SmartAX MA5600/MA5603 Multi-service Access Module V300R003C05
Configuration Guide Issue
09
Date
2015-02-28
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd. Address:
Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China
Website:
http://www.huawei.com
Email:
[email protected]
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
i
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
About This Document
About This Document Purpose This document describes the configuration of various services supported by the MA5600. The description covers the following topics: l
Purpose
l
Networking
l
Data plan
l
Prerequisite(s)
l
Precaution
l
Configuration flowchart
l
Configuration procedure
l
Result
This document helps users to know the configuration of various services supported by the MA5600.
Related Versions The following table lists the product versions related to this document. Product Name
Version
MA5600
V300R003C05
N2000 BMS
V200R012C05
This document considers the MA5600 as an example to describe the configuration and does not describe the configuration of services supported by the MA5603 because the MA5600 have the different hardware and the same software functions.
Intended Audience The intended audience of this document is: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
ii
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
Installation and commissioning engineers
l
System maintenance engineers
l
Data configuration engineers
About This Document
Conventions Symbol Conventions The symbols that may be found in this document are defined as follows. Symbol
Description Indicates a hazard with a high level of risk which, if not prevented, may result in death or serious injury. Indicates a hazard with a medium or low level of risk which, if not prevented, may result in minor or moderate injury. Indicates a potentially hazardous situation that, if not prevented, may result in equipment damage, data loss, and performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.
General Conventions
Issue 09 (2015-02-28)
Convention
Description
Times New Roman
Normal paragraphs are in Times New Roman.
Boldface
Names of files, directories, folders, and users are in boldface. For example, log in as user root.
Italic
Book titles are in italics.
Courier New
Terminal display is in Courier New. In addition, the information that is input by the user and is contained in the screen display is in boldface.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
iii
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
About This Document
Command Conventions Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italic.
[]
Items (keywords or arguments) in square brackets [ ] are optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by vertical bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.
{ x | y | ... } *
Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets and separated by vertical bars. Multiple or none are selected.
GUI Conventions Convention
Description
Boldface
Buttons, menus, parameters, tabs, window, and dialog titles are in Boldface. For example, click OK.
>
Multi-level menus are in boldface and separated by the ">" signs. For example, choose File > Create > Folder.
Keyboard Operation
Issue 09 (2015-02-28)
Format
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Press the keys concurrently. For example, pressing Ctrl+Alt +A indicates the three keys need to be pressed concurrently.
Key 1, Key 2
Press the keys in turn. For example, pressing Alt, A indicates the two keys need to be pressed in turn.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
iv
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
About This Document
Mouse Operation Action
Description
Click
Select and release the primary mouse button without moving the pointer.
Double-click
Press the primary mouse button twice continuously and quickly without moving the pointer.
Drag
Press and hold the primary mouse button and move the pointer to a certain position.
Update History Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions.
Issue 09 (2015-02-28) Based on issue 08 (2013-12-30), the document is updated as follows: The following information is modified: 1.7 Configuring the Attributes of an Upstream Ethernet Port 1.4 Configuring Alarms
Issue 08 (2013-12-30) Based on issue 07 (2013-03-26), the document is updated as follows: The following information is modified: 2.6 Configuring MPLS
Issue 07 (2013-03-26) Based on issue 06 (2012-01-20), the document is updated as follows: Some bugs are fixed.
Issue 06 (2012-01-20) Based on issue 05 (2010-11-29), the document is updated as follows: The following information is modified: l
Configuring the System Clock
l
Configuring the ACL
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
v
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
About This Document
Issue 05 (2010-11-29) Based on issue 04 (2010-10-25), the document is updated as follows: The following information is modified: l
Configuring the ADSL2+ Profile
l
Configuring the Multicast Service in the MVLAN Mode
l
Configuring the Multicast Service in the Non-MVLAN Mode
Issue 04 (2010-10-25) Based on issue 03 (2010-03-15), the document is updated as follows: The following information is modified: l
Configuration Example of the Integrated MSTP Network
l
Configuration Example of the Integrated Subtending Network
Issue 03 (2010-03-15) Based on issue 02 (2009-03-15), the document is updated as follows: The following information is added: Based on the new design, the file structure is changed according to the customer requirements to implement the configuration according to the scenario and documentation.
Issue 02 (2009-03-15) Based on issue 01 (2008-11-20), the document is updated as follows: The following information is added: l
Modifying an ACL
l
Enabling the Ring Network Detection on the User Side
l
FAQ
l
Configuration Example of the Multicast Service Based on the VDSL2 Fall Back Function
The following information is modified: l
Configuring the IP Address of the Inband NMS Interface
l
Configuring the PITP Function
l
Enabling the Anti MAC Spoofing Function
l
Configuring the Outband Firewall Function
l
Configuring an Accessible Address Segment
l
Introduction to VDSL2 Service
l
Configuration Example of the VDSL2 IPoA Service
l
Configuration Example of the VDSL2 PPPoA Service
l
Configuration Example of the VDSL2 PPPoE/IPoE Service
l
Adding a VDSL2 Line Profile
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
vi
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
Adding a VDSL2 Channel Profile
l
Introduction to MPLS Service
About This Document
Updates in Issue 01 (2008-11-20) This is the first release.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
vii
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Contents
Contents About This Document.....................................................................................................................ii 1 Basic Configurations.....................................................................................................................1 1.1 Configuring the License Function..................................................................................................................................3 1.2 Configuring the System Clock.......................................................................................................................................5 1.3 Configuring the Network Time......................................................................................................................................6 1.3.1 (Optional) Configuring NTP Authentication...............................................................................................................7 1.3.2 Configuring the Broadcast Mode NTP........................................................................................................................8 1.3.3 Configuring the Multicast Mode NTP.......................................................................................................................10 1.3.4 Configuring the Unicast Server Mode NTP..............................................................................................................13 1.3.5 Configuring the Peer Mode NTP...............................................................................................................................15 1.4 Configuring Alarms......................................................................................................................................................17 1.5 Adding Port Description...............................................................................................................................................18 1.6 Configuring the Auto-save Function............................................................................................................................19 1.7 Configuring the Attributes of an Upstream Ethernet Port............................................................................................22 1.8 Configuring the Ethernet Port Aggregation..................................................................................................................24 1.9 Configuring DHCP.......................................................................................................................................................25 1.9.1 Configuring the Standard DHCP Mode.....................................................................................................................26 1.9.2 Configuring the DHCP Option60 Mode....................................................................................................................27 1.9.3 Configuring the DHCP MAC Address Segment Mode.............................................................................................29 1.10 Configuring a VLAN..................................................................................................................................................31 1.11 Configuring an xDSL Profile.....................................................................................................................................37 1.11.1 Configuring the ADSL2+ Profile............................................................................................................................37 1.11.2 Configuring SHDSL Profiles...................................................................................................................................39 1.11.3 Configuring VDSL2 Profiles...................................................................................................................................41 1.12 Configuring System Security......................................................................................................................................43 1.12.1 Configuring Firewall...............................................................................................................................................44 1.12.2 Configuring Anti-Attack..........................................................................................................................................46 1.12.3 Preventing the Access of Illegal Users....................................................................................................................48 1.13 Configuring the User Security....................................................................................................................................50 1.13.1 Configuring Anti-Theft and Roaming of User Account Through PITP..................................................................51 1.13.2 Configuring Anti-Theft and Roaming of User Accounts Through DHCP..............................................................53 1.13.3 Configuring Anti-IP Spoofing and Anti-MAC Spoofing........................................................................................55 Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
viii
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Contents
1.13.4 Configuring the Ring Network Detection on the User Side....................................................................................57 1.14 Configuring AAA.......................................................................................................................................................58 1.14.1 Configuring the Remote AAA (RADIUS Protocol)................................................................................................59 1.14.2 Configuration Example of the RADIUS Authentication.........................................................................................62 1.15 Configuring the ACL..................................................................................................................................................64 1.15.1 Configuring a Basic ACL........................................................................................................................................65 1.15.2 Configuring an Advanced ACL...............................................................................................................................67 1.15.3 Configuring a Link Layer ACL...............................................................................................................................68 1.15.4 Configuring a User-defined ACL............................................................................................................................69 1.16 Configuring QoS.........................................................................................................................................................72 1.16.1 Configuring Traffic Management............................................................................................................................72 1.16.2 Configuring Traffic Management Based on ACL...................................................................................................77 1.16.3 Configuring the Queue Management......................................................................................................................81
2 Protocol Configuration...............................................................................................................84 2.1 Configuring ARP Proxy...............................................................................................................................................85 2.2 Configuring the Route..................................................................................................................................................88 2.2.1 Configuration Example of the Routing Policy..........................................................................................................88 2.2.2 Configuration Example of the Static Route...............................................................................................................90 2.2.3 Configuration Example of RIP..................................................................................................................................92 2.2.4 Configuration Example of OSPF...............................................................................................................................96 2.3 Configuring the MSTP.................................................................................................................................................99 2.4 Configuring the Ethernet OAM..................................................................................................................................103 2.5 Configuring PIM-SSM Parameters............................................................................................................................106 2.6 Configuring MPLS.....................................................................................................................................................113 2.6.1 Configuring the MPLS LDP....................................................................................................................................113 2.6.2 Configuring the MPLS VPN...................................................................................................................................120 2.6.3 Configuring the MPLS RSVP-TE...........................................................................................................................130 2.6.4 Configuring the MPLS OAM..................................................................................................................................138
3 Configuring the xDSL Internet Access Service...................................................................151 3.1 Configuring a VLAN..................................................................................................................................................154 3.2 Configuring an Upstream Port....................................................................................................................................159 3.3 Configuring an xDSL Port..........................................................................................................................................159 3.4 Creating an xDSL Service Port..................................................................................................................................161 3.5 (Optional) Configuring the xPoA-xPoE Protocol Conversion...................................................................................167
4 Configuring the Multicast Service in the MVLAN Mode.................................................171 4.1 Default Settings of the Multicast Service...................................................................................................................173 4.2 Configuring the Multicast Service on a Single-NE Network.....................................................................................173 4.2.1 Configuring Multicast Global Parameters...............................................................................................................175 4.2.2 Configuring the Multicast VLAN and the Multicast Program................................................................................177 4.2.3 Configuring a Multicast User..................................................................................................................................180 Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
ix
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Contents
4.2.4 (Optional) Configuring the Multicast Bandwidth...................................................................................................183 4.2.5 (Optional) Configuring Multicast Preview..............................................................................................................184 4.2.6 (Optional) Configuring Program Prejoin.................................................................................................................186 4.2.7 (Optional) Configuring the Multicast Logging Function........................................................................................187 4.2.8 (Optional) Configuring the PIM-SSM.....................................................................................................................190 4.3 Configuring the Multicast Service in a Subtending Network.....................................................................................197 4.4 Configuring the Multicast Service in an MSTP Network..........................................................................................198
5 Configuring the Multicast Service in the Non-MVLAN Mode.......................................201 5.1 Default Settings of the Multicast Service...................................................................................................................203 5.2 Configuring the Multicast Service on a Single-NE Network.....................................................................................203 5.2.1 Configuring Global Multicast Parameters...............................................................................................................204 5.2.2 Configuring the Multicast Program.........................................................................................................................207 5.2.3 Configuring the Multicast User...............................................................................................................................210 5.2.4 (Optional) Configuring the Multicast Bandwidth...................................................................................................212 5.2.5 (Optional) Configuring Multicast Preview..............................................................................................................213 5.2.6 (Optional) Configuring the Program Prejoin...........................................................................................................215 5.2.7 (Optional) Configuring the Multicast Log...............................................................................................................216 5.3 Configuring the Multicast Service in a Subtending Network.....................................................................................218 5.4 Configuring the Multicast Service in an MSTP Network..........................................................................................220
6 Configuration Examples of Services......................................................................................223 6.1 Configuration Example of the xDSL Internet Access Service...................................................................................224 6.1.1 Configuration Example of the xDSL Internet Access Service Through PPPoE Dialup.........................................224 6.1.2 Configuration Example of the xDSL IPoE Internet Access Service.......................................................................232 6.1.3 Configuration Example of the xDSL IPoA Internet Access Service.......................................................................239 6.1.4 Configuration Example of the xDSL PPPoA Internet Access Service....................................................................247 6.2 Configuration Examples of the Multicast Service in the MVLAN Mode..................................................................255 6.2.1 Configuration Example of the Multicast Video Service in the Static Configuration Mode....................................255 6.2.2 Configuration Example of the Multicast Video Service in the Dynamic Generation Mode...................................260 6.3 Configuration Example of the Multicast Video Service in the Non-MVLAN Mode................................................263 6.4 Configuring the VLAN Stacking Wholesale Service.................................................................................................267 6.4.1 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access.............................................................267 6.4.2 Configuration Example of VLAN ID Extension.....................................................................................................269 6.5 Configuration Example of the QinQ VLAN..............................................................................................................271 6.6 Configuring the Triple Play........................................................................................................................................273 6.6.1 Configuration Example of the Triple Play Application (Multi-PVC for Multiple Services)..................................274 6.6.2 Configuration Example of the Triple Play Application (Single-PVC for Multiple Services).................................279
7 Configuring the Uplink Redundancy Backup.....................................................................285 8 Configuring the Device Subtending.....................................................................................288 8.1 Configuring the NE Subtending Through the FE or GE Port.....................................................................................289 8.2 Configuring the ATM-DSLAM Access Service........................................................................................................290 Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
x
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Contents
8.2.1 Configuring the Attributes of an ATM Port............................................................................................................291 8.2.2 Configuring an ATM Service Port..........................................................................................................................293 8.2.3 Configuring the xPoA-xPoE Protocol Conversion..................................................................................................294 8.2.4 (Optional) Configuring the MPLS VPN..................................................................................................................298
9 Configuration Example of the Integrated MSTP Network...............................................304 9.1 Networking.................................................................................................................................................................306 9.2 Data Plan.....................................................................................................................................................................307 9.3 Configuring MA5600-1..............................................................................................................................................310 9.4 Configuring MA5600-2..............................................................................................................................................317 9.5 Configuring MA5600-3..............................................................................................................................................324 9.6 Configuring MA5600-4..............................................................................................................................................329 9.7 Configuring MA5600-5..............................................................................................................................................335 9.8 Verification.................................................................................................................................................................337
10 Configuration Example of the Integrated Subtending Network...................................339 10.1 Networking...............................................................................................................................................................340 10.2 Data Plan for Integrated Subtending Network.........................................................................................................341 10.3 Configuring MA5600-1............................................................................................................................................343 10.4 Configuring MA5600-2............................................................................................................................................350 10.5 Configuring MA5600-3............................................................................................................................................357 10.6 Verification...............................................................................................................................................................359
A FAQ............................................................................................................................................. 361 A.1 How to Query MAC Addresses of Online Users and Query the Ports that Provide the Access for the Users According to the MAC Addresses......................................................................................................................................................362 A.2 What Are the Prerequisites for the Link and Protocol Status of the L3 Interface to Be Up......................................362 A.3 How to Prevent System Breakdown or Service Interruption of the MA5600 Caused by Network Attacks Through the Proper Configuration........................................................................................................................................................362 A.4 How to Change the NMS VLAN...............................................................................................................................363 A.5 How to Change the VLAN Type...............................................................................................................................364 A.6 How to Change the Service VLAN to Which the xDSL Port Belongs.....................................................................364 A.7 How to Change the Line Profile of an xDSL Port.....................................................................................................365 A.8 How to Add a Board on the MA5600........................................................................................................................365 A.9 How to Enable Two xDSL Ports of the MA5600 to Communicate with Each Other...............................................366 A.10 What Are the Differences Between the firewall packet-filter Command and the packet-filter Command.........366
B Acronyms and Abbreviations.................................................................................................368
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
xi
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1
1 Basic Configurations
Basic Configurations
About This Chapter Basic configurations mainly include certain common configurations, public configurations, and pre-configurations in service configurations. There is no logical relationship between basic configurations. You can perform basic configurations according to actual requirements. 1.1 Configuring the License Function With the license platform enabled, the license platform performs license control through license server over the function entries and resource entries supported by the MA5600 and provides customized services for users. 1.2 Configuring the System Clock This topic describes how to configure the system clock to restrict the clock frequency and phase of each node on a network within the preset tolerance scope. This prevents transmission performance deterioration caused by poor timing at both the transmit and receive ends in the digital transmission system. 1.3 Configuring the Network Time Configuring the NTP protocol is to keep the time of all the devices on the network synchronized, so that the MA5600 implements various service applications, such as the network management system and the network accounting system, based on universal time. 1.4 Configuring Alarms Alarm management includes the following functions: alarm record, alarm setting, and alarm statistics. These functions help you to maintain the device and ensure that the device works efficiently. 1.5 Adding Port Description This topic describes how to add port description. 1.6 Configuring the Auto-save Function This topic describes how to configure the auto-save function so that the system configuration data or database files can be saved automatically. 1.7 Configuring the Attributes of an Upstream Ethernet Port This topic describes how to configure the attributes of a specified Ethernet port so that the system communicates with the upstream device in the normal state. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
1
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
1.8 Configuring the Ethernet Port Aggregation This topic describes how to configure the Ethernet port aggregation. Port aggregation means the aggregation of multiple ports to expand the bandwidth and balance the input and output load among member ports. 1.9 Configuring DHCP The MA5600 can implement DHCP relay and DHCP proxy on a network. Configuring DHCP relay is applicable to the scenario where users dynamically obtain IP addresses from the DHCP server through DHCP. In DHCP proxy, the MA5600 proxy can implement certain functions of the DHCP server. 1.10 Configuring a VLAN Configuring VLAN is a prerequisite for configuring a service. Hence, before configuring a service, make sure that the VLAN configuration based on planning is complete. 1.11 Configuring an xDSL Profile Configuring an xDSL profile is a prerequisite for configuring an xDSL access service. This topic describes how to configure an ADSL2+ profile, an SHDSL profile, and a VDSL2 profile. 1.12 Configuring System Security This topic describes how to configure the network security and protection measures of the system to protect the system from malicious attacks. 1.13 Configuring the User Security Configuring the security mechanism can protect operation users and access users against user account theft and roaming or from the attacks from malicious users. 1.14 Configuring AAA This topic describes how to configure the AAA on the MA5600, including configuring the MA5600 as the local and remote AAA servers. 1.15 Configuring the ACL This topic describes the type, rule, and configuration of the ACL on the MA5600. 1.16 Configuring QoS This topic describes how to configure quality of service (QoS) on the MA5600.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
2
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
1.1 Configuring the License Function With the license platform enabled, the license platform performs license control through license server over the function entries and resource entries supported by the MA5600 and provides customized services for users.
Prerequisites The license platform must be enabled, that is, the license function must be enabled.
Application Context The license platform provides the registration mechanism for the service modules of the MA5600. During system initialization, the service modules need to register for the controlled resource entries or the controlled function entries. After the system starts to work, based on the controlled entries that are registered, the license client management module obtains the authentication information about the license controlled entries of the MA5600 from the license server. When a service module is configured through the CLI or NMS, the device checks whether the resource entries of the service module or the function entries of the service module are overloaded. l
If overload occurs, the system quits the service configuration and displays a prompt of insufficient license resources.
l
If overload does not occur, the system allows the user to continue configuring and using the service. When the service configuration is deleted, the system automatically releases the license resources occupied by the service configuration.
Background Information l
The MA5600 adopts the network license solution, that is, a license server is deployed on the network. The license server software can be installed on the same device with the NMS. The license server software can also be installed separately on a license server. Each digital subscriber line access multiplexer (DSLAM) is like a license client and the licenses of all the clients are managed by the license server in a centralized manner.
l
In the management scope of the license server (generally a region or a city), each product has only one license file that is stored on the license server. The resources of the product that are controlled by the license are defined by the license file. Because one license server can manage multiple products, multiple license files can be stored on one license server.
l
With the license platform enabled, the license server performs license control over the function entries and resource entries supported by the MA5600 and provides customized services, namely, specified function entries and resource entries, for users according to the requirements. The control entries of the license platform include function entries and resource entries. You can run the display license feature command to query the corresponding control entries. – A function entry refers to the entry whose license is controlled based on the function. The controllable function entries supported by the MA5600 include:
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
3
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
– ETH OAM function – Illegal access control function of the broadband metropolitan area network (MAN) – Statistical function of the port rate fulfillment ratio – MPLS function – Dynamic routing function – A resource entry refers to the entry whose license is controlled based on the count. The controllable resource entries supported by the MA5600 include: – Count of multicast users – Count of multicast programs – Count of conversions from xPOA to xPOE – Count of ADSL2+/SHDSL/VDSL2 ports – Count of ADSL2+ ports using the Annex M feature – Count of ADSL2+ ports using the INP+ feature – Count of SHDSL.bis ports referencing the profile configured with high rate – Count of bound SHDSL ports – Count of ports on the AIUG board supporting the access of the ATM service – Count of IMA links on the AIUG board
Precautions l
If you need to use the license platform supported by the MA5600, ensure to consider the deployment of the license server in network planning.
l
It is recommended that you install the license server on the same computer with the NMS server. If there is no NMS server, you need to separately deploy a license server on the network.
Procedure Step 1 Configure the interface that is for communicating between the MA5600 and the license server. 1.
Run the vlan command to create a VLAN.
2.
Run the port vlan command to add an upstream port to the VLAN.
3.
(Optional) Run the native-vlan command to configure the default VLAN of the upstream port. Whether the native VLAN needs to be set for the upstream port depends on whether the upper-layer device connected to the upstream port supports packets carrying a VLAN tag. The setting on the MA5600 must be the same as that on the upper-layer device.
4.
Run the interface vlanif command to enter the VLAN interface mode.
5.
Run the ip address command to configure the IP address of the VLAN L3 interface so that the IP packets in the VLAN are forwarded by using this IP address.
Step 2 Run the license esn command to configure the equipment serial number (ESN) of the device. Each client of the license server is uniquely identified by the ESN. The ESN needs to be configured if the user enables the license platform. The ESN can be the NMS IP address of the device or the IP address of the VLAN L3 interface. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
4
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Step 3 Run the license server command to configure the license server. If the user enables the license platform, configure the IP address and TCP port ID of the license server so that the license server can communicate with the client. Step 4 Run the display license info command to query the communication status between the device and the license server. ----End
Example To configure the MA5600 to communicate with the server through smart VLAN 10, configure the IP address of the L3 interface to 10.10.10.10/24, configure the MA5600 to communicate with the license server (IP address: 10.20.20.2/24) through port 0/7/0, and configure the TCP port ID to 10010, do as follows: huawei(config)#vlan 10 smart huawei(config)#port vlan 10 0/7 0 huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.10.10.10 24 huawei(config-if-vlanif10)#quit huawei(config)#ip route-static 0.0.0.0 24 10.10.10.1 huawei(config)#license esn 10.10.10.10 huawei(config)#license server ipaddress 10.20.20.2 tcpport 10010
1.2 Configuring the System Clock This topic describes how to configure the system clock to restrict the clock frequency and phase of each node on a network within the preset tolerance scope. This prevents transmission performance deterioration caused by poor timing at both the transmit and receive ends in the digital transmission system.
Background Information On a digital network comprising the MA5600 and other devices, the primary problem is clock synchronization. To ensure that the system uses a unified clock standard, you must specify the clock signals from a certain port as the system clock source.
Procedure Step 1 Run the clock source command to configure the system clock source. Specify the clock signals extracted from a certain port as the system clock source. Step 2 Run the clock priority command to configure the priority of the clock source. ----End
Example To obtain two clock sources from ports 0/5/0 and 0/5/1 of the SHEB board as clock source 0 and clock source 2 of the system, configure clock source 2 with the highest priority, and configure clock source 0 with the second highest priority, do as follows: huawei(config)#clock source 0 0/5/0 huawei(config)#clock source 2 0/5/1 huawei(config)#clock priority sdh 2/0
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
5
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
1.3 Configuring the Network Time Configuring the NTP protocol is to keep the time of all the devices on the network synchronized, so that the MA5600 implements various service applications, such as the network management system and the network accounting system, based on universal time.
Background Information Introduction to the NTP Protocol: l
The Network Time Protocol (NTP) is an application layer protocol defined in RFC 1305, which is used to synchronize the times of the distributed time server and the client. The RFC defines the structures, arithmetics, entities, and protocols used in the implementation of NTP.
l
NTP is developed from the time protocol and the ICMP timestamp message protocol, with special design on the aspects of accuracy and robustness.
l
NTP runs over UDP with port number as 123.
l
Any local system that runs NTP can be time synchronized by other clock sources, and also act as a clock source to synchronize other clocks. In addition, mutual synchronization can be done through NTP packets exchanges.
NTP is applied to the following situations where all the clocks of hosts or routers on a network need to be consistent: l
In the network management, an analysis of log or debugging information collected from different routers needs time for reference.
l
The charging system requires the clocks of all devices to be consistent.
l
Completing certain functions, for example, timing restart of all the routers on a network requires the clocks of all the routers be consistent.
l
When several systems work together on the same complicate event, they have to take the same clock for reference to ensure correct implementation order.
l
Incremental backup between the backup server and clients requires clocks on them be synchronized.
When all the devices on a network need to be synchronized, it is almost impossible for an administrator to manually change the system clock by command line. This is because the work load is heavy and clock accuracy cannot be ensured. NTP can quickly synchronize the clocks of network devices and ensure their precision. There are four NTP modes: unicast server, peer, broadcast, and multicast modes. The MA5600 supports all these modes.
Default Configuration Table 1-1 provides the default configuration for NTP.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
6
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Table 1-1 Default configuration for NTP Parameter
Default Value
NTP-service authentication function
Disable
NTP-service authentication key
None
The maximum allowed number of sessions
100
Clock stratum
16
1.3.1 (Optional) Configuring NTP Authentication This topic describes how to configure NTP authentication to improve the network security and prevent unauthorized users from modifying the clock.
Prerequisites Before configuring the client/server mode NTP, make sure that the network interface of the MA5600 and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.
Background Information In certain networks that have strict requirements on security, enable NTP authentication when running the NTP protocol. Configuring NTP authentication is classified into configuring NTP authentication on the client and configuring NTP authentication on the server.
Precautions l
If NTP authentication is not enabled on the client, the client can synchronize with the server, regardless of whether NTP authentication is enabled on the server.
l
If NTP authentication is enabled, a reliable key needs to be configured.
l
The configuration of the server must be the same as that of the client.
l
When NTP authentication is enabled on the client, the client can pass the authentication if the server is configured with the same key as that of the client. In this case, you need not enable NTP authentication on the server or declare that the key is reliable.
l
The client synchronizes with only the server that provides the reliable key. If the key provided by the server is unreliable, the client does not synchronize with the server.
Procedure Step 1 Run the ntp-service authentication enable command to enable NTP authentication. Step 2 Run the ntp-service authentication-keyid command to set an NTP authentication key. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
7
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Step 3 Run the ntp-service reliable authentication-keyid command to declare that the key is reliable. ----End
Example To enable NTP authentication, set the NTP authentication key as aNiceKey with the key number 42, and then define key 42 as a reliable key, do as follows: huawei(config)#ntp-service authentication enable huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey huawei(config)#ntp-service reliable authentication-keyid 42
1.3.2 Configuring the Broadcast Mode NTP This topic describes how to configure the MA5600 for clock synchronization in the broadcast mode NTP. After the configuration is completed, the server periodically sends broadcast clock synchronization packets through a specified port, and the client listens to the broadcast packets sent from the server and synchronizes the local clock according to the received broadcast packets.
Prerequisites Before configuring the broadcast mode NTP, make sure that the interface and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.
