUS client uses username@DomainName as the subscriber name to request the authentication of the RADIUS server. If it is not specified to use the full account, the subscriber name will not contain the domain name. 21. Configure the domain description. radius isp description 22. Configure the RADIUS parameters.
Set the server response timeout time.
radius timeout
160 Confidential and Proprietary Information of ZTE CORPORATION
radius retransmit
Set the NAS server name.
radius nasname 23. Enable/Disable the billing function of the port. aaa-control port accounting 24. Display the RADIUS configuration. show radius
Configuration Example
1. Enable the 802.1x function of port 1. Set the quiet-period to 5 seconds, tx-period to 5 seconds, supp-timeout to 3 seconds, and server-timeout to 3 seconds. Enable the keepalive function and set the keepalive interval to 180 seconds.
zte(cfg-nas)#aaa-control port 1 dot1x enable zte(cfg-nas)#dot1x quiet-period 5 zte(cfg-nas)#dot1x tx-period 5 zte(cfg-nas)#dot1x supplicant-timeout 3 zte(cfg-nas)#dot1x server-timeout 3 zte(cfg-nas)#aaa-control port 1 keepalive enable zte(cfg-nas)#aaa-control port 1 keepalive period 180
161
ReAuthenticate : disabled
zte(cfg-OSPF)#?
2. Enable the re-authentication function and set the reauthentication period to 60 seconds.
zte(cfg-nas)#dot1x re-authenticate enable zte(cfg-nas)#dot1x re-authenticate period 60
zte(cfg-nas)#show dot1x TxPeriod 5 SuppTimeout 3 ReAuthPeriod : 60 enabled MaxReq : 2 ReAuthenticate : : 3 ServerTimeout : : 5 QuietPeriod :
zte(cfg-OSPF)#?
3. Set the authentication control state of port 1 to auto and authentication mode to CHAP. Enable the multi-subscriber access. The maximum number of subscriber accessed is 5.
zte(cfg-nas)#aaa-control port 1 port-mode auto zte(cfg-nas)#aaa-control port 1 protocol chap zte(cfg-nas)#aaa-control port 1 multiple-hosts enable zte(cfg-nas)#aaa-control port 1 max-hosts 5
162
zte(cfg-nas)#show aaa-control 1 PortId Dot1x : 1 : enabled PortControl AuthenticationProtocol KeepAlivePeriod : auto : chap: : 180 : enabled : 0
KeepAlive: enabled
4. Configure the RADIUS domain 188 according to the following requirements: Authentication server address and accounting server address: 10.40.92.212 and 10.40.92.215 Share Password: 123456 Client IP address: 10.40.92.100. Use the default domain.
zte(cfg-nas)#radius isp 188 enable zte(cfg-nas)#radius 10.40.92.212 zte(cfg-nas)#radius 10.40.92.215 zte(cfg-nas)#radius isp 188 add accounting 10.40.92.215 zte(cfg-nas)#radius isp 188 add accounting 10.40.92.212 zte(cfg-nas)#radius isp 188 sharedsecret 123456 zte(cfg-nas)#radius isp 188 client 10.40.92.100 zte(cfg-nas)#radius isp 188 defaultisp enable isp 188 add authentication isp 188 add authentication
zte(cfg-nas)#show radius 188 Client DefaultIsp FullAccounts : 10.40.92.100 : Yes : No IspName Description : 188 :
zte(cfg-OSPF)#?
QinQ Configuration
Introduction
QinQ is the IEEE 802.1Q tunneling protocol and is also called VLAN stacking. QinQ technology is the addition of one more VLAN tag (outer tag) to the original VLAN tag (inner tag). The outer tag can shield the inner tag. QinQ does not need the protocol support. The simple Layer 2 Virtual Private Network (L2VPN) can be realized through QinQ. The QinQ is especially suitable for the small-size LAN that takes the layer 3 switch as its backbone. Figure 51 shows the typical networking of the QinQ technology. The port connected to the user network is called Customer port. The port connected to the ISP network is called Uplink port. The edge access equipment of the ISP network is called Provider Edge (PE).
164
The user network is generally connected to the PE through the Trunk VLAN mode. The internal Uplink ports of the ISP network are symmetrically connected through the Trunk VLAN mode.
1. When a packet is sent form user network 1 to the customer port of switch A, because the PORTBASE VLANbased customer port does not identify the tag when receiving the packet, the customer port processes the packet as an untagged packet no matter whether this data packet is attached with the VLAN tag or not. The packet is forwarded by the VLAN 10, which is determined by the PVID. 2. The uplink port of switch A inserts the outer tag (VLAN ID: 10) when forwarding the data packet received from the customer port. The tpid of this tag can be configured on the switch. Inside the ISP network, the packet is broadcast along the port of VLAN 10 until it reaches the switch B. 3. Switch B finds out that the port connected to user network 2 is a customer port. Thus, it removes the outer tag in compliance with the conventional 802.1Q protocol to
Confidential and Proprietary Information of ZTE CORPORATION 165
recover the original packet and sends the packet to user network 2. 4. In this way, data between user network 1 and user network 2 can be transmitted transparently. The VLAN IDs of the user network can be planned regardless of the conflict with the VLAN IDs in the ISP network.
Basic Configuration
The PVLAN configuration on the switch includes the following contents:
1. Add/Delete a Customer port. set qinq customer port 2. Add/Delete an Uplink port. set qinq uplink port 3. Set the tpid of the outer tag. set qinq tpid 4. Display the QinQ configuration. show qinq
Note: When the QinQ is configured, the customer port and the uplink port of the SPVLAN can be set as an untagged port, or as a tagged port.
166
Configuration Example
As show in Figure 51, suppose that the customer port of swtich A is port 1 and the uplink port is port 24. The customer port of swtich B is port 1 and the uplink port is port 24. The configuration of switch A is as follows: zte(cfg)#set vlan 10 enable zte(cfg)#set vlan 10 add port 1,24 zte(cfg)#set port 1,24 pvid 10 zte(cfg)#set qinq customer port 1 enable zte(cfg)#set qinq uplink port 24 enable The configuration of switch B is the same as that of switch A.
167
168
Chapter
Network Management
In this chapter, you will learn about:
Network management functions of the ZXR10 2609/2818S/2826S/2852S, such as Remote-Access, SSH, SNMP, RMON and cluster management.
Remote-Access
Introduction
Remote-Access is a restrictive mechanism used for network management users to log in through Telnet, that is, it is used to restrict the access. This function is to enhance the security of the network management system. After this function is enabled, you can specify a network management user to access the switch only from a specified IP address by configuring the related parameters. In this case, the user cannot access the switch from other IP addresses. When this function is disabled, the network management user can access the switch through Telnet from any IP address.
Basic Configuration
The Remote-Access following contents: configuration on the switch includes the
169 Confidential and Proprietary Information of ZTE CORPORATION
1. Disable/enable the restrictive access. set remote-access By default, the restrictive access is disabled. 2. Configure the IP address that allows for access. set remote-access ipaddress 3. Delete all IP addresses that allow for access. clear remote-access all 4. Delete an IP address that allows for access. clear remote-access ipaddress 5. Display the Remote-Access configuration information. show remote-access
Configuration Example
Example 1: Only allow the network management user to access the switch from 10.40.92.0/24 through Telnet. zte(cfg)#set remote-access specific zte(cfg)#set remote-access ipaddress 10.40.92.0 255.255.255.0 zte(cfg)#show remote-access Whether check remote manage address: YES Allowable remote manage address list: 10.40.92.0/255.255.255.0 zte(cfg)#
Example 2: Only allow the network management user to access the switch from 10.40.92.212 through Telnet. zte(cfg)#set remote-access specific zte(cfg)#set remote-access ipaddress 10.40.92.212 zte(cfg)#show remote-access
170 Confidential and Proprietary Information of ZTE CORPORATION
Whether check remote manage address: YES Allowable remote manage address list: 10.40.92.212/255.255.255.255 zte(cfg)# Example 3: Allow the network management user to access the switch from any IP address through Telnet. zte(cfg)#set remote-access any zte(cfg)#show remote-access Whether check remote manage address: NO Allowable remote manage address list: none zte(cfg)#
SSH
Introduction
The secure shell (SSH) is a protocol created by Network Working Group of the IETF, which is used to offer secure remote access and other secure network services over an insecure network. The purpose of the SSH protocol is to solve the security problems in interconnected networks, and to offer a securer substitute for Telnet and Rlogin (Although the present development of the SSH protocol has far exceeded the remote access function scope), therefore, the SSH connection protocol shall support interactive session. The SSH can be used to encrypt all transmitted data. Even if these data is intercepted, no useful information can be obtained.
171
At present, the SSH protocol has two incompatible versions: SSH v1.x and SSH v2.x. This switch only supports SSH v2.0 and uses the password authentication mode. The SSH uses port 22.
Basic Configuration
The SSH configuration on the switch includes the following contents:
1. Enable or disable SSH. set ssh By default, the SSH function is disabled. The SSH is generally used for configuring remote access to the switch. The user name and password for login (or remote RADIUS login mode) shall be configured on the switch, and the local host shall be able to ping the IP port address on the switch normally. This switch only supports SSH login of a single user, allowing for three login attempts. After three login attempts, the connection with the user is automatically terminated. After user login, the set ssh disable command can be used to terminate the connection with the user and prohibit the user from logging in through SSH. However, if the user is in Diffie-Hellman key exchange state, the command is disabled. 2. Display the SSH configuration and user login status. show ssh
Configuration Example
As shown in Figure 52, one host attempts to access the switch through SSH. The switch is configured with a layer 3 port. The IP address of the port is 192.1.1.1/24, and the IP address of the host is 192.1.1.100/24.
172
Switch
192.1.1.1/24
192.1.1.100/24
The specific configuration of the switch is as follows: zte(cfg)#creat user zte zte(cfg)#loginpass zte zte(cfg)#set ssh enable
The client using SSH v2.0 can use the free software Putty developed by Simon Tatham to access the switch. The required settings are as follows.
1. Set the IP address and port number of the SSH Server, as shown in Figure 53.
173
174
3. For the first time to log in, the user confirmation is needed, as shown in Figure 55.
175
176
SNMP
Introduction
SNMP is the most popular network management protocol currently. It involves a series of protocol suite and specifications: MIB SMI SNMP They offer the means to collect network management information from network devices. SNMP also enables devices to report problems and errors to network management stations. Any network administrator can use SNMP to manage switches. SNMP adopts the Management processAgent process model to monitor and control all types of managed network devices. The SNMP network management needs three key elements:
1. Managed devices, which can communicate over the Internet. Each device contains an agent. 2. Network Management Station (NMS). The network management process shall be able to communicate over the Internet. 3. The protocol used for the exchange of management information between the switching agent process and the NMS, that is, SNMP.
An NMS collects data by polling the agents that reside in the managed devices. The agents in the managed devices can report errors to NMSs at any time before the NMSs poll them. These errors are called traps. When a trap occurs to a device, the NMS can be used to query the device (suppose it is reachable) and obtain more information. All variables in the network are stored in the MIB. SNMP monitors network device status by querying the related object values in the
Confidential and Proprietary Information of ZTE CORPORATION 177
agent MIB.ZXR10 2609/2818S/2826S/2852S implements standard MIB defined in rfc1213, rfc1493, rfc2674 and rfc2819.
the
Basic Configuration
The SNMP configuration includes the following contents:
1. Create communication name and set the access authority. create community The community string offers a user confirmation mechanism for remote network administrators to configure switches. The public indicates that the switch only allows for read only access, while private indicates that the read/write authority to the switch is permitted. If the community string created with this command already exists, the newly created string overwrites the original one. 2. Create a view and specify whether the view contains a mib subtree. create view A view is an object subset of the MIB. The parameter <mib-oid> specifies the mib subtree. If the excluded or included mib subtree is not specified, it includes 1.3.6.1 by default. If the view created with this command already exists, the newly created view overwrites the original one. 3. Set specific community name that the view contains. set community view The community and view must be created. One community can only correspond to one view, but one view can correspond to multiple communities. 4. Set the IP address, community name and version of the trap host.
178 Confidential and Proprietary Information of ZTE CORPORATION
set traphost The trap host is the destination host to which the traps are sent. 5. Delete a community name. clear community 6. Delete a view name. clear view 7. Enable/disable the SNMP trap. set trap If it is enabled, and the operation as described in 5) above occurs, a trap is sent to the management console. The cold start and warm start traps are sent to the management console only after the system is started. In general, there is a delay of several minutes. 8. Display SNMP information Show snmp
Configuration Example
Suppose that the IP address of the network management server is 10.40.92.105, the switch has a layer 3 port with the IP address of 10.40.92.200, and the switch is managed through the network management server. Create a community named zte with the read/write authority and the view named zteview, and then associate the community zte with the view zteview. Specify the IP address of the host receiving traps as 10.40.92.105, and the community as zte. zte(cfg)#config router zte(cfg-router)#set ipport 0 ipaddress 10.40.92.200 255.255.255.0 zte(cfg-router)#set ipport 0 vlan 2
179
zte(cfg)#config snmp zte(cfg-snmp)#create community zte private zte(cfg-snmp)#create view zteview zte(cfg-snmp)#set community zte view zteview zte(cfg-snmp)#set traphost 10.40.92.105 zte
180
RMON
Introduction
The Remote Monitoring (RMON) defines standard network monitoring function and the communication interface between the management console and the remote monitor. RMON offers an efficient and high availability method to monitor the behaviors of subnets in case of reducing the load of other agents and management stations. RMON specifications refer to the definition of RMON MIB.ZXR10 2609/2818S/2826S/2852S supports four groups of RMON MIB. History: records the periodic statistics sample of the information that can be obtained from the statistics group. Statistics: maintains the basic application and error statistics of each subnet that the agent monitors. Event: it is a table related to all events generated by RMON agents. Alarm: allows operators of the management console to set sampling interval and alarm threshold for any count or integer recorded by RMON agents. All these groups are used to store the data collected by the monitor and the derived data and statistics. The alarm group is based on the implementation of the event group. These data can be obtained through the MIB browser. The RMON control information can be configured through the MIB browser, and a HyperTerminal or remote Telnet command line. The RMON sampling information and statistics are obtained through the MIB browser.
Basic Configuration
The following describes how to configure RMON control information through a HyperTerminal or remote Telnet.
set rmon By default, the RMON function is disabled. The sampling of etherStatsTable information in the etherHistoryTable and statistics groups in the history group can be implemented only when the RMON function is enabled. During the sampling, the data sampling stops if the RMON function is disabled. 2. Create or configure instances of the history group. set history The command line configuration of the history group is to configure the historyControlTable in the history group. The configuration involves:
historyControlDataSource: It is the ifIndex oid in the rfc1213 interface group, for example, the oid of port 16 is 1.3.6.1.2.1.2.2.1.1.16. In command line configuration, enter the port number 16 directly. historyControlBucketsRequested: By default, it is 50. historyControlOwner. historyControlInterval. By default, it is 1,800 seconds. historyControlStatus: It can be valid, underCreation, createRequest and invalid. When it is set to invalid, the instance is deleted. The control status can be set to valid only when the data source is specified.
3. Create or configure instances of the statistics group. set statistics The command line configuration of the statistics group is to configure the etherStatsTable in the statistics group. The configuration involves:
etherStatsDataSource: It is the same as that of the history group. When configuring the data source through the command line, enter the port number directly. etherStatsOwner
182
etherStatsStatus: It can be valid, underCreation, createRequest and invalid. When it is set to invalid, the instance is deleted. The control status can be set to valid only when the data source is specified.
4. Create or configure instances of the event group. set event The command line configuration of the event group is to configure the eventTable in the event group. The configuration involves:
eventDescription. eventType: It can be none(1), log(2), snmp-trap(3) and log-and-trap(4).When the log is selected, a log instance is created for each event in the logTable. When the snmp-trap is selected, for each event, the monitor sends an SNMP trap to one or more management stations. When the log-and-trap is selected, the log is created and a trap is sent. eventOwner. eventCommunity. eventStatus: It can be valid, underCreation, createRequest and invalid. When it is set to invalid, the event instance is deleted.
5. Create or configure instances of the alarm group. set alarm The command line configuration of the alarm group is to configure the alarmTable in the alarm group. The configuration involves:
alarmInterval. alarmVariable: It indicates the object identifier of a specific variable to be sampled in the local mib, for example, for sampling the etherHistoryBroadcastPkts, the variable value shall be 1.3.6.1.2.1.16.2.2.1.7.x.x, where, x.x indicates the sampling bucket of an instance of the history group. alarmSampleType: The absolute indicates the absolute value, and delta indicates the relative value.
Confidential and Proprietary Information of ZTE CORPORATION 183
alarmStartupAlarm: It can be risingAlarm(1), fallingAlarm(2) and risingOrFallingAlarm(3), which indicate that, after the instance becomes effective, the first sampling starts when the rising sampling value exceeds the threshold, the falling sampling value is lower than the threshold or both cases occur simultaneously. alarmRisingThreshold. alarmFallingThreshold. alarmRisingEventIndex. alarmFallingEventIndex. alarmOwner. alarmStatus: It can be valid, underCreation, createRequest and invalid. When it is set to invalid, the alarm instance is deleted.
The alarm variable can be configured only when the object to be sampled specified by the alarm variable can sample data. The status can be set to valid only when the alarm variable is configured successfully. 6. Query the RMON status and configuration information.
Display the RMON status.
show rmon
Display the configuration information about the history group.
show history
Display the configuration information about the statistic group.
show statistic
Display the configuration information about the event group.
show event
Display the configuration information about the alarm group.
show alarm
184
Configuration Example
The following examples describe how to set event 2, history 2, alarm 2 and statistics 1 respectively. zte(cfg-snmp)#set event 2 description It'sJustForTest!! zte(cfg-snmp)#set event 2 type logandtrap zte(cfg-snmp)#set event 2 community public zte(cfg-snmp)#set event 2 owner zteNj zte(cfg-snmp)#set event 2 status valid
zte(cfg-snmp)#set history 2 datasource 16 zte(cfg-snmp)#set history 2 bucket 3 zte(cfg-snmp)#set history 2 interval 10 zte(cfg-snmp)#set history 2 owner zteNj zte(cfg-snmp)#set history 2 status valid
zte(cfg-snmp)#set alarm 2 interval 10 zte(cfg-snmp)#set 1.3.6.1.2.1.2.2.1.1.16 zte(cfg-snmp)#set alarm 2 sample absolute zte(cfg-snmp)#set alarm 2 startup rising zte(cfg-snmp)#set rising zte(cfg-snmp)#set falling zte(cfg-snmp)#set alarm 2 owner zteNj zte(cfg-snmp)#set alarm 2 status valid alarm 2 threshold 15 eventindex 2 alarm 2 threshold 8 eventindex 2 alarm 2 variable
185
zte(cfg-snmp)#set statistics 1 owner zteNj zte(cfg-snmp)#set statistics 1 status valid Query configuration information about event 2: zte(cfg-snmp)#show event 2 EventIndex Community : 2 : public Type : log-and-trap
LastTimeSent: 0
Description : It'sJustForTest!! zte(cfg-snmp)# Query configuration information about history 2: zte(cfg-snmp)#show history 2 ControlIndex : 2 Interval : 10 BucketsRequest: 3 BucketsGranted: 3 ControlOwner : zteNj
: 1.3.6.1.2.1.2.2.1.1.16
Query configuration information about alarm 2: zte(cfg-snmp)#show alarm 2 AlarmIndex Interval : 2 : 10 SampleType: absolute Value Startup Status : 0 : risingAlarm : valid
Variable :
Owner
: zteNj
Query configuration information about statistics 1: zte(cfg-snmp)#show statistics 1 StatsIndex: 1 Pkts :16 CRCAlignErrors : 0 DropEvents: 0 BroadcastPkts :1 Pkts65to127Octets : 0 Octets : 2236 MulticastPkts:15 Pkts128to255Octets : 15 Fragments : 0 UndersizePkts:0 Pkts256to511Octets : 1 Jabbers : 0 OversizePkts :0 Pkts512to1023Octets : 0 Collisions: 0 Pkts64Octets :0 kts1024to1518Octets: 0 Status : valid Owner : zteNj DataSource: 1.3.6.1.2.1.2.2.1.1.16 zte(cfg-snmp)# After the above configuration, when the number of etherHistoryPkts of the first bucket of port 16 rises over 8 or the number falls below 15, the event with the index of 2 is triggered. The event with the index of 2 sends a trap to the management station, and creates a log simultaneously. This log can be queried in the logTable of the event group.
Cluster Management
Introduction
A cluster is a combination consisting of a set of switches in a specific broadcast domain. This set of switches forms a unified management domain, providing an external public network IP address and
187
management interface, as well as the ability to manage and access each member in the cluster. The management switch which is configured with a public network IP address is called a command switch. Other switches serve as member switches. In normal cases, a member switch is not configured with a public network IP address. A private address is allocated to each member switch through the class DHCP function of the command switch. The command switch and member switches form a cluster (private network). It is recommended that you isolate the broadcast domain between the public network and the private network on the command switch and shield direct access to the private address. The command switch provides an external management and maintenance channel to manage the cluster in a centralized manner. In general, the broadcast domain where a cluster is located consists of switches in these roles: Command switch, member switches, candidate switches and independent switches. One cluster has only one command switch. The command switch can automatically collect the device topology and set up a cluster. After a cluster is set up, the command switch provides a cluster management channel to manage member switches. Member switches serve as candidate switches before they join the cluster. The switches that do not support cluster management are called independent switches. Figure 57 shows the cluster management networking.
188
NM console 110.1.1.1
Public network
100.1.1.10
Command switch
Member switch
Member switch
Independent switch
Candidate switch
189
Figure 58 shows the changeover rule of the four roles of switches within a cluster.
Member switch Specified as a command switch Delete from the cluster Add to the cluster Specified as a candidate switch Candidate switch Specified as an independent switch Specified as a command switch Specified as a candidate switch (without member) Specified as an independent switch (without member) Command switch Specified as a command switch
Independent switch
To configure the cluster management function, first use the config group command to enter the cluster management configuration mode.
ZDP Configuration
ZDP (Discovery Protocol) is a protocol used to discover the related information about the direct neighbor node, including the adjacent device ID, device type, version and port information. This protocol supports the refreshing and aging of the neighbor device information table. The ZDP configuration on the switch includes the following contents:
set zdp By default, the system ZDP function is enabled. When the system ZDP function is disabled, the contents of the neighbor device information table are cleared, and the ZDP packets processing is suspended. 2. Enable/disable the port ZDP function. set zdp port 3. Enable/disable the trunk ZDP function. set zdp trunk By default, the ZDP functions of all ports/trunks are enabled. When the ZDP function of a port/trunk is disabled, the contents of the neighbor device information table of the port/trunk are cleared, and the ZDP packets processing is suspended.
Note: A port/trunk can collect and send ZDP information normally only when both the ZDP function of the port/trunk and the system ZDP function are enabled.
4. Set the valid time for holding ZDP information. set zdp holdtime 5. Set the time interval for sending ZDP packets. set zdp timer 6. Display the ZDP configuration. show zdp 7. Display the neighbor device information table. show zdp neighbour
191
ZTP Configuration
The topology protocol (ZTP) is a protocol used to collect network topology information. With the neighbor device information table collected through ZDP, ZTP sends and forwards ZTP topology collection packets through the relevant port in the specified VLAN to collect the topology information in the network (hop count) within a specific range and to create a topology information table which is used for knowing network topology status and managing the cluster. The ZTP configuration on the switch includes the following contents:
1. Enable/disable the system ZTP function. set ztp By default, the system ZTP function is enabled. When the system ZTP function is disabled, the contents of the switch topology information table are cleared, and the ZTP packets processing is suspended. 2. Enable/disable the port ZTP function. set ztp port 3. Enable/disable the trunk ZTP function set ztp trunk By default, the ZTP function of all ports/trunks is enabled. If the ZTP function of a port/trunk is disabled, the ZTP packets processing of the port/trunk is suspended.