Background Information In the broadcast mode, the server periodically sends clock synchronization packets to the broadcast address 255.255.255.255, with the mode field set to 5 (indicating the broadcast mode). The client listens to the broadcast packets sent from the server. After receiving the first broadcast packet, the client exchanges NTP packet whose mode fields are set to 3 (client mode) and 4 (server mode) with the server to estimate the network delay between the client and the server. The client then enters the broadcast client mode, continues to listen to the incoming broadcast packets, and synchronizes the local clock according to the incoming broadcast packets, as shown in Figure 1-1. Figure 1-1 Broadcast mode NTP Broadcast server
Broadcast client
Periodically sends clock synchronization packets to the broadcast address (with the mode field set to 5) Exchanges NTP packet whose mode fields are set to 3 (client mode) and 4 (server mode) with the server Periodically sends clock synchronization packets (with the mode field set to 5)
Issue 09 (2015-02-28)
After receiving the first broadcast packet, the clent requests for server/client mode Obtains the network delay between the client and the server, and then enters the broadcast client mode Synchronizes the local clock according to the incoming broadcast packets
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
8
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Precautions 1.
In the broadcast mode, you need to configure both the NTP server and the NTP client.
2.
The clock stratum of the synchronizing device must be higher than or equal to that of the synchronized device. Otherwise, the clock synchronization fails.
l
Configure the NTP broadcast server host.
Procedure 1.
Run the ntp-service refclock-master command to configure the local clock as the master NTP clock, and specify the stratum of the master NTP clock.
2.
(Optional) Configure NTP authentication. In certain networks that have strict requirements on security, it is recommended that you enable NTP authentication when running the NTP protocol. The configuration of the server must be the same as that of the client.
3.
4.
l
a.
Run the ntp-service authentication enable command to enable NTP authentication.
b.
Run the ntp-service authentication-keyid command to set an NTP authentication key.
c.
Run the ntp-service reliable authentication-keyid command to declare that the key is reliable.
Add a VLAN L3 interface. a.
Run the vlan command to create a VLAN.
b.
Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port.
c.
In the global config mode, run the interface vlan command to create a VLAN interface, and then enter the VLAN interface mode to configure the L3 interface.
d.
Run the ip address command to configure the IP address and subnet mask of the VLAN interface so that the IP packets in the VLAN can participate in the L3 forwarding.
Run the ntp-service broadcast-server command to configure the NTP broadcast server mode of the host, and specify the key ID for the server to send packets to the client.
Configure the NTP broadcast client host. 1.
(Optional) Configure NTP authentication. In certain networks that have strict requirements on security, it is recommended that you enable NTP authentication when running the NTP protocol. The configuration of the server must be the same as that of the client.
Issue 09 (2015-02-28)
a.
Run the ntp-service authentication enable command to enable NTP authentication.
b.
Run the ntp-service authentication-keyid command to set an NTP authentication key.
c.
Run the ntp-service reliable authentication-keyid command to declare that the key is reliable. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
9
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2.
3.
1 Basic Configurations
Add a VLAN L3 interface. a.
Run the vlan command to create a VLAN.
b.
Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port.
c.
In the global config mode, run the interface vlan command to create a VLAN interface, and then enter the VLAN interface mode to configure the L3 interface.
d.
Run the ip address command to configure the IP address and subnet mask of the VLAN interface so that the IP packets in the VLAN can participate in the L3 forwarding.
Run the ntp-service broadcast-client command to configure a host as the NTP broadcast client.
----End
Example Assume the following configurations: MA5600_S uses the local clock as the master NTP clock on stratum 2 and works in the broadcast mode NTP, sends broadcast clock synchronization packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2; MA5600_C functions as the NTP client, listens to the broadcast packets sent from the server through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the clock on the broadcast server. To perform these configurations, do as follows: 1.
On MA5600_S: huawei(config)#ntp-service refclock-master 2 huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.10 24 huawei(config-if-vlanif2)#ntp-service broadcast-server huawei(config-if-vlanif2)#quit
2.
On MA5600_C: huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.20 24 huawei(config-if-vlanif2)#ntp-service broadcast-client huawei(config-if-vlanif2)#quit
1.3.3 Configuring the Multicast Mode NTP This topic describes how to configure the MA5600 for clock synchronization in the multicast mode NTP. After the configuration is completed, the server periodically sends multicast clock synchronization packets through a specified port, and the client listens to the multicast packets sent from the server and synchronizes the local clock according to the received multicast packets.
Prerequisites Before configuring the multicast mode NTP, make sure that the interface and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.
Background Information In the multicast mode, the server periodically sends clock synchronization packets to the multicast address configured by the user. The default NTP multicast address 224.0.1.1 is used Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
10
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
if the multicast address is not configured. The mode field of clock synchronization packet is set to 5 (multicast mode). The client listens to the multicast packets sent from the server. After receiving the first multicast packet, the client exchanges NTP packet whose mode fields are set to 3 (client mode) and 4 (server mode) with the server to estimate the network delay between the client and the server. The client then enters the multicast client mode, continues to listen to the incoming multicast packets, and synchronizes the local clock according to the incoming multicast packets, as shown in Figure 1-2. Figure 1-2 Multicast mode NTP Multicast server
Multicast client
Periodically sends clock synchronization packets to the multicast address (with the mode field set to 5) Exchanges NTP packet whose mode fields are set to 3 (client mode) and 4 (server mode) with the server Periodically sends clock synchronization packets (with the mode field set to 5)
After receiving the first multicast packet, the clent requests for server/client mode Obtains the network delay between the client and the server, and then enters the multicast client mode Synchronizes the local clock according to the incoming multicast packets
Precautions 1.
In the multicast mode, you need to configure both the NTP server and the NTP client.
2.
The clock stratum of the synchronizing device must be higher than or equal to that of the synchronized device. Otherwise, the clock synchronization fails.
l
Configure the NTP multicast server host.
Procedure 1.
Run the ntp-service refclock-master command to configure the local clock as the master NTP clock, and specify the stratum of the master NTP clock.
2.
(Optional) Configure NTP authentication. In certain networks that have strict requirements on security, it is recommended that you enable NTP authentication when running the NTP protocol. The configuration of the server must be the same as that of the client.
3.
Issue 09 (2015-02-28)
a.
Run the ntp-service authentication enable command to enable NTP authentication.
b.
Run the ntp-service authentication-keyid command to set an NTP authentication key.
c.
Run the ntp-service reliable authentication-keyid command to declare that the key is reliable.
Add a VLAN L3 interface. a.
Run the vlan command to create a VLAN.
b.
Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
11
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4.
l
1 Basic Configurations
c.
In the global config mode, run the interface vlan command to create a VLAN interface, and then enter the VLAN interface mode to configure the L3 interface.
d.
Run the ip address command to configure the IP address and subnet mask of the VLAN interface so that the IP packets in the VLAN can participate in the L3 forwarding.
Run the ntp-service multicast-server command to configure the NTP multicast server mode of the host, and specify the key ID for the server to send packets to the client.
Configure the NTP multicast client host. 1.
(Optional) Configure NTP authentication. In certain networks that have strict requirements on security, it is recommended that you enable NTP authentication when running the NTP protocol. The configuration of the server must be the same as that of the client.
2.
3.
a.
Run the ntp-service authentication enable command to enable NTP authentication.
b.
Run the ntp-service authentication-keyid command to set an NTP authentication key.
c.
Run the ntp-service reliable authentication-keyid command to declare that the key is reliable.
Add a VLAN L3 interface. a.
Run the vlan command to create a VLAN.
b.
Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port.
c.
In the global config mode, run the interface vlan command to create a VLAN interface, and then enter the VLAN interface mode to configure the L3 interface.
d.
Run the ip address command to configure the IP address and subnet mask of the VLAN interface so that the IP packets in the VLAN can participate in the L3 forwarding.
Run the ntp-service multicast-client command to configure a host as the NTP multicast client.
----End
Example Assume the following configurations: MA5600_S uses the local clock as the master NTP clock on stratum 2 and works in the multicast mode NTP, sends multicast clock synchronization packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2, and is enabled with the NTP authentication function (the ID of the MD5 authentication key is set to 10, the key is set to BetterKey, and the authentication key is declared to be reliable); MA5600_C functions as the NTP client, listens to the multicast packets sent from the server through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the clock on the multicast server. To perform these configurations, do as follows: 1.
On MA5600_S: huawei(config)#ntp-service authentication enable huawei(config)#ntp-service authentication-keyid 10 authentication-mode md5 BetterKey
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
12
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
huawei(config)#ntp-service reliable authentication-keyid 10 huawei(config)#ntp-service refclock-master 2 huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.10 24 huawei(config-if-vlanif2)#ntp-service multicast-server huawei(config-if-vlanif2)#quit
2.
On MA5600_C: huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.20 24 huawei(config-if-vlanif2)#ntp-service multicast-client huawei(config-if-vlanif2)#quit
1.3.4 Configuring the Unicast Server Mode NTP This topic describes how to configure the MA5600 as the NTP client to synchronize time with the NTP server on the network.
Prerequisites Before configuring the unicast mode NTP, make sure that the interface and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.
Background Information In the unicast server mode, the client sends a clock synchronization packet to the server, with the mode field set to 3 (client mode). After receiving the packet, the server automatically enters the server mode and sends a response packet with the mode field set to 4 (server mode). After receiving the response from the server, the client filters and selects the clock, and synchronizes with the preferred server, as shown in Figure 1-3. Figure 1-3 Unicast mode NTP Client
Sends a synchronization packet to the server, with the mode field set to 3 (client mode)
Filters and selects the clock, and synchronizes with the preferred server
Sends a response packet with the mode field set to 4 (server mode)
Server
Automatically enters the server mode and sends a response packet
Precautions 1.
In the unicast server mode, you need to configure only the client and need not configure the server.
2.
The clock stratum of the synchronizing device must be higher than or equal to the clock stratum of the synchronized device. Otherwise, the clock synchronization fails.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
13
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Procedure Step 1 Configure a VLAN L3 interface. 1.
Run the vlan command to create a VLAN.
2.
Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port.
3.
Run the interface vlan command to create a VLAN interface in the global config mode and enter the VLAN interface mode to configure the L3 interface.
4.
Run the ip address command to configure the IP address and subnet mask of the VLAN interface so that the IP packets in the VLAN can be forwarded at layer 3.
Step 2 Run the ntp-service unicast-server command to configure the unicast server mode and specify the IP address of the remote server that functions as the local timer server and the interface for transmitting and receiving NTP packets. NOTE
l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast address, or the IP address of a local clock. l After the source interface of the NTP packets is specified by source-interface, the source IP address of the NTP packets is configured as the primary IP address of the specified interface. l A server can function as a time server to synchronize other devices only after its clock is synchronized. l When the clock stratum of the server is higher than or equal to the clock stratum of the client, the client does not synchronize with the server. l You can run the ntp-service unicast-server command for multiple times to configure multiple servers. Then, the client selects the optimal server according to clock priorities.
Step 3 (Optional) Configure the ACL rules. Filter the packets that pass through the L3 interface. Only the IP packet from the clock server is allowed to access the L3 interface and other unauthorized packets are not allowed to access the L3 interface. It is recommended that you use the ACL rules for the system that has requirements on strict security. 1.
Run the acl adv-acl-numbe command to create an ACL.
2.
Run the rule command to create an ACL according to the source IP address, destination IP address, type of the protocol over IP, and protocol features of the packet, allowing or forbidding the data packets that meet related requirements to pass.
3.
Run the packet-filter command configure an ACL filtering rule for a specified port and make the configuration take effect.
----End
Example Assume the following configurations: One MA5600 functions as the NTP server (IP address: 10.20.20.20/24), the other MA5600 (IP address of the L3 interface of VLAN 2: 10.10.10.10/24, gateway IP address: 10.10.10.1) functions as the NTP client, the NTP client sends the clock synchronization request packet through the VLAN L3 interface to the NTP server, the NTP server responds to the request packet, and ACL rules are configured to allow only IP packets from the clock server to access the L3 interface. To perform these configurations, do as follows: huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.10 24
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
14
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
huawei(config-if-vlanif2)#quit huawei(config)#ntp-service unicast-server 10.20.20.20 source-interface vlanif 2 huawei(config)#acl 3010 huawei(config-acl-adv-3010)#rule deny ip source any destination 10.10.10.10 0.0.0.0 huawei(config-acl-adv-3010)#rule permit ip source 10.20.20.20 0.0.0.0 destination 10.10.10.10 0.0.0.0 huawei(config-acl-adv-3010)#quit huawei(config)#packet-filter inbound ip-group 3010 port 0/7/0
1.3.5 Configuring the Peer Mode NTP This topic describes how to configure the MA5600 for clock synchronization in the peer mode NTP. In the peer mode, configure only the active peer, and the passive peer need not be configured. In the peer mode, the active peer and the passive peer can synchronize with each other. The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.
Prerequisites Before configuring the peer mode NTP, make sure that the interface and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.
Background Information In the peer mode, the active peer and the passive peer exchange NTP packets whose mode fields are set to 3 (client mode) and 4 (server mode). Then, the active peer sends a clock synchronization packet to the passive peer, with the mode field of the packet set to 1 (active peer). After receiving the packet, the passive peer automatically works in the passive mode and sends a response packet with the mode field set to 2 (passive peer). Through packet exchange, the peer mode is set up. The active peer and the passive peer can synchronize with each other. If both the clock of the active peer and that of the passive peer are synchronized, the clock on a lower stratum is used, as shown in Figure 1-4. Figure 1-4 Peer mode NTP Active Peer
Passive peer
Exchanges NTP packets whose mode fields are set to 3 (client mode) and 4 (server mode) Sends a clock synchronization packet to the passive peer, with the mode field of the packet set to 1 (active peer) Sends a response packet with the mode field set to 2 (passive peer) Through packet exchange, the peer mode is set up
Automatically works in the passive mode and sends a response packet
Synchronizes with each other
Precautions 1. Issue 09 (2015-02-28)
In the peer mode, you need to configure the NTP mode on only the active peer. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
15
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2.
1 Basic Configurations
The peers determine clock synchronization according to the clock stratum instead of according to whether the peer is an active peer.
Procedure Step 1 Configure the NTP active peer. 1.
Run the ntp-service refclock-master command to configure the local clock as the master NTP clock, and specify the stratum of the master NTP clock.
2.
Run the ntp-service unicast-peer command to configure the peer mode NTP, and specify the IP address of the remote server that functions as the local timer server and the interface for transmitting and receiving NTP packets. NOTE
l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast address, or the IP address of a reference clock. l After the source interface of the NTP packets is specified by source-interface, the source IP address of the NTP packets is configured as the primary IP address of the specified interface. l In the peer mode, the active peer and the passive peer can synchronize with each other. l The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.
Step 2 Add a VLAN L3 interface. 1.
Run the vlan command to create a VLAN.
2.
Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port.
3.
In the global config mode, run the interface vlan command to create a VLAN interface, and then enter the VLAN interface mode to configure the L3 interface.
4.
Run the ip address command to configure the IP address and subnet mask of the VLAN interface so that the IP packets in the VLAN can participate in the L3 forwarding.
----End
Example Assume the following configurations: One MA5600 functions as the NTP active peer (IP address of the L3 interface of VLAN 2: 10.10.10.10/24) and works on clock stratum 4, the other MA5600 (IP address: 10.10.10.20/24) functions as the NTP passive peer, the active peer sends a clock synchronization request packet through the VLAN L3 interface to the passive peer, the passive peer responds to the request packet, and the peer with a higher clock stratum is synchronized by the peer with a lower clock stratum. To perform these configurations, do as follows: huawei(config)#ntp-service refclock-master 4 huawei(config)#ntp-service unicast-peer 10.10.10.20 source-interface vlanif 2 huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.10 24 huawei(config-if-vlanif2)#quit
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
16
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
1.4 Configuring Alarms Alarm management includes the following functions: alarm record, alarm setting, and alarm statistics. These functions help you to maintain the device and ensure that the device works efficiently.
Background Information An alarm refers to the notification of the system after a fault is detected. After an alarm is generated, the system broadcasts the alarm to the terminals, mainly including the NMS and CLI terminals. Alarms are classified into fault alarm and clear alarm. After a fault alarm is generated at a certain time, the fault alarm lasts until the fault is rectified to clear the alarm. You can modify the alarm settings according to your requirements. The settings are alarm severity, alarm output mode through the CLI and alarm statistics switch.
Procedure l
You can run the alarm active clear command to clear the alarms that are not recovered in the system. – Before clearing an alarm, you can run the display alarm active command to query the currently active alarms. – When an active alarm lasts a long time, you can run this command to clear the alarm.
l
Run the alarm alarmlevel command to configure the alarm severity. – Alarm severities are critical, major, minor, and warning. – Parameter default indicates restoring the alarm severity to the default setting. – You can run the display alarm list command to query the alarm severity. – The system specifies the default (also recommended) alarm severity for each alarm. Use the default alarm severity unless otherwise required.
l
Run the alarm output/undo alarm output command to set or shield the output of alarms to the CLI terminal. – Setting the output mode of alarms does not affect the generating of alarms. The alarms generated by the system are still recorded. You can run the display alarm history command to query the alarms that are shielded. – When the new output mode of an alarm conflicts with the previous mode, the new output mode takes effect. – The output mode of the clear alarm is the same as the output mode of the fault alarm. When the output mode of the fault alarm is set, the system automatically synchronizes the output mode of its clear alarm. The reverse is also applicable. That is, when the output mode of the clear alarm is set, the system automatically synchronizes the output mode of its fault alarm.
l
Issue 09 (2015-02-28)
Run the alarm jitter-proof command to configure the alarm jitter-proof function and the jitter-proof period. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
17
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
– To prevent a fault alarm and its clear alarm from being displayed frequently, you can enable the alarm jitter-proof function to filter alarms in the system. – After the alarm jitter-proof function is enabled, the alarm in the system is not reported to the NMS immediately but is reported to the NMS after an alarm jitter-proof period. – If an alarm is recovered in an alarm jitter-proof period, the alarm is not reported to the NMS. – You can run the display alarm jitter-proof command to check whether the alarm jitterproof function is enabled and whether the alarm jitter-proof period is set. – By default, the alarm jitter-proof function is disabled. You can determine whether to enable the function according to the running of the device. l
Run the alarm-event statistics period command to set the alarm statistics collection period. – The system collects the occurrence times of alarms and events according to the set period. To save the statistical result, run the alarm-event statistics save command to save the statistics to the flash memory. – You can use the statistical result of alarms and events to locate a problem in the system. – You can run the display alarm statistics command to query the alarm statistical record.
l
Run the display alarm configuration command to query the alarm configuration according to the alarm ID. The alarm configuration that you can query includes the alarm ID, alarm name, alarm class, alarm type, alarm severity, default alarm severity, number of parameters, CLI output flag, conversion flag, and detailed alarm description.
l
Run the display alarm statistics command to query the alarm statistical record. – When you need to know the frequency in which one alarm occurs within a time range, and to know the working conditions of the device and analyze the fault that may exist, run this command. – Currently, you can query the alarm statistics in the current 15 minutes, current 24 hours, last 15 minutes, and last 24 hours in the system.
----End
Example Assume the following configurations: The output of all the alarms at level warning are shielded to the CLI terminal, the alarm jitter-proof function is enabled, the alarm jitter-proof period is set to 15s, the statistical period of the alarms and events is set to 72 hours, and all the alarms at level major are saved to the flash memory so that a problem can be located through the alarm statistical record. To perform these configurations, do as follows: huawei(config)#undo alarm output alarmlevel warning huawei(config)#alarm jitter-proof on huawei(config)#alarm jitter-proof 15 huawei(config)#alarm-event statistics period 72 huawei(config)#alarm alarmlevel 0x0121a001 critical huawei(config)#alarm alarmlevel 0x02310000 critical huawei(config)#alarm-event statistics save
1.5 Adding Port Description This topic describes how to add port description. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
18
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Background Information After the description of a physical port on the board is added, the description has the following functions: l
You can perform operations on the port according to its description.
l
The customized description of a port facilitates information query in the system maintenance.
Procedure Step 1 In the global config mode, run the port desc command to add port description. Port description is a character string, used to identify a port on a board in a slot of a shelf. Step 2 Run the display port desc command to query port description. ----End
Example Plan the format of user port description as "community ID-building ID-floor ID/shelf ID-slot ID-port ID". "Community ID-building ID-floor ID" indicates the physical location where the user terminal is deployed, and shelf ID-slot ID-port ID" indicates the physical port on the local device that is connected to the user terminal. This plan can present the user terminal location and the connection between the user terminal and the device, which facilitates query in maintenance. Assume that the user terminal that is connected to port 0/2/0 of the MA5600 is deployed in floor 1, building 01 of community A. To add port description according to the plan, do as follows: huawei(config)#port desc 0/2/0 description A-01-01/0-2-0 huawei(config)#display port desc 0/2/0 -----------------------------------------------------------F/ S/ P IMA Group Port Description -----------------------------------------------------------0/ 2/ 0 A-01-01/0-2-0 ------------------------------------------------------------
1.6 Configuring the Auto-save Function This topic describes how to configure the auto-save function so that the system configuration data or database files can be saved automatically.
Background Information The MA5600 supports two auto-save modes: l
Auto-save at preset interval.
l
Auto-save at preset time.
Pay attention to the following points: l
Issue 09 (2015-02-28)
Auto-save at preset time conflicts with auto-save at preset interval. You can enable only one of them. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
19
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
l
Saving data frequently affects the system. Therefore, an auto-save interval shorter than one hour is not recommended, and it is recommended that you set the interval equal to or longer than one day.
l
Before the system upgrade operation, run the autosave interval off or autosave time off command to disable the auto-save function to prevent upgrade failure due to the conflict between upgrade and auto-save operations.
NOTICE After the system upgrade is completed, you must re-enable the auto-save function if the auto-save function is required.
Configuration Flowchart Figure 1-5 shows the flowchart for configuring the auto-save function. Figure 1-5 Flowchart for configuring the auto-save function
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
20
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Procedure l
Configure auto-save at preset interval. 1.
In the global config mode, run the autosave interval on command to enable autosave at preset interval. Auto-save at preset interval conflicts with auto-save at preset time. You can enable only one of them.
2.
(Optional) In the global config mode, run the autosave interval configuration command to set the auto-save interval for modified system data. Auto-save is performed according to the interval set by the user. The system checks whether the system data is modified at each interval. If the system data is modified, the system saves the data. Otherwise, the system does not save the data. By default, the interval is 30 minutes.
3.
(Optional) In the global config mode, run the autosave interval command to set the auto-save interval. After the setting, the system data is automatically saved at the set interval regardless of whether the system data is modified. By default, the interval is 24 hours.
4.
(Optional) Set the auto-save file type. In the global config mode, run the autosave type command to set the auto-save file type.
l
Configure auto-save at preset time. 1.
In the global mode, run the autosave time on command to enable auto-save at preset time. Auto-save at preset time conflicts with auto-save at preset interval. You can enable only one of them.
2.
(Optional) In the global config mode, run the autosave time command to set the autosave time. After the setting, the system data is automatically saved at the set time regardless of whether the system data is modified. By default, the time is 00:00:00.
3.
(Optional) Set the auto-save file type. In the global config mode, run the autosave type command to set the auto-save file type.
----End
Example To enable auto-save at preset interval on the MA5600, set the auto-save interval to two days (2880 minutes), and save both the database file and the configuration file, do as follows: huawei(config)#autosave interval on huawei(config)#autosave interval 2880 huawei(config)#autosave type all huawei(config)#save
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
21
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
1.7 Configuring the Attributes of an Upstream Ethernet Port This topic describes how to configure the attributes of a specified Ethernet port so that the system communicates with the upstream device in the normal state.
Prerequisites The Ethernet board must be configured in the system.
Background Information The MA5600 needs to be interconnected with the upstream device through the Ethernet port. Therefore, pay attention to the consistency of port attributes.
Default Configuration Table 1-2 lists the default settings of the attributes of an Ethernet port. Table 1-2 Default settings of the attributes of an Ethernet port Parameter
Default Setting (Optical Port)
Default Setting (Electrical Port)
Auto-negotiation mode of the port
Disabled
Enabled
Port rate
l FE optical port: 100 Mbit/s
NA
l GE optical port: 1000 Mbit/s l 10GE optical port: 10000 Mbit/ s
NOTE After the auto-negotiation mode of the port is disabled, you can configure the port rate.
Full-duplex
NA
Duplex mode
NOTE After the auto-negotiation mode of the port is disabled, you can configure the duplex mode.
Network cable adaptation mode
Not supported
Flow control
Disabled
l FE electrical port: auto l GE electrical port: normal Disabled
Procedure l
Configure the physical attributes of an Ethernet port. 1.
(Optional) Set the auto-negotiation mode of the Ethernet port. Run the auto-neg command to set the auto-negotiation mode of the Ethernet port. You can enable or disable the auto-negotiation mode:
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
22
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
– After the auto-negotiation mode is enabled, the port automatically negotiates with the peer port for the rate and working mode of the Ethernet port. – After the auto-negotiation mode is disabled, the rate and working mode of the port are in the forced mode (adopt default values or are set through command lines). 2.
(Optional) Set the rate of the Ethernet port. Run the speed command to set the rate of the Ethernet port. After the port rate is set successfully, the port works at the set rate. Pay attention to the following points: – Make sure that the rate of the Ethernet port is the same as that of the interconnected port on the peer device. This prevents communication failure. – The auto-negotiation mode needs to be disabled.
3.
(Optional) Set the duplex mode of the Ethernet port. Run the duplex command to set the duplex mode of the Ethernet port. The duplex mode of an Ethernet port can be full-duplex, half-duplex, or auto negotiation. Pay attention to the following points: – Make sure that the ports of two interconnected devices work in the same duplex modes. This prevents communication failure. – The auto-negotiation mode needs to be disabled.
4.
(Optional) Configure the network cable adaptation mode of the Ethernet port. Run the mdi command to configure the network cable adaptation mode of the Ethernet port to match the actual network cable. The network adaptation modes are as follows: – normal: Specifies the adaptation mode of the network cable as straight-through cable. In this case, the network cable connecting to the Ethernet port must be a straight-through cable. – across: Specifies the adaptation mode of the network cable as crossover cable. In this case, the network cable connecting to the Ethernet port must be a crossover cable. – auto: Specifies the adaptation mode of the network cable as auto-sensing. The network cable can be a straight-through cable or crossover cable. Pay attention to the following points: – The Ethernet optical port does not support the network cable adaptation mode. – If the Ethernet electrical port works in forced mode (auto-negotiation mode disabled), the network cable type of the port cannot be configured to auto.
l
Configure flow control on the Ethernet port. Run the flow-control command to enable flow control on the Ethernet port. When the flow of an Ethernet port is heavy, run this command to control the flow to prevent network congestion, which may cause the loss of data packets. Flow control needs to be supported on both the local and peer devices. Pay attention to the following points: – If the peer device does not support flow control, generally, enable flow control on the local device. – If the peer device supports flow control, generally, disable flow control on the local device. By default, flow control is disabled.
l Issue 09 (2015-02-28)
Mirror the Ethernet port. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
23
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Run the mirror port command to mirror the Ethernet port. When the system is faulty, copy the traffic of a certain port to the other port and output the traffic for traffic observation, network fault diagnosis, and data analysis. ----End
Example Assume that Ethernet port 0/8/0 is an optical port, the port rate is 1000 Mbit/s in duplex mode, supporting flow control and auto-negotiation function is disabled. To perform the configurations, do as follows: huawei(config)#interface scu 0/8 huawei(config-if-scu-0/8)#auto-neg 0 disable huawei(config-if-scu-0/8)#speed 0 1000 huawei(config-if-scu-0/8)#duplex 0 full huawei(config-if-scu-0/8)#flow-control 0
1.8 Configuring the Ethernet Port Aggregation This topic describes how to configure the Ethernet port aggregation. Port aggregation means the aggregation of multiple ports to expand the bandwidth and balance the input and output load among member ports.