Note: A port/trunk can collect and send ZTP information normally only when both the ZTP function of the port/trunk and the system ZTP function are enabled.
set ztp portdelay By default, the specified VLAN for collecting topology information is VLAN 1, and the topology collecting range is four hops. By default, the time interval for collecting topology information is 0 minute, that is, the topology information is not collected periodically. When the switch is configured to be a command switch, the VLAN for collecting topology information serves as the management VLAN of the command switch. In this case, it is not allowed to change the specified VLAN for collecting topology information. When the network delay is high, the hop delay and port delay of topology forwarding shall be modified to adapt the current network status. To collect network topology information within a larger range, the administrator can increase the hop counts. 5. Manually start collecting topology information. ztp start To make it easy to know the network topology information at any time, the user can manually start the topology information collection procedure, without depending on the automatic topology information collection. 6. Display ZTP configuration.
Confidential and Proprietary Information of ZTE CORPORATION 193
show ztp 7. Display details of the specified device according to the MAC address. show ztp mac 8. Display the topology information table. show ztp device
Note: The device ID offered by the topology information table is the temporary ID generated based on the current topology information collection result. With the purpose of facilitating the display and cluster management, it is effective to the current topology information collection result only.
Cluster Configuration
After the command switch is specified, you can know the network topology information through ZDP/ZTP, and then manage and monitor the cluster. The unique ID of a cluster consists of the VLAN where the cluster is located and the MAC address of the command switch.
set group commander ipport After a candidate switch is added to the cluster by the command switch and becomes a member switch, the member switch cannot change itself to a candidate switch or command switch. In setting the command switch, the VLAN to which the layer 3 port is bound shall be the specified VLAN for collecting topology information. Once a switch is configured to be a command switch, the specified VLAN for collecting topology information cannot be changed. The command switch is allowed to be a candidate switch or independent switch only when the cluster has no member switch. 2. Add/delete a cluster member.
Add a member based on the device MAC address.
set group delete member When a device is added to the cluster but the member ID is not specified, the system automatically allocates a unique ID to the member. 3. Configure cluster parameters.
Set cluster name.
Set a time interval for the handshake between the command switch and the member switch.
set group tftpsvr The above parameters can be configured for the command switch only. The effective holding time of the cluster means that when the command switch detects the communication failure of a member switch (or a member switch detects that of the command switch), and the communication is recovered within the effective holding time, the member status is normal; if the communication is not recovered after the effective holding time, the command switch displays that the member is in DOWN state. After the communication is recovered, the member is added to the cluster automatically and is displayed in UP status. If the IP address of the TFTP Server of the cluster is configured, the member switch can access the TFTP Server by directly accessing the command switch. 4. Access and control cluster members.
Switch from the command switch to a specified member switch.
rlogin member
Switch from a member switch to the command switch.
rlogin commander
Download/upload versions through TFTP on the command switch.
196 Confidential and Proprietary Information of ZTE CORPORATION
tftp
Save the configuration of the specified member switch.
save member
Delete the configuration of the specified member switch.
erase member
Restart the specified member switch.
reboot member 5. Display the cluster configuration and cluster member information.
Display the cluster configuration information.
show group
Display candidate switches that can be added to the cluster.
Configuration Example
As shown in Figure 57, the initial configuration of the switches is the default configuration. Here, set the VLAN where the public network IP address of the command switch in the cluster is located to 2525, the IP address to 100.1.1.10/24, the gateway address to 100.1.1.1, the cluster management VLAN to 4000, the private address pool to 192.168.1.0/24, and the IP address of the TFTP Server of the whole cluster to 110.1.1.2. The detailed configuration is as follows:
1. Configure the public network IP address of the command switch and the gateway.
WYXX(cfg)#set vlan 2525 enable WYXX(cfg)#set vlan 2525 add port 1-16 tag
197
WYXX(cfg)#config router WYXX(cfg-router)#set ipport 25 ipaddress 100.1.1.10/24 WYXX(cfg-router)#set ipport 25 vlan 2525 WYXX(cfg-router)#set ipport 25 enable
2. Create a cluster on layer 3 port 1 of the command switch and VLAN 1 (default VLAN).
WYXX(cfg)#config group WYXX(cfg-group)#set 192.168.1.1/24 group commander ipport 1 ip-pool
Cmdr.WYXX(cfg-group)#ztp start Cmdr.WYXX(cfg-group)#show ztp device Last collection vlan : 1 Last collection time : 188 ms. Id --0 1 2 3 4 5 MacAddress Hop Role ----cmdr candi candi candi candi candi Platform --------ZXR10 2818S ZXR10 2818S ZXR10 2818S ZXR10 2818S ZXR10 2818S ZXR10 2818S
Cmdr.WYXX(cfg-group)#set group add device 1-5 Adding device id : 1 Adding device id : 2 Adding device id : 3 Adding device id : 4
198
Successed to add member! Successed to add member! Successed to add member! Successed to add member!
Adding device id : 5
...
----- ----------------- ------------------- ---------1 2 3 4 5 00.d0.d0.fc.08.d6 192.168.1.2/24 00.d0.d0.fc.08.cf 192.168.1.3/24 00.d0.d0.fc.08.fa 192.168.1.4/24 00.d0.d0.fc.08.d5 192.168.1.5/24 00.d0.d0.fc.09.3a 192.168.1.6/24 Up Up Up Up Up
3. Switch to each member switch and add all ports to VLAN 4000 (taking member 4 as an example)
Cmdr.WYXX(cfg)#set vlan 4000 enable Cmdr.WYXX(cfg)#set vlan 4000 add port 1-16 tag
Connecting ...
Membr_4.zte>enable
Membr_4.zte(cfg)#set vlan 4000 enable Membr_4.zte(cfg)#set vlan 4000 add port 1-16 tag
Deleting member id : 5
...
WYXX(cfg-group)#set 192.168.1.1/24
group
commander
ipport
ip-pool
Cmdr.WYXX(cfg-group)#ztp start Cmdr.WYXX(cfg-group)#show ztp device Last collection vlan : 4000 Last collection time : 176 ms. Id --0 1 2 3 4 5 MacAddress Hop Role ----cmdr candi candi candi candi candi Platform --------ZXR10 2818S ZXR10 2818S ZXR10 2818S ZXR10 2818S ZXR10 2818S ZXR10 2818S
Cmdr.WYXX(cfg-group)#set group add device 1-5 Adding device id : 1 Adding device id : 2 Adding device id : 3 Adding device id : 4 Adding device id : 5 ... ... ... ... ... Successed to add member! Successed to add member! Successed to add member! Successed to add member! Successed to add member!
200
----- ---------------- ----------------- ---------1 2 3 4 5 00.d0.d0.fc.08.d6 192.168.1.2/24 00.d0.d0.fc.08.cf 192.168.1.3/24 00.d0.d0.fc.08.fa 192.168.1.4/24 00.d0.d0.fc.08.d5 192.168.1.5/24 00.d0.d0.fc.09.3a 192.168.1.6/24 Up Up Up Up Up
201
202
Chapter
Maintenance
In this chapter, you will learn about:
Routine maintenance of the ZXR10 2609/2818S/2826S/2852S Common test methods of the ZXR10 2609/2818S/2826S/2852S Troubleshooting methods of the ZXR10 2609/2818S/2826S/2852S
Routine Maintenance
Routine maintenance generally refers to daily maintenance and monthly maintenance. The following describes them in detail.
ii. Query whether the status of indicators of the switch is normal. iii. Check whether the fan of the switch runs normally. iv. Check whether the temperature of the switch is normal and whether there is any strange smell in the equipment room.
Confidential and Proprietary Information of ZTE CORPORATION 203
v. Check system alarm information. 2. Check the communication status between the switch and each connected device. Log in to the switch through a HyperTerminal or Telnet, and then use the ping command to test different network segments and check the connectivity. 3. Check whether the switch related services are normal. 4. Record the intraday operations and phenomenon. Intraday operations refer to the operations performed on that day, and phenomenon shall include the status of the switch and environment of the equipment room.
ii. Summarize and accumulate maintenance experiences in routine maintenance to conduct more efficient maintenance. 2. Clean the equipment room. i. Pay attention to the cleanness of air conditioners and check the performance of the air conditioners at the same time.
ii. Clean the cabling trough, check whether the relevant lines are in poor contact and make adjustment in time. 3. Clean the switch. Do not overwet the cleaning cloth. Make sure that the interfaces are not affected. 4. Back up the alarm data, statistic data and configuration data.
204 Confidential and Proprietary Information of ZTE CORPORATION
Chapter 9 - Maintenance
Maintenance Period
Table 12 shows the maintenance and test period of the Ethernet switch system for the reference of the maintenance personnel.
No. 1 2 3 4 5 6 7 8 9 10
Maintenance & Test Item Check the running status of the switch. Check the temperature and humidity in the equipment room and check the power supply. Check the communication status between the switch and each connected device. Check whether developed. the relevant of of services are well
Test Period Daily Daily Daily Daily Monthly Monthly Monthly Monthly Yearly Yearly
Monthly summarization problems. Monthly summarization experience. Clean the equipment room. Clean the switch. Yearly summarization.
routine routine
maintenance maintenance
205
1. Enable or disable the loop test function of the specified port. set loopdetect port By default, the port loop test function is disabled. 2. Enable or disable the loop test function of a trunk.
206 Confidential and Proprietary Information of ZTE CORPORATION
Chapter 9 - Maintenance
set loopdetect trunk By default, the loop test function of a trunk is disabled. 3. Enable or disable the loop test protection function of the specified port. set loopdetect port protect The loop test protection function means that the port is automatically blocked when it detects a loop. In this way, the influence caused by port loop is avoided. 4. Enable or disable the loop test protection function of a trunk. set loopdetect trunk protect 5. Set the time for blocking the port with loop. set loopdetect blockDelay The time for blocking the port with loop refers to the time for blocking the port when a loop is detected, that is, the port protection time. The protection takes effect only when the loop test protection function of the port is enabled. 6. Display the port loop test configuration and port detection status. show loopdetect If the port cannot work normally, you can use show loopdetect to observe whether a port loop exists. If no loop is detected and the spanning tree of the port is enabled, you can eliminate the fault according to the status of the spanning status.
207
Good termination, and to obtain the distance of the errored circuit with the fitted empirical formula. You can use the show vct port command on the switch to query the VCT result of the specified port. For interface modules in extended slots, this switch only supports the VCT of the gigabit electrical interface. For other interface modules, the VCT is not supported.
Common Troubleshooting
By type, the faults include software faults and hardware faults. Hardware faults, if accurately located, usually can be cleared by replacing the hardware. Software and configuration faults can be cleared through proper operations. In troubleshooting, check whether the device configuration is correct, whether the cables are connected correctly and whether the required environment is satisfied according to the related description in the above sections. The following describes the common faults of the ZXR10 2609/2818S/2826S/2852S and relevant troubleshooting methods in detail.
Chapter 9 - Maintenance
i.
ii. The serial port attributes of the HyperTerminal are configured incorrectly, and the serial port fails. iii. The console port of the switch fails. 4. Troubleshooting i. Use proper configuration cables. For the connections of configuration cables, see
209
Installing Configuration Cables. ii. Check the settings of serial port attributes of the HyperTerminal. The correct settings shall be as follows: Bit/s (baud rate): 9600. Data bit: 8. Parity check: none. Stop bit: 1. Data stream control: none. Check whether the serial port of the HyperTerminal is normal, and replace the configuration terminal. iii. Check whether the console port of the switch is normal.
ii. Enable the port. iii. Enable the VLAN bound with the IP port.
210 Confidential and Proprietary Information of ZTE CORPORATION
Chapter 9 - Maintenance
iv. Configure a valid IP address, subnet mask and default gateway for the switch. v. Modify the IP address of the switch or that of the other device to eliminate the IP address conflict.
211
i.
Restart the switch, and press any key according to the prompt to enter the boot status in the HyperTerminal.
Welcome to use ZTE eCarrier!!
Copyright(c) 2004-2006, System Booting...... CPU: WindBond ARM7TDMI Version: VxWorks5.5.1 BSP version: 1.2/0
[ZxR10 Boot]:
ii. In the boot status, enter <zte> to enter the [BootManager] status of the switch. Enter <?> to get command help.
[ZxR10 Boot]: zte Load wbdEnd Begin W90N740 MAC0: 10MB - Full Duplex
212
Chapter 9 - Maintenance
: 0 : 0 : tiger : vxWorks
inet on ethernet (e) : 10.40.89.106 host inet (h) gateway inet (g) flags (f) : 10.40.89.78 : 10.40.89.78 : 0x80
Attached TCP/IP interface to wbdEnd0. Warning: no netmask specified. Attaching network interface lo0... done. Attaching to TFFS... test flash passed perfectly! Welcome to boot manager! Type ? for help
[BootManager]:?
ls directories/* pwd absolute path/* devs informaiton/* show and MAC address/* reboot format memory/* del file_name
file/* md mf cd dir_name file_name absolue-pathname */Creates a directory/* */Creates a file/* */Changes the current
version through TFTP/* update file_name rename file_name newname */Upgrades boot/* */Rename a file/*
[BootManager]:
iii. Run the del command to delete the configuration file, and then restart the switch.
[BootManager]:ls KERNEL RUNNING.CFG [BootManager]:del running.cfg [BootManager]:reboot
iv. After the switch is restarted, use the default user name and password to log in to the switch.
Please Press any Key to Start!
Chapter 9 - Maintenance
password : zte(cfg)#
ii. The port is disabled. iii. The VLAN is disabled. iv. The tag is selected when the port is added to the VLAN. 3. Troubleshooting i. Modify the PVID of the port to be consistent with the related VLAN ID.
ii. Enable the port. iii. Enable the VLAN. iv. Add the port to the VLAN and select untag.
216
Chapter
10
Command Reference
In this chapter, you will learn about:
Commands of the ZXR10 2609/2818S/2826S/2852S. Functions, modes, format, parameters and application of the commands.
Introduction
Table 13 shows the parameters commonly used in the commands.
TABLE 13 P ARAMETER DESCRIPTION
Parameter
Description Comma separated port number, port name or port number range. For example:
<portlist>
1, 2, 4-8, 18 p1, pp2, 4-8, port18 p1, pp2 and port18 are names of the ports created by the user. Comma separated VLAN ID, VLAN name or VLAN range. For example: 1-19, 77, 88, 100-900 vlan1, v1, 10, 100-200
<vlanlist>
217
Parameter <trunklist>
Description Comma separated trunk ID or trunk range. For example: 1-19, 77, 88, 100-900 It indicates that only one port number or port name can be entered at a time. It indicates that only one VLAN ID or VLAN name can be entered at a time. It indicates that only one trunk ID can be entered at a time. MAC address, for example, 11.22.33.44.55.66. IP address, for example, 10.40.47.254 Digits of the IP address and mask. M is an integer ranging 1~32, for example, 10.40.47.254/24. A character string without space. Variable number in dotted decimal notation, for example, 1.3.6.2.19.2. A character string without space.
<portname>
<vlanname> <trunkid> <xx.xx.xx.xx.xx.xx> <A.B.C.D> <A.B.C.D/M>
<string>
<mib-oid>
<name>
Management Commands
adminpass
Function: To set the password for entering the global configuration mode. Mode: Global configuration mode Format: adminpass [<string>] Parameter:
218 Confidential and Proprietary Information of ZTE CORPORATION
Parameter
<string>
Note: If adminpass is entered directly without a string, it indicates that the management password is set to null. Example: Set the password for entering the global configuration mode to administrator. adminpass administrator
config router
Function: To enter the layer 3 configuration mode. Mode: Global configuration mode Format: config router
config snmp
Function: To enter the SNMP configuration mode. Mode: Global configuration mode Format: config snmp
config tffs
Function: To enter the file system configuration mode. Mode: Global configuration mode Format: config tffs
219
create User
Function: To create a management user. Mode: Global configuration mode Format: create user <name> Parameter: Parameter Description The name of the management user.
<name>
delete User
Function: To delete a management user. Mode: Global configuration mode Format: delete user <name> Parameter: Parameter Description The name of the management user.
<name>
220
enable
Function: To enter the global configuration mode from the user mode. Mode: User mode Format: enable Note: After the enable command is executed, the system prompts the user to enter the management password (use the adminpass command to set it).
exit
Function: To exit from the current mode to the previous mode. Mode: All modes Format: exit
hostname
Function: To set or change the host name. Mode: Global configuration mode Format: hostname <name> Parameter: Parameter Description Host name.
<name>
221
line-vty
Function: To set the timeout time for Telnet user login. Mode: Global configuration mode Format: line-vty timeout <1-1080> Parameter: Parameter <1-1080> Description Timeout time. The unit is minute. By default, it is 10 minutes.
list
Function: To list all commands available in the current mode. Mode: All modes Format: list
loginpass
Function: To set the login password. Mode: Global configuration mode Format: loginpass [<string>] Parameter: Parameter Description Login password.
<string>
222
Note: If loginpass is entered directly without a string, it indicates that the login password is set to null. In this case, the Telnet user cannot log in to the system. Example: Set the login password to ok. loginpass ok
ping
Function: To test the connectivity of the network. Mode: Global configuration mode Format: ping <A.B.C.D> [<0-65535>] [<0-65535>] Parameter: Parameter <A.B.C.D> <0-65535> <0-65535> Description Destination IP address. The times of sending the echo request. The delay of waiting for response.
readconfig
Function: To read the switch configuration from the config.txt file. Mode: Global configuration mode Format: readconfig
reboot
Function: To restart the switch. Mode: Global configuration mode
Confidential and Proprietary Information of ZTE CORPORATION 223
Format: reboot
saveconfig
Function: To save the configuration information. Mode: Global configuration mode Format: saveconfig
set date
Function: To set the date and time. Mode: Global configuration mode Format: set date <yyyy-mm-dd> time <hh:mm:ss> Parameter: Parameter <yyyy-mm-dd> <hh:mm:ss> Description Date (year/month/day). Time (hour/minute/second).
Note that after the switch is restarted, the date and time shall be reconfigured.
set loginauth
Function: To set the login authentication mode. Mode: Global configuration mode Format: set loginauth {local|radius} Parameter:
224
Description Sets local authentication for the login user. Sets the RADIUS authentication for the login user.
set specialVlan1
Function: To enable/disable the special management of vlan1. Mode: Global configuration mode Format: set specialVlan1 [enable|disable] Parameter: Parameter enable disable Description Enables the special management of vlan1. Disables the special management of vlan1.
show date-time
Function: To display the current date and time. Mode: All modes Format: show date-time Note: If no date and time are configured, the time starts from 200407-01 by default.
show loginauth
Function: To display the login authentication mode.
Confidential and Proprietary Information of ZTE CORPORATION 225
show running-config
Function: To display all current non-default configurations of the system. Mode: All modes Format: show running-config [toFile] Parameter: Parameter [toFile] Description Outputs the show running-config result to the config.txt file.
show specialVlan1
Function: To specialVlan1. Mode: All modes Format: show specialVlan1 display the configuration information about
show start-config
Function: To display all non-default configurations of the system saved last time. Mode: All modes Format: show start-config
226
show terminal
Function: To display the monitoring and log information about terminals. Mode: All modes Format: show terminal [log] Parameter: Parameter [log] Description Displays log information.
Note: It is used to display the on/off status of the monitor and log.
show vct
Function: To display the VCT result of the port. Mode: All modes Format: show vct port <portname> Parameter: Parameter Description A port number.
<portname>
show user
Function: To display information and the current name of the user logging in through Telnet. Mode: All modes Format: show user
Confidential and Proprietary Information of ZTE CORPORATION 227
sysLocation
Function: To set the location information about the switch. Mode: Global configuration mode Format: sysLocation <string> Parameter: Parameter Description Location of the switch.
<string>
terminal log
Function: To enable/disable the log. Mode: Global configuration mode Format: terminal log {on|off} Parameter: Parameter on off Description Enables log. Disables log.
terminal monitor
Function: To enable/disable printing real-time alarm information to the terminal. Mode: Global mode Format: terminal monitor {on|off}
228
Parameter: Parameter on off Description Enables printing real-time alarm information. Disables printing real-time alarm information.
version
Function: To display system information including version, running time and MAC address of the switch. Mode: Global configuration mode Format: version
File System
cd
Function: To change the current directory. Mode: File system configuration mode Format: cd <name> Parameter: Parameter Description Name of the directory.
<name>
229
copy
Function: To copy a file. Mode: File system configuration mode Format: copy <name> <name> Parameter: Parameter Description Name of the source file path/destination file path.
<name>
Example 1: Copy the v1.txt file in the root directory to the \bak directory. copy v1.txt bak\v1.txt
Example 2: Copy the a.txt file in the \\test directory to the \\temp directory. copy \\test\a.txt \\temp\a.txt
format
Function: To format the Flash memory. Mode: File system configuration mode
230
Format: format
ls
Function: To display the current directory list. Mode: File system configuration mode Format:
md
Function: To create a directory. Mode: File system management mode Format: md <name> Parameter: Parameter Description Name of the directory.
<name>
remove
Function: To delete a specified file or directory. Mode: File system configuration mode Format: remove <name> Parameter:
231
Parameter
<name>
rename
Function: To rename a file. Mode: File system configuration mode Format: rename <name> <name> Parameter: Parameter Description Name of the source file/destination file.,
<name>
tftp
Function: To download/upload a version through TFTP. Mode: File system configuration mode Format: tftp <name> Parameter: {<A.B.C.D>|commander} {download|upload}
232
Description IP address of the specified host. Command switch. Downloads a file from the host to the FLASH memory. Uploads a file from the FLASH memory to the host. Name of the file.
<name>
Example: Download version.o from 10.40.44.167 to the switch. tftp 10.40.44.167 download version.o
Port Configuration
clear port
Function: To clear the name/statistics data of a port. Mode: Global configuration mode Format: clear port <portlist> {name|statistics|description} Parameter: Parameter <portlist> name statistics description Description Port list. Clears the name of the port. Clears the statistics data of the port. Clears the description of the port.
233
Example: Clear names of ports 1, 5, 6, 7 and 11. clear port 1,5-7,11 name
<portname> <name>
Note that the range of parameter <portname> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S. Example: Create the name userx for port 1. create port 1 name userx
set port
Function: To enable/disable a port. Mode: Global configuration mode Format: set port <portlist> {enable|disable} Parameter:
234 Confidential and Proprietary Information of ZTE CORPORATION
Example: Enable the adaptive function of ports 1, 5, 6, 7 and 11. set port 1,5-7,11 auto enable
235
Format: set port <portlist> bandwidth ingress {off|on rate <64256000>}{tcpdrop|flowcontrol} set port <portlist> bandwidth egress {off|on rate <64-256000>} Parameter: Parameter <portlist> ingress egress off on tcpdrop flowcontrol <64-256000> Description Port list. Set the input bandwidth. Set the output bandwidth. Disables the bandwidth restriction. Enables the bandwidth restriction. TCP connection mode. Traffic control connection mode. The rate ranges from 64 kbps to 256000 kbps.
Example: Set the input bandwidth of ports 1, 5, 6, 7 and 11 to 1000 kbps. set port 1,5-7,11 bandwidth ingress on rate 1000
236
Parameter: Parameter <portlist> enable disable Description Port list. Enables the layer 3 DSCP priority of a port. Disables the layer 3 DSCP priority of a port.
Note that the layer 3 DSCP priority can be used to determine the priority of data packets only when the received data packets are IP data packets and the layer 3 DSCP priority of the port is enabled. The queue priority of data packets is determined in the queue priority table according to the IP DSCP priority.
<0-7>
237
<portname> <string>
Note that the range of parameter <portname> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S.
Example: Set the working modes of ports 1, 5, 6, 7 and 11 to full duplex. set port 1,5-7,11 duplex full
Mode: Global configuration mode Format: set port <portlist> flowcontrol {enable|disable} Parameter: Parameter <portlist> enable disable Description Port list. Enables the flow control of a port. Disables the flow control of a port.
Example: Enable the flow control of ports 1, 5, 6, 7 and 11. set port 1,5-7,11 flowcontrol enable
239
Description Set the ingress restriction type to broadcast and multicast data packets. Set the ingress restriction broadcast data packets. filter type to
240
Description Enables the multicast packet filter, namely, multicast packets are discarded. Disables the multicast packet filter, namely, multicast packets are forwarded.
Example: Set ports 1, 5, 6, 7 and 11 for forwarding multicast packets. set port 1,5-7,11 multicast-filter disable
Example: Set the power supply mode of port 1 to auto. set port 1 poe auto
Mode: Global configuration mode Format: set port <portlist> default-priority <0-7> Parameter: Parameter <portlist> <0-7> Description Port list. Priority value.