Prerequisites The Ethernet board must be configured in the system.
Context l
The SCU board supports a maximum of three Ethernet port aggregation groups.
l
One aggregation group supports a maximum of six Ethernet ports.
l
The Link Aggregation Control Protocol (LACP) is supported by the aggregated port with the static attribute but not supported by the manually aggregated port.
l
Multiple physical ports can be aggregated only if they meet the following requirements: – The port must work in the full duplex mode. – The port does not work in the auto negotiation mode. – The rates of all the ports must be the same, and cannot be configured in the auto negotiation mode. – The attributes, such as the default VLAN (PVID) and VLAN of all the ports must be the same. – One port belongs to only one aggregation group. – No mirror destination port is included.
Procedure Step 1 Run the interface scu command to enter the SCU mode. Step 2 Run the link-aggregation command to configure the Ethernet port aggregation. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
24
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Step 3 Run the display link-aggregation command to query the information about the aggregated port. ----End
Example To aggregate Ethernet ports 0 and 1, do as follows: huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#duplex 0 full huawei(config-if-scu-0/7)#duplex 1 full huawei(config-if-scu-0/7)#speed 0 1000 huawei(config-if-scu-0/7)#speed 1 1000 huawei(config-if-scu-0/7)#quit huawei(config)#link-aggregation 0/7 0-1 ingress huawei(config)#display link-aggregation all --------------------------------------------------------------------Master port Link-aggregation mode Port NUM Work mode --------------------------------------------------------------------0/ 7/0 ingress 2 manual --------------------------------------------------------------------Total: 1 link-aggregation(s)
1.9 Configuring DHCP The MA5600 can implement DHCP relay and DHCP proxy on a network. Configuring DHCP relay is applicable to the scenario where users dynamically obtain IP addresses from the DHCP server through DHCP. In DHCP proxy, the MA5600 proxy can implement certain functions of the DHCP server.
Background Information The MA5600 can work in the L2 DHCP relay mode or L3 DHCP relay mode to forward the DHCP packets exchanged between the user and the DHCP server. By default, the MA5600 works in the L2 DHCP relay mode. In this mode, the MA5600 transparently transmits the DHCP packets initiated by the user and configurations are not required. The L3 DHCP relay mode can be classified into three working modes: l
DHCP standard mode In this mode, the MA5600 identifies the VLAN to which the user belongs and binds different VLANs to the corresponding DHCP server groups. Configure the DHCP standard mode as follows: Configure the working mode of the DHCP relay. Configure the DHCP server group. Bind VLANs to DHCP server groups.
l
DHCP option 60 mode The MA5600 differentiates the DHCP packets transmitted from the user terminal according to the DHCP option 60 field in the packets, and binds different DHCP option 60 domains to the corresponding DHCP server groups. Configure the DHCP option 60 mode as follows: Configure the working mode of the DHCP relay. Configure the DHCP server group. Create DHCP option 60 field. Bind DHCP option 60 domains to DHCP server groups.
l
Configuration mode of the MAC address segment The MA5600 differentiates users according to the MAC address segment of the user terminals, and binds different MAC address segments to the corresponding DHCP server group.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
25
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Configure the MAC address segment mode as follows: Configure the working mode of the DHCP relay. Configure the DHCP server group. Define the MAC address segment. Bind MAC address segments to DHCP server groups. NOTE
The MA5600 supports the DHCP option 82 to ensure the security of the DHCP function. For the configuration related to the DHCP option 82 feature, see 1.13.2 Configuring Anti-Theft and Roaming of User Accounts Through DHCP.
1.9.1 Configuring the Standard DHCP Mode This topic is applicable to the scenario for specifying the corresponding DHCP server groups for different users of the VLAN (the VLAN that is used when the service ports are created).
Prerequisites A VLAN must be created. For details, see 1.10 Configuring a VLAN.
Procedure Step 1 Configure the DHCP forwarding mode. In the global config mode, run the dhcp mode layer-3 standard command to configure the DHCP relay mode to standard L3 DHCP relay mode (layer-3, standard). If keyword VLAN is selected and VLANID is entered, this configuration takes effect only for this VLAN. Step 2 Configure the DHCP server group. 1.
In the global config mode, run the dhcp-server command to create a DHCP server group. l group-number: Indicates the number of the DHCP server group. It identifies a server group. You can run the display dhcp-server all-group command to query the DHCP server groups that are already configured and select a DHCP server group number that is not used by the system. l ip-addr: Indicates the IP address of the DHCP server in the DHCP server group. Up to four IP addresses can be entered.
NOTICE The IP address of the DHCP server configured here must be the same as the IP address of the DHCP server on the network side. 2.
(Optional) Run the dhcp server mode command to configure the working mode of the DHCP server. The DHCP servers in the DHCP server group can work in the load balancing mode or active/standby mode. By default, they work in the load balancing mode.
Step 3 Bind the DHCP server to the VLAN. 1.
In the global config mode, run the interface vlanif command to create a VLAN L3 interface. The VLAN ID must be the same as the ID of the VLAN described in the prerequisite.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
26
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2.
1 Basic Configurations
In the VLANIF mode, run the ip address command to configure the IP address of the VLAN L3 interface. After the configuration is completed, this IP address is used as the source IP address for forwarding the IP packets in the VLAN at L3.
NOTICE l If only an L2 device exists between the MA5600 and the DHCP server, the IP address of the VLAN L3 interface needs to be in the same subnet as the IP address of the DHCP server. l If the upper-layer device of the MA5600 is an L3 device, the IP address of the VLAN L3 interface and the IP address of the DHCP server can be in different subnets; however, a route must exist between the VLAN L3 interface and the DHCP server. For details, see 2.2 Configuring the Route. 3.
In the VLANIF mode, run the dhcp-server command to bind the DHCP server to the VLAN. This command requires parameter group-number, the value of which is the number of the created DHCP server group.
----End
Example Assume that server group 1 contains two DHCP servers working in active/standby mode, with the maximum response time of 20s, the maximum count of response timeout of 10, the IP address of the primary server 10.1.1.9 and the IP address of the secondary server 10.1.1.10. To bind server group 1 to users in VLAN 2 (with the IP address of the L3 interface 10.1.1.101), do as follows: huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp server mode backup 20 10 huawei(config)#dhcp-server 1 ip 10.1.1.9 10.1.1.10 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.1.1.101 24 huawei(config-if-vlanif2)#dhcp-server 1
1.9.2 Configuring the DHCP Option60 Mode This topic is applicable to the scenario for specifying the corresponding DHCP servers for different option60 domain users.
Prerequisites A VLAN must be created. For details, see 1.10 Configuring a VLAN. Before the configuration, determine the option60 domain name of the user terminal.
Background Information When multiple services are provisioned on the MA5600, such as video multicast and IP telephone services, the services are provided by different service providers. The service Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
27
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
providers may use different relay IP addresses of the same DHCP server or different DHCP servers to allocate IP addresses to users. Therefore, configure the users to apply for IP addresses from the DHCP server in the DHCP option60 mode. In the DHCP option60 mode, the DHCP server group is selected according to the character string (namely, domain name) in the option60 of DHCP packets. Here, the option60 domain name and the DHCP server group to which the domain name is bound need to be configured beforehand. In this mode, users are differentiated according to the domain information in the packet, and different service types in the same VLAN can also be differentiated.
Procedure Step 1 Configure the DHCP forwarding mode. In the global config mode, run the dhcp mode layer-3 option60 command to configure the DHCP relay mode to L3 option60 mode (layer-3, option60). If keyword VLAN is selected and VLANID is entered, this configuration takes effect only for this VLAN. Step 2 Configure the DHCP server group. 1.
In the global config mode, run the dhcp-server command to create a DHCP server group. l igroup-number: Indicates the number of the DHCP server group. It identifies a server group. You can run the display dhcp-server all-group command to query the DHCP server groups that are already configured and select a DHCP server group number that is not used by the system. l ip-addr: Indicates the IP address of the DHCP server in the DHCP server group. Up to four IP addresses can be entered.
NOTICE The IP address of the DHCP server configured here must be the same as the IP address of the DHCP server on the network side. 2.
(Optional) Run the dhcp server mode command to configure the working mode of the DHCP server. The DHCP servers in the DHCP server group can work in the load balancing mode or active/standby mode. By default, they work in the load balancing mode.
Step 3 Create a DHCP option60 domain. In the global config mode, run the dhcp domain command to create a DHCP domain, and then enter the DHCP domain mode. The option60 domain name needs to be configured according to the type of the terminal connected to the device. For the DHCP client installed with the Windows 98/2000/XP/NT series of OSs, the domain name must be msft. Step 4 Bind the DHCP option60 domain to the DHCP server group. In the option60 domain mode, run the dhcp-server command to bind the DHCP domain to the DHCP server group. After the configuration is completed, the DHCP clients belonging to the DHCP correspond to the DHCP server group. Step 5 Configure the IP address of the gateway corresponding to the DHCP domain. 1.
Issue 09 (2015-02-28)
In the global config mode, run the interface vlanif command to create a VLAN L3 interface. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
28
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
The VLAN ID must be the same as the ID of the VLAN described in the prerequisite. 2.
In the VLANIF mode, run the ip address command to configure the IP address of the VLAN L3 interface. After the configuration is completed, this IP address is used as the source IP address for forwarding the IP packets in the VLAN at L3.
NOTICE l If only an L2 device exists between the MA5600 and the DHCP server, the IP address of the VLAN L3 interface needs to be in the same subnet as the IP address of the DHCP server. l If the upper-layer device of the MA5600 is an L3 device, the IP address of the VLAN L3 interface and the IP address of the DHCP server can be in different subnets; however, a route must exist between the VLAN L3 interface and the DHCP server. For details, see 2.2 Configuring the Route. 3.
In the VLANIF mode, run the dhcp domain gateway command to configure the IP address of the gateway corresponding to the DHCP domain. The IP address of the gateway must be a configured IP address of the VLAN interface. Under the same VLAN interface, different option60 domains can be configured with different gateways. Therefore, different DHCP servers can be selected according to the domain information in the packet.
----End
Example Assume that server group 2 contains two DHCP servers working the load balancing mode, with the IP address of the primary server 10.10.10.10 and the IP address of the secondary server 10.10.10.11. To bind server group 2 to users whose option60 domain name is msft in VLAN 2 (with the IP address of the L3 interface 10.1.2.1/24), do as follows: huawei(config)#dhcp mode layer-3 Option60 huawei(config)#dhcp-server 2 ip 10.10.10.10 10.10.10.11 huawei(config)#dhcp domain msft huawei(config-dhcp-domain-msft)#dhcp-server 2 huawei(config-dhcp-domain-msft)#quit huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.1.2.1 24 huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1
1.9.3 Configuring the DHCP MAC Address Segment Mode This topic is applicable to the scenario for specifying the corresponding DHCP servers for users in different MAC address segments.
Prerequisites A VLAN must be created. For details, see 1.10 Configuring a VLAN. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
29
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Background Information In the networking, devices of various manufacturers may exist on the network. The devices of each manufacturer have a fixed MAC address segment. In this case, the IP address can be obtained from the DHCP server through DHCP relay in the MAC address segment configuration mode. The MA5600 can select the DHCP server based on the MAC address segment. After the configuration is completed, clients in this MAC address segment obtain IP addresses from the corresponding DHCP server.
Procedure Step 1 Configure the DHCP forwarding mode. In the global config mode, run the dhcp mode layer-3 mac-range command to configure the DHCP relay mode to L3 MAC address segment mode (layer-3, mac-range). If keyword VLAN is selected and VLANID is entered, this configuration takes effect only for this VLAN. Step 2 Configure the DHCP server group. 1.
In the global config mode, run the dhcp-server command to create a DHCP server group. l igroup-number: Indicates the number of the DHCP server group. It identifies a server group. You can run the display dhcp-server all-group command to query the DHCP server groups that are already configured and select a DHCP server group number that is not used by the system. l ip-addr: Indicates the IP address of the DHCP server in the DHCP server group. Up to four IP addresses can be entered.
NOTICE The IP address of the DHCP server configured here must be the same as the IP address of the DHCP server on the network side. 2.
(Optional) Run the dhcp server mode command to configure the working mode of the DHCP server. The DHCP servers in the DHCP server group can work in the load balancing mode or active/standby mode. By default, they work in the load balancing mode.
Step 3 Define the MAC address segment. 1.
In the global config mode, run the dhcp mac-range to create a MAC address segment, and then enter the MAC address segment configuration mode. range-name indicates the name of the MAC address segment. It functions as a comment and has no other special meanings.
2.
In the MAC address segment configuration mode, run the mac-range mac-address-start to mac-address-end command to configure the MAC address range.
Step 4 Bind the DHCP server group to the MAC address segment. In the MAC address segment configuration mode, run the DHCP-server command to bind a DHCP server group to the MAC address segment. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
30
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Step 5 Configure the IP address of the gateway corresponding to the MAC address segment. 1.
In the global config mode, run the interface vlanif command to create a VLAN L3 interface. The VLAN ID must be the same as the ID of the VLAN described in the prerequisite.
2.
In the VLANIF mode, run the ip address command to configure the IP address of the VLAN L3 interface. After the configuration is completed, this IP address is used as the source IP address for forwarding the IP packets in the VLAN at L3.
NOTICE l If only an L2 device exists between the MA5600 and the DHCP server, the IP address of the VLAN L3 interface needs to be in the same subnet as the IP address of the DHCP server. l If the upper-layer device of the MA5600 is an L3 device, the IP address of the VLAN L3 interface and the IP address of the DHCP server can be in different subnets; however, a route must exist between the VLAN L3 interface and the DHCP server. For details, see 2.2 Configuring the Route. 3.
In the VLANIF mode, run the dhcp mac-range gateway command to configure the IP address of the gateway corresponding to the DHCP domain. The IP address of the gateway must be a configured IP address of the VLAN interface. Under the same VLAN interface, different MAC address segments can be configured with different gateways. Therefore, different DHCP servers can be selected according to the MAC address segment information in the packet.
----End
Example Assume that server group 2 contains two DHCP servers working the load balancing mode, with the IP address of the primary server 10.10.10.10 and the IP address of the secondary server 10.10.10.11. To bind server group 2 to certain users (whose MAC address is in the range from 0000-0000-0001 to 0000-0000-0100) in VLAN 2, do as follows: huawei(config)#dhcp mode layer-3 mac-range huawei(config)#dhcp-server 2 ip 10.10.10.10 10.10.10.11 huawei(config)#dhcp mac-range huawei huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100 huawei(config-mac-range-huawei)#dhcp-server 2 huawei(config-mac-range-huawei)#quit huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.1.2.1 24 huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1
1.10 Configuring a VLAN Configuring VLAN is a prerequisite for configuring a service. Hence, before configuring a service, make sure that the VLAN configuration based on planning is complete. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
31
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Prerequisites The VLAN to be added does not exist in the system.
Application Context VLAN application is specific to user types. For details on the VLAN application, see Table 1-3. Table 1-3 VLAN application and planning User Type
Application Scenario
VLAN Planning
l Household user
N:1 scenario, that is, the scenario of upstream transmission through a single VLAN, where the services of multiple subscribers are converged to the same VLAN.
VLAN type: smart
1:1 scenario, that is, the scenario of upstream transmission through double VLANs, where the outer VLAN tag identifies a service and the inner VLAN tag identifies a user. The service of each user is indicated by a unique S +C.
VLAN type: smart
Applicable only to the transparent transmission service of a commercial user.
VLAN type: smart
l Commercial user of the Internet access service
Commercial user of the transparent transmission service
VLAN attribute: common
Attribute: stacking
VLAN attribute: QinQ
Default Configuration Table 1-4 lists the default parameter settings of VLAN.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
32
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Table 1-4 Default parameter settings of VLAN Parameter
Default Setting
Remarks
Default VLAN of the system
VLAN ID: 1 Type: MUX VLAN
You can run the defaultvlan modify command to modify the VLAN type but cannot delete the VLAN.
Reserved VLAN of the system
VLAN ID range: 4079-4093
You can run the vlan reserve command to modify the VLAN reserved by the system.
Default attribute of a new VLAN
Common
-
Procedure Step 1 Create a VLAN. Run the vlan to create a VLAN. VLANs of different types are applicable to different scenarios. Table 1-5 VLAN types and application scenarios
Issue 09 (2015-02-28)
VLAN Type
Configuration Command
VLAN Description
Application Scenario
Standard VLAN
To add a standard VLAN, run the vlan vlanid standard command.
Standard VLAN. Ethernet ports in a standard VLAN are interconnected with each other but Ethernet ports in different standard VLANs are isolated from each other.
Only available to Ethernet ports and specifically to network management and subtending.
Smart VLAN
To add a smart VLAN, run the vlan vlanid smart command.
One smart VLAN may contain multiple xDSL service ports. The traffic streams of the service ports are isolated from each other and the traffic streams in different VLANs are isolated from each other. One smart VLAN provides access for multiple users and thus saves VLAN resources.
Smart VLANs are applied in residential communities to provide xDSL access.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
33
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
VLAN Type
Configuration Command
VLAN Description
Application Scenario
MUX VLAN
To add a MUX VLAN, run the vlan vlanid mux command.
One MUX VLAN contains only one xDSL service port. The traffic streams in different VLANs are isolated from each other. One-to-one mapping can be set up between a MUX VLAN and an access user. Hence, a MUX VLAN can identify an access user.
MUX VLANs are applicable to xDSL service access. For example, MUX VLANs can be used to distinguish users.
Super VLAN
To add a super VLAN, run the vlan vlanid super command.
The super VLAN is based on layer 3. One super VLAN contains multiple sub-VLANs. Through an ARP proxy, the subVLANs in a super VLAN can be interconnected at layer 3.
Super VLANs can be used for the L3 intercommunication and are applicable to the scenario where saving IP addresses and improving the usage of IP addresses are required. For a super VLAN, subVLANs must be configured. You can run the supervlan command to add a sub-VLAN to a specified super VLAN. A sub-VLAN must be a smart VLAN or a MUX VLAN.
NOTE
l To add VLANs with consecutive IDs in batches, run the vlan vlanid to end-vlanid command. l To add VLANs with inconsecutive IDs in batches, run the vlan vlan-list command.
Step 2 (Optional) Configure the VLAN attribute. The default attribute for a new VLAN is "common". You can run the vlan attrib command to configure the attribute of the VLAN. Configure the attribute according to VLAN planning.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
34
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Table 1-6 VLAN attributes and application scenarios
Issue 09 (2015-02-28)
VLA N Attri bute
Configuration Command
VLAN Type
VLAN Description
Application Scenario
Com mon
The default attribute for a new VLAN is "common".
The VLAN with this attribute can be a standard VLAN, smart VLAN, MUX VLAN, or super VLAN.
A VLAN with the common attribute can function as a common layer 2 VLAN or function for creating a layer 3 interface.
Applicable to the N:1 access scenario.
QinQ VLA N
To configure QinQ as the attribute of a VLAN, run the vlan attrib vlanid q-in-q command.
The VLAN with this attribute can only be a smart VLAN or MUX VLAN. The attribute of a sub VLAN, the VLAN with an L3 interface, and the default VLAN of the system cannot be set to QinQ VLAN.
The packets from a QinQ VLAN contain two VLAN tags, that is, inner VLAN tag from the private network and outer VLAN tag from the MA5600. Through the outer VLAN, an L2 VPN tunnel can be set up to transparently transmit the services between private networks.
Applicable to the enterprise private line scenario.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
35
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
VLA N Attri bute
Configuration Command
VLAN Type
VLAN Description
Application Scenario
VLA N Stacki ng
To configure stacking as the attribute of a VLAN, run the vlan attrib vlanid stacking command.
The VLAN with this attribute can only be a smart VLAN or MUX VLAN. The attribute of a sub VLAN, the VLAN with an L3 interface, and the default VLAN of the system cannot be set to VLAN Stacking.
The packets from a stacking VLAN contain two VLAN tags, that is, inner VLAN tag and outer VLAN tag from the MA5600. The upper-layer BRAS authenticates the access users according to the two VLAN tags. In this manner, the number of access users is increased. On the upper-layer network in the L2 working mode, a packet can be forwarded directly by the outer VLAN tag and MAC address mode to provide the wholesale service for ISPs.
Applicable to the 1:1 access scenario for the wholesale service or extension of VLAN IDs. In the case of a stacking VLAN, to configure the inner tag of the service port, run the stacking label command.
NOTE
l To configure attributes for the VLANs with consecutive IDs in batches, run the vlan attrib vlanid to endvlanid command. l To configure attributes for the VLANs with inconsecutive IDs in batches, run the vlan attrib vlan-list command.
Step 3 (Optional) Configure VLAN description. To configure VLAN description, run the vlan desc command. You can configure VLAN description to facilitate maintenance. The general VLAN description includes the usage and service information of the VLAN. ----End
Example Assume that a stacking VLAN with ID of 50 is to be configured for extension of the VLAN. A service port is added to VLAN 50. The outer VLAN tag 50 of the stacking VLAN identifies the Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
36
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
access device and the inner VLAN tag 10 identifies the user with access to the device. For the VLAN, description needs to be configured for easy maintenance. To configure such a VLAN, do as follows: huawei(config)#vlan 50 smart huawei(config)#vlan attrib 50 stacking huawei(config)#service-port vlan 50 adsl 0/2/0 vpi 0 vci 39 rx-cttr 2 tx-cttr 2 huawei(config)#stacking label vlan 50 baselabel 10 huawei(config)#vlan desc 50 description stackingvlan/label10
1.11 Configuring an xDSL Profile Configuring an xDSL profile is a prerequisite for configuring an xDSL access service. This topic describes how to configure an ADSL2+ profile, an SHDSL profile, and a VDSL2 profile.
1.11.1 Configuring the ADSL2+ Profile This topic describes how to configure the ADSL2+ line profile, extended line profile, and alarm profile.
Background Information l
The port can be bound with the ADSL2+ line profile only when it is in the deactivated state.
l
Table 1-7 lists the default settings of the ADSL2+ profile. Table 1-7 Default settings of the ADSL2+ profile Parameter
Default Setting
ADSL2+ line profile
Profile ID: 1, 1000, 1001, and 1002 Profile 1 is used for activating the ADSL port that works in common mode. Profile 1000 is used for activating the ADSL port that works in fast mode. Profile 1001 is used for activating the ADSL port that works in long-distance mode. Profile 1002 is used for activating the ADSL2+ port.
ADSL2+ alarm profile
Profile ID: 1 The profile name is DEFVAL.
l
Most of the parameters for an ADSL2+ port can be configured in an ADSL2+ line profile. After the line profile is configured successfully, it can be used when the ports are activated.
Precautions The ADSL2+ line profile of the MA5600 supports only the downstream seamless rate adaptation (SRA).
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
37
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Procedure l
Configure the ADSL2+ line profile. Run the adsl line-profile quickadd command to quickly add an ADSL2+ line profile, or run the interactive adsl line-profile add command to add an ADSL2+ line profile. Main parameters: – transmode: Indicates the line transmission mode. By default, the system supports all the transmission modes. The user can adopt the default value for auto-adaptation. – rate: Indicates the line rate. During line activation, a proper rate between the preset maximum rate and minimum rate is determined through automatic negotiation according to the line condition and the profile configuration. The user rate can be restricted by this line rate or the rate set in the traffic profile bound to the user. When both rates function, the lower one is adopted as the user rate. – snr: Indicates the SNR margin, which refers to the idle space for carrying noise, excluding the space for carrying signals. Generally, the SNR margin of the minimum tone is considered as the SNR margin of the entire ADSL connection.
l
(Optional) Configure the ADSL2+ extended line profile. Run the adsl extline-profile quickadd command to quickly add an ADSL2+ extended line profile, or run the interactive adsl extline-profile add command to add an ADSL2+ extended line profile. Main parameters: – inp: Indicates impulse noise protection. As a parameter that describes the line capability of resisting impulse interference, INP affects the port rate. If INP is 1, it indicates that the current channel can resist the impulse noise in 1 DMT character length. The interleave delay is related to INP. In the fast mode, INP does not apply. – transmode: The line profile also contains the parameter of transmission mode. When both the extended line profile and the line profile are configured on the port and the transmission mode is specified in the extended line profile, the port is activated using the transmission mode specified in the extended line profile. If the transmission mode and Annex type are specified in the extended line profile, the transmission mode configured in the line profile does not take effect. The transmission mode in the extended line profile works. Table 1-8 lists the mapping between the transmission mode and the Annex type. Table 1-8 Mapping between the transmission mode and the Annex type
Issue 09 (2015-02-28)
Annex Mode
Annex.A
Annex.B
Annex.J
Annex.L
Annex.M
G992.1
Supported
Supported
-
-
-
G992.2
Supported
-
-
-
-
G992.3
Supported
Supported
Supported
Supported
Supported
G992.5
Supported
Supported
Supported
-
Supported
T1.413
-
-
-
-
-
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
38
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
NOTE
l The Annex.J mode can only be supported by the H565ADBF board. l The H561ADBF board supports only the Annex.B mode. If an incorrect Annex mode is used and the corresponding extended line profile is used to activate the port, the system adopts proper parameters to ensure the normal activation of the port. l The H569ADEE board does not support the Annex.B mode. If the Annex.B mode is used and the corresponding extended line profile is used to activate the port, the system adopts proper parameters to ensure the normal activation of the port.
l
Configure the ADSL2+ alarm profile. Run the adsl alarm-profile quickadd command to quickly add an ADSL2+ alarm profile, or run the interactive adsl alarm-profile add command to add an ADSL2+ alarm profile. Main parameters: Alarm parameters include the ADSL transceiver unit - central office end (ATU-C) and the ADSL transceiver unit - remote end (ATU-R). The followings parameters are particular to the ATU-C: – The number of loss of link seconds – The number of failed fast retrains seconds – The status of alarm report at data initialization failure (DIF)
----End
Example Assume that the channel mode of an ADSL2+ line profile is interleaved, the adaptation mode for the downstream transmission rate is fixed, the maximum downstream delay is 100 ms, the maximum upstream delay is 100 ms, the minimum downstream transmission rate is 2048 kbit/ s, the maximum downstream transmission rate is 2048 kbit/s, the minimum upstream transmission rate is 1000 kbit/s, and the maximum upstream transmission rate is 1100 kbit/s. To configure such an ADSL2+ line profile, do as follows: huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1 bitswap 1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048 1000 1100
To quickly add an ADSL2+ extended line profile, whose 34-456 sub-carriers are disabled, and the L2 power management mode is configured, do as follows: huawei(config)#adsl extline-profile quickadd missingtone section_1 34-456 1 inp minimum-inp-downstream noProtection(0) minimum-inp-upstream singleSymbol(1) psd 42 l2 l2state enable minimum-L0-time 60 minimum-L2-time 60 maximum-power-per-L2 3 total-maximum-power 9
Assume that the ID of the profile is 4, all the thresholds on the local/remote end are set to 100s, the difference between the transmission rate in the channel mode and the former transmission rate is 1000 kbit/s, and the profile name is test-profile. To quickly configure such an ADSL2+ alarm profile, do as follows: huawei(config)#adsl alarm-profile quickadd 4 atu-c trap enable 100 100 100 100 1 00 100 100 100 interleaved 1000 1000 fast 1000 1000 atu-r 100 100 100 100 100 10 0 interleaved 1000 1000 fast 1000 1000 name test-profile
1.11.2 Configuring SHDSL Profiles This topic describes how to configure the SHDSL line profile and alarm profile. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
39
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Background Information The SHDSL line profile and alarm profile can be directly bound to an SHDSL port. Table 1-9 lists the default SHDSL profiles. Table 1-9 Default SHDSL profiles Parameter
Default Setting
SHDSL line profile
Profile IDs: 1, 100, 101, 102, and 103 Profile 1 is used to activate the 2-wire ATM SHDSL port. Profile 100 is used to activate the 4-wire ATM SHDSL port. Profile 101 is used to activate the 6wire ATM SHDSL port. Profile 102 is used to activate the 8-wire ATM SHDSL port. Profile 103 is used to activate the EFM-bonding SHDSL port.