Example: Set the priority of ports 1, 5, 6, 7 and 11 to 3. set port 1,5-7,11 default-priority 3
Note that when a data packet received by the port is a TAG packet, the switch first uses this remapping table to remap the priority in the data packet, and then uses the priority of the new priority of the 802.1P user to determine future priority.
242
The default values of the remapping table are 0 0, 1 1, 2 2, 3 3, 4 4, 5 5, 6 6 and 7 7. Example: Set the priority value of remapping-tag 3 in the 802.1P user priority remapping table of ports 1, 5, 6, 7 and 11 to 2. set port 1,5-7,11 remapping-tag 3 priority 2
Description Port list. Disables port address learning, and does not forward packets. Enables port address learning and forwards packets.
Example: Disable the address learning of ports 1, 5, 6, 7 and 11. set port 1,5-7,11 security enable
Example: Set the rate of ports 1, 5, 6, 7 and 11 to 10 Mbps. set port 1,5-7,11 speed 10
Mode: Global configuration mode Format: set port <portlist> speedadvertise {maxspeed|speed 10|speed 100|speed 1000} {fullduplex|halfduplex} Parameter: Parameter <portlist> maxspeed speed 10 speed 100 speed 1000 fullduplex halfduplex Description Port list. Sets the port speed advertisement to maximum speed. Sets the port speed advertisement to 10 Mbps. Sets the port speed advertisement to 100 Mbps. Sets the port speed advertisement to 1000 Mbps. Full duplex mode. Half duplex mode.
245
Example: Set trunk 1 multicast packet forwarding. set trunk 1 multicast forward
246
Note that the range of parameter <trunklist> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
show port
Function: To display port configuration and the working status. Mode: All modes Format: show port [<portlist>] Parameter: Parameter <portlist> Description Port list.
Example: Display the configuration and working status of ports 1, 5, 6, 7 and 11. show port 1,5-7,11
Example: Display the statistics data of ports 1, 5, 6, 7 and 11. show port 1,5-7,11 statistics
show trunk
Function: To display the trunk configuration. Mode: All modes Format: show trunk [<trunklist>] Parameter: Parameter <trunklist> Description Trunk ID list.
248
Port Mirroring
set mirror add source-port
Function: To add an ingress/egress mirroring port. Mode: Global configuration mode Format: set mirror add source-port <portlist> {ingress|egress} Parameter: Parameter <portlist> ingress egress Description Port list. Ingress. Egress.
Example: Add the egress mirror of ports 1, 5, 6, 7 and 12. set mirror add port 1,5-7,12 egress
249
Example: Delete the ingress mirror of ports 1, 5, 6, 7 and 12. set mirror delete port 1,5-7,12 ingress
<portname>
Note that the range of parameter <portname> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S.The switch supports one ingress monitoring port and one egress monitoring port. Example: Set an ingress monitoring port. set mirror dest-port 1
show mirror
Function: To display mirroring configuration information. Mode: All modes
250
VLAN Configuration
clear vlan name
Function: To clear a VLAN name. Mode: Global configuration mode Format: clear vlan <vlanlist> name Parameter: Parameter <vlanlist> Description VLAN list.
Example: Clear the names of VLAN 1, 5, 6, 7 and 12. clear vlan 1,5-7,12 name
251
Parameter
<name>
Example: Set the name of vlan 1 to group1. create vlan 1 name group1
Example: Set the PVID of ports 1, 5, 6, 7 and 11 to 30. set port 1,5-7,11 pvid 30
252
Example: Set the PVID of trunk 1, 2 and 3 to 1000. set trunk 1-3 pvid 1000
Note that the range of parameter <trunklist> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
set vlan
Function: To enable/disable a VLAN. Mode: Global configuration mode Format: set vlan <vlanlist> {enable|disable} Parameter: Parameter <vlanlist> enable disable Description VLAN list. Enables the VLAN. Disables the VLAN.
Mode: Global configuration mode Format: set vlan <vlanlist> add port <portlist> [tag|untag] Parameter: Parameter <vlanlist> <portlist> tag untag Description VLAN list. Port list. Attaches a tag. Does no tag. By default, untag is selected.
Example: Add ports 2, 8, 9, 10 and 18 with tag to VLAN 1, 5, 6, 7 and 12. set vlan 1,5-7,12 add port 2,8-10,18 tag
254
Note: The range of parameter <trunklist> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S. Example: Add trunk 1 with tag to VLAN 1, 5, 6, 7 and 12. set vlan 1,5-7,12 add trunk 1 tag
Example: Disable ports 2, 9, 10, 11 and 16 in VLAN 1, 5, 6, 7 and 12. set vlan 1,5-7,12 delete port 2,9-11,16
Example: Delete trunk 1 from VLAN 1, 5, 6, 7 and 12. set vlan 1,5-7,12 delete trunk 1 Note that the range of parameter <trunklist> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
Example: Set the FID of VLAN 1, 5, 6, 7 and 12 to 1. set vlan 1,5-7,12 fid 1
Parameter: Parameter <vlanlist> off on <0-7> Description VLAN list. Disables the VLAN priority. Enables the VLAN priority. Value of the VLAN priority.
Example: Set the priority of VLAN 1, 5, 6, 7 and 12 to 3. set vlan 1,5-7,12 priority on 3
show vlan
Function: To display VLAN information. Mode: All modes Format: show vlan [<vlanlist>] Parameter: Parameter <vlanlist> Description VLAN list.
Example 2: Display information about VLAN 1, 5, 6, 7 and 12. show vlan 1,5-7,12
257
<portname>
< trunkid > < 0-7 >
Note that the range of parameter <portname> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S. The range of parameter <trunkid> is 1~8 on 2609/2818S/2826S, and 1~16 on the ZXR10 2852S. the ZXR10
Example 1: Add 00.00.00.00.11.22 to the address table, and set the FID to 1, the port number to 1, and the priority value to 3. set fdb add 00.00.00.00.11.22 fid 1 port 1 priority 3
258
Example 2: Add 00.00.00.00.11.22 to the address table, and set the FID to 1, and the port name to userx. set fdb add 00.00.00.00.11.22 fid 1 port userx
Example 3: Add 00.00.00.00.11.22 to the address table, and set the FID to 1, and trunk to 1. set fdb add 00.00.00.00.11.22 fid 1 trunk 1
Example: Set the address aging time to 100s. set fdb agingtime 100
259
Parameter: Parameter <xx.xx.xx.xx.xx.xx> <1-256> Description MAC address. FID. The range is 1~256. of
Example: Delete the fdb entry with the MAC address 00.00.00.00.11.22 and the FID of 1 from the address table. set fdb delete 00.00.00.00.11.22 fid 1
Example: Set the fdb filter address to 00.00.00.00.11.22, and the FID to 1. set fdb filter 00.00.00.00.11.22 fid 1
show fdb
Function: To display fdb information. Mode: All modes
260 Confidential and Proprietary Information of ZTE CORPORATION
Format: show fdb [static|dynamic|filter] [detail] Parameter: Parameter static dynamic filter detail: Description Displays the number of static fdb entries. Displays the number of dynamic fdb entries. Displays the number of static filter fdb entries. Displays details of a type of fdb entries.
Note that the ZXR10 2852S does not support the show fdb, show fdb detail, show fdb dynamic and show fdb dynamic detail commands.
<portname>
detail
261
Note that this command is available for the ZXR10 2852S only.
<portname>
262
Note that the ZXR10 2852S does not support this command.
<portname>
Note that this command is available for the ZXR10 2852S only.
LACP Configuration
set lacp
Function: To enable/disable the LACP. Mode: Global configuration mode Format: set lacp {enable|disable} Parameter:
Confidential and Proprietary Information of ZTE CORPORATION 263
Example: Add ports 1, 5, 6 and 7 to aggregation group 1. set lacp aggregator 1 add port 1,5-7
Note that the range of parameter <trunkid> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
264
Parameter: Parameter <trunkid> <portlist> Description Aggregation group number. Port list.
Example: Delete ports 1, 5, 6 and 7 from aggregation group 1. set lacp aggregator 1 delete port 1,5-7 Note that the range of parameter <trunkid> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
Example: Set the LACP aggregation mode of aggregation group 1 to dynamic. set lacp aggregator 1 mode dynamic
265
Note: The range of parameter <trunkid> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
Example: Set the LACP aggregation mode of ports 1, 5, 6 and 7 to active negotiation mode. set lacp port 1,5-7 mode active
Parameter long
Example: Set aggregation ports 1, 5, 6 and 7 to long timeout. set lacp port 1,5-7 timeout long
Example: Set the LACP priority to 100. set lacp priority 100
show lacp
Function: To display LACP configuration information. Mode: All modes Format: show lacp
Mode: All modes Format: show lacp aggregator [<trunkid>] Parameter: Parameter <trunkid> Description Aggregation group number.
Example 1: Display information about all LACP aggregation groups. show lacp aggregator Example 2: Display information about LACP aggregation group 1. show lacp aggregator 1
Example 1: Display information about all LACP aggregation ports. show lacp port
268
Example 2: Display information about LACP aggregation ports 1, 5, 6 and 7. show lacp port 1,5-7
269
Example: Add multicast snooping VLAN 1, 5, 6, 7 and 12. set igmp snooping add vlan 1,5-7,12
Example: Enable multi-VLAN multicast snooping. set igmp snooping crossvlan enable
270
Example: Delete multicast snooping VLAN 1, 5, 6, 7 and 12. set igmp snooping delete vlan 1,5-7,12
271
Parameter: Parameter <10-250> Description Last member query interval. The unit is 1/10 second. By default, it is 10 (1s).
Example: Set last member query interval to 10s. set igmp snooping lastmember_query 100
Example: Enable multicast polling for VLAN 1, 7 and 12. set igmp snooping query vlan 1,7,12 enable
Format: set igmp snooping query_interval <10-2147483647> Parameter: Parameter <10-2147483647> Description The query interval. The unit is 1/10 second. By default, it is 1250 (125s).
Example: Set the query interval to 100s. set igmp snooping query_interval 1000
Example: Set the query response interval to 12s. set igmp snooping response_interval 120
273
Example: Set the multicast member timeout to 100s. set igmp snooping timeout 1000 host
igmp
snooping
vlan
<vlanname> add
group
Description A VLAN ID or VLAN name. IP address. The range is 224.x.x.x~239.x.x.x, excluding 224.0.0.x.
Example 1: Add the static multicast group 230.40.44.167 to vlan 1. set igmp snooping vlan 1 add group 230.40.44.167
Example 2: Add the static multicast group 230.40.44.167 to the VLAN named group1. set igmp snooping vlan group1 add group 230.40.44.167
Example 1: Delete the static multicast group 230.40.44.167 from vlan 1. set igmp snooping vlan 1 delete group 230.40.44.167
Example 2: Delete the static multicast group 230.40.44.167 from the VLAN named group1.
275
Example 1: Display the multicast snooping results of all VLANs. show igmp snooping vlan
Example 2: Display the multicast snooping results of vlan 1. show igmp snooping vlan 1
276
Example 3: Display the multicast snooping results of the VLAN named group1. show igmp snooping vlan group1
Example 4: Display the multicast router snooping results of vlan 1. show igmp snooping vlan 1 router
MSTP Configuration
clear stp instance
Function: To delete an instance. Mode: Global configuration mode Format: clear stp instance <1-15> Parameter: Parameter <1-15> Description Instance number. The range is 0~15.
set stp
Function: To enable/display STP. By default, STP is disabled. Mode: Global configuration mode Format: set stp {enable|disable} Parameter: Parameter enable disable Description Enables STP. Disables STP.
Example: Set the STP aging time to 30s. set stp agemax 30
278
Example: Set port 1 as the STP edge port. set stp edge-port add port 1
Example: Set the forced STP type to stp. set stp forceversion stp
Confidential and Proprietary Information of ZTE CORPORATION 279
Example: Set the STP forwarding delay to 10s. set stp forwarddelay 10
Example: Set the STP notification interval to 6s. set stp hellotime 6
280
281
Parameter: Parameter <1-40> Description Maximum hop count terminals of the MST. between any two
Example: Set the maximum hop count between any two terminals of the MST to 30. set stp hopmax 30
Note that the priority shall be in multiples of 4096. If the inputted value is not in multiples of 4096, the system automatically converts the priority value to the nearest multiple of 4096. Example: Set the bridge priority in instance 1 to 4096. set stp instance 1 bridgeprio 4096
Mode: Global configuration mode Format: set stp instance <0-15> port <portname> cost <1200000000> Parameter: Parameter <0-15> Description Instance number. The range is 0~15. A port number. Post cost.
<portname>
<1-200000000>
Note that the range of parameter <portname> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S. Example: Set the cost of port 1 in instance 1 to 20000. set stp instance 1 port 1 cost 20000
<portname>
<0-255>
283
Note that the range of parameter <portname> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S. Example: Set the priority of port 1 in instance 1 to 100. set stp instance 1 port 1 priority 100
Note that the range of parameter <trunkid> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S. Example: Set the cost of trunk1 in instance 1 to 20000. set stp instance 1 trunk 1 cost 20000
284
Format: set stp instance <0-15> trunk < trunkid > priority <0255> Parameter: Parameter <0-15> < trunkid > <0-255> Description Instance number. The range is 0~15. Trunk ID. Priority.
Note that the range of parameter <trunkid> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S. Example: Set the priority of trunk1 in instance 1 to 100. set stp instance 1 trunk 1 priority 100
Example: Set the mapping relationship among instance 1 and vlan 1, 5, 6, 7 and 12.
285
<name>
Example: Set the MST area name to education. set stp name education
286
287
Example: Set the MST version number to 10. set stp revision 10
Mode: Global configuration mode Format: set stp trunk <trunkid> {enable|disable} Parameter: Parameter < trunkid > enable disable Description Trunk ID. Enables STP. Disables STP.
Note that the range of parameter <trunkid> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
Note that the range of parameter <trunkid> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
Mode: Global configuration mode Format: set stp trunk < trunkid > packettype {IEEE|CISCO|HUAWEI|HAMMER} Parameter: Parameter < trunkid > IEEE CISCO HUAWEI HAMMER Description Trunk ID IEEE mode. CISCO mode. Huawei mode. Harbour mode.
Note that the range of parameter <trunkid> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
show stp
Function: To display STP information. Mode: All modes Format: show stp
290
Parameter <0-15>
Example 1: Display information about all STP instances. show stp instance
Example 1: Display information about all STP ports. show stp port
Example 2: Display information about STP ports 1, 5, 6, 7 and 12. show stp port 1,5-7,12
291
QoS Configuration
set qos queue-schedule
Function: To set the queue scheduling mode. Mode: Global configuration mode Format: set qos queue-schedule {sp|wfq} Parameter: Parameter sp wfq Description Sp mode. Wfq mode.
292
Example: Set the queue scheduling mode to sp. set qos queue-schedule sp
Example 1: Set the mapping of the 802.1P user priority into the queue priority 2. set qos priority-map user-priority 3 traffic-class 2
293
Example 1: Set the mapping of the layer 3 DSCP priority 13 into the queue priority 2. set qos priority-map ip-priority 13 traffic-class 2
PVLAN Configuration
set pvlan session
Function: To add/delete an isolated/shared port to/from the PVLAN. Mode: All modes
294 Confidential and Proprietary Information of ZTE CORPORATION
Format: set pvlan session <id> {add|delete} {isolatedport|promiscuous-port} <portlist> Parameter: Parameter <id> add delete isolated-port |promiscuous-port Description At present, only one PVLAN is supported, therefore, the session value must be 1. Adds an isolated port or a shared port. Deletes an isolated port or a shared port. The isolated port. The shared port. Port list.
<portlist>
Note that the range of parameter <portlist> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S.
show pvlan
Function: To display the PVLAN configuration. Mode: All modes Format: show pvlan
295
show 802.1xrelay
Function: To configuration. Mode: All modes Format: show 802.1x relay display the 802.1x transparent transmission
296
Layer 3 Configuration
arp add
Function: To add the static address resolution. Mode: Layer 3 configuration mode Format: arp <vlanname> Parameter: Parameter <A.B.C.D> <xx.xx.xx.xx.xx.xx> <0-63> <vlanname> Description IP address. MAC address. Layer 3 port number. A VLAN ID or VLAN name. add <A.B.C.D> <xx.xx.xx.xx.xx.xx> <0-63>
Note that the IP address must be within the IP subnet of the specified IP port. The VLAN ID must be a VLAN ID which is bound with this IP port. Example 1: Add the static address resolution 10.40.44.167, MAC address 00.00.00.00.11.22, layer 3 port 1 and vlan 1. arp add 10.40.44.167 00.00.00.00.11.22 1 1
Example 2: Add the static address resolution 10.40.44.167, MAC address 00.00.00.00.11.22, layer 3 port 1 and the VLAN named group1. arp add 10.40.44.167 00.00.00.00.11.22 1 group1
297
arp delete
Function: To delete the static address resolution. Mode: Layer 3 configuration mode Format: arp delete <A.B.C.D> Parameter: Parameter <A.B.C.D> Description IP address.
Example: Delete the static address resolution of 10.40.44.167. arp delete 10.40.44.167
298
clear arp
Function: To delete all ARP information. Mode: Layer 3 configuration mode Format: clear arp Note that this command is used to delete all ARP information from the switch. Use this command with caution.
clear ipport
Function: To delete the ipport configuration. Mode: Layer 3 configuration mode Format: clear ipport <0-63> [mac|ipaddress {<A.B.C.D/M>|<A.B.C.D> <A.B.C.D>}|vlan <vlanname>] Parameter: Parameter <0-63> <A.B.C.D/M> <A.B.C.D> <vlanname> Description A layer 3 port number. IP address and mask. IP address/mask. A VLAN ID or VLAN name.
Note that the command for clearing the IP port configuration is used when the port is down. The command restores the default values of the port (IP address: 0.0.0.0, MAC address: 00.00.00.00.00.00, bound VLAN: vlan 0). Example 1: Delete the configuration of layer 3 port 1.
Confidential and Proprietary Information of ZTE CORPORATION 299
clear ipport 1 Example 2: Delete the MAC address of layer 3 port 1. clear ipport 1 mac
Example 3: Delete the IP address 10.40.44.167 and the mask 255.255.255.0 of layer 3 port 1. clear ipport 1 ipaddress 10.40.44.167/24 clear ipport 1 ipaddress 10.40.44.167 255.255.255.0
Example 5: Delete the VLAN named group1 of layer 3 port 1. clear ipport 1 vlan group1
clear iproute
Function: To delete a static route. Mode: Layer 3 configuration mode Format: clear iproute [{<A.B.C.D/M>|<A.B.C.D> <A.B.C.D>} <A.B.C.D>] Parameter: Parameter <A.B.C.D/M> Description IP address and mask.
300
Parameter <A.B.C.D>
Description IP address/mask/gateway.
Note that this command can delete all configured static routes, and the deleted routes cannot be restored. Example 1: Delete all static routes. clear iproute
Example 2: Delete the static route to the network at 10.40.44.0/24 and the gateway at 10.40.44.12. clear iproute 10.40.44.0/24 10.40.44.12 clear iproute 10.40.44.0 255.255.255.0 10.40.44.12
iproute
Function: To add a static route. Mode: Layer 3 configuration mode Format: iproute {<A.B.C.D/M>|<A.B.C.D> < A.B.C.D>} < A.B.C.D> [<0-15>] Parameter: Parameter <A.B.C.D/M> <A.B.C.D> <0-15> Description IP address and mask. IP address/mask/gateway. Metric. By default, it is 0.
Example: Add a static route to the network (10.40.44.0/24), with the gateway at 10.40.44.255 and the metric 3.
301
set ipport
Function: To enable/disable a layer 3 port. Mode: Layer 3 configuration mode Format: set ipport <0-63> {enable|disable} Parameter: Parameter <0-63> enable disable Description Number of a layer 3 port. Enables a layer 3 port. Disables a layer 3 port.
Note that to enable a layer-port, the IP address and VLAN data of the port shall already be configured. You do not have to configure the MAC address. Example 1: Enable layer 3 port 1. set ipport 1 enable Example 2: Disable layer 3 port 1. set ipport 1 disable
Mode: Layer 3 configuration mode Format: set ipport <0-63> ipaddress {<A.B.C.D/M>|<A.B.C.D> < A.B.C.D>} Parameter: Parameter <0-63> <A.B.C.D/M> <A.B.C.D> Description Number of a layer 3 port. IP address and mask. IP address/mask.
Note: If an IP port is already configured with an IP address, you can use this command to replace the IP address with a new one. Example: Set the IP address of layer 3 port 1 to 10.40.44.167, and the mask to 255.255.255.0. set ipport 1 ipaddress 10.40.44.167/24 set ipport 1 ipaddress 10.40.44.167 255.255.255.0
303
Note: The range of the MAC address is from 00.d0.d0.f0.00.00 to 00.d0.d0.ff.ff.ff. If this item is not configured, the MAC address is the MAC address of the switch. If an IP port is already configured with a MAC address, you can use this command to replace the MAC address with a new one. Example: Set the MAC address of layer 3 port 1 to 00.d0.d0.f0.11.22. set ipport 1 mac 00.d0.d0.f0.11.22
Note that if an IP port is bound with a VLAN, you can use this command to replace the VLAN value with a new one. Example 1: Set vlan 1 bound with layer 3 port 1. set ipport 1 vlan 1
Example 2: Set the VLAN named group1 bound with layer 3 port 1. set ipport 1 vlan group1
304
show arp
Function: To display the ARP information. Mode: All modes Format: show arp [static|dynamic|invalid|ipport <0-63> {static|dynamic|invalid} |ipaddress <A.B.C.D>] Parameter: Parameter <0-63> <A.B.C.D> Description Number of a layer 3 port. IP address
Example 3: Display the static ARP information about layer 3 port 1. show arp ipport 1 static
Example 4: Display the ARP information about the IP address 10.40.44.167. show arp ipaddress 10.40.44.167
305
show ipport
Function: To display the layer 3 port information. Mode: All modes Format: show ipport [<0-63>] Parameter: Parameter <0-63> Description Number of a layer 3 port.
show iproute
Function: To display all static routes. Mode: All modes Format: show iproute
306
<1-3600>
308
<0-64>
Note that if the maximum number of accessed subscribers is 0, it indicates that the number of subscribers with access to the port is not restricted. In this case, the number of accessed subscribers is restricted by the maximum number of subscribers that are allowed for access to the switch.
309
Description Port list. The port authentication mode is pap. The port authentication mode is chap. The port authentication mode is eap-md5. It is
Parameter
dot1x max-request
Function: To set the timeout retransmission times for the authentication system to receive challenge response from the client system. Mode: NAS mode Format: dot1x max-request <1-10> Parameter: Parameter <1-10> Description Timeout retransmission times. By default, it is 2.
dot1x quiet-period
Function: To set the interval between one authentication failure and the next authentication request being received by the authentication system. Mode: NAS mode Format: dot1x quiet-period <0-65535> Parameter: Parameter <0-65535> Description Time interval. The unit is second. By default, it is 60 seconds.
311
dot1x re-authenticate
Function: To enable/disable the re-authentication mechanism. Mode: NAS mode Format: dot1x re-authenticate {enable|disable} Parameter: Parameter enable disable Description Enables the re-authentication mechanism. Disables the re-authentication mechanism.
dot1x server-timeout
Function: To set the timeout time for the authentication system to received data packets from the authentication server. Mode: NAS mode
312
Format: dot1x server-timeout <1-65535> Parameter: Parameter <1-65535> Description Time interval. The unit is second. By default, it is 30 seconds.
dot1x supplicant-timeout
Function: To set the timeout time for the authentication system to received data packets from the authentication client system. Mode: NAS mode Format: dot1x supplicant-timeout <1-65535> Parameter: Parameter <1-65535> Description Time interval. The unit is second. By default, it is 30 seconds.
dot1x tx-period
Function: To set the time for the authentication system waits for retransmitting EAPOL data packets when it cannot receive response from the client system. Mode: NAS mode Format: dot1x tx-period <1-65535> Parameter:
313
Parameter <1-65535>
clear client
Function: To delete all users of a client. Mode: NAS mode Format: clear client
314
Parameter <portlist>
radius isp
Function: To add/delete an ISP. Mode: NAS mode Format: radius isp <ispname> {enable|disable} Parameter: Parameter <ispname> enable disable Description ISP domain name. Adds an ISP. Deletes an ISP.