SHDSL alarm profile
Profile ID: 1
Procedure l
Configure an SHDSL line profile. Run the shdsl line-profile quickadd command to quickly add an SHDSL line profile, or run the shdsl line-profile add command to interactively add an SHDSL line profile. Main parameters: – ptm: If the SHDSL channel mode is the ATM mode, do not select ptm. If the SHDSL channel mode is the PTM mode, select ptm. – rate: Indicates the line rate. During line activation, a proper rate between the preset maximum rate and minimum rate is determined through automatic negotiation according to the line condition and the profile configuration. The user rate can be restricted by this rate or the rate set in the traffic profile that is bound to the user. When both rates function, the lower rate is selected as the user rate. – transmission: Indicates the transmission mode. Set the transmission mode according to line conditions and actual planning. Three transmission modes are supported: annex A, annex L, and annex A&B. – snr-margin: The larger the SNR margin, the better the line stability, and meanwhile the lower the physical connection rate of the line after activation. For common Internet access users, set the target SNR margin to 3; for users with higher priorities, set the target SNR margin to 5. NOTE
When the board supports G.SHDSL.bis (including the extended standard annex F), the maximum rate can reach 5696 kbit/s.
l
Issue 09 (2015-02-28)
Configure an SHDSL alarm profile.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
40
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Run the shdsl alarm-profile quickadd command to quickly add an SHDSL alarm profile, or run the shdsl line-profile add command to interactively add an SHDSL alarm profile. ----End
Example To add SHDSL line profile 3 with the line rate of 4096 kbit/s, which is used to activate the 4wire SHDSL port, do as follows: huawei(config)#shdsl line-profile quickadd 3 line four-wire rate 4096
Assume that the loop attenuation threshold is 10 dB, SNR margin is 0 dB, ES threshold is 100s, SES threshold is 100s, CRC abnormality duration threshold is 10000, LOSWS threshold is 100s, UAS threshold is 100s. To quickly add SHDSL line alarm profile 3 with these parameters, do as follows: huawei(config)#shdsl alarm-profile quickadd 3 loop-attenuation 10 snr-margin 0 e s 100 ses 100 crc-anomaly 10000 losws 100 uas 100
1.11.3 Configuring VDSL2 Profiles This topic describes how to configure the VDSL2 line template and alarm template.
Background Information A VDSL2 line template consists of a VDSL2 line profile and a VDSL2 channel profile. Before activating a VDSL2 port, bind a VDSL2 line template to the port. A VDSL2 alarm template consists of a VDSL2 line alarm profile and a VDSL2 channel alarm profile. Bind a VDSL2 alarm template rather than a VDSL2 line alarm profile or a VDSL2 channel alarm profile to a VDSL2 port. Figure 1-6 provides the configuration flow of a VDSL2 profile. Figure 1-6 Flowchart for configuring a VDSL2 profile Flowchart for configuring a line template
Flowchart for configuring an alarm template
Start
Start
Configure a VDSL2 line profile
Configure a VDSL2 line alarm profile
Configure a VDSL2 channel profile
Configure a VDSL2 channel alarm profile
Configure a VDSL2 line template
Configure a VDSL2 alarm template
End
End
Procedure l
Configure a VDSL2 line template. 1.
Issue 09 (2015-02-28)
Run the vdsl line-profile quickadd command to quickly add a VDSL2 line profile, or run the vdsl line-profile add command to interactively add a VDSL2 line profile. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
41
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Main parameters: – transmode: Indicates the line transmission mode. By default, the system supports all transmission modes. The default setting can be used. Then, the system automatically adapts to the transmission mode of the peer end. – snr: Indicates the SNR margin. It refers to the remaining space for carrying noise, excluding the space for carrying signals. In general, the SNR margin of the minimum tone is used as the SNR margin of the entire VDSL2 connection. 2.
Run the vdsl channel-profile quickadd command to quickly add a VDSL2 channel profile, or run the vdsl channel-profile add command to interactively add a VDSL2 channel profile. Main parameters: – path-mode: Indicates the path mode. There are two VDSL2 path modes: ATM mode and PTM mode. By default, the system supports both modes. If the default mode is used, the system can automatically adapt to the path mode of the peer end and therefore the setting of the path mode is not required in this case. To set the ATM mode as the VDSL2 path mode, select atm. To set the PTM mode as the VDSL2 path mode, select ptm. The default setting both is recommended. When both is selected, both modes are supported. – interleaved-delay: Indicates the interleave delay. A zero interleave delay corresponds to the fast mode. In the fast mode, the interleave delay is short, but the error correction capability is weak. A non-zero interleave delay corresponds to the interleave mode. The longer the interleave delay, the greater the interleave depth. In the interleave mode, the greater the interleave depth, the stronger the error correction capability, but the longer the delay. – inp: Indicates the impulse noise protection. The INP is a parameter that describes the line capability of resisting impulse interference. The INP affects the port rate. If the INP is 1, it indicates that the current channel can resist the impulse noise in 1 DMT character length. The interleave delay is related to the INP. In the fast mode, the INP is meaningless. – rate: Indicates the line rate. During line activation, a proper rate between the preset maximum rate and minimum rate is determined through automatic negotiation according to the line condition and the profile configuration. The user rate can be restricted by this rate or the rate set in the traffic profile bound to the user. When both rates function, the lower rate is selected as the user rate.
3.
Run the vdsl line-template quickadd command to quickly add a VDSL2 line template, or run the vdsl line-template add command to interactively add a VDSL2 line template. A VDSL2 line template consists of a VDSL2 line profile and a VDSL2 channel profile. To activate a VDSL2 port, bind a VDSL2 line template to the port.
l
Issue 09 (2015-02-28)
Configure a VDSL2 alarm template. 1.
Run the vdsl alarm-profile quickadd command to quickly add a VDSL2 line alarm profile, or run the vdsl alarm-profile add command to interactively add a VDSL2 line alarm profile.
2.
Run the vdsl channel-alarm-profile quickadd command to quickly add a VDSL2 channel alarm profile, or run the vdsl channel-alarm-profile add command to interactively add a VDSL2 channel alarm profile. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
42
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3.
1 Basic Configurations
Run the vdsl alarm-template quickadd command to quickly add a VDSL2 alarm template, or run the vdsl alarm-template add command to interactively add a VDSL2 alarm template. A VDSL2 alarm template consists of a VDSL2 line alarm profile and a VDSL2 channel alarm profile. Bind a VDSL2 alarm template rather than a VDSL2 line alarm profile or a VDSL2 channel alarm profile to a VDSL port.
----End
Example Assume that: l
Downstream rate: 2048 kbit/s
l
Channel mode: interleave mode
l
Downstream maximum interleave delay: 8 ms
l
Upstream maximum interleave delay: 2 ms
l
SNR margin: 6 dB
l
Downstream minimum INP: 4
l
Upstream minimum INP: 2
To add VDSL2 profile 3 with these parameters, do as follows: huawei(config)#vdsl huawei(config)#vdsl 128 10000 128 10000 huawei(config)#vdsl
line-profile quickadd 3 snr 60 0 300 60 0 300 channel-profile quickadd 3 interleaved-delay 8 2 inp 4 2 rate 2048 2048 line-template quickadd 3 line 3 channel1 3 100 100
1.12 Configuring System Security This topic describes how to configure the network security and protection measures of the system to protect the system from malicious attacks.
Background Information With the system security feature, the Background Information can be protected against the attacks from the network side or user side, and thus the Background Information can run stably on the network. System security includes the following items: l
ACL/Packet filtering firewall
l
Blacklist
l
Anti-DoS attack
l
Anti-ICMP/IP attack
l
Source route filtering
l
Source MAC address filtering
l
Allowed/Denied address segment
Table 1-10 lists the default settings of system security. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
43
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Table 1-10 Default settings of system security Parameter
Default Setting
Firewall blacklist
Disabled
Anti-DoS attack
Disabled
Anti-ICMP attack
Disabled
Anti-IP attack
Disabled
Source route filtering
Disabled
1.12.1 Configuring Firewall Configuring system firewall can control the packets that go through the management port of the device so that unauthorized operators cannot access the system through the inband or outband channel.
Background Information Firewall includes the following items: l
Blacklist: The blacklist function can be used to screen the packets sent from a specific IP address. A major feature of the blacklist function is that blacklist entries can be dynamically added or deleted. When firewall detects the attack attempt of a specific IP address according to the characteristics of packets, firewall actively adds an entry to the blacklist and then filters the packets from this IP address.
l
ACL packet filtering firewall: Configure an ACL to filter data packets. To set a port to allow only one type of packets to go through, use the ACL to implement the packet filtering function. For example, to allow only the packets from source IP address 1.1.1.1 to go through a port in the inbound direction, do as follows: 1.
Configure an ACL rule1, which allows the packets with source IP address 1.1.1.1 to pass.
2.
Configure an ACL rule2, which denies all packets.
3.
Run the firewall packet-filter command, and bind rule2 first and then rule1 to the inbound direction. NOTE
On the MA5600, an ACL can be activated in two modes. In two modes, the execution priorities on the sub-rules in one ACL are different. l Run the firewall packet-filter command to activate an ACL. This mode is applied to the NMS. For the sub-rules in one ACL, the execution priority is implemented by software. The earlier the execution priority of the sub-rules in one ACL is configured, the higher the priority. l Run the packet-filter command to activate an ACL. For the sub-rules in one ACL, the execution priority is implemented by hardware. The later the execution priority of the sub-rules in one ACL is configured, the higher the priority.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
44
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
NOTICE To ensure device security, firewall must be configured. This is to control the packets that go through the management port of the device.
Procedure l
Configure firewall blacklist. Two modes are supported: configuring firewall blacklist by using ACLs or by adding the source IP addresses of untrusted packets. Choose either mode, or both. When two modes are configured, the priority of the source IP addresses of untrusted packets function is higher than the priority of ACLs. That is, the system checks the source IP addresses of untrusted packets first, and then matches ACLs. NOTE
The firewall blacklist function only takes effect to the service packets that are sent from the user side.
–
–
l
Configure the firewall blacklist function by using advanced ACLs. 1.
Run the acl command to create an ACL. Only advanced ACLs can be used when the blacklist function is enabled. Therefore, the range of the ACL ID is 3000-3999.
2.
Run the rule(adv acl) command to create an advanced ACL.
3.
Run the quit command to return to the global config mode.
4.
Run the firewall blacklist enable acl-number command to enable the firewall blacklist function.
Configure the firewall blacklist function by adding the source IP addresses of untrusted packets. 1.
Run the firewall blacklist item command to add the source IP addresses of untrusted packets to the blacklist.
2.
Run the firewall blacklist enable command to enable the firewall blacklist function.
Configure the firewall (filtering packets based on the ACL). 1.
Run the acl command to create an ACL. Only basic ACLs and advanced ACLs can be used when packet filtering by firewall is configured. Therefore, the range of the ACL ID is 2000-3999.
2.
Run different commands to create different types of ACLs. – Basic ACL: Run the rule(basic acl) command. – Advanced ACL: Run the rule(adv acl) command.
Issue 09 (2015-02-28)
3.
Run the quit command to return to the global config mode.
4.
Run the firewall enable command to enable the firewall blacklist function. By default, the firewall blacklist function is disabled. To filter the packets of a port based on the basic ACL, enable the firewall blacklist function.
5.
Run the interface meth command to enter the METH mode to configure the firewall packet filtering rules for an METH interface; run the interface vlanif command to Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
45
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
enter the VLANIF mode configure the firewall packet filtering rules for a VLAN interface. 6.
Run the firewall packet-filter command to apply firewall packet filtering rules to an interface.
----End
Example To add IP address 192.168.10.18 to the firewall blacklist with the aging time of 100 min, do as follows: huawei(config)#firewall blacklist item 192.168.10.18 timeout 100 huawei(config)#firewall blacklist enable
To add the IP addresses in network segment 10.10.10.0 to the firewall blacklist and bind ACL 3000 to these IP addresses, do as follows: huawei(config)#acl 3000 huawei(config-acl-adv-3000)#rule deny ip source 10.10.10.0 0.0.0.255 destination huawei(config-acl-adv-3000)#quit huawei(config)#firewall blacklist enable acl-number 3000
To deny the users in network segment 172.16.25.0 to access the maintenance Ethernet port with IP address 172.16.25.28 on the device, do as follows: huawei(config)#acl 3001 huawei(config-acl-adv-3001)#rule 5 deny icmp source 172.16.25.0 0.0.0.255 destin ation 172.16.25.28 0 huawei(config-acl-adv-3001)#quit huawei(config)#firewall enable huawei(config)#interface meth 0 huawei(config-if-meth0)#firewall packet-filter 3001 inbound ACL applied successfully
1.12.2 Configuring Anti-Attack Enabling anti-DoS attack and anti-ICMP/IP attack, and configuring the source route filtering and source MAC address filtering functions can prevent malicious users' attack on the system, so as to improve system security.
Background Information The MA5600 supports the following measures to prevent malicious users' attack on the system. Choose measures according to actual requirements. l
Anti-DoS attack: Indicates the defensive measures taken by the system to receive only a certain number of control packets sent from a user.
l
Anti-ICMP attack: Indicates the defensive measures taken by the system to drop the ICMP packets sent from the user-side device to the MA5600. This is to prevent the user-side device from pinging the VLAN interface of the MA5600.
l
Anti-IP attack: Indicates the defensive measures taken by the system to drop the IP packets sent from the user-side device to the MA5600.
l
Source route filtering: Indicates the defensive measures taken by the system to filter the IP packets that are sent by the user and carry the routing option field.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
46
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
l
Source MAC address filtering: Indicates the defensive measures taken by the system to filter the packets that are sent by the user and carry certain source MAC addresses.
l
User-side ring network check: Indicates the defensive measures taken by the system to check user-side ring networks. In this manner, the system can process ring networks to prevent ring networks from affecting services.
l
Configure anti-DoS attack.
Procedure Run the security anti-dos enable command to enable anti-DoS attack. After the anti-DoS attack function is enabled, the system adds the user port to the blacklist if the receive rate of the control packet of the user reaches a preset value. When anti-DoS attack is disabled, the system deletes the blacklist. Application scenario: Two PCs (PC1 and PC2) are connected to the network through the MA5600. If a malicious user (PC1) sends a large number of protocol control packets to attack the CPU of the MA5600, the CPU usage of the MA5600 will be over high, and then the MA5600 is unable to process the services of another user (PC2). To implement antiDoS attack, shield the attack port to protect the MA5600 from being attacked. l
Configure anti-ICMP attack. Run the security anti-icmpattack enable command to enable anti-ICMP attack. AntiICMP attack is used to prevent the user-side device from pinging the VLAN interface of the MA5600. Application scenario: Two PCs (PC1 and PC2) are connected to the network through the MA5600. When PC2 sends a large number of ICMP packets to the VLAN interface, the services of the user (PC1) that obtains the upper-layer DHCP information through the same VLAN interface will be abnormal. To implement anti-ICMP attack, directly drop the userside ICMP packets if the IP address of the VLAN interface on the MA5600 is its destination IP address.
l
Enable anti-IP attack. Run the security anti-ipattack enable command to enable anti-IP attack. The anti-IP attack is used to prevent user-side IP packets from attacking the L3 interface of the device or to prevent illegal users from logging in to the device through telnet. Application scenario: When a PC sends the packets with the address of VLAN x as the destination IP address to VLANIF x, it may send a large number of packets to attack the device, causing the device to fail to process normal services; when a user knows the address of VLAN x, or the user name and password for logging in to the device, it may log in to the device through telnet to randomly change the configurations of the device. To prevent the two preceding cases, the device needs to implement anti-IP attack. With this feature, the device drops the packets with the address of the device interface as the destination IP address to prevent the user from attacking the device.
l
Enable the source route filtering function. Run the security source-route enable command to enable the source route filtering function. This function is used to filter the packets that carry the routing information and are reported to the L3 switch. Application scenario: In general, routes are dynamic and application does not control route selection. The sender can add the routing information to IP packets through the source route
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
47
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
to perform route selection. In this case, packets go along a specific route on the network according to the intention of the sender. To prevent the preceding cases, enable the source route filtering function. Then the MA5600 performs validity check on IP packets and drops the packets that match the source route options. l
Configure the MAC address filtering function. Run the security mac-filter command to enable the MAC address filtering function. Application scenario: To prevent users from forging the MAC address of the network-side device, or forging certain renowned MAC addresses, set the MAC address of the networkside as the MAC address to be filtered.
----End
Example To enable the anti-DoS attack function and anti-IP attack function, do as follows: huawei(config)#security anti-dos enable huawei(config)#security anti-ipattack enable
1.12.3 Preventing the Access of Illegal Users Only the users of the permitted IP address segment can access the device, and the users of the denied IP address segment cannot access the device. This prevents the users of illegal IP address segments from logging in to the system, thus safeguarding the system.
Background Information Each firewall can be configured with up to 10 address segments. When adding an address segment, ensure that the start address does not repeat an existing start address. To delete an address segment, you only need to enter the start address of the address segment.
Procedure l
Configure the permitted/denied IP address segment for the access through Telnet. 1.
Run the sysman firewall telnet enable command to enable the firewall function for the access through Telnet. By default, the firewall function of the system is disabled.
2.
Run the sysman ip-access telnet command to configure the IP address segment that is permitted to access the device through Telnet.
NOTICE To ensure the device security, apply the minimum authorization principles. That is, configure the permitted IP address segment, and add only the necessary management IP address segment. IP addresses other than have been specified are not permitted to access the device through the management port.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
48
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3.
1 Basic Configurations
Run the sysman ip-refuse telnet command to configure the IP address segment that is forbidden to access the device through Telnet. NOTE
The permitted IP address segment and the denied IP address segment are not overlap and only the user whose IP address is in the permitted address segment and is not in the denied address segment can access the device.
l
Configure the permitted/denied IP address segment for the access through SSH. 1.
Run the sysman firewall ssh enable command to enable the firewall function for the access through SSH. By default, the firewall function of the system is disabled.
2.
Run the sysman ip-access ssh command to configure the IP address segment that is permitted to access the device through SSH.
NOTICE To ensure the device security, apply the minimum authorization principles. That is, configure the permitted IP address segment, and add only the necessary management IP address segment. IP addresses other than have been specified are not permitted to access the device through the management port. 3.
Run the sysman ip-refuse ssh command to configure the IP address segment that is forbidden to access the device through SSH. NOTE
The permitted IP address segment and the denied IP address segment are not overlap and only the user whose IP address is in the permitted address segment and is not in the denied address segment can access the device.
l
Configure the permitted/denied IP address segment for the access through SNMP (NMS). 1.
Run the sysman firewall snmp enable command to enable the firewall function for the access through SNMP. By default, the firewall function of the system is disabled.
2.
Run the sysman ip-access snmp command to configure the IP address segment that is permitted to access the device through SNMP.
NOTICE To ensure the device security, apply the minimum authorization principles. That is, configure the permitted IP address segment, and add only the necessary management IP address segment. IP addresses other than have been specified are not permitted to access the device through the management port. 3.
Run the sysman ip-refuse snmp command to configure the IP address segment that is forbidden to access the device through SNMP. NOTE
The permitted IP address segment and the denied IP address segment are not overlap and only the user whose IP address is in the permitted address segment and is not in the denied address segment can access the device.
----End Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
49
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Example To enable the firewall function for the access through Telnet, and permit only the users of the IP address segment 10.10.5.1– 10.10.5.254to log in to the device through Telnet, do as follows: huawei(config)#sysman firewall telnet enable huawei(config)#sysman ip-access telnet 10.10.5.1 10.10.5.254
To enable the firewall function for the access through SSH, and permit only the users of the IP address segment 10.10.20.1– 10.10.20.254to log in to the device through SSH, do as follows: huawei(config)#sysman firewall ssh enable huawei(config)#sysman ip-access ssh 10.10.20.1 10.10.20.254
To enable the firewall function for the access through SNMP, and permit only the users of the IP address segment 10.10.20.1–10.10.20.254 to log in to the device through SNMP, do as follows: huawei(config)#sysman firewall snmp enable huawei(config)#sysman ip-refuse snmp 10.10.20.1 10.10.20.254
1.13 Configuring the User Security Configuring the security mechanism can protect operation users and access users against user account theft and roaming or from the attacks from malicious users.
Background Information The user security mechanism includes: l
PITP: The purpose of the PITP feature is to provide the user physical location information for the upper-layer authentication server. After the BRAS obtains the user physical location information, the BRAS binds the information to the user account for authentication, thus protecting the user account against theft and roaming.
l
DHCP option 82: The user physical location information is added to the option 82 field in the DHCP request sent by the user. The information is used by the upper-layer authentication server for authenticating the user, thus protecting the user account against theft and roaming.
l
IP address binding: The IP address of the user is bound to the corresponding service port for authenticating the user, thus ensuring the security of the authentication.
l
MAC address binding: The MAC address is bound to the service port, thus preventing the access of illegal users.
l
Anti-MAC spoofing: It is a countermeasure taken by the system to prevent a user from attacking the system with a forged MAC address.
l
Anti-IP spoofing: It is a countermeasure taken by the system to prevent a user from attacking the system with a forged IP address
l
User-side ring network detection.
Table 1-11 lists the default settings of the user security mechanism.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
50
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Table 1-11 Default settings of the user security mechanism Parameter
Default Setting
Remarks
PITP
Global function: disabled
The PITP function can be enabled only when the functions at all levels are enabled.
Port-level function: enabled DHCP option 82
Global function: disabled
Anti-IP spoofing
Global function: disabled
The anti-IP spoofing function can be enabled only when this function is enabled.
Anti-MAC spoofing
Global function: disabled
The anti-MAC spoofing function can be enabled only when this function is enabled.
User-side ring network detection
disabled
-
Port-level function: enabled
The DHCP option 82 function can be enabled only when the functions at all levels are enabled.
1.13.1 Configuring Anti-Theft and Roaming of User Account Through PITP Policy Information Transfer Protocol (PITP) is used for the user PPPoE dialup access. It is a protocol defined for transferring policy information between the access device and the BRAS through L2 P2P communication. PITP can be used for transferring the user physical port information and protecting the user account against theft and roaming.
Application Context PITP is a member of Huawei Group Management Protocol (HGMP) family. It is used for providing the user port information for the BRAS. After the BRAS obtains the user port information, the BRAS binds the user account to the user port, thus protecting the user account against theft and roaming. PITP has two modes, the PPPoE+ mode (also called the PITP P mode) and the VBAS mode (also called the PITP V mode). PITP is applicable to the networking of a standalone MA5600 and the networking of subtended MA5600s. l
In the networking of a stand-alone MA5600: Two PCs (PC1 and PC2) are connected to different ports of the MA5600 for the dialup access.
l
In the networking of subtended MA5600s: Two PCs (PC1 and PC2) are connected to different MA5600s (PC1 is connected to the MA5600, and PC2 is connected to the MA5600 through a subtended device) for the dialup access.
The principles in the two scenarios are similar. The user dials up from PC1 by using the corresponding user account. The BRAS binds the user account to the user's physical port information reported by the MA5600. When the user of PC2 dials up by using the user account Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
51
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
of PC1, the BRAS discovers that the user account does not match the physical port information and thus rejects the dialup access request of PC2.
Default Configuration Table 1-12 lists the default settings related to PITP. Table 1-12 Default settings related to PITP Parameter
Default Setting
PITP function
Global function: disabled
User-side PPPoE packet carrying the vendor tag information
Disabled
Procedure Step 1 Configure the relay agent information option (RAIO). Before using the PITP function, you must configure RAIO. l Run the raio-mode mode pitp-pmode command to configure the RAIO mode in the PITP P mode. l Run the raio-mode mode pitp-vmode command to configure the RAIO mode in the PITP V mode. The PITP P mode supports all the RAIO modes; the PITP V mode currently supports only the common, cntel, and userdefine modes. user-defined: Indicates the user-defined mode. In this mode, you need to run the raio-format command to configure the RAIO format. Select a corresponding keyword for configuring the RAIO format according to the PITP mode. l In the PITP P mode, run the raio-format pitp-pmode command to configure the RAIO format. l In the PITP V mode, run the raio-format pitp-vmode command to configure the RAIO format. In the case of the user-defined RAIO format, configure the circuit ID (CID) and the remote ID (RID). If the access mode is not selected, the configured format applies to all access modes. If the access mode is selected, the configured format applies to only this access mode. The CID format and RID format in the PITP V mode are the same: l CID: Identifies the attribute information about the device. l RID: Identifies the access information about the user. Step 2 Configure the PITP function. The PITP function can be enabled or disabled at two levels. The PITP function is enabled only when it is enabled at the two levels. The global PITP function has higher priority over the portlevel and service-port-level PITP functions. 1.
Issue 09 (2015-02-28)
Global PITP function: Run the pitp enable pmode command to enable global PITP P mode. By default, the global PITP function is disabled. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
52
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
In the PITP V mode, run the pitp vmode ether-type command to set the Ethernet protocol type to be the same as that of the BRAS. Then, run the pitp enable vmode command to enable global PITP V mode. NOTE
The Ethernet protocol type of the PITP V mode must be configured when the PITP V mode is disabled.
2.
Port-level PITP function: Run the pitp port or pitp board command to configure the portlevel PITP function. By default, the port-level PITP function is enabled.
----End
Example Assume that: l
RAIO mode: user-defined mode
l
CID format for the ATM access mode: shelf ID/slot ID/port ID: VPI.VCI
l
CID format for the Ethernet access mode: shelf ID/slot ID/port ID: VLAN ID
To enable the PITP P mode on port 0/2/0, do as follows: huawei(config)#raio-mode user-defined huawei(config)#raio-format pitp-pmode huawei(config)#raio-format pitp-pmode huawei(config)#raio-format pitp-pmode huawei(config)#raio-format pitp-pmode huawei(config)#pitp enable pmode huawei(config)#pitp port 0/2/0 enable
pitp-pmode cid atm anid atm frame/slot/port:vpi.vci cid eth anid eth frame/slot/port:vlanid rid atm plabel rid eth plabel
Assume that: l
RAIO mode: user-defined mode
l
CID/RID format for the ATM access mode: shelf ID/slot ID/port ID: VPI.VCI
l
CID/RID format for the Ethernet access mode: shelf ID/slot ID/port ID: VLAN ID
To set the Ethernet protocol type of VBRAS packets to be the same as that of the upper-layer BRAS, namely, 0x8500, and enable the PITP V mode on port 0/3/0, do as follows: huawei(config)#raio-mode user-defined pitp-vmode huawei(config)#raio-format pitp-vmode atm anid atm frame/slot/port:vpi.vci huawei(config)#raio-format pitp-vmode eth anid eth frame/slot/port:vlanid huawei(config)#pitp vmode ether-type 0x8500 huawei(config)#pitp enable vmode huawei(config)#pitp port 0/3/0 enable
1.13.2 Configuring Anti-Theft and Roaming of User Accounts Through DHCP DHCP improves the user authentication security by adding the user physical location information to the option 82 field of the DHCP request packets initiated by the user, so as to prevent theft and roaming of the user account.
Background Information The option 82 field contains the circuit ID (CID), remote ID (RID), and sub-option 90 field (optional), which provides the information such as the user shelf ID, slot ID, port ID, VPI, and VCI. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
53
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
The MA5600 can work in the L2 DHCP forwarding mode or L3 DHCP forwarding mode. In either mode, anti-theft and roaming of user accounts through DHCP option 82 can be configured, and the configurations are the same. Table 1-13 lists the default settings related to DHCP option 82. Table 1-13 Default settings related to DHCP option 82 Parameter
Default Setting
Status of the DHCP option 82 function
Global status: disabled Port-level status: enabled
Procedure Step 1 Configure the RAIO. The RAIO is the short form for relay agent information option. Before using the DHCP function, you must configure the RAIO. Run the raio-mode command to set the RAIO mode. l Select dhcp-option 82 as the corresponding mode. l In the user-defined mode, you need to run the raio-format command to configure the RAIO format, and select dhcp-option 82 as the corresponding mode. To configure the user-defined format, mainly configure the RID in the CID. If the access mode is not selected, the configured format is valid to all access modes. If the access mode is selected, the configured format is valid to only this access mode. For details about the RAIO format, see the raioformat command. – CID identifies the attribute information of the device. – RID identifies the access information of the user. Step 2 Enable or disable the DHCP option 82 function. Run the dhcp option82 command to enable the DHCP option 82 function on the system and port. By default, the DHCP option 82 function is disabled globally. The DHCP option 82 function can be enabled or disabled at two levels. The DHCP option 82 function takes effect only when it is enabled at the two levels. 1.
System level: Run the dhcp option82 command to enable the DHCP option 82 function globally. By default, the DHCP option 82 function is disabled globally.
2.
Port level: Run the dhcp option82 board or dhcp option82 port command to enable the DHCP option 82 function for a board or port. By default, the DHCP option 82 function for a board or port is enabled.
----End
Example Assume that: l Issue 09 (2015-02-28)
RAIO mode: user-defined mode Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
54
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
l
CID format for the ETH access mode: shelf ID/slot ID/sub slot ID/port ID: vlanid
l
RID format for all access modes: label of the service port
To enable the DHCP option 82 function on port 0/1/0, do as follows: huawei(config)#raio-mode user-defined dhcp-option82 huawei(config)#raio-format dhcp-option82 cid eth anid eth frame/slot/subslot/ port:vlanid huawei(config)#raio-format dhcp-option82 rid eth splabel huawei(config)#dhcp option82 enable uawei(config)#dhcp option82 port 0/1/0 enable
1.13.3 Configuring Anti-IP Spoofing and Anti-MAC Spoofing This topic describes how to configure anti-IP spoofing and anti-MAC spoofing to prevent malicious users from attacking legal users by forging the IP address and MAC address of the legal users.
Background Information Anti-IP spoofing is to dynamically trigger the IP address binding, thus preventing illegal users from stealing the IP address of legal users. When anti-IP spoofing is enabled, a user port is bound to an IP address after the user goes online. Then, the user cannot go online through this port by using other IP addresses, and any user cannot go online through other ports by using this IP address. The major function of anti-MAC spoofing is to prevent illegal users from forging the MAC address of legal users. The purpose is to ensure that the service of legal users is not affected. Anti-MAC spoofing is applied to PPPoE and DHCP access users. IP address binding refers to binding an IP address to a service port. After the binding, the service port permits only the packet whose source IP address is the bound address to go upstream, and discards the packets that carry other source IP addresses. MAC address binding refers to binding a MAC address to a service port. After the binding, only the user whose MAC address is the bound MAC address can access the network through the service port. The MA5600 does not support the direct binding of a MAC address. Instead, the binding between a service port and a MAC address is implemented through setting a static MAC address entry of a port and setting the maximum number of learnable MAC addresses to 0.
Procedure l
Configure anti-IP spoofing. Run the security anti-ipspoofing command to configure the anti-IP spoofing function. By default, the anti-IP spoofing function is disabled. NOTE
When anti-IP spoofing is enabled after a user is already online, the IP address of this user is not bound by the system. As a result, the service of this user is interrupted, this user goes offline, and the user needs to go online again. Only the user who goes online after anti-IP spoofing is enabled can have the IP address bound.
l Issue 09 (2015-02-28)
Configure anti-MAC spoofing. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
55
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
NOTICE To ensure device security, it is recommended that you enable this function. – Run the security anti-macspoofing command to configure the global function. By default, the global function is disabled. – Run the security anti-macspoofing max-mac-count command to configure the maximum number of MAC addresses that can be bound to the service port. By default, up to eight MAC addresses can be bound. NOTE
When anti-MAC spoofing is enabled after a user is already online, the MAC address of this user is not bound by the system. As a result, the service of this user is interrupted, this user goes offline, and the user needs to go online again. Only the user who goes online after anti-MAC spoofing is enabled can have the MAC address bound.
l
Bind an IP address. Run the bind ip command to bind an IP address to a service port. To permit only the users of certain IP addresses to access the system so that illegal users cannot access the system by using the IP addresses of legal users, configure the IP address binding.
l
Bind a MAC address. 1.
Run the mac-address static command to add a static MAC address.
2.
Run the mac-address max-mac-count command to set the maximum number of learnable MAC addresses to 0. By default, the maximum number of learnable MAC addresses of a port in the system is 255. This parameter is to limit the maximum number of the MAC addresses that can be learned through one account, that is, to limit the maximum number of the PCs that can access the Internet through one account.
----End
Example To enable anti-IP spoofing in service VLAN 10, do as follows: huawei(config)#security anti-ipspoofing enable vlan 10
To enable anti-MAC spoofing for service VLAN 10, and set the maximum number of MAC addresses that can be bound to service port 0/2/1 in this VLAN to 7, do as follows: huawei(config)#security anti-macspoofing enable vlan 10 huawei(config)#security anti-macspoofing max-mac-count 0/2/1 user-vlan 10 7
To bind IP address 10.10.10.2 to the ADSL2+ service port whose physical port is 0/3/0, VPI/ VCI is 0/35, and user-side VLAN is 100, do as follows: huawei(config)#bind ip adsl 0/3/0 vpi 0 vci 35 user-vlan 100 10.10.10.2
To bind static MAC address 1010-1010-1010 to the ADSL2+ service port whose physical port is 0/3/0, VPI/VCI is 0/35, and user-side VLAN is 100, and set the maximum number of learnable dynamic MAC addresses to 10, do as follows: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
56
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
huawei(config)#mac-address static adsl 0/3/0 vpi 0 vci 35 single-service 1010-1010-1010 huawei(config)#mac-address max-mac-count adsl 0/3/0 vpi 0 vci 35 user-vlan 100 10
1.13.4 Configuring the Ring Network Detection on the User Side This topic describes how to enable the ring network detection on the user side to prevent the services from being affected by the ring network.
Background Information l
By default, the ring network detection on the user side is disabled.
l
After the ring network detection on the user side is enabled, the system automatically detects the ring network on the user side.
l
By default, the ring detection mode on the user side is private BPDU. You can set the ring detection mode to private Ethernet mode. The private BPDU mode and the private Ethernet mode are mutually exclusive.
l
If you set the ring detection mode to private BPDU: – The ring between ports on the user side can be detected and the packet receive ports are blocked. – When you need to detect the ring between the user and the upstream port, the STP function needs to be enabled. – The ring between two devices of the same type can be detected only if the detection modes of the two devices are set to private BPDU.
l
If you set the ring detection mode to private Ethernet: – The ring between ports on the user side can be detected and the packet transmit ports are blocked. – When you need to detect the ring between the user and the upstream port, the STP function need not be enabled and the user ports are blocked. – The ring between two devices cannot be detected.
NOTICE To ensure the device security, it is recommended that you enable the ring network detection on the user side.
Procedure Step 1 Run the ring check enable command to enable the ring network detection on the user side. Step 2 Run the ring check mode command to set the detection mode of the ring network on the user side. Step 3 Run the display ring check config command to query the status of the ring network detection on the user side. ----End Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
57
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Example To enable the ring network detection on the user side and set the detection mode to private Ethernet, do as follows: hauwei(config)#ring check enable huawei(config)#ring check mode private-ethtype huawei(config)#display ring check config Ring checking function is enabled
1.14 Configuring AAA This topic describes how to configure the AAA on the MA5600, including configuring the MA5600 as the local and remote AAA servers.
Background Information AAA refers to authentication, authorization, and accounting. In the process that a user accesses network resources, through AAA, certain rights are authorized to the user if the user passes authentication, and the original data about the user accessing network resources is recorded. l
Authentication: Checks whether a user is allowed to access network resources.
l
Authorization: Determines what network resources a user can access.
l
Accounting: Records the original data about the user accessing network resources.
Application Context AAA is generally applied to the users that access the Internet in the PPPoA, PPPoE, 802.1x, VLAN, WLAN, ISDN, or Admin Telnet (associating the user name and the password with the domain name) mode. NOTE
In the existing network, 802.1x and Admin Telnet correspond to the local AAA, that is, the MA5600 functions as a local AAA server; PPPoE corresponds to the remote AAA, that is, the MA5600 functions as the client of a remote AAA server.
Figure 1-7 shows an example network of the AAA application. Figure 1-7 Example network of the AAA application
MA5600
RADIUS server
PC
The preceding figure shows that the AAA function can be implemented on the MA5600 in the following ways: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
58
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
l
The MA5600 functions as a local AAA server. In this case, the local AAA needs to be configured. The local AAA does not support accounting.
l
The MA5600 functions as the client of a remote AAA server, and is connected to the RADIUS server through the RADIUS protocol, thus implementing the AAA. The RADIUS protocol, however, does not support authorization.
1.14.1 Configuring the Remote AAA (RADIUS Protocol) The MA5600 is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.
Background Information l
What is RADIUS: – RADIUS is short for the remote authentication dial-in user service. It is a distributed information interaction protocol with the client/server structure. Generally, it is used to manage a large number of distributed dial-in users. – RADIUS implements the user authentication by managing a simple user database, and adjusts the user service information according to the user service type and rights. – The authentication request of users can be passed on to the RADIUS server through a network access server (NAS).
l
Principles of RADIUS: – When a user tries to access another network (or some network resources) by setting up a connection to the NAS through a network, the NAS forwards the user authentication information to the RADIUS server. The RADIUS protocol specifies the means of transmitting the user information between the NAS and the RADIUS server. – The RADIUS server receives the connection requests of users sent from the NAS, authenticates the user account and password contained in the user data, and returns the required data to the NAS.
l
Specification: – For the MA5600, the RADIUS is configured based on each RADIUS server group. – In actual networking, a RADIUS server group can be any of the following: – An independent RADIUS server – A pair of primary/secondary RADIUS servers with the same configuration but different IP addresses – The following lists the attributes of a RADIUS server template: – IP addresses of primary and secondary servers – Shared key – RADIUS server type
l
Issue 09 (2015-02-28)
The configuration of the RADIUS protocol defines only the essential parameters for the information exchange between the MA5600 and the RADIUS server. To make the essential parameters take effect, the RADIUS server group needs to be referenced in a certain domain.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
59
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Procedure Step 1 Configure the AAA authentication scheme. NOTE
l The authentication scheme specifies how all the users in an ISP domain are authenticated. l The system supports up to 16 authentication schemes. The system has a default accounting scheme named default. It can only be modified, but cannot be deleted.
1.
Run the aaa command to enter the AAA mode.
2.
Run the authentication-scheme command to add an authentication scheme.
3.
Run the authentication-mode radius command to configure the authentication mode of the authentication scheme.
4.
Run the quit command to return to the AAA mode.
Step 2 Configure the RADIUS protocol. 1.
Run the radius-server template command to create a RADIUS server template and enter the RADIUS server template mode.
2.
Run the radius-server authentication command to configure the IP address and the UDP port ID of the RADIUS server for authentication. NOTE
l To guarantee normal communication between the MA5600 and the RADIUS server, before configuring the IP address and UDP port of the RADIUS server, make sure that the route between the RADIUS server and the MA5600 is in the normal state. l Make sure that the configuration of the RADIUS service port of the MA5600 is consistent with the port configuration of the RADIUS server.
3.
(Optional) Run the radius-server shared-key command to configure the shared key of the RADIUS server. NOTE
l The RADIUS client (MA5600) and the RADIUS server use the MD5 algorithm to encrypt the RADIUS packets. They check the validity of the packets by setting the encryption key. They can receive the packets from each other and can respond to each other only when their keys are the same. l By default, the shared key of the RADIUS server is huawei.
4.
(Optional) Run the radius-server timeout command to set the response timeout time of the RADIUS server. By default, the timeout time is 5s. The MA5600 sends the request packets to the RADIUS server. If the RADIUS server does not respond within the response timeout time, the MA5600 re-transmits the request packets to the RADIUS to ensure that users can obtain corresponding services from the RADIUS server.
5.
(Optional) Run the radius-server retransmit command to set the maximum re-transmit times of the RADIUS request packets. By default, the maximum re-transmit times is 3. When the re-transmit times of the RADIUS request packets to a RADIUS server exceeds the maximum re-transmit times, the MA5600 considers that its communication with the RADIUS server is interrupted, and thus transmits the RADIUS request packets to another RADIUS server.
6.
Issue 09 (2015-02-28)
(Optional) Run the (undo)radius-server user-name domain-included command to configure the user name (not) to carry the domain name when transmitted to the RADIUS server. By default, the user name of the RADIUS server carries the domain name. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
60
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
l An access user is named in the format of userid@domain-name, and the part followed by "@" is the domain name. The MA5600 classifies a user into a domain according to the domain name. l If a RADIUS server group rejects the user name carrying the domain name, the RADIUS server group cannot be set or used in two or more domains. Otherwise, when some access users in different domains have the same user name, the RADIUS server considers that these users are the same because the names transmitted to the server are the same. 7.
Run the quit command to return to the global config mode.
Step 3 Create a domain. NOTE
l A domain is a group of users of the same type. l When the user name is in the format of userid@domain-name (for example,
[email protected]), "domain-name" followed by "@" is the domain name, and "userid" is the user name used for authentication. l The domain name for user login cannot exceed 15 characters, and the other domain names cannot exceed 20 characters.
1.
Run the aaa to enter the AAA mode.
2.
In the AAA mode, run the domain command to create a domain.
Step 4 Reference the authentication scheme. NOTE
You can reference an authentication scheme in a domain only after the authentication scheme is created.
In the domain mode, run the authentication-scheme command to reference the authentication scheme. Step 5 Reference the RADIUS server template. NOTE
You can reference a RADIUS server template in a domain only after the RADIUS server template is created.
1.
In the domain mode, run the radius-server template command to reference the RADIUS server template.
2.
Run the quit command to return to the AAA mode.
----End
Example User1 in the isp domain adopts the RADIUS protocol for authentication. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication server. On the RADIUS server, the authentication port ID is 1812, and the other parameters adopt the default values. To perform the preceding configuration, do as follows: huawei(config)#aaa huawei(config-aaa)#authentication-scheme newscheme huawei(config-aaa-authen-newscheme)#authentication-mode radius huawei(config-aaa-authen-newscheme)#quit huawei(config-aaa)#quit
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
61
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
huawei(config)#radius-server template hwtest huawei(config-radius-hwtest)#radius-server authentication 10.10.66.66 1812 huawei(config-radius-hwtest)#radius-server authentication 10.10.66.67 1812 secondary huawei(config-radius-hwtest)#quit huawei(config)#aaa huawei(config-aaa)#domain isp huawei(config-aaa-domain-isp)#authentication-scheme newscheme huawei(config-aaa-domain-isp)#radius-server hwtest huawei(config-aaa-domain-isp)#quit
1.14.2 Configuration Example of the RADIUS Authentication The MA5600 is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.
Service Requirements l
The RADIUS server performs authentication for user1 in isp1.
l
The RADIUS server with the IP address 10.10.66.66 functions as the primary server for authentication.
l
The RADIUS server with the IP address 10.10.66.67 functions as the secondary server for authentication.
l
The authentication port ID is 1812.
l
Other parameters adopt the default settings.
Networking Figure 1-8 shows an example network of the RADIUS authentication. Figure 1-8 Example network of the RADIUS authentication RADIUS server (Master) 10.10.66.66
RADIUS server (Backup) 10.10.66.67
user1@isp1
user2@isp2 MA5600
user3@isp3
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
62
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Procedure Step 1 Configure the authentication scheme. Configure authentication scheme newscheme (users are authenticated through RADIUS). huawei(config)#aaa huawei(config-aaa)#authentication-scheme newscheme huawei(config-aaa-authen-newscheme)#authentication-mode radius huawei(config-aaa-authen-newscheme)#quit huawei(config-aaa)#quit
Step 2 Configure the RADIUS protocol. Create RADIUS server template template1. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication. huawei(config)#radius-server template template1 Note: Create a new server template huawei(config-radius-template1)#radius-server authentication 10.10.66.66 1812 huawei(config-radius-template1)#radius-server authentication 10.10.66.67 1812 secondary huawei(config-radius-template1)#quit
Step 3 Create a domain. Create domain isp1. huawei(config)#aaa huawei(config-aaa)#domain isp1 Info: Create a new domain
Step 4 Reference the authentication scheme. You can reference an authentication scheme in a domain only after the authentication scheme is created. huawei(config-aaa-domain-isp1)#authentication-scheme newscheme
Step 5 Reference the RADIUS server template. You can reference a RADIUS server template in a domain only after the RADIUS server template is created. huawei(config-aaa-domain-isp1)#radius-server template1 huawei(config-aaa-domain-isp1)#quit
----End
Result User1 in isp1 can be authenticated and can log in to the MA5600.
Configuration Script aaa authentication-scheme newscheme authentication-mode radius quit quit radius-server template radtest
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
63
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
radius-server authentication 10.10.66.66 1812 radius-server authentication 10.10.66.67 1812 secondary quit aaa domain isp1 authentication-scheme newscheme radius-server radtest quit
1.15 Configuring the ACL This topic describes the type, rule, and configuration of the ACL on the MA5600.
Background Information An access control list (ACL) is used to filter certain packets by a series of preset rules. In this manner, the objects that need to be filtered can be identified. After the specific objects are identified, the corresponding data packets are permitted to pass or prohibited from passing according to the preset policy. The ACL-based traffic filtering process is a prerequisite for configuring the QoS or user security. Table 1-14 lists the ACL types. Table 1-14 ACL types Type
Value Range
Feature
Basic ACL
2000-2999
The rules of a standard ACL are only defined according to the L3 source IP address for analyzing and processing data packets.
Advanced ACL
3000-3999
The rules of an advanced ACL are defined according to the source IP address, destination IP address, type of the protocol over IP, and features of the protocol (including TCP source port, TCP destination port, and ICMP message type). Compared with the basic ACL, the advanced ACL contains more accurate, comprehensive, and flexible rules.
Issue 09 (2015-02-28)
Link layer ACL
4000-4999
A link-layer ACL allows definition of rules according to the link-layer information such as the source MAC address, VLAN ID, link-layer protocol type, and destination MAC address, and the data is processed accordingly.
User-defined ACL
5000-5999
The rules of a user-defined ACL are defined according to any 32 bytes of the first 80 bytes in the L2 data frame for analyzing and processing data packets.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
64
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
When an arrival packet stream matches two or more ACL rules, the matching sequence is as follows: l
The priority of a customized rule is higher than the priority of all non-customized rules.
l
An ACL rule takes effect only when it is within the period of time-range-name. You can run the display time-range command to query this period and run the time-range command to set this period.
l
If the rules are all customized rules or non-customized rules, and are issued to the physical port, the matching sequence is from the rule with a higher priority to the rule with a lower priority. If a rule is matched, no more rules will be matched. – If the rules of an ACL are activated at the same time, the rule with a greater rule ID has a higher priority. – If the rules of an ACL are activated one by one, the rule activated later has a higher priority over the one activated earlier. – If the rules of different ACLs are issued to a port, the rule activated later has a higher priority over the one activated earlier. NOTE
For the SCUK control board, the matching sequence is from the rule with a higher priority to the rule with a lower priority. Every rule will be matched.
l
If the rules are all customized rules or non-customized rules, and are issued to the routing interface or firewall, the rule with a smaller rule ID has a higher priority. It is irrelative to the activation sequence. The rules are used to match packets by rule ID in an ascending order. Once the rule with a smaller rule ID matches packets, its subsequent rules are not used. That is, the rules with a greater rule ID take no effect.
Precautions The ACL is flexible in use. Therefore, the following suggestions on its configuration are provided: l
It is recommended that you define a general rule, such as permit any or deny any, in each ACL, so that each packet has a matching traffic rule that determines to forward or filter the unspecified packet.
l
The activated ACL rules share the hardware resources with the protocol modules (such as DHCP module and IPoA module). In this case, the hardware resources are limited and may be insufficient. To prevent the failure of enabling other service functions due to insufficient hardware resources, it is recommended you enable the protocol module first and then activate ACL rules in the data configuration. If you fail to enable a protocol module, perform the following steps: 1.
Check whether ACL rules occupy too many resources.
2.
If ACL rules occupy too many resources, deactivate or delete the unimportant or temporarily unused ACL configurations, and then configure and enable the protocol module.
1.15.1 Configuring a Basic ACL This topic is applicable to the scenario where the device needs to classify traffic for packets according to the source IP address. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
65
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Context The number of a basic ACL is in the range of 2000-2999. A basic ACL is only defined according to the L3 source IP address for analyzing and processing data packets.
Procedure Step 1 (Optional) Set a time range. Run the time-range command to create a time range, which can be used when an ACL rule is created. Step 2 Create a basic ACL. Run the acl command to create a basic ACL, and then enter the ACL mode. The number of a basic ACL can only be in the range of 2000-2999. Step 3 Configure a basic ACL rule. In the acl-basic mode, run the rule command to create a basic ACL rule. The parameters are as follows: l rule-id: Indicates the ACL rule ID. To create an ACL rule with a specified ID, use this parameter. l permit: Indicates the keyword for allowing the data packets that meet related conditions to pass. l deny: Indicates the keyword for discarding the data packets that meet related conditions. l time-range: Indicates the keyword of the time range during which the ACL rule is effective. Step 4 Activate the ACL. After an ACL is configured, only an ACL is generated and the ACL does not take effect. You need to run other commands to activate the ACL as follows: l Run the packet-filter command to activate an ACL. l Run the firewall packet-filter command to activate an ACL. For details, see Configuring the Firewall. l Perform the QoS operation. For details, see Configuring Traffic Management Based on ACL Rules. ----End
Example To configure that from 00:00 to 12:00 on Fridays, port 0/0/0 on the MA5600 receives only the packets from 2.2.2.2, and discards the packets from other addresses, do as follows: huawei(config)#time-range time1 00:00 to 12:00 fri huawei(config)#acl 2000 huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0.0.0.0 time-range time1 huawei(config-acl-basic-2000)#rule deny time-range time1 huawei(config-acl-basic-2000)#quit huawei(config)#packet-filter inbound ip-group 2000 port 0/0/0 huawei(config)#save
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
66
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
1.15.2 Configuring an Advanced ACL This topic describes how to classify traffic for the data packets according to the source IP address, destination IP address, protocol type over IP, and features for protocol, such as source port of the TCP, destination port of the TCP, and ICMP type of the data packets.
Context The number of an advanced ACL is in the range of 3000-3999. An advanced ACL can classify traffic according to the following information: l
Protocol type
l
Source IP address
l
Destination IP address
l
Source port ID (source port of the UDP or TCP packets)
l
Destination port ID (destination port of the UDP or TCP packets)
l
ICMP packet type
l
Precedence value: priority field of the data packet
l
Type of service (ToS) value: ToS field of the data packet
l
Differentiated services code point (DSCP) value: DSCP of the data packet
Procedure Step 1 (Optional) Set a time range. Run the time-range command to create a time range, which can be used when an ACL rule is created. Step 2 Create an advanced ACL. Run the acl command to create an advanced ACL, and then enter the acl-adv mode. The number of an advanced ACL can only be in the range of 3000-3999. Step 3 Configure a rule of the advanced ACL. In the acl-adv mode, run the rule command to create an ACL rule. The parameters are as follows: l rule-id: Indicates the ACL rule ID. To create an ACL rule with a specified ID, use this parameter. l permit: Indicates the keyword for allowing the data packets that meet related conditions to pass. l deny: Indicates the keyword for discarding the data packets that meet related conditions. l time-range: Indicates the keyword of the time range during which the ACL rules are effective. Step 4 Activate the ACL. After an ACL is configured, only an ACL is generated and the ACL does not take effect. You need to run other commands to activate the ACL. Some common commands are as follows: l Run the packet-filter command to activate an ACL. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
67
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
l Run the firewall packet-filter command to activate an ACL. For details, see 1.12.1 Configuring Firewall. l Perform the QoS operation. For details, see 1.16.2 Configuring Traffic Management Based on ACL. ----End
Example Assume that the service board of the MA5600 resides in slot 1 and belongs to a VLAN, and the IP address of the VLAN L3 interface is 10.10.10.101. To prohibit the ICMP (such as ping) and telnet operations from the user side to the VLAN interface on the device, do as follows: huawei(config)#acl 3001 huawei(config-acl-basic-3001)rule 1 deny icmp destination 10.10.10.101 0 huawei(config-acl-basic-3001)rule 2 deny tcp destination 10.10.10.101 0 destination-port eq telnet huawei(config-acl-basic-3001)quit huawei(config)#packet-filter inbound ip-group 3001 rule 1 port 0/1/0 huawei(config)#packet-filter inbound ip-group 3001 rule 2 port 0/1/0 huawei(config)#save
1.15.3 Configuring a Link Layer ACL This topic describes how to classify traffic according to the link layer information such as source MAC address, source VLAN ID, L2 protocol type, and destination MAC address.
Context The number of a link layer ACL is in the range of 4000-4999. A link layer ACL can classify traffic according to the following link layer information: 1.
Protocol type over Ethernet
2.
802.1p priority
3.
VLAN ID
4.
Source MAC address
5.
Destination MAC address
Procedure Step 1 (Optional) Set a time range. Run the time-range command to create a time range, which can be used when an ACL rule is created. Step 2 Create a link layer ACL. Run the acl command to create a link layer ACL, and then enter the acl-link mode. The number of a link layer ACL can only be in the range of 4000-4999. Step 3 Configure a link layer ACL rule. In the acl-link mode, run the rule command to create a link layer ACL rule. The parameters are as follows: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
68
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
l rule-id: Indicates the ACL rule ID. To create an ACL rule with a specified ID, use this parameter. l permit: Indicates the keyword for allowing the data packets that meet related conditions to pass. l deny: Indicates the keyword for discarding the data packets that meet related conditions. l time-range: Indicates the keyword of the time range during which the ACL rule is effective. Step 4 Activate the ACL. After an ACL is configured, only an ACL is generated and the ACL does not take effect. You need to run other commands to activate the ACL. Some common commands are as follows: l Run the packet-filter command to activate an ACL. l Perform the QoS operation. For details, see 1.16.2 Configuring Traffic Management Based on ACL. ----End
Example To create a link layer ACL rule that allows data packets with protocol type 0x8863 (pppoecontrol message), VLAN ID 12, CoS 1, source MAC address 2222-2222-2222, and destination MAC address 00e0-fc11-4141 to pass, do as follows: huawei(config)#acl 4001 huawei(config-acl-link-4001)rule 1 permit type 0x8863 cos 1 source 12 2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000 huawei(config-acl-basic-4001)quit huawei(config)#save
1.15.4 Configuring a User-defined ACL This topic describes how to classify traffic according to any 32 bytes of the first 80 bytes of a L2 data frame.
Prerequisites Configuring a user-defined ACL requires a deep understanding of the L2 data frame structure. Be sure to make a data plan according to the format of the L2 data frame.