315
316
317
Format: radius isp <ispname> delete authentication <A.B.C.D> Parameter: Parameter <ispname> <A.B.C.D> Description ISP domain name. IP address.
<string>
Parameter <A.B.C.D>
Description IP address.
<string>
319
radius nasname
Function: To set the NAS name. Mode: NAS mode Format: radius nasname <nasname> Parameter: Parameter <nasname> Description NAS name.
radius retransmit
Function: To set the retransmission times of remote authentication requests. Mode: NAS mode Format: radius retransmit <1-255> Parameter: Parameter <1-255> Description Retransmission times. By default, it is 3.
radius timeout
Function: To set the retransmission interval of remote autehnticaiton requests. Mode: NAS mode Format: radius timeout <1-255>
320 Confidential and Proprietary Information of ZTE CORPORATION
Parameter: Parameter <1-255> Description Retransmission interval. The unit is second. By default, it is 3 seconds.
show dot1x
Function: To display the dot1x configuration information. Mode: All modes Format: show dot1x
show client
Function: To display information about all accessed users. Mode: All modes Format: show client
Confidential and Proprietary Information of ZTE CORPORATION 321
<0-63>
show radius
Function: To display the RADIUS configuration information. Mode: All modes Format: show radius [<ispname>] Parameter: Parameter Description ISP domain name.
<ispname>
QinQ Configuration
set qinq customer port
Function: To add/delete a customer port. Mode: Global configuration mode Format: set qinq customer port <portlist> {enable|disable} Parameter: Parameter <portlist> Description Port list.
323
Example: Set ports 1, 2, 3 and 4 as customer ports. set qinq customer port 1-4 enable
Example: Set the tpid of the external layer label to 0x8910. set qinq tpid 0x8910
324
Example: Set port 24 as an uplink port. set qinq uplink port 24 enable
show qinq
Function: To display the QinQ configuration information. Mode: All modes Format: show qinq Parameter: None. Example: Display the QinQ configuration information. show qinq
Remote-access Configuration
clear remote-access all
Function: To delete all remote-access IP addresses. Mode: Global configuration mode Format: clear remote-access all
Mode: Global configuration mode Format: clear remote-access ipaddress <A.B.C.D> [<A.B.C.D>] Parameter: Parameter <A.B.C.D> Description IP address.
set remote-access
Function: To set remote access through Telnet. Mode: Global configuration mode Format: set remote-access {any|specific} Parameter: Parameter any specific Description It indicates that any IP address is available for access to the switch through Telnet. It indicates that only the specific IP address is available for access to the switch through Telnet.
326
Parameter <A.B.C.D>
show remote-access
Function: To display remote-access information. Mode: All modes Format: show remote-access
SSH Configuration
set ssh
Function: To enable/disable the SSH function. Mode: Global configuration mode Format: set ssh {enable|disable} Parameter: Parameter enable disable Description Enables the SSH function. Disables the SSH function.
show ssh
Function: To display the SSH configuration and status. Mode: All modes
Confidential and Proprietary Information of ZTE CORPORATION 327
SNMP Configuration
clear community
Function: To delete a community name. Mode: SNMP configuration mode Format: clear community <name> Parameter: Parameter Description Community name.
<name>
clear traphost
Function: To delete the traphost. Mode: SNMP configuration mode Format: clear traphost <A.B.C.D> Parameter:
328
Parameter <A.B.C.D>
Description IP address.
clear view
Function: To delete a view name. Mode: SNMP configuration mode Format: clear view <name> Parameter: Parameter Description View name.
<name>
create community
Function: To create a community name and set the authority. Mode: SNMP configuration mode Format: create community <name> {public|private} Parameter:
329
Parameter
Description Community name. The attribute of the community name is readonly. The attribute of the community name is readwrite.
<name>
public private
Example: Create a community name seu with the read-write attribute. create community seu private
create view
Function: To create a view name and determine whether the view contains a mib subtree. Mode: SNMP configuration mode Format: create view <name> [{include|exclude} <mib-oid>] Parameter: Parameter Description View name. Information path.
<name>
<mib-oid>
Note: If {include|exclude} <mib-oid> is not specified, the view contains 1.3.6.1 by default. Example: Create the view name school, excluding 1.3.6.2.19.2. create view school exclude 1.3.6.2.19.2
330
<name>
Example: Set the view school which contains seu. set community seu view school
set trap
Function: To enable/disable such traps as link interruption, link setup, link authentication failure, cold start, hot start, cluster topology change and cluster member Up/Down of the SNMP. Mode: SNMP configuration mode Format: set trap {linkdown|linkup|authenticationfail|coldstart|warmstart |topologychange|memberupdown} {enable|disable} Parameter: Parameter linkdown linkup Description The link is down. The link is set up.
331
Description The link authentication fails. Cold start. Hot start. Topology Change. Member Up/Down. Enables trap. Disables trap.
set traphost
Function: To set the IP address, community name and version of the trap host. Mode: SNMP configuration mode Format: set traphost <A.B.C.D> <name> [<ver>] Parameter: Parameter <A.B.C.D> Description IP address. Community name. Version number. By default, it is 1.
<name>
<ver>
Example: Set the IP address of the trap host to 10.40.44.167, the community name to seu, and the version number to 2. set traphost 10.40.44.167 seu 2
332
show snmp
Function: To display SNMP information. Mode: All modes Format: show snmp [community|view|trap|host] Parameter: Parameter community view trap host Description Displays the snmp community information. Displays the snmp view information. Displays the snmp trap information. Displays the snmp host information.
Example 1: Display all SNMP information. show snmp Example 2: Display the configured SNMP host address. show snmp host
RMON Configuration
set alarm
Function: To set an alarm group.
Confidential and Proprietary Information of ZTE CORPORATION 333
Mode: SNMP configuration mode Format: set alarm <1-65535> {interval <1-65535>|variable <mib-oid>|sampletype {absolute|delta}|startup {rising|falling|both}|threshold <1-65535> eventindex <165535> {rising|falling}|owner <name>|status {valid|underCreation|createRequest|invalid}} Parameter: Parameter <1-65535> <mib-oid> Description The index/time interval (unit: second)/peak value/event index of the alarm group. Information path. Name of the owner. The sampling type of the alarm group is absolute value sampling. The sampling type of the alarm group is relative value sampling. The alarm group is triggered upon the rising of the data. The alarm group is triggered upon the falling of the data. The alarm group is triggered upon the rising and falling of the data. The status of the alarm group is valid. The status of the alarm group is underCreation. The status of the alarm group is createRequest. The status of the alarm group is invalid.
<name>
absolute delta rising falling both valid underCreati on createRequ est invalid
Example 1: Set the time interval of the alarm instance with the index of 10 to 100s. set alarm 10 interval 100
334
Example 2: Set the sampling object of the alarm instance with the index of 10 to 1.3.6.2.19.2. set alarm 10 variable 1.3.6.2.19.2
Example 3: Set the sampling type of the alarm instance with the index of 10 to delta. set alarm 10 sampletype delta
Example 4: Set the alarm instance with the index of 10 which is triggered upon the rising of the data. set alarm 10 startup rising
Example 5: Specify that the alarm instance with the index of 10 triggers the event with index of 100 when the data rises up to 30,000. set alarm 10 threshold 30000 eventindex 100 rising
Example 6: Set the owner of the alarm instance with the index of 10 to user1. set alarm 10 owner user1
Example 7: Set the status of the alarm instance with the index of 10 to invalid. set alarm 10 status invalid
335
set event
Function: To set an event group. Mode: SNMP configuration mode Format: set event <1-65535> {description <string>|type {none|log|snmptrap| logandtrap}|owner <name>|community <name>|status {valid|underCreation| createRequest|invalid}} Parameter: Parameter <1-65535> Description Index of the event group. Description. Name/community name of the owner. The type of the event group is none. The type of the event group is log. The type of the event group is trap. The type of the event group is log and trap. The status of the event group is valid. The status of the event group is underCreation The status of the event group is createRequest. The status of the event group is invalid.
<string> <name>
none log snmptrap logandtrap valid underCreation createRequest invalid
Example 1: Set the description of the event instance with the index of 10 to initial. set event 10 description initial
Example 2: Set the type of the event instance with the index of 10 to log.
336
set event 10 type log Example 3: Set the community name of the event instance with the index of 10 to seu. set event 10 community seu
Example 4: Set the owner of the event instance with the index of 10 to tom. set event 10 owner tom
Example 5: Set the status of the event instance with the index of 10 to invalid. set event 10 status invalid
set history
Function: To set a history group. Mode: SNMP configuration mode Format: set history <1-65535> {datasource <portname>|bucketRequested <1-65535>|owner <name>|interval <1-3600>|status {valid|underCreation| createRequest|invalid}} Parameter: Parameter <1-65535> Description Index of the buckerRequest. history group/value of the
<portname>
337
Parameter
Description Name of the owner. The time interval of the history group. The unit is second. The status of the history group is valid. The status of the history group is underCreation. The status of the history group is createRequest. The status of the history group is invalid.
<name>
<1-3600> valid underCreation createRequest invalid
Note that the range of parameter <portname> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S. Example 1: Set the data source of the history instance with the index of 10 to port 1. set history 10 datasource 1
Example 2: Set the data source of the history instance with the index of 10 to port userx. set history 10 datasource userx
Example 3: Set the buckerRequest of the history instance with index of 10 to 100. set history 10 bucketRequest 100
Example 4: Set the owner name of the history instance with the index of 10 to tom. set history 10 owner tom
338
Example 5: Set the time interval of the history instance with the index of 10 to 100s. set history 10 interval 100
Example 6: Set the status of the history instance with the index of 10 to invalid. set history 10 status invalid
set rmon
Function: To enable/disable RMON. Mode: SNMP configuration mode Format: set rmon {enable|disable} Parameter: Parameter enable disable Description Enables RMON. Disables RMON.
set statistics
Function: To set a statistics group. Mode: SNMP configuration mode Format: set statistics <1-65535> {datasource <portname>|owner <name>|status {valid|underCreation|createRequest|invalid}} Parameter:
339
Parameter <1-65535>
Description Index of the statistics group. A port number or port name. Name of the owner. The status of the statistics group is valid. The status of the statistics group is underCreation. The status of the statistics group is createRequest. The status of the statistics group is invalid.
<portname> <name>
valid underCreation createRequest invalid
Note that the range of parameter <portname> is 1~9 on the ZXR10 2609, 1~18 on the ZXR10 2818S, 1~26 on the ZXR10 2826S, and 1~52 on the ZXR10 2852S. Example 1: Set the data source of the statistics instance with the index of 10 to port 1. set statistics 10 datasource 1
Example 2: Set the data source of the statistics instance with the index of 10 to port userx. set statistics 10 datasource userx Example 3: Set the owner name of the statistics instance with the index of 10 to tom. set statistics 10 owner tom
Example 4: Set the status of the statistics instance with the index of 10 to invalid. set statistics 10 status invalid
340
show alarm
Function: To display the alarm group configuration information. Mode: All modes Format: show alarm [<1-65535>] Parameter: Parameter <1-65535> Description Index of the alarm group.
Example 1: Display the RMON information about all alarm instances. show alarm
Example 2: Display the RMON information about the alarm instance with the index of 10. show alarm 10
show event
Function: To display the event group configuration information. Mode: All modes Format: show event [<1-65535>] Parameter: Parameter <1-65535> Description Index of the event group.
341
Example 1: Display the RMON information about all event instances. show event
Example 2: Display the RMON information about the event instance with the index of 10. show event 10
show history
Function: To display the history group configuration information. Mode: All modes Format: show history [<1-65535>] Parameter: Parameter <1-65535> Description Index of the history group.
Example 1: Display the RMON information about all existing history instances. show history
Example 2: Display the RMON information about the history instance with the index of 10. show history 10
342
show rmon
Function: To display the RMON information. Mode: All modes Format: show rmon
show statistics
Function: To display the statistics group configuration information. Mode: All modes Format: show statistics [<1-65535>] Parameter: Parameter <1-65535> Description Index of the statistics group.