Context The number of a user-defined ACL must be in the range of 5000-5999. A user-defined ACL rule can be created according to any 32 bytes of the first 80 bytes of a L2 data frame Figure 1-9 First 64 bytes of a data frame
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
69
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Table 1-15 lists the meaning of the letters and their offset values. Table 1-15 Description of letters and their offset values Letter
Description
Offset
Lette r
Description
Offset
A
Destination MAC address
0
L
IP check sum
28
B
Source MAC address
6
M
Source IP address
30
C
VLAN tag
12
N
Destination IP address
34
D:
Protocol type
16
O
TCP source port
38
E
IP version number
18
P
TCP destination port
40
F
Type of service
19
Q
Serial number
42
G
Length of the IP packet
20
R
Acknowledgement field
46
H
ID
22
S
IP header length and reserved bit
50
I
Flags
24
T
Reserved bit and flags bit
51
J7
Time to live
26
U
Window size
52
K
Protocol ID ("6" represents TCP and "17" represents UDP)
27
V
Other
54
NOTE
The offset value of each field is the offset value in data frame ETH II+VLAN tag. In a user-defined ACL, you can use the two parameters of rule mask and offset to extract any bytes from the first 80 bytes of the data frame. After the comparison with the user-defined rule, the data frame matching the rule is filtered for related processing.
Procedure Step 1 (Optional) Set a time range. Run the time-range command to create a time range, which can be used when an ACL rule is created. Step 2 Create a user-defined ACL. Run the acl command to create a user-defined ACL, and then enter the acl-user mode. The number of a user-defined ACL can only be in the range of 5000-5999. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
70
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Step 3 Configure the user-defined ACL rule. In the acl-user mode, run the rule command to create an ACL rule. The parameters are as follows: l rule-id: Indicates the ACL rule ID. To create an ACL rule with a specified ID, use this parameter. l permit: Indicates the keyword for allowing the data packets that meet related conditions to pass. l deny: Indicates the keyword for discarding the data packets that meet related conditions. l rule-string: Indicates the character string of the user-defined rule. The character string is in hexadecimal notation. The number of characters in the string must be an even number. l rule-mask: Indicates the mask of the user-defined rule. It is a positive mask, used to perform the AND operation with the data packets for extracting the information of the data packets. l offset: Indicates the offset. With the header of the packet as the reference point, it specifies the byte from which the AND operation begins. With the rule mask, it extracts a character string from the packets. l time-range: Indicates the keyword of the time range during which the ACL rule is effective. Step 4 Activate the ACL. After an ACL is configured, only an ACL is generated and the ACL does not take effect. You need to run other commands to activate the ACL. Some common commands are as follows: l Run the packet-filter command to activate an ACL. l Perform the QoS operation. For details, see 1.16.2 Configuring Traffic Management Based on ACL. ----End
Example Assume that the packet sent from port 0/3/0 to the MA5600 is the QinQ packet containing two VLAN tags. To change the CoS priority in the outer VLAN tag (VLAN ID: 10) to 5, do as follows: Figure 1-10 QinQ packet format
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
71
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
huawei(config)#acl 5001 huawei(config-acl-user-5001)#rule 1 permit 8100 ffff 16 NOTE
The type value of a QinQ packet varies according to different vendors. Huawei adopts the default 0x8100. As shown in Figure 1-9, the offset of this type value needs to be 16 bytes. huawei(config-acl-user-5001)#rule 10 permit 0a ff 19 NOTE
"19" indicates the ADN operation after an offset of 19 bytes with the header of the packet as the base. "0a" refers to the value of the inner tag field of the QinQ packet. In this example, the second byte of the inner tag field is a part of the VLAN ID, which is exactly the value of the inner VLAN ID (VLAN 10). huawei(config-acl-user-5001)#quit huawei(config)#traffic-priority inbound user-group 5001 cos 5 port 0/3/0
1.16 Configuring QoS This topic describes how to configure quality of service (QoS) on the MA5600.
Background Information Configuring QoS in the system can provide different quality guarantees for different services. QoS does not have a unified service model. Therefore, make the QoS plan for networkwide services before making the configuration solution. On the MA5600, the key points for implementing QoS are as follows: l
Traffic management Configuring traffic management can limit the traffic for a user service or user port.
l
Queue scheduling For the service packets that are already configured with traffic management, through the configuration of queue scheduling, the service packets can be placed into queues with different priorities, thus implementing QoS inside the system.
In the scenario where users have flexible requirements on implementing QoS for traffic streams, the ACL can be used to implement flexible traffic classification (see Configuring the ACL), and then QoS can be implemented for traffic streams.
1.16.1 Configuring Traffic Management This topic describes how to configure traffic management on the MA5600.
Overview The MA5600 supports traffic management for the inbound and outbound traffic streams of the system. Traffic management can be implemented based on the following two granularities: l
Based on traffic profile NOTE
For details on configuring traffic classification, see 3.4 Creating an xDSL Service Port.
l Issue 09 (2015-02-28)
Based on ACL rule Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
72
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
In addition, the MA5600 supports rate limit on the Ethernet port and traffic suppression on inbound broadcast packets and unknown (multicast or unicast) packets.
Configuring Traffic Management Based on Traffic Profile This topic describes how to configure traffic management based on traffic profile. When configuring a service port, you need to bind an IP traffic profile to the service port and manage the traffic of the service port through the traffic parameters defined in the profile.
Background Information Traffic management based on service port is implemented by creating an IP traffic profile and then binding the IP traffic profile when creating the service port. l
The system has seven default IP traffic profiles with the IDs of 0-6. You can run the display traffic table command to query the traffic parameters of the default traffic profiles.
l
It is recommended that you use the default traffic profiles. A new IP traffic profile is created only when the default traffic profiles cannot meet the requirements.
Table 1-16 lists the traffic parameters defined in the IP traffic profiles. Table 1-16 Traffic parameters defined in the IP traffic profiles Item
Parameter Description
CAR
CAR: committed access rate
Priority policies
The priority policies are classified into the following two types: l user-cos: Copy the 802.1p priority in the outer VLAN tag of the packet to the 802.1p priority in the VLAN tag of the outbound packet. l user-tos: Copy the ToS priority in the VLAN tag of the packet to the 802.1p priority in the VLAN tag of the outbound packet.
Scheduling policies
There are two types of scheduling policies, which are available only to the inbound packet: l Tag-In-Package: The system performs scheduling according to the 802.1p priority of the packet. l Local-Setting: It is the local priority. That is, the system performs scheduling according to the 802.1p priority specified in the traffic profile bound to the traffic stream.
NOTE
"Outbound" (upstream) in this document refers to the direction from the user side to the network side, and "inbound" (downstream) refers to the direction from the network side to the user side.
Procedure Step 1 Run the display traffic table command to query whether there is a proper traffic profile in the system. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
73
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Check whether an existing traffic profile meets the planned traffic management parameters, priority policy, and scheduling policy to confirm the index of the traffic profile to be used. If a proper traffic profile does not exist in the system, create an IP traffic profile. Step 2 Run the traffic table command to create a traffic profile. The following is a detailed description: l The traffic management parameters must contain at least CAR, which must be assigned with a value. l Keyword priority must be entered to set the outer 802.1p priority of the packet. Two options are available for setting the priority policy: – Enter a value in the range of 0-7 to specify a priority for the packet. – If the priority of the user-side packet is copied according to user-cos or user-tos, you need to enter the default 802.1p priority of the packet (a value in the range of 0-7). If the userside packet does not carry a priority, the specified default 802.1p priority of the packet is adopted as the priority of the outbound packet. l Keyword priority-policy must be entered to specify a scheduling policy for the inbound packet. For details about the scheduling policies, see Table 1-16. Step 3 Run the service port command to bind a proper traffic profile. ----End
Example Assume that the CAR is 2048 kbit/s, 802.1p priority of the outbound packet is 6, and the scheduling policy of the inbound packet is Tag-In-Package. To add such an IP traffic profile, do as follows: huawei(config)#traffic table ip car 2048 priority 6 priority-policy tag-In-Package Create traffic descriptor record successfully ----------------------------------------------------------------------------TD Index : 7 Priority : 6 Priority policy : tag-pri CAR : 2048 kbps TD Type : NoClpNoScr Service category : ubr Referenced Status: not used EnPPDISC : on EnEPDISC : on Clp01Pcr : 2048 kbps ----------------------------------------------------------------------------huawei(config)#display traffic table index 7 ----------------------------------------------------------------------------TD Index : 7 Priority : 6 Priority policy : tag-pri CAR : 2048 kbps TD Type : NoClpNoScr Service category : ubr Referenced Status: not used EnPPDISC : on EnEPDISC : on Clp01Pcr : 2048 kbps -----------------------------------------------------------------------------
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
74
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Configuring Rate Limitation on an Upstream Port This topic describes how to configure upstream rate limitation on a specified Ethernet port.
Background Information l
The MA5600 supports the rate limitation on only the Ethernet upstream port and does not support the rate limitation on service ports.
l
The limited rate must be an integer multiple of 64.
l
Traffic streams exceeding the specified rate are discarded.
Procedure Step 1 In the global config mode, run the line-rate command to configure upstream rate limitation on a specified Ethernet port. The main parameters are as follows: l target-rate: Indicates the limited rate of the port, in the unit of kbit/s. l port: Indicates the shelf ID/slot ID/port ID. Step 2 You can run the display qos-info line-rate port command to query the configured rate limitation on the specified Ethernet port ----End
Example To limit the rate of Ethernet port 0/7/0 to 6400 kbit/s, do as follows: huawei(config)#line-rate 6400 port 0/7/0 huawei(config)#display qos-info line-rate port 0/7/0 line-rate: port 0/7/0: Line rate: 6400 Kbps
Configuring the Traffic Suppression for the Upstream Port This topic describes how to configure the traffic suppression for the upstream port. The purpose of the traffic suppression for the upstream port is to ensure the provisioning of the normal service of system users by suppressing the broadcast, unknown multicast, and unknown unicast packets received by the system.
Background Information Traffic suppression can be configured based on a board or based on the port on a board.
Procedure l
Select one of the following modes according to the board configured in the system: – Run the interface scu command to enter the SCU mode. – Run the interface eth command to enter the ETH mode.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
75
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
1 Basic Configurations
Query the thresholds of traffic suppression. Run the display traffic-suppress all command to query the thresholds of traffic suppression.
l
Run the traffic-suppress command to suppress the traffic of the port on the ETH or SCU board. The main parameters are as follows: – broadcast: Suppresses the broadcast traffic. – multicast: Suppresses the unknown multicast traffic. – unicast: Suppresses the unknown unicast traffic. – value: Indicates the index of the traffic suppression level. You can run the display traffic-suppress all command to query this index value.
----End
Example To suppress the broadcast packets according to traffic suppression level 8 on port 0 on the SCU board in slot 0/7, do as follows: huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#display traffic-suppress all Traffic suppression ID definition: -----------------------------------------------------------------------NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps) /Jumbo frame enable(kbps) -----------------------------------------------------------------------1 6 145 / 884 12 2 12 291 / 1769 24 3 24 582 / 3538 48 4 48 1153 / 7004 95 5 97 2319 / 14082 191 6 195 4639 / 28164 382 7 390 9265 / 56254 763 8 781 18531 / 112508 1526 9 1562 37063 / 225017 3052 10 3125 74126 / 450035 6104 11 6249 148241 / 899997 12207 12 12499 296483 / 1799995 24414 ----------------------------------------------------------------------------------------------------------------------------------------------PortID Broadcast_index Multicast_index Unicast_index -----------------------------------------------------------------------0 7 -7 1 7 -7 2 7 -7 3 7 -7 4 7 -7 5 7 -7 -----------------------------------------------------------------------huawei(config-if-scu-0/7)#traffic-suppress all broadcast value 8 huawei(config-if-scu-0/7)#display traffic-suppress 0 Traffic suppression ID definition: -----------------------------------------------------------------------NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps) /Jumbo frame enable(kbps) -----------------------------------------------------------------------1 6 145 / 884 12 2 12 291 / 1769 24 3 24 582 / 3538 48 4 48 1153 / 7004 95
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
76
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
5 97 2319 / 14082 191 6 195 4639 / 28164 382 7 390 9265 / 56254 763 8 781 18531 / 112508 1526 9 1562 37063 / 225017 3052 10 3125 74126 / 450035 6104 11 6249 148241 / 899997 12207 12 12499 296483 / 1799995 24414 -----------------------------------------------------------------------Current traffic suppression ID of broadcast : 8 Current traffic suppression ID of multicast :-Current traffic suppression ID of unicast : 7
1.16.2 Configuring Traffic Management Based on ACL The ACL can be used to implement flexible traffic classification according to user requirements. After traffic classification based on ACL is completed, you can perform QoS for the traffic streams.
Configuring the Limitation on the Traffic Matching an ACL Rule This topic describes how to limit the traffic matching an ACL rule on a specified port, and process the traffic that exceeds the limit, such as adding the DSCP tag or dropping the packet directly.
Prerequisite The ACL and the rule of the ACL must be configured and the port for traffic limit must work in the normal state.
Background Information l
The traffic statistics are only effective for the permit rules of an ACL.
l
The limited traffic must be an integer multiple of 64 kbit/s.
Procedure Step 1 Run the traffic-limit command to limit the traffic matching an ACL rule on a specified port. Run this command to set the action to be taken when the traffic received on the port exceeds the limit value. Two options are available: l drop: Drop the traffic that exceeds the limit value. l remark-dscp value: To set the DSCP priority for the traffic that exceeds the limit value, use this parameter. Step 2 Run the display qos-info traffic-limit port command to query the traffic limit information on the specified port. ----End
Example To limit the traffic that matches ACL 2001 received on port 0/2/0 to 512 kbit/s and add the DSCP priority tag (af1) to packets that exceed the limit, do as follows: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
77
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
huawei(config)#traffic-limit inbound ip-group 2001 512 exceed remark-dscp af1 port 0/2/0 //"af1" represents a dscp type: Assured Forwarding 1 service (10). huawei(config)#display qos-info traffic-limit port 0/2/0 traffic-limit: port 0/2/0: Inbound: Matches: Acl 2001 rule 5 running Target rate: 512 Kbps Exceed action: remark-dscp af1
Adding a Priority Tag to the Traffic Matching an ACL Rule This topic describes how to add a priority tag to the traffic matching an ACL rule on a specified port so that the traffic can obtain the service that matches the specified priority. The priority tag type can be ToS, DSCP, or 802.1p.
Prerequisite The ACL and the sub-rule of the ACL must be configured and the port for traffic limit must work in the normal state.
Background Information l
The traffic statistics are only valid to permit rules of an ACL.
l
The ToS and the DSCP priorities are mutually exclusive. Therefore, they cannot be configured at the same time.
Procedure Step 1 Run the traffic-priority command to add a priority tag to the traffic matching an ACL rule on a specified port. Step 2 Run the display qos-info traffic-priority port command to query the configured priority. ----End
Example To add a priority tag to the traffic that matches ACL 2001 received on port 0/2/0, and the DSCP priority and local priority of the traffic are 10 (af1) and 0 respectively, do as follows: huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0 port 0/2/0 huawei(config)#display qos-info traffic-priority port 0/2/0 traffic-priority: port 0/2/0: Inbound: Matches: Acl 2001 rule 5 running Priority action: dscp af1 local-precedence 0
Enabling the Statistics Collection of the Traffic Matching an ACL Rule This topic describes how to enable the statistics collection of the traffic matching an ACL rule, thus analyzing and monitoring the traffic. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
78
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Prerequisite The ACL and the sub-rule of the ACL must be configured and the port for traffic statistics must work in the normal state.
Background Information The traffic statistics are only valid to permit rules of an ACL.
Procedure Step 1 Run the traffic-statistic command to enable the statistics collection of the traffic matching an ACL rule on a specified port. Step 2 Run the display qos-info traffic-mirror port command to query the statistics information about the traffic matching an ACL rule on a specified port. ----End
Example To enable the statistics collection of the traffic that matches ACL 2001 received on port 0/7/0, do as follows: huawei(config)#traffic-statistic inbound ip-group 2001 port 0/7/0 huawei(config)#display qos-info traffic-statistic port 0/7/0 traffic-statistic: port 0/7/0: Inbound: Matches: Acl 2001 rule 5 0 packet
running
Related Operation Table 1-17 lists the related operations for enabling the statistics collection of the traffic matching an ACL rule. Table 1-17 Related operation for enabling the statistics collection of the traffic matching an ACL rule Operation
Run the Command...
Clear the statistics of the traffic matching an ACL rule on a specified port
reset traffic-statistic
Disable the statistics collection of the traffic matching an ACL rule
undo traffic-statistic
Enabling the Mirroring of the Traffic Matching an ACL Rule This topic describes how to mirror the traffic matching an ACL rule on a port to a specified port. Mirroring does not affect packet receipt and transmission on the mirroring source port. You can Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
79
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
monitor the traffic of the mirroring source port by analyzing the traffic that passes the mirroring destination port.
Prerequisite The ACL and the rule of the ACL must be configured and the port for traffic mirroring must work in the normal state.
Background Information l
The traffic statistics are only valid to permit rules of an ACL.
l
The destination mirroring port cannot be an aggregation port.
l
The system supports only one mirroring destination port and the mirroring destination port must be the upstream port.
Procedure Step 1 Run the traffic-mirror command to enable the mirroring of the traffic matching an ACL rule on a specified port. Step 2 Run the display qos-info traffic-mirror port command to query the mirroring information about the traffic matching an ACL rule on a specified port. ----End
Example To mirror the traffic that matches ACL 2001 received on port 0/2/0 to port 0/7/0, do as follows: huawei(config)#traffic-mirror inbound ip-group 2001 port 0/2/0 to port 0/7/0 huawei(config)#display qos-info traffic-mirror port 0/2/0 traffic-mirror: port 0/2/0: Inbound: Matches: Acl 2001 rule 5 Mirror to: port 0/7/0
running
Enabling the Redirection of the Traffic Matching an ACL Rule This topic describes how to redirect the traffic matching an ACL rule on a specified port. After this operation is executed successfully, the original port does not forward the traffic matching the ACL rule, but the specified port forwards the traffic.
Prerequisites The ACL and the rule of the ACL must be configured and the port for redirection must work in the normal state.
Context l Issue 09 (2015-02-28)
The traffic statistics are only valid to permit rules of an ACL. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
80
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
1 Basic Configurations
Currently, the service ports support only redirection of the traffic matching the ACL rule to upstream ports. The upstream ports support only redirection of the traffic matching the ACL rule to ports of the same type.
Procedure Step 1 Run the traffic-redirect command to redirect the traffic matching an ACL rule on a specified port. Step 2 Run the display qos-info traffic-redirect port command to query the redirection information about the traffic matching an ACL rule on a specified port. ----End
Example To redirect the traffic that matches ACL 2001 received on port 0/7/0 to port 0/7/1, do as follows: huawei(config)#traffic-redirect inbound ip-group 2001 port 0/7/0 to port 0/7/1 huawei(config)#display qos-info traffic-redirect port 0/7/0 traffic-redirect: port 0/7/0: Inbound: Matches: Acl 2001 rule 5 running Redirected to: port 0/7/1
1.16.3 Configuring the Queue Management This topic describes how to configure the queue scheduling mode for ensuring that packets in the queue with a higher priority can be processed in time in case of congestion.
Background Information The MA5600 supports the three queue scheduling modes: strict priority queue (PQ), weighted round robin (WRR), and PQ+WRR. l
Strict PQ The strict PQ gives preference to packets in a queue with a higher priority. The packets of a lower priority queue can be transmitted only when a queue with a higher priority is empty. By default, the system adopts the strict PQ mode.
l
WRR The system supports WRR for eight queues. Each queue has a weight value (w7, w6, w5, w4, w3, w2, w1, and w0 in a descending order) for resource acquisition. In the WRR scheduling mode, the queues are scheduled in turn, which ensures that each queue can be scheduled. Table 1-18 lists the mapping between the queue weights and the actual queues.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
81
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
Table 1-18 Mapping between the queue weights and the actual queues Queue Number
Configured Weight
Actual Queue Weight (Port Supporting Eight Queues)
Actual Queue Weight (Port Supporting Four Queues)
7
W7
W7
-
6
W6
W6
-
5
W5
W5
-
4
W4
W4
-
3
W3
W3
W7+W6
2
W2
W2
W5+W4
1
W1
W1
W3+W2
0
W0
W0
W1+W0
Wn: Indicates the weight of queue n. The weight sum of the queues (except the queue with weight value 255) must be equal to 0 or 100, where 0 indicates that the strict PQ scheduling mode is used and 255 indicates that the queue is not used. l
PQ+WRR – The system schedules some queues by PQ and schedules the other queues by WRR. When the specified WRR value is 0, it indicates that the queue is scheduled in the PQ mode. – The queue scheduled in the PQ mode needs to be the queue that has the highest priority. – The weight sum of the scheduled queues must be equal to 100.
Procedure Step 1 Run the queue-scheduler command to configure the queue scheduling mode. Step 2 Run the display queue-scheduler command to query the configuration information about the queue scheduling mode. ----End
Example To adopt the WRR scheduling mode and set the weight values of the eight queues to 10, 10, 20, 20, 10, 10, 10, and 10 respectively, do as follows: huawei(config)#queue-scheduler wrr 10 10 20 20 10 10 10 10 huawei(config)#display queue-scheduler Queue scheduler mode : WRR --------------------------------Queue Scheduler Mode WRR Weight --------------------------------0 WRR 10
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
82
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1 Basic Configurations
1 WRR 10 2 WRR 20 3 WRR 20 4 WRR 10 5 WRR 10 6 WRR 10 7 WRR 10 ---------------------------------
To adopt the PQ+WRR scheduling mode and set the weight values of the six queues to 20, 20, 10, 30, 10, and 10 respectively, do as follows: huawei(config)#queue-scheduler wrr 20 20 10 30 10 10 0 0 huawei(config)#display queue-scheduler Queue scheduling mode: weighted round robin + strict-priority weight of queue 0: 20% weight of queue 1: 20% weight of queue 2: 10% weight of queue 3: 30% weight of queue 4: 10% weight of queue 5: 10% weight of queue 6: 0% weight of queue 7: 0%
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
83
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2
2 Protocol Configuration
Protocol Configuration
About This Chapter Protocol configurations mainly include protocol common configurations. There is no obvious logical relationship between protocol configurations. You can perform protocol configurations according to actual requirements 2.1 Configuring ARP Proxy This topic describes how to configure the ARP proxy of the L3 interface so that users on isolated ports of the same broadcast domain or on ports of different broadcast domains can communicate with each other. To reduce the network load, the ARP request packets are limited in a VLAN. 2.2 Configuring the Route This topic describes the routing policy supported by the MA5600 and how to configure the routing protocol. 2.3 Configuring the MSTP The MA5600 supports the application of the Multiple Spanning Tree Protocol (MSTP), Spanning Tree Protocol (STP), and Rapid Spanning Tree Protocol (RSTP). The MA5600 supports the MSTP ring network, which can meet various networking requirements. 2.4 Configuring the Ethernet OAM This topic describes how to configure the Ethernet OAM on the MA5600. 2.5 Configuring PIM-SSM Parameters This topic describes how to configure the Protocol Independent Multicast-Source Specific Multicast (PIM-SSM) parameters on the MA5600, including enabling the PIM-SSM function, setting the DR priority of the PIM router, and setting the IP address range of the PIM-SSM multicast group. 2.6 Configuring MPLS This topic describes the MPLS technology and the method of configuring the MPLS service on the MA5600.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
84
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
2.1 Configuring ARP Proxy This topic describes how to configure the ARP proxy of the L3 interface so that users on isolated ports of the same broadcast domain or on ports of different broadcast domains can communicate with each other. To reduce the network load, the ARP request packets are limited in a VLAN.
Prerequisite l
The network devices and lines must be in the normal state.
l
Service boards must be in the normal state.
l
The VPI/VCI configured on the modem side must be 0/35.
Networking Figure 2-1 shows an example network for configuring the ARP proxy. PC1 and PC2 are in sub VLAN 10, service ports are isolated, and PC3 is in sub VLAN 20. User packets can be forwarded in the L3 forwarding mode through the super VLAN interface. The IP address of the super VLAN interface is 10.0.0.254, and the interface is in the same subnet as PC1, PC2, and PC3. After the ARP proxy function is enabled, PC1 and PC2 can communicate with each other, and PC3 can communicate with PC1 and PC2. Figure 2-1 Example network for configuring the ARP proxy
Router
MA5600 10.0.0.254/24
PC1
PC2
VLAN 10
PC3 VLAN20
Data Plan Table 2-1 provides the data plan for configuring the ARP proxy. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
85
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Table 2-1 Data plan for configuring the ARP proxy Item
Data
Super VLAN
VLAN ID: 100 Sub VLAN: VLAN 10, VLAN 20 IP address: 10.0.0.254/24
Sub VLAN
VLAN ID: 10 VLAN type: smart VLAN
Sub VLAN
VLAN ID: 20 VLAN type: MUX VLAN
Upstream port
Port: 0/7/0 VLAN: standard VLAN 30 IP address: 10.0.1.254/24
Configuration Flowchart Figure 2-2 shows the flowchart for configuring the ARP proxy. Figure 2-2 Flowchart for configuring the ARP proxy Start
Create a super VLAN Create sub VLANs and add them to the super VLAN Configure the service ports of the sub VLANs Configure the upstream port Configure the layer 3 interface of the super VLAN Enable the ARP Proxy function
Save the data
End
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
86
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Procedure Step 1 Create a super VLAN. huawei(config)#vlan 100 super
Step 2 Create sub VLANs, and add them to the super VLAN. huawei(config)#vlan 10 smart huawei(config)#vlan 20 mux huawei(config)#supervlan 100 subvlan 10 huawei(config)#supervlan 100 subvlan 20
Step 3 Configure the service ports of the sub VLANs. huawei(config)#service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 10 adsl 0/2/1 vpi 0 vci 35 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 20 adsl 0/3/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5
Step 4 Configure the upstream port. huawei(config)#vlan 30 standard huawei(config)#port vlan 30 0/7 0 huawei(config)#interface vlanif 30 huawei(config-if-vlanif30)#ip address 10.0.1.254 24 NOTE
The IP address of the L3 interface of the standard VLAN must be in the same subnet as the IP address of the upper-layer router.
Step 5 Configure an L3 Interface for the super VLAN huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#ip address 10.0.0.254 24 NOTE
The IP address of the L3 interface of the super VLAN must be in the same subnet as the IP addresses of PC1-PC3.
Step 6 Enable ARP proxy. 1.
Enable the ARP proxy function globally. huawei(config)#arp proxy enable
2.
Enable the global ARP proxy on the VLAN interface. huawei(config-if-vlanif100)#arp proxy enable
3.
Enable ARP proxy on the sub VLAN interface. huawei(config-if-vlanif100)#arp proxy enable subvlan 10 huawei(config-if-vlanif100)#quit NOTE
Skip substep c in step 6 if you only want PCs in different VLANs to communicate with each other.
Step 7 Save the data. huawei(config)#save
----End
Result After the global ARP proxy function and the ARP proxy function of the super VLAN interface are enabled, PC1, PC2, and PC3 in different VLANs can communicate with each other. After the global ARP proxy function, the ARP proxy function of the super VLAN interface, and that of the sub VLAN interface are enabled, PC1 and PC2 in the same VLAN can communicate with each other. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
87
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
2.2 Configuring the Route This topic describes the routing policy supported by the MA5600 and how to configure the routing protocol.
2.2.1 Configuration Example of the Routing Policy This topic describes how to configure a routing policy for imported routes.
Service Requirements l
Two MA5600s that have the routing function are adopted, namely MA5600_A and MA5600_B. Both of them are running the OSPF routing protocol, and within area 0.
l
MA5600_A imports static routes, and MA5600_B is configured with the routing filtering policy.