Parameter <idlist>
Example: Delete the information bout the member switch with the ID of 2. erase member 2
reboot member
Function: To start a member switch. Mode: Cluster management configuration mode Format: reboot member <idlist> Parameter: Parameter <idlist> Description ID of the member switch.
save member
Function: To save the information about member switches in the cluster. Mode: Cluster management configuration mode Format: save member <idlist> Parameter:
344 Confidential and Proprietary Information of ZTE CORPORATION
Parameter <idlist>
Example: Save the information about the member switch with the ID of 4. save member 4
Example: Add the device with the device number of 3 to the cluster. set group add device 3
Example: Add the device with the MAC address of 00.d0.d0.f2.d0.f5 to the cluster and specify the member ID as 4. set group add mac f2.d0.f5 4
Example: Set the command switch, specify the layer 3 port 3 for cluster management and set the IP address pool to 192.168.1.2/24.
346
Example: Delete a member according to the member ID. set group delete member 3
Parameter: Parameter <1-300> Description Time interval for automatic handshake between member switches and the command switch. The unit is second. By default, it is 8 seconds.
Example: Set the time interval for automatic handshake between the member switches and the command switch. set group handtime 10
Example: Set the valid time for holding the information about the member switch configured by the command switch to 100 seconds. set group holdtime 100
348
<name>
Example: Set the cluster name to zte. set group name zte
Example: Set the IP address of the TFTP server of the cluster to 192.168.200.1. set group tftpsvr 192.168.200.1
349
set zdp
Function: To enable/disable the switch neighbor discovery function. Mode: Cluster management configuration mode Format: set zdp {enable|disable } Parameter: Parameter enable disable Description Enables the switch neighbor recovery function. Disables the switch neighbor recovery function.
350
Format: set zdp port <portlist> {enable|disable} Parameter: Parameter <portlist> enable disable Description Port list. Enables the switch neighbor recovery function. Disables the switch neighbor recovery function.
Example: Enable the switch neighbor recovery function on port 2. set zdp port 2 enable
Example: Set the time interval for sending ZDP packets to 70 seconds. set zdp timer 70
351
Note: The range of parameter <trunklist> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S. Example: Enable the switch neighbor recovery function on trunk 2. set zdp trunk 2 enable
set ztp
Function: To enable/disable the topology information collection function of the switch. Mode: Cluster management configuration mode Format: set ztp {enable|disable} Parameter: Parameter enable
352
Parameter
Description the switch. Disables the topology information collection function of the switch.
disable
Example: Set the delay for the device to forward topology information collection packets to 400 milliseconds. set ztp hopdelay 400
Example: Enable the topology information collection function on port 2. set ztp port 2 enable
Parameter: Parameter <1-100> Description Delay for the next port of the device to forward topology information collection packets. The unit is millisecond. By default, it is 20 milliseconds.
Example: Set the delay for the next port of the device to forward topology information collection packets to 40 milliseconds. set ztp portdelay 40
Example: Set the time interval for starting the automatic topology information collection to 2 minutes. set ztp timer 2
355
Note: The range of parameter <trunklist> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S. Example: Enable the topology information collection function of the switch on trunk 2. set zdp trunk 2 enable
Description
Parameter <1-4094>
Description VLAN ID. The range is 1~4094. the topology information collection is
show group
Function: To display the cluster management information. Mode: All modes Format: show group
357
Parameter <1-255>
Example: Display information about the switch with the cluster member ID of 6. show group member 6
show zdp
Function: To display the ZDP configuration information about the switch. Mode: All modes Format: show zdp
show ztp
Function: To display the configuration topology information collection protocol. Mode: All modes Format: show ztp information about the
358
Example: Display information about the device with the device number of 2 in the topology information collection results. show ztp device 2
359
Example: Display the configuration information about the topology information collection protocol according to the MAC address of the device. set ztp mac f2.d0.f5
ztp start
Function: To start the topology information collection procedure. Mode: Cluster management configuration mode Format: ztp start
Mode: Global configuration mode Format: set loopDetect port <portlist> {enable|disable} Parameter: Parameter <portlist> enable disable Description Port list. Enables the port loop detection. Disables the port loop detection.
361
Parameter: Parameter <trunklist> enable disable Description Trunk ID list. Enables the trunk loop detection. Disables the trunk loop detection.
Note that the range of parameter <trunklist> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
Note that the range of parameter <trunklist> is 1~8 on the ZXR10 2609/2818S/2826S, and 1~16 on the ZXR10 2852S.
362
show loopDetect
Function: To display the port loop information. Mode: All modes Format: show loopDetect
363
364
Appendix
Abbreviations
Abbreviation ABR ACL AD ARP AS ASBR ATM BGP BOOTP BRD CHAP CIDR CLNP CLNS CoS CRC CRLDP CSN Full Name Area Border Router Access Control List Administrative Distance Address ResolutionProtocol Autonomous System Autonomous System Border Router Asynchronous Transfer Mode Border Gateway Protocol BOOTstrap Protocol Backup Designate Router Challenge Handshake Authentication Protocol Classless Inter-Domain Routing ConnectionLess Network Protocol ConnectionLess Network Sevice Class of Service Cyclic Redundancy Check Constraint based Routing Label Distribution Protocol Cryptographic Sequence Number
Confidential and Proprietary Information of ZTE CORPORATION 365
Abbreviation DHCP DIS DNS DR EBGP EGP ES FEC FIFO FPGA FSM FTP GBIC GRE ICMP IETF IGMP IGP IP ISO ISP LACP LAN LAPB LCP LDP
Full Name Dynamic Host Configuration Protocol Designate IS Domain Name System Designate Router External Border Gateway Protocal External Gateway Protocol End System Forwarding Equivalence Class First In and First Out Field Programmable Gate Array Finite State Machine File Transfer Protocol Gigabit Interface Converter General Routing Encapsulation Internet Control Message Protocol Internet Engineering Task Force Internet Group Mangement Protocol Interior Gateway Protocol Internet Protocol International Organization for Standardization Internet Service Provider Link Aggregation Control Protocol Local Area Network Link Access Procedure Balanced Link Control Protocol Label Distribution Protocol
366
Appendix A - Abbreviations
Abbreviation LSA LSP LSR MAC MD5 MED MIB MPLS MSTP MTU NAT NBMA NCP NIC NLRI NMS NSAP NSP NTP NVT OAM OSI OSPF PAP PAT PCM
Full Name Link State Advertisement Link State PDU Label Switch Router Media Access Control Message Digest 5 MULTI_EXIT_DISC Management Information Base Multi-Protocol Label Switching Multiple Spanning Tree Protocol Maximum Transmission Unit Network Address Translation Non-Broadcast Multiple Access Network Control Protocol Network Information Center Network Layer Reachable Information Network Management System Network Service Access Point Network Service Provider Network Time Protocol Network Virtual Terminal Operation And Management Open Systems Interconnection Open Shortest Path First Passwork Authentication Protocol Port Address Translation Pulse Code Modulation
367
Abbreviation PDU POS PPP PSNP QoS RARP RADIUS RFC RIP RLE RMON ROS RSTP RSVP SDH SDLC SMTP SNMP SNP SPF STP TCP TFTP ToS TELNET TTL
Full Name Protocol Data Unit Packet over SDH Point-to-Point Protocol Partial Sequence Num PDU Quality of Service Reverse Address Resolution Protocol Remote Authentication Dial In User Service Request For Comments Routing Information Protocol Route lookup engine Remote Monitoring Router Operation System Rapid Spanning Tree Protocol Resource Reservation Protocol Synchronous Digital Hierarchy Synchronous Data Link Control Simple Mail Transfer Protocol Simple Network Management Protocol Sequence Num PDU Shortest Path First Spanning Tree Protocol Transmission Control Protocol Trivial File Transfer Protocol Type Of Service Telecommunication Network Protocol Time To Live
368
Appendix A - Abbreviations
Abbreviation UDP VID VLSM VPN VRF VRRP WAN WWW ZGMP
Full Name User Datagram Protocol VLAN Identifier Variable Length Subnet Mask Virtual Private Network Virtual Routing Forwarding Virtual Router Redundancy Protocol Wide Area Network World Wide Web Zte Group Manage Protocol
369
370
Figures
Figure 1 Typical Workgroup Networking Structure ...................... 34 Figure 2 Typical Networking of MAN Broadband Access ............... 35 Figure 3 ZXR10 2609/2818S/2826S/2852S Working Principle ...... 38 Figure 4 Front Panel of the ZXR10 2609.................................... 39 Figure 5 Front Panel of the ZXR10 2818S .................................. 41 Figure 6 Front Panel of the ZXR10 2826S .................................. 42 Figure 7 Front Panel of the ZXR10 2852S .................................. 43 Figure 8 SF-1FE-S40KSC Sub-board ......................................... 45 Figure 9 SF-1FE-S15KSC sub-board ......................................... 46 Figure 10 SF-1FE-M02KSC sub-board ....................................... 46 Figure 11 SF-2GE-2RJ45 Sub-board (FGEI) ............................... 47 Figure 12 SF-2GE-2SFP Sub-board (FGFI) ................................. 47 Figure 13 SF-2GE-SFPRJ45 Sub-board (FGFE) ........................... 48 Figure 14 Rear Panel of the ZXR10 2818S/2826S (DC power supply) ................................................................................... 49 Figure 15 Rear Panel of the ZXR10 2818S/2826S (AC power supply) ................................................................................... 49 Figure 16 Rear Panel of the ZXR10 2852S (DC power supply) ...... 50 Figure 17 Rear Panel of the ZXR10 2852S (AC power supply)....... 50 Figure 18 Installing Plastic Feet ............................................... 52 Figure 19 Installing Flanges .................................................... 53 Figure 20 Installing Holders .................................................... 54 Figure 21 Fixing Equipment..................................................... 55 Figure 22 AC Power Cable....................................................... 56 Figure 23 48 Power Socket.................................................... 57 Figure 24 DC Power Cable....................................................... 57 Figure 25 Serial Port Configuration Cable .................................. 58 Figure 26 Structure of Network Cable ....................................... 59 Figure 27 Transverse English Label on Panels and Connectors ...... 62 Figure 28 Roll-type Self-cover Laser print Label Model II ............. 63 Figure 29 Transverse English Type I Label................................. 64 Figure 30 Pattern and Meanings of the Engineering Label on the Optical Fiber .................................................................. 64 Figure 31 Cabling of the Ethernet Switch in a Building................. 66 Figure 32 Cabling of a Convergence Switch ............................... 67
Confidential and Proprietary Information of ZTE CORPORATION 371
Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
Creating a Connection............................................... 69 Connection Configuration Information ......................... 70 Port Attribute Settings .............................................. 71 ZXR10 2609/2818S/2826S/2852S Configuration Modes . 78 Run the Telnet ......................................................... 79 Switch Remote Login Window .................................... 80 TFTPD Server Interface ............................................. 91 Tftpd Settings Dialog Box .......................................... 92 Example of Overlapping VLAN .................................. 118 Example of VLAN Transparent Transmission ............... 119 Example of LACP Configuration ................................ 125 Network Topology for One-To-Many Communication.... 130 MSTP Topological Structure ..................................... 132 PVLAN Configuration Example .................................. 144 Configuration Example of Static Route....................... 148 Using PAP Mode for Identity Authentication ................ 153 Using CHAP Mode for Identity Authentication.............. 154 Using EAP-MD5 Mode for Identity Authentication ........ 155 Typical QinQ Networking ......................................... 165 SSH Configuration Example ..................................... 173 Setting IP Address and Port Number of the SSH Server 174 Setting SSH Version Number ................................... 175 User Confirmation Required in the First Login ............. 176 SSH Login Result ................................................... 176 Cluster Management Networking .............................. 189 Switch Role Changeover Rule................................... 190
372
Tables
Table Table Table Table Table Table Table Table Table Table Table Table 1 Typographical Conventions ......................................... xxv 2 Mouse Operation Conventions .................................... xxvi 3 Safety Signs ............................................................xxvii 4 Techincal Features and Parameters ............................... 36 5 Pinout of Serial Port Configuration Cable ........................ 58 6 RJ45 Pinout of Straight-through Cable ........................... 59 7 RJ45J Pinout of Crossover Cable ................................... 60 8 Fiber Types ............................................................... 61 9 Temperature and Humidity Table .................................. 72 10 Functional keys ........................................................ 87 11 Default Settings of Port Parameters ............................111 12 Maintenance and Test Period of the Ethernet Switch System ..................................................................................205 Table 13 Parameter Description ..............................................217
373