Figure 2-3 Example network for configuring the routing policy Static: 20.0.0.1 30.0.0.1 40.0.0.1 Vlanif2 10.0.0.1/24
MA5600_A
Vlanif2 10.0.0.2/24
Area 0
1.1.1.1
MA5600_B 2.2.2.2
Procedure Step 1 Configuring MA5600_A. 1.
Configure the IP address of the L3 interface. huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.0.0.1 24 huawei(config-if-vlanif2)#quit
2.
Enable OSPF and specify the area ID to which the interface belongs. huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
3. Issue 09 (2015-02-28)
Configure the OSPF router ID. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
88
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
huawei(config)#router id 1.1.1.1
4.
Configure three static routes. huawei(config)#ip route-static 20.0.0.1 32 vlanif 2 huawei(config)#ip route-static 30.0.0.1 32 vlanif 2 huawei(config)#ip route-static 40.0.0.1 32 vlanif 2
5.
Import static routes into the OSPF routing table to improve its capability of obtaining routes. huawei(config)#ospf hawei(config-ospf-1)#import-route static hawei(config-ospf-1)#quit
6.
Save the data. huawei(config)#save
Step 2 Configuring MA5600_B. 1.
Configure the IP address of the L3 interface. huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.0.0.2 24 huawei(config-if-vlanif2)#quit
2.
Configure the ACL. huawei(config)#acl 2000 huawei(config-acl-basic-2000)#rule deny source 30.0.0.0 255.255.255.0 huawei(config-acl-basic-2000)#rule permit source any huawei(config-acl-basic-2000)#quit
3.
Enable OSPF and specify the area id to which the interface belongs. huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
4.
Configure the OSPF router ID. huawei(config)#router id 2.2.2.2
5.
Filter imported routes. huawei(config)#ospf uawei(config-ospf-1)#filter-policy 2000 import huawei(config-ospf-1)#quit
6.
Save the data. huawei(config)#save
----End
Result 1.
MA5600_A and MA5600_B run OSPF successfully and they can communicate well with each other.
2.
After the routing filtering policy is configured on MA5600_B, parts of the three imported static routes are available while part of them is screened on MA5600_B. That is, routes from segments 0.0.0.0 and 40.0.0.0 are available, while the route from segment 30.0.0.0 is screened.
Configuration Script Configuration on MA5600_A Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
89
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
interface vlanif 2 ip address 10.0.0.1 24 ospf area 0 network 10.0.0.0 0.0.0.255 quit quit router id 1.1.1.1 ip route-static 20.0.0.1 32 vlanif 2 ip route-static 30.0.0.1 32 vlanif 2 ip route-static 40.0.0.1 32 vlanif 2 ospf import-route static quit save
Configuration on MA5600_B interface vlanif 2 ip address 10.0.0.1 24 acl 2000 rule deny source 30.0.0.0 255.255.255.0 rule permit source any quit ospf area 0 network 10.0.0.0 0.0.0.255 quit quit router id 2.2.2.2 ospf filter-policy 2000 import quit save
2.2.2 Configuration Example of the Static Route This topic describes how to manually add the static route to implement the interconnection between MA5600s.
Service Requirements In this example network, MA5600_A, MA5600_B, and MA5600_C have the routing function. It is expected that after the configuration, any two PCs can communicate with each other.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
90
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Figure 2-4 Example network for configuring the static route
PC_C 1.1.5.1/24 1.1.5.2/24 1.1.2.2/24 1.1.2.1/24
1.1.3.1/24
MA5600_ C
1.1.3.2/24
1.1.1.2/24
1.1.4.2/24 MA5600_ A
MA5600_ B
PC_A 1.1.1.1/24
PC_B 1.1.4.1/24
Prerequisite Configure a native VLAN of the L3 interface of each MA5600 to ensure a normal communication between MA5600s.
Procedure Step 1 Configure the IP address of the L3 interface. The configurations for the three MA5600s are the same. Here, only the configuration of MA5600_A is considered as an example. huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 1.1.1.2 24 huawei(config-if-vlanif2)#quit huawei(config)#vlan 3 smart huawei(config)#port vlan 3 0/7 0 huawei(config)#interface vlanif 3 huawei(config-if-vlanif3)#ip address 1.1.2.1 24 huawei(config-if-vlanif3)#quit
Step 2 Configure static routes. 1.
Configure static route for MA5600_A. huawei(config)#ip route-static 1.1.5.0 255.255.255.0 1.1.2.2 huawei(config)#ip route-static 1.1.4.0 255.255.255.0 1.1.2.2
2.
Configure static route for MA5600_B. huawei(config)#ip route-static 1.1.5.0 255.255.255.0 1.1.3.1 huawei(config)#ip route-static 1.1.1.0 255.255.255.0 1.1.3.1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
91
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3.
2 Protocol Configuration
Configure static routes for MA5600_C. huawei(config)#ip route-static 1.1.1.0 255.255.255.0 1.1.2.1 huawei(config)#ip route-static 1.1.4.0 255.255.255.0 1.1.3.2
Step 3 Configure the host gateways. 1.
Configure the default gateway of Host A to 1.1.1.2.
2.
Configure the default gateway of Host B to 1.1.4.2.
3.
Configure the default gateway of Host C to 1.1.5.2.
Step 4 Save the data. huawei(config)#save
----End
Result After the configuration, an interconnection can be set up between all the hosts and between all the MA5600s.
Configuration Script Configuration example of MA5600_A. vlan 2 smart port vlan 2 0/7 0 interface vlanif 2 ip address 1.1.1.2 24 quit vlan 3 smart port vlan 3 0/7 0 interface vlanif 3 ip address 1.1.2.1 24 quit ip route-static 1.1.5.0 255.255.255.0 1.1.2.2 ip route-static 1.1.4.0 255.255.255.0 1.1.2.2
2.2.3 Configuration Example of RIP This topic describes how to configure RIP on the MA5600.
Service Requirements l
MA5600_A is subtended with MA5600_B through port 0/7/1, and uses port 0/7/0 to transmit services in the upstream. In addition, it connects to the management center network through the WAN.
l
RIP is enabled on MA5600_A and MA5600_B so that the administrator can access MA5600_A and MA5600_B through the RIP route. Then, you can operate and maintain MA5600_A and MA5600_B.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
92
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Figure 2-5 Example network for configuring RIP Management Center 10.13.24.5/22 MA5600_A Loopback ip 10.13.2.1/24
GE 10.15.24.1/26
MA5600_B Loopback ip 10.13.2.2/24
Router
Operation and maintenance 10.15.24.2/26
Data Plan Table 2-2 provides the data plan for configuring RIP. Table 2-2 Data plan for configuring RIP Item
Data
MA5600_A
Upstream port: 0/7/0 Administration VLAN: smart VLAN 100 IP address of the L3 interface in the administration VLAN: 10.13.24.5/22 Loopback interface address: 10.13.2.1/24 RIP version: V2 RIP route filtering policy: filtering routes based on the IP address prefix list "abc". Only the routes with the IP addresses 10.13.2.1 and 10.13.2.2 can be advertised through the L3 interface of VLAN 100. Subtending port: 0/7/1 Subtending administration VLAN: smart VLAN 10 IP address of the L3 interface in the subtending administration VLAN: 10.15.24.1/26
MA5600_B
Subtending port: 0/7/0 Administration VLAN: smart VLAN 10 IP address of the L3 interface in the administration VLAN: 10.15.24.2/26 Loopback interface address: 10.13.2.2/24 RIP version: V2 RIP route filtering policy: filtering routes based on the IP address prefix list "abc". Only the route with the IP address 10.13.2.2 can be advertised through the L3 interface of VLAN 10.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
93
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Procedure l
Configure MA5600_A. 1.
Configure the RIP-supported L3 interface. huawei(config)#vlan 100 smart huawei(config)#port vlan 100 0/7 0 huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#ip address 10.13.24.5 22 huawei(config-if-vlanif100)#quit huawei(config)#interface loopBack 0 huawei(config-if-loopback0)#ip address 10.13.2.1 24 huawei(config-if-loopback0)#quit
2.
Enable RIP. huawei(config)#rip 1 huawei(config-rip-1)#network 10.13.24.0 huawei(config-rip-1)#network 10.13.2.0 huawei(config-rip-1)#version 2 huawei(config-rip-1)#quit
3.
Configure the route filtering policy. huawei(config)#ip ip-prefix abc permit 10.13.2.1 32 huawei(config)#ip ip-prefix abc permit 10.13.2.2 32 huawei(config)#rip 1 huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 100 huawei(config-rip-1)#quit
4.
Configure the subtending port. huawei(config)#vlan 10 smart huawei(config)#port vlan 10 0/7 1 huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 0 vlan 10 huawei(config-if-scu-0/7)#quit huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.15.24.1 26 huawei(config-if-vlanif10)#quit
5.
Enable RIP on the subtending port. huawei(config)#rip 1 huawei(config-rip-1)#network 10.15.24.0 huawei(config-rip-1)#quit
6.
Save the data. huawei(config)#save
l
Configure MA5600_B. 1.
Configure the RIP-supported L3 interface. huawei(config)#vlan 10 smart huawei(config)#port vlan 10 0/7 0 huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.15.24.2 26 huawei(config-if-vlanif10)#quit huawei(config)#interface loopBack 0 huawei(config-if-loopback0)#ip address 10.13.2.2 24 huawei(config-if-loopback0)#quit
2.
Enable RIP. huawei(config)#rip 1 huawei(config-rip-1)#network 10.15.24.0 huawei(config-rip-1)#network 10.13.2.0 huawei(config-rip-1)#version 2 huawei(config-rip-1)#quit
3.
Configure the route filtering policy. huawei(config)#ip ip-prefix abc permit 10.13.2.2 32 huawei(config)#rip 1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
94
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 10 huawei(config-rip-1)#quit
4.
Save the data. huawei(config)#save
----End
Result The maintenance terminal of the administration center can access MA5600_A and MA5600_B for operation and maintenance.
Configuration Script Configuration on MA5600_A vlan 100 smart port vlan 100 0/7 0 interface vlanif 100 ip address 10.13.24.5 22 quit interface loopBack 0 ip address 10.13.2.1 24 quit rip 1 network 10.13.24.0 network 10.13.2.0 version 2 quit ip ip-prefix abc permit 10.13.2.1 32 ip ip-prefix abc permit 10.13.2.2 32 rip 1 filter-policy ip-prefix abc export vlanif 100 quit save vlan 10 smart port vlan 10 0/7 1 native-vlan 1 vlan 10 interface vlanif 10 ip address 10.15.24.1 26 quit rip 1 network 10.15.24.0 quit
Configuration on MA5600_B vlan 10 smart port vlan 10 0/7 0 interface vlanif 10 ip address 10.15.24.2 26 quit interface loopBack 0 ip address 10.13.2.2 24 quit rip 1 network 10.15.24.0 network 10.13.2.0 version 2 quit ip ip-prefix abc permit 10.13.2.2 32 rip 1 filter-policy ip-prefix abc export vlanif 10
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
95
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
quit save
2.2.4 Configuration Example of OSPF This topic describes how to configure OSPF on the MA5600.
Prerequisite l
The native VLAN must be configured for each upstream port of the MA5600 to ensure normal communication.
l
The OSPF area IDs of the MA5600s must be the same.
Service Requirements l
OSPF is enabled on the four MA5600s.
l
MA5600_A is configured with the highest designated router (DR) priority, MA5600_C is configured with the second highest DR priority, and MA5600_A, as a DR, broadcasts the link status of the network.
Figure 2-6 Example network for configuring OSPF
MA5600_ A 1.1.1.1
MA5600_D
4.4.4.4
DR 192.1.4.4/24
192.1.1.1/24 192.1.2.2/24
192.1.3.3/24 BDR
MA5600_B
2.2.2.2
MA5600_C
3.3.3.3
Data Plan Table 2-3 provides the data plan for configuring OSPF. Table 2-3 Data plan for configuring OSPF
Issue 09 (2015-02-28)
Item
Data
Remarks
MA5600_A
IP address of the L3 interface: 192.1.1.1/24
-
Priority: 100
-
VLAN ID: 2
-
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
96
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
MA5600_B
MA5600_C
MA5600_D
2 Protocol Configuration
Data
Remarks
Router ID: 1.1.1.1
-
IP address of the L3 interface: 192.1.2.2/24
-
Priority: 80
-
VLAN ID: 2
-
Router ID: 2.2.2.2
-
IP address of the L3 interface: 192.1.3.3/24
-
Priority: 90
-
VLAN ID: 2
-
Router ID: 3.3.3.3
-
IP address of the L3 interface: 192.1.4.4/24
-
Priority: not configured
Default: 1
VLAN ID: 2
-
Router ID: 4.4.4.4
-
Procedure Step 1 Configure MA5600_A. 1.
Configure the IP address of the L3 interface. huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 192.1.1.1 24 huawei(config-if-vlanif2)#quit
2.
Configure the OSPF router ID. huawei(config)#router id 1.1.1.1
3.
Enable OSPF. huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#network 1.1.1.1 0.0.0.0 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
4.
Configure the OSPF priority. huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf dr-priority 100 huawei(config-if-vlanif2)#quit
5. Issue 09 (2015-02-28)
Save the data. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
97
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
huawei(config)#save
Step 2 Configure MA5600_B. 1.
Configure the IP address of the L3 interface. huawei(config)#vlan 2 mux huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 192.1.2.2 24 huawei(config-if-vlanif2)#quit
2.
Configure the OSPF router ID. huawei(config)#router id 2.2.2.2
3.
Enable OSPF. huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 192.1.2.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#network 2.2.2.2 0.0.0.0 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
4.
Configure the OSPF priority. huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf dr-priority 80 huawei(config-if-vlanif2)#quit
5.
Save the data. huawei(config)#save
Step 3 Configure MA5600_C. 1.
Configure the IP address of the L3 interface. huawei(config)#vlan 2 mux huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 192.1.3.3 24 huawei(config-if-vlanif2)#quit
2.
Configure the OSPF router ID. huawei(config)#router id 3.3.3.3
3.
Enable OSPF. huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 192.1.3.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#network 3.3.3.3 0.0.0.0 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
4.
Configure the OSPF priority. huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf dr-priority 90 huawei(config-if-vlanif2)#quit
5.
Save the data. huawei(config)#save
Step 4 Configure MA5600_D. 1.
Configure the IP address of the L3 interface. huawei(config)#vlan 2 mux huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 192.1.4.4 24 huawei(config-if-vlanif2)#quit
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
98
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2.
2 Protocol Configuration
Configure the OSPF router ID. huawei(config)#router id 4.4.4.4
3.
Enable OSPF. huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 192.1.4.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#network 4.4.4.4 0.0.0.0 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
4.
Save the data. huawei(config)#save
----End
Result Run the display ip routing-table command and you can find the learned routing table. Hosts can communicate with each other.
Configuration Script Configuration on each MA5600 is similar. Here, the configuration on MA5600_A is considered as an example. vlan 2 smart port vlan 2 0/7 0 interface vlanif 2 ip address 192.1.1.1 24 quit router id 1.1.1.1 ospf area 0 network 192.1.1.0 0.0.0.255 network 1.1.1.1 0.0.0.0 quit quit interface vlanif 2 ospf dr-priority 100 quit save
2.3 Configuring the MSTP The MA5600 supports the application of the Multiple Spanning Tree Protocol (MSTP), Spanning Tree Protocol (STP), and Rapid Spanning Tree Protocol (RSTP). The MA5600 supports the MSTP ring network, which can meet various networking requirements.
Background Information l
MSTP applies to a redundant network. It makes up for the drawback of STP and RSTP. MSTP makes the network converge fast and the traffic of different VLANs distributed along their respective paths, which provides a better load-sharing mechanism.
l
MSTP trims a loop network into a loop-free tree network. It prevents the proliferation and infinite cycling of the packets in the loop network. In addition, MSTP supports load sharing by VLAN during data transmission.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
99
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
2 Protocol Configuration
By default, the MSTP function is disabled.
Procedure Step 1 Run the stp mode mstp command to set the working mode of MSTP as MSTP compatible. Step 2 Enable the MSTP function. l After the MSTP function is enabled, the device determines whether it works in STP compatible mode or MSTP mode based on the configured protocol. l After the MSTP function is enabled, MSTP maintains dynamically the spanning tree of the VLAN based on the received BPDU packets. After the MSTP function is disabled, the MA5600 becomes a transparent bridge and does not maintain the spanning tree. 1.
Run the stp enable command to enable the MSTP function of the bridge.
2.
Run the stp port enable command to enable the MSTP function of the port.
3.
Run the display stp command or the display stp port command to query the MPLS state of the bridge or the port.
Step 3 Configure the MSTP region name. 1.
Run the stp region-configuration command to enter MSTP region mode.
2.
Run the region-name command to configure the name of the MSTP region. By default, the MSTP region name is the bridge MAC address of the device.
3.
Run the check region-configuration command to query the parameters of the current MSTP region.
Step 4 Configure the MSTP instance. The MSTP protocol configures the VLAN mapping table (mapping between the VLAN and the spanning tree), which maps the VLAN to the spanning tree. 1.
Run the stp region-configuration command to switch over to MSTP region mode.
2.
Run the instance command to map the specified VLAN to the specified MSTP instance. l By default, all VLANs are mapped to CIST, namely, instance 0. l One VLAN can be mapped to only one instance. If you re-map a VLAN to another instance, the original mapping is disabled. l A maximum of 10 VLAN sections can be configured for an MSTP instance. NOTE
A VLAN section refers to the consecutive VLAN IDs from the start VLAN ID to the end VLAN ID.
3.
Run the check region-configuration command to query the parameters of the current MSTP region.
Step 5 Activate the configuration of the MST region manually. 1.
Run the stp region-configuration command to switch over to MST region mode.
2.
Run the active region-configuration command to activate the configuration of the MST region.
3.
Run the display stp region-configuration command to query the effective configuration of the MSTP region.
Step 6 Set the priority of the device in the MSTP instance. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
100
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
1.
Run the stp priority command to set the priority of the device in the specified spanning tree instance.
2.
Run the display stp command to query the MSTP configuration of the device.
Step 7 Other optional configurations. l Set the MSTP region parameters. – Run the stp md5-key command to set the MD5-Key for the MD5 encryption algorithm configured on the MST region. – In the MSTP regin mode, run the vlan-mapping module command to map all VLANs to the MSTP instances by modular arithmetic. – In the MSTP regin mode, run the revision-level command to set the MSTP revision level of the device. – Run the reset stp region-configuration command to restore the default settings to all parameters of the MST region. l Specify the device as a root bridge or a backup root bridge. – Run the stp root command to specify the device as a root bridge or a backup root bridge. l Set the time parameters of the specified network bridge. – Run the stp timer forward-delay command to set the Forward Delay of the specified network bridge. – Run the stp timer hello command to set the Hello Time of the specified network bridge. – Run the stp timer max-age command to set the Max Age of the specified network bridge. – Run the stp time-factor command to set the timeout time factor of the specified network bridge. l Set the parameters of the specified port. – Run the stp port transmit-limit command to set the number of packets transmitted by the port within the Hello Time. – Run the stp port edged-port enable command to set the port as an edge port. – Run the stp port cost command to set the path cost of a specified port. – Run the stp port port-priority command to set the priority of the specified port. – Run the stp port point-to-point command to set whether the link that is connected to the port is a point-to-point link. l Configure the device protection function. – Run the stp bpdu-protection enable command to enable the BPDU protection function of the device. – Run the stp port loop-protection enable command to enable the loop protection function of the port. – Run the stp port root-protection enable command to enable the root protection function of the port. l Set the maximum number of hops of the MST region. – Run the stp max-hops command to set the maximum number of hops of the MST region. l Set the diameter of the switching fabric. – Run the stp bridge-diameter command to set the diameter of the switching fabric. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
101
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
l Set the calculation standard for the path cost. – Run the stp pathcost-standard command to set the calculation standard for the path cost. l Clear the MSTP protocol statistics. – Run the reset stp statistics command to clear the MSTP protocol statistics. ----End
Example Configure the MSTP parameters as follows: l
Enable the MSTP function.
l
Enable the MSTP function on port 0/7/0.
l
Set the MSTP running mode to MSTP compatible mode.
l
Configure MST region parameters: – Configure the MD5-Key for the MD5 encryption algorithm to 0x11ed224466. – Configure the MST region name to huawei-mstp-bridge. – Map VLAN2-VLAN10 and VLAN12-VLAN16 to MSTP instance 3. – Map all the VLANs to the specified MSTP instances. – Configure the MSTP revision level of the device to 100.
l
Configure the maximum hops for the MST region to 10.
l
Activate the configuration of the MST region manually.
l
Configure the current device as the root bridge of MSTP instance 2.
l
Configure the priority of the device in spanning tree instance 2 to 4096.
l
Configure the diameter of the switching network to 6.
l
Configure the calculation standard for the path cost to IEEE 802.1t.
l
Configure the time parameters of a specified bridge: – Configure the forward delay to 2000 centiseconds. – Configure the hello time to 1000 centiseconds. – Configure the max age to 3000 centiseconds. – Configure the timeout time factor to 6.
l
Configure the parameters of a specified port: – Configure the maximum number of packets transmitted in a hello time period to 16. – Configure port 0/7/0 to be an edge port. – Configure the path cost of the port in a specified spanning tree instance to 1024. – Configure the priority of the port to 64. – The link connected to port 0/7/0 is a point-to-point link.
l
Enable the BPDU protection function on the device.
huawei(config)#stp mode mstp huawei(config)#stp enable Change global stp state may active region configuration,it may take several minutes,are you sure to change global stp state? [Y/N][N]y huawei(config)#stp port 0/7/0 enable huawei(config)#stp mode mstp
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
102
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
huawei(config)#stp md5-key 11ed224466 huawei(config)#stp region-configuration huawei(stp-region-configuration)#region-name huawei-mstp-bridge huawei(stp-region-configuration)#instance 3 vlan 2 to 10 12 to 16 huawei(stp-region-configuration)#vlan-mapping module 16 huawei(stp-region-configuration)#revision-level 100 huawei(stp-region-configuration)#active region-configuration huawei(stp-region-configuration)#quit huawei(config)#stp instance 2 root primary huawei(config)#stp instance 2 priority 4096 huawei(config)#stp max-hops 10 huawei(config)#stp bridge-diameter 6 huawei(config)#stp pathcost-standard dot1t huawei(config)#stp timer forward-delay 2000 huawei(config)#stp timer hello 1000 huawei(config)#stp timer max-age 3000 huawei(config)#stp time-factor 6 huawei(config)#stp port 0/7/0 transmit-limit 16 huawei(config)#stp port 0/7/0 edged-port enable huawei(config)#stp port 0/7/0 instance 0 cost 1024 huawei(config)#stp port 0/7/0 instance 0 port-priority 64 huawei(config)#stp port 0/7/0 point-to-point force-true huawei(config)#stp bpdu-protection enable
2.4 Configuring the Ethernet OAM This topic describes how to configure the Ethernet OAM on the MA5600.
Prerequisites l
The router must support Ethernet OAM.
Service Requirements The two devices on the two ends send detection packets periodically to each other to check the link connectivity.
Networking Figure 2-7 shows an example network for configuring Ethernet OAM. In this example network, the Ethernet OAM mechanism is adopted for the link between MA5600_A and MA5600_B for detecting link status. The local MEP and remote MEP are configured on both MA5600_A and MA5600_B. The ID of the local MEP on MA5600_B is the same as the ID of the remote MEP on MA5600_A, and the ID of the remote MEP on MA5600_B is the same as the ID of the local MEP on MA5600_A.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
103
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Figure 2-7 Example network for configuring Ethernet OAM
Router
0/7/1
0/7/0 MA5600_A
MA5600_B
Data Plan Table 2-4 provides the data plan for configuring Ethernet OAM. Table 2-4 Data plan for configuring Ethernet OAM Item
Data
MA5600_A
Port: 0/7/0 Smart VLAN: 100 MEP: 2/6/0 MEP-id: 260 RMEP-id: 2260 CC-interval: 10 minutes
MA5600_B
Port: 0/7/1 Smart VLAN: 200 MEP: 2/6/0 MEP-id: 2260 RMEP-id: 260 CC-interval: 10 minutes
Procedure Step 1 Create a VLAN. The VLAN ID is 100, and the VLAN is a smart VLAN. huawei(config)#vlan 100 smart
Step 2 Add an upstream port to the VLAN. Add port 0/7 to VLAN 100. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
104
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
huawei(config)#port vlan 100 0/7 0
Step 3 (Optional) Set the native VLAN of the port. This step is to set the packets of the upstream Ethernet port to or not to carry the VLAN tag. Whether the native VLAN needs to be set for the upstream port depends on whether the upperlayer device connected to the upstream port supports packets carrying a VLAN tag. The setting on the MA5600 must be the same as that on the upper-layer device. In this example, the Ethernet packets are of the untagged type. huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 0 100 huawei(config-if-scu-0/7)#quit
Step 4 Configure an MD. l MDs with the same index or level cannot be created. l The name format and the name of an MD must be unique. l The total length of the names of an MD and its MAs cannot be longer than 44 characters. huawei(config)#cfm md 2 name-format string huawei level 3
Step 5 Configure an MA. l The system supports up to 4096 MAs and each MD can be configured with up to 48 MAs. That is, if an MD is configured with 4096 MAs, the other MDs in the system cannot be configured with any MA. An MA of a non-existing MD cannot be created. An existing MA cannot be created again. l The total length of the names of an MD and its MAs cannot be longer than 44 characters. huawei(config)#cfm ma 2/6 name-format string huawei-6 vlan 100
Step 6 Configure an MEP. l MEP refers to the maintenance association end points. Ethernet OAM is used to test the link connectivity by using the MEPs at the two ends of a maintenance channel. l By default, the MEP management function is enabled, the priority of sending CFM packets is 7, and the function of sending CC packets is enabled. huawei(config)#cfm mep 2/6/0 mepid 260 direction outward port 0/7/0 priority 7
Step 7 Configure an RMEP. By default, the detection function of the RMEP is disabled. huawei(config)#cfm remote-mep-detect enable
Step 8 (Optional) Set the interval for the MA to transmit CCMs. By default, the interval is one minute. huawei(config)#cfm ma 2/6 cc-interval 10m
Step 9 Enable the local CFM globally. By default, the local CFM is disabled globally. huawei(config)#cfm enable
Step 10 Enable the detection function of the remote MEP detection globally. By default, the remote MEP detection is disabled globally. huawei(config)#cfm remote-mep-detect enable
Step 11 Save the data. huawei(config)#save
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
105
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
NOTE
Configuration on MA5600_B is the same as that on MA5600_A and it is not repeated here.
----End
Result After the configuration, run the display cfm statistics mep command on MA5600_A or MA5600_B and you can find packet statistics. Of the statistics, neither "CCM Sent Pkt Num" nor "CCM Received Pkt Num" values zero.
Configuration Script vlan 100 smart port vlan 100 0/7 0 interface scu 0/7 native-vlan 0 100 quit cfm md 2 name-format string huawei level 3 cfm ma 2/6 name-format string huawei-6 vlan 100 cfm mep 2/6/0 mepid 260 direction outward port 0/7 priority 7 cfm remote-mep-detect enable cfm ma 2/6 cc-interval 10m cfm enable cfm remote-mep-detect enable save
2.5 Configuring PIM-SSM Parameters This topic describes how to configure the Protocol Independent Multicast-Source Specific Multicast (PIM-SSM) parameters on the MA5600, including enabling the PIM-SSM function, setting the DR priority of the PIM router, and setting the IP address range of the PIM-SSM multicast group.
Prerequisites l
The MA5600 does not support the PIM-SSM and IGMP upstream transmission at the same time.
l
The MA5600 does not support the receiving of PIM messages through an external subtending port, the receiving of PIM messages through the original BTV subtending port, or the processing of PIM messages received on the user-side port.
l
PIM-SSM of the MA5600 depends on the unicast routing information. Hence, modifying, deleting, or configuring the unicast routing information affects the availability of the PIMSSM function and the unicast routing performance affects the PIM-SSM performance.
l
The PIM-SSM function can be used on the MA5600 only after the multicast VLAN is enabled.
l
The multicast routing function must be enabled on the MA5600.
l
The multicast mode of the upstream port on the MA5600 must be PIM-SSM.
Background Information PIM-SSM is applicable to the scenario where multiple multicast users share one multicast source, and the multicast users know the IP address of the multicast source in advance. The MA5600 Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
106
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
applies to the upper-layer multicast router for joining a multicast group (for which the multicast source is specified) through the PIM-SSM protocol. In this manner, the shortest path tree (SPT) multicast forwarding tree is created.
Procedure Step 1 Enable the PIM-SSM function. By default, the PIM-SSM function is disabled on the MA5600. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim sm command to enable the PIM-SSM function on the VLAN L3 interface.
Step 2 Set the DR priority of the PIM router. l The routers mutually send hello packets carrying the priority parameter for electing a DR. The router with the highest priority is elected as the DR. If the DR priority is the same, the router with the greatest IP address is elected as the DR. l The greater the DR priority value of the PIM router is, the higher the priority is. The DR priority value ranges from 0 to 4294967295. By default, it is 1. l The command used for configuring the priority of a router for DR election in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the DR priority set in the VLAN interface mode. When the DR priority set in the VLAN interface mode does not exist, the system uses the DR priority set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the hello-option dr-priority command to set the DR priority of the PIM router in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim hello-option dr-priority command to set the DR priority of the PIM router on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 3 Set the interval for a PIM router to send hello packets. l The interval ranges from 1s to 2147483647s. By default, it is 30s. l The command used for setting the interval for the PIM router to send hello packets in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the interval for the PIM router to send hello packets set in the VLAN interface mode. When the interval for the PIM router to send hello packets set in the VLAN interface mode does not exist, the system uses the interval for the PIM router to send hello packets set in PIM mode. Configure parameters in PIM mode. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
107
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
1.
Run the pim command to enter PIM mode.
2.
Run the timer hello command to set the interval for the PIM router to send hello packets in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim timer hello command to set the interval for a PIM router to send hello packets in PIM mode.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 4 Set the timeout time for a PIM router to wait for hello packets. l The timeout time ranges from 1s to 65535s. By default, it is 105s. l The command used for setting the timeout time for the PIM router to wait for hello packets in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the timeout time for the PIM router to wait for hello packets set in the VLAN interface mode. When the timeout time for the PIM router to wait for hello packets set in the VLAN interface mode does not exist, the system uses the timeout time for the PIM router to wait for hello packets set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the hello-option holdtime command to set the timeout time for the PIM router to wait for hello packets in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim hello-option holdtime command to set the timeout time for the PIM router to wait for hello packets on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 5 Set the longest delay for triggering the transmission of hello packets. l For example, if the longest delay is N seconds (s), the system randomly selects a value ranging from 0s to Ns as the delay and sends hello packets to the neighbor after this delay. l The longest delay ranges from 1s to 5s. By default, it is 5s. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim triggered-hello-delay command to set the longest delay for triggering the transmission of hello packets.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
108
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Step 6 Set the specification of Join/Prune packets. l The length of the Join/Prune packets ranges from 100 bytes to 1500 bytes. By default, it is 1400 bytes. l The number of (S, G) entries contained in the Join/Prune packets sent every second ranges from 1 to 4096. By default, it is 1020. l Set the length of the Join/Prune packets to be sent. 1.
Run the pim command to enter PIM mode.
2.
Run the jp-pkt-size command to set the length of the Join/Prune packets to be sent.
l Set the number of (S, G) entries contained in the packets sent every second. – Run the pim command to enter PIM mode. – Run the jp-queue-size command to set the length of the Join/Prune packets to be sent. Step 7 Set the interval for sending Join/Prune packets. l The interval ranges from 1s to 2147483647s. By default, it is 60s. l The command used for setting the interval for sending Join/Prune packets in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the interval for sending Join/Prune packets set in the VLAN interface mode. When the interval for sending Join/Prune packets set in the VLAN interface mode does not exist, the system uses the interval for sending Join/Prune packets set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the timer join-prune command to set the interval for sending Join/Prune packets in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim timer join-prune command to set the interval for sending Join/Prune packets on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 8 Set the delay for the PIM router to perform the pruning operation. l The delay ranges from 1 ms to 32767 ms. By default, it is 500 ms. l The command used for setting the delay for the PIM router to perform the pruning in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the delay for the PIM router to perform the pruning set in the VLAN interface mode. When the delay for the PIM router to perform the pruning set in the VLAN interface mode does not exist, the system uses the delay for the PIM router to perform the pruning set in PIM mode. Configure parameters in PIM mode. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
109
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
1.
Run the pim command to enter PIM mode.
2.
Run the hello-option lan-delay command to set the delay for the PIM router to perform the pruning operation in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim hello-option lan-delay command to set the delay for a PIM router to perform pruning on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 9 Set the interval for the PIM router to override the pruning. l When a router receives a prune message from the upstream interface, it indicates that other downstream routers exist in this LAN. If this router still needs to receive the multicast data, it must send the prune override message to the upstream router during the override interval. l The interval ranges from 1 ms to 65535 ms. By default, it is 2500 ms. l The command used for setting the interval for the PIM router to override the pruning in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the interval for the PIM router to override the pruning set in the VLAN interface mode. When the interval for the PIM router to override the pruning set in the VLAN interface mode does not exist, the system uses the interval for the PIM router to override the pruning set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the hello-option override-interval command to set the interval for the PIM router to override the pruning in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim hello-option override-interval command to set the interval for the PIM router to override the pruning on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 10 Set the holdtime for the PIM router to maintain the join status of the downstream interface. l The holdtime ranges from 1s to 65535s. By default, it is 210s. l The command used for setting the holdtime for the PIM router to maintain the join status of the downstream interface in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the holdtime for the PIM router to maintain the join status of the downstream interface set in the VLAN interface mode. When the holdtime for the PIM router to maintain the join status of the downstream interface Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
110
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
set in the VLAN interface mode does not exist, the system uses the holdtime for the PIM router to maintain the join status of the downstream interface set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the holdtime join-prune command to set the holdtime for the PIM router to maintain the join status of the downstream interface in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim holdtime join-prune command to set the holdtime for the PIM router to maintain the join status of the downstream interface on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 11 Set the IP address range of a PIM-SSM multicast group. l This operation specifies the IP address range of a PIM-SSM multicast group. All the interfaces enabled with the PIM-SSM protocol consider that the multicast groups within the range adopt the PIM-SSM mode. l By default, the IP address range of a PIM-SSM multicast group is 232.0.0.0/8. 1.
Run the acl command to enter acl-basic mode. NOTE
The ACL must be a basic ACL, which ranges from 2000 to 2999.
2.
Run the rule permit source command to configure the ACL rule in acl-basic mode to define the IP address range of the PIM-SSM multicast group to be permitted source IP address.
3.
Run the quit command to quit acl-basic mode.
4.
Run the pim command to enter PIM mode.
5.
Run the ssm-policy command to apply the configured ACL rule to specify the IP address range of the PIM-SSM multicast group.
----End
Example Assume that the PIM-SSM function is enabled on VLAN interface 500 and the PIM-SSM parameters are as follows: l
Set the DR priority of a PIM router to 4 on VLAN interface 500.
l
Set the interval for a PIM router to send hello packets to 80s on VLAN interface 500.
l
Set the timeout time for a PIM router to wait for hello packet to 240s on VLAN interface 500.
l
Set the longest delay for triggering hello packets to 4s on VLAN interface 500.
l
Set the length of the Join/Prune packets to be sent to 1100 bytes.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
111
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
l
Set the interval for sending Join/Prune packets to 120s on VLAN interface 500.
l
Set the delay for a PIM router to perform pruning to 700 ms on VLAN interface 500.
l
Set the interval for a PIM router to override a pruning operation to 3000 ms on VLAN interface 500.
l
Set the holdtime for a PIM router to maintain the join status of the downstream interface to 215s on VLAN interface 500.
l
Set the IP address range of a PIM-SSM multicast group to 232.1.0.0/16.
To perform the configurations, do as follows: huawei(config)#multicast upstream-mode pim-ssm huawei(config)#multicast routing-enable huawei(config)#vlan 500 smart huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim sm huawei(config-if-vlanif500)#pim hello-option dr-priority 4 huawei(config-if-vlanif500)#pim timer hello 80 huawei(config-if-vlanif500)#pim hello-option holdtime 240 huawei(config-if-vlanif500)#pim triggered-hello-delay 4 huawei(config-if-vlanif500)#quit huawei(config)#pim huawei(config-pim)#jp-pkt-size 1100 huawei(config-pim)#jp-queue-size 1000 huawei(config-pim)#quit huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim timer join-prune 120 huawei(config-if-vlanif500)#pim hello-option lan-delay 700 huawei(config-if-vlanif500)#pim hello-option override-interval 3000 huawei(config-if-vlanif500)#pim holdtime join-prune 215 huawei(config-if-vlanif500)#quit huawei(config)#acl 2000 huawei(config-acl-basic-2000)#rule permit source 232.1.0.0 0.0.255.255 huawei(config-acl-basic-2000)#quit huawei(config)#pim huawei(config-pim)#ssm-policy 2000 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 4 PIM neighbor count: 0 PIM hello interval: 80 s PIM LAN delay (negotiated): 700 ms PIM LAN delay (configured): 700 ms PIM hello override interval (negotiated): 2800 ms PIM hello override interval (configured): 2800 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 240 s PIM hello assert interval: 454545 s PIM triggered hello delay: 4 s PIM J/P interval: 120 s PIM J/P hold interval: 215 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
112
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
2.6 Configuring MPLS This topic describes the MPLS technology and the method of configuring the MPLS service on the MA5600.
2.6.1 Configuring the MPLS LDP This topic describes the basic funcitons, LDP session, static LSP, and dynamic LDP LSP of the MPLS LDP.
Configuring the Basic MPLS Functions In the MPLS domain, the basic MPLS functions need to be configured for the routers that participate in the MPLS forwarding. Other MPLS functions can be configured only when the basic MPLS functions are configured. l
MPLS can be enabled only when the LSR ID is configured.
l
An LSR has no default LSR ID, which must be manually set. Generally, the loopback interface address is used as the LSR ID.
l
An LSR ID must be unique in an MPLS domain. The LSR ID and the double-byte label space number constitute the LDP identifier, which is used to identify the label space used by the LSR, and establish and maintain the LDP session between LSRs.
l
The MPLS function of an interface can be enabled only when the MPLS function is enabled globally.
l
The MPLS function can be enabled for only the standard VLAN.
l
The MPLS function cannot be enabled for a VLAN that is configured with a L3 interface.
Networking Figure 2-8 shows an example network for configuring the basic MPLS functions. Figure 2-8 Example network for configuring the basic MPLS functions LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24
LSR ID 3.3.3.3/32
10.1.3.1/24
LSR ID 2.2.2.2/32
MA5600_B
Data Plan Table 2-5 provides the data plan for configuring the basic MPLS functions. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
113
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Table 2-5 Data plan for configuring the basic MPLS functions Item
Data
MA5600_A
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 1.1.1.1/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.2.1/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
MA5600_B
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 3.3.3.3/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.3.2/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
Router name
LSR ID: 2.2.2.2/32
Procedure Step 1 Run the mpls lsr-id command to configure the LSR ID. To set an LSR ID, disable the MPLS function first (by default, the MPLS function is disabled). An LSR ID must be unique in an MPLS domain. Step 2 Run the mpls command to enable the MPLS function globally. Step 3 Run the quit command to return to the global config mode. Step 4 Run the vlan command to create a VLAN. Step 5 Run the mpls vlan command to enable the MPLS function of the VLAN. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
114
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Step 6 Run the display mpls vlan command to query the MPLS status of the VLAN. Step 7 Run the interface vlanif command to enter the VLAN interface mode. Step 8 Run the mpls command to enable the MPLS function of the interface. Step 9 Run the quit command to return to the global config mode. Step 10 Run the display mpls interface command to query the information about the interface whose MPLS function is enabled. Step 11 Run the display current-configuration command to query the current LSR ID of the system. ----End
Example To configure the LSR ID of MA5600_A to 1.1.1.1 and enable MPLS under the VLAN interface of standard VLAN 200, do as follows: huawei(config)#mpls lsr-id 1.1.1.1 huawei(config)#mpls huawei(config-mpls)#quit huawei(config)#vlan 200 standard huawei(config)#mpls vlan 200 huawei(config)#display mpls vlan 200 VLAN 200 is enabled MPLS huawei(config)#interface vlanif 200 huawei(config-if-vlanif200)#mpls huawei(config-if-vlanif200)#quit huawei(config)#display mpls interface vlanif 200 { |verbose }: Command: display mpls interface vlanif 200 Status TE Attr LSP Count Down Dis 0
Interface Vlanif200
CRLSP Count MPLS MTU 0 1500
huawei(config)#display current-configuration section mpls { || }: Command: display current-configuration section mpls [MA5600V300R003: 3905] # [mpls] mpls lsr-id 1.1.1.1 mpls # return
Configuring the Static LSP Static LSP is configured manually. A static LSP can work in the normal state only when all the LSRs along the static LSP are configured. l
The LSPs are classified into static LSPs and dynamic LSPs. – Static LSP is configured manually. – The dynamic LSP is generated by the routing protocol dynamically.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
115
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
2 Protocol Configuration
If the next hop is specified when a static LSP is configured, the next hop must also be specified when a static IP route is configured. Similarly, if the egress is specified when a static LSP is configured, the egress must also be specified when a static IP route is configured.
Networking Figure 2-9 shows an example network for configuring the static LSP. Figure 2-9 Example network for configuring the static LSP LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24
LSR ID 3.3.3.3/32
10.1.3.1/24
LSR ID 2.2.2.2/32
MA5600_B
Data Plan Table 2-6 provides the data plan for configuring the static LSP. Table 2-6 Data plan for configuring the static LSP Item
Data
MA5600_A
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 1.1.1.1/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.2.1/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
MA5600_B
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 3.3.3.3/32 PW ID: 106
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
116
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
2 Protocol Configuration
Data VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.3.2/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
Router name
LSR ID: 2.2.2.2/32
Procedure Step 1 Run the static-lsp ingress command to configure the ingress parameters of the static LSP. Step 2 Run the mpls car-lsp static command to configure the LSR CAR. Step 3 Run the display mpls static-lsp command to query the ingress parameters of the static LSP. Step 4 Run the display mpls car-lsp command to check whether the LSP CAR is configured successfully. ----End
Example To configure the ingress parameters of the static LSP on MA5600_A, do as follows: huawei(config)#static-lsp ingress staticlsp1 destination 1.31.1.1 32 nexthop 10.1.2.2 out-label 8500 huawei(config)#mpls car-lsp static lspname staticlsp1 burst 0 bandwidth 1000 huawei(config)#display mpls static-lsp staticlsp1 { |exclude|include|verbose }: Command: display mpls static-lsp staticlsp1 : 1 STATIC LSP(S) : 0 STATIC LSP(S) : 1 STATIC LSP(S) FEC I/O Label I/O If 1.1.1.1/32 NULL/8500 -/-
TOTAL UP DOWN Name staticlsp1
Stat Down
huawei(config)#display mpls car-lsp static lspname staticlsp1 Static Lsp CAR Table Total: 1 ---------------------------------------------------Lsp Name Burst(2KB) Bandwidth(64kbps) ---------------------------------------------------*staticlsp1 AUTO 1000 ---------------------------------------------------Note: A '*' before an LSP-CAR means the CAR is invalid.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
117
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Configuring the LDP LSP Set up an MPLS LDP session between adjacent LSRs along the LSP. After the MPLS LDP session is set up, the LDP LSP is automatically created. l
The MPLS LDP function can be enabled only when the MPLS function is enabled by running the mpls command.
l
The MPLS LDP function can be enabled for only the standard VLAN.
Networking Figure 2-10 shows an example network for configuring the LDP LSP. Figure 2-10 Example network for configuring the LDP LSP LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24
LSR ID 3.3.3.3/32
10.1.3.1/24
LSR ID 2.2.2.2/32
MA5600_B
Data Plan Table 2-7 provides the data plan for configuring the LDP LSP. Table 2-7 Data plan for configuring the LDP LSP Item
Data
MA5600_A
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 1.1.1.1/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.2.1/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
MA5600_B
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
118
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
2 Protocol Configuration
Data LSR ID: 3.3.3.3/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.3.2/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
Router name
LSR ID: 2.2.2.2/32
Procedure Step 1 Run the mpls ldp command to enable the MPLS LDP function globally. Step 2 Run the quit command to return to the global config mode. Step 3 Run the interface vlanif command to enter the VLAN interface mode. Step 4 Run the mpls ldp command to enable the MPLS LDP function on the VLAN interface. Step 5 Run the quit command to quit the VLAN interface mode. Step 6 Run the display mpls ldp interface command to query the information about the interface whose MPLS LDP function is enabled. ----End
Example To configure the LDP LSP on MA5600_A by using the default settings, do as follows: huawei(config)#mpls ldp huawei(config-mpls-ldp)#quit huawei(config)#interface vlanif 140 huawei(config-if-vlanif140)#mpls ldp huawei(config-if-vlanif140)#quit huawei(config)#display mpls ldp interface vlanif 140 { || }: Command: display mpls ldp interface vlanif 140 LDP Interface Information -----------------------------------------------------------------------------Interface Name : vlanif140 LDP ID : 1.1.1.1:0 Transport Address : 1.1.1.1 Entity Status : Inactive Effective MTU : 1500 Configured Hello Timer : 15 Sec Negotiated Hello Timer : 15 Sec Configured Keepalive Timer : 45 Sec
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
119
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide Label Advertisement Mode Hello Message Sent/Rcvd
2 Protocol Configuration
: Downstream Unsolicited : 0/0 (Message Count)
------------------------------------------------------------------------------
2.6.2 Configuring the MPLS VPN In the MPLS VPN service, the carrier needs to provides the end-to-end QoS guarantee for various services (such as the voice service, video service, key data service, and common Internet access service) of the VPN user. Pseudo-Wire Emulation Edge to Edge (PWE3) is a type of L2 service bearer technology, used to emulate the essential behavior and characteristics of the services such as the ATM, frame relay, Ethernet, low-rate time division multiplexing (TDM) circuit, and synchronous optical network (SONET)/synchronous digital hierarchy (SDH) as faithfully as possible in a packet switched network (PSN). The PWE3 uses LDP as the signaling protocol to simulate various L2 service through the tunnel (such as the LSP tunnel) and transparently transmit the L2 data.
Configuring ETH PWE3 This topic describes how to configure the ETH PWE3 so that the ETH PWE3 can provide the Ethernet emulation function and the emulation private line solution in an IP network.
Prerequisites l
An LDP LSP must exist. For details about the configuration of the LDP LSP, see Configuring the LDP LSP.
l
An upstream port must exist. The VLAN to which the upstream port belongs must be a standard VLAN. For details about how to add an upstream port to a VLAN, see 3.2 Configuring an Upstream Port.
l
A route to the peer end must exist. PW has no special requirement for the routing policy. For details about the configuration of the route, see 2.2 Configuring the Route.
Background Information l
A VPN can be created between the local VLAN and the peer VLAN through binding the PW and the VLAN together. That is, by switching the labels, packets can transverse the MPLS network, thus implementing the communication at L2 between the local end and the remote end.
l
Only the standard VLAN supports ETH PWE3.
Networking Figure 2-11 shows an example network for configuring the ETH PWE3. Figure 2-11 Example network for configuring the ETH PWE3 LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24 10.1.3.1/24
LSR ID 2.2.2.2/32
Issue 09 (2015-02-28)
LSR ID 3.3.3.3/32
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
MA5600_B
120
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Data Plan Table 2-8 provides the data plan for configuring the ETH PWE3. Table 2-8 Data plan for configuring the ETH PWE3 Item
Data
MA5600_A
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 1.1.1.1/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.2.1/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
MA5600_B
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 3.3.3.3/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.3.2/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
Router name
LSR ID: 2.2.2.2/32
Procedure Step 1 Run the mpls l2vpn command to enable MPLS L2VPN. Step 2 Run the service-port command to create an ETH service port. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
121
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Step 3 Create a PW template. 1.
Run the pw-template command to create a PW template.
2.
Run the peer-address command to configure the IP address of the peer device in the PW template. The configuration of the IP address is mandatory. If the IP address is not configured, a PW template cannot be directly referenced when the PW template is bound to a PVC.
3.
Run the pw-type command to configure the PW template type. The MA5600 supports only the PW template of the tagged type. In the tagged type, after receiving the PW packets, the peer PE can change, remove, or remain the tag of the PW packets according to the configuration.
4.
Run the quit command to quit the PW-template mode.
Step 4 Run the pw-ac-binding vlan command to bind the PW template to the PVC to create the ETH PW service. l The ID of the PW bound to the TDM must be the same as the PW ID of the remote peer. l A PW template can be bound dynamically or statically. To bind a PW template dynamically, enable MPLS LDP first. ----End
Example Assume that the PW template to be bound is of the Ethernet tagged type, the IP address of the peer device is 10.1.3.2, the outgoing label of the PW is 100, and the incoming label of the PW is 8500. To bind the PW to the VLAN of MA5600_A, and create the ETH PW service, do as follows: huawei(config)#mpls l2vpn huawei(config)#service-port vlan 10 adsl 0/1/0 rx-cttr 10 tx-cttr 10 huawei(config)#pw-template pwprofile huawei(config-pw-template-pwprofile)#peer-address 10.1.3.2 huawei(config-pw-template-pwprofile)#pw-type ethernet tagged huawei(config-pw-template-pwprofile)#quit huawei(config)#pw-ac-binding vlan 10 pw 1 pw-template pwprofile static transmitlabel 100 receive-label 8500
Configuring ATM PWE3 This topic describes how to configure the ATM PWE3 so that the ATM PWE3 can provide the ATM emulation function and the emulation private line solution in an IP network.
Prerequisites l
An LDP LSP must exist. For details about the configuration of the LDP LSP, see Configuring the LDP LSP.
l
An upstream port must exist. The VLAN to which the upstream port belongs must be a standard VLAN. For details about the configuration of the upstream port, see 3.2 Configuring an Upstream Port.
l
A route to the peer end must exist. PW has no special requirement for the routing policy. For details about the configuration of the upstream port, see 2.2 Configuring the Route.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
122
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Background Information l
A VPN can be created between the local VLAN and the peer VLAN through binding the PW template and the VLAN together. That is, by switching the labels, packets can traverse the MPLS network, thus implementing the communication at L2 between the local end and the remote end.
l
Only the standard VLAN supports ATM PWE3.
Networking Figure 2-12 shows an example network for configuring the ATM PWE3. Figure 2-12 Example network for configuring the ATM PWE3 LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24
LSR ID 3.3.3.3/32
10.1.3.1/24
LSR ID 2.2.2.2/32
MA5600_B
Data Plan Table 2-9 provides the data plan for configuring the ATM PWE3. Table 2-9 Data plan for configuring the ATM PWE3 Item
Data
MA5600_A
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 1.1.1.1/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.2.1/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
MA5600_B
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
123
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
2 Protocol Configuration
Data LSR ID: 3.3.3.3/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.3.2/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
Router name
LSR ID: 2.2.2.2/32
Procedure Step 1 Run the mpls l2vpn command to enable MPLS L2VPN. Step 2 Run the service-port command to create an ATM service port. Step 3 Create a PW template. 1.
Run the pw-template command to create a PW template.
2.
Run the peer-address command to configure the IP address of the peer device in the PW template. The configuration of the IP address is mandatory. If the IP address is not configured, a PW template cannot be directly referenced when the PW template is bound to the PVC.
3.
Run the pw-type command to set the PW template type. If the PW template is of the sdu type, the VPI and the VCI on the local end must be the same as those on the peer end. If the PW template is of the nto1 type, there is no requirement for the VPI and the VCI.
4.
Run the quit command to quit the PW-template mode.
Step 4 Run the pw-ac-binding pvc command to bind the PW template to the PVC to create the ATM PW service. l The ID of the PW bound to the TDM must be the same as the PW ID of the remote peer. l A PW template can be bound dynamically or statically. To bind a PW template dynamically, enable MPLS LDP first. ----End
Example Assume that the PW template to be bound is of the ATM sdu type and the IP address of the peer device is 10.1.3.2. To bind the PW to the PVC of MA5600_A, and create the ATM PW service, do as follows: huawei(config)#mpls l2vpn huawei(config)#service-port vlan 10 atm 0/6/0 vpi 0 vci 35 rx-cttr 10 upc off tx
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
124
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
-cttr 10 upc off huawei(config)#pw-template pwprofile huawei(config-pw-template-pwprofile)#peer-address 10.1.3.2 huawei(config-pw-template-pwprofile)#pw-type atm sdu huawei(config-pw-template-pwprofile)#quit huawei(config)#pw-ac-binding pvc 0/6/0 vpi 0 vci 35 pw 1 pw-template pwprofile
Configuration Example of MPLS - Based on Binding the PVC with the PW Template This topic describes how to configure the multiprotocol label switching (MPLS) based on the binding the PVC with the PW template to set up the Label Distribution Protocol (LDP) remote session, label switching paths (LSP), and PW between the MA5600 and the router.
Service Requirements l
When the MA5600 is subtended with a slave shelf, the slave shelf needs to support the ATM PWE3 service.
l
MPLS is used to carry the L2 service to ensure that the packets can go through the MPLS domain and that users can be differentiated.
Networking Figure 2-13 shows an example network for configuring the MPLS based on binding the PVC with the PW template. Figure 2-13 Example network for configuring the MPLS based on binding the PVC with the PW template LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24
LSR ID 3.3.3.3/32
10.1.3.1/24
LSR ID 2.2.2.2/32
MA5600_B
Data Plan Table 2-10 provides the data plan for configuring the MPLS based on binding the PVC with the PW template. Table 2-10 Data plan for configuring the MPLS based on binding the PVC with the PW template (MA5600_A) Item
Data
MPLS
LSR ID: 1.1.1.1/32 PW ID: 106
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
125
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
2 Protocol Configuration
Data VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.2.1/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
SCU
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140
AIUG
Port: 0/5/0 VPI/VCI: 1/40
Router name
LSR ID: 10.1.3.2/24
Procedure Step 1 Configure the route. PWE3 has no special requirement for the routing policy. Here, an open shortest path first (OSPF) route is considered as an example. huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 1.1.1.1 0.0.0.0 huawei(config-ospf-1-area-0.0.0.0)#network 10.1.2.0 0.0.255.255 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
Step 2 Configure the loopback interface. huawei(config)#interface loopback 1 huawei(config-if-loopback1)#ip address 1.1.1.1 32 huawei(config-if-loopback1)#quit
Step 3 Configure the label switch router (LSR) ID for the MPLS. huawei(config)#mpls lsr-id 1.1.1.1
Step 4 Enable the MPLS. huawei(config)#mpls huawei(config-mpls)#quit huawei(config)#vlan 140 standard huawei(config)#mpls vlan 140 huawei(config)#interface vlanif 140 huawei(config-if-vlanif140)#ip address 10.1.2.1 24 huawei(config-if-vlanif140)#mpls huawei(config-if-vlanif140)#quit
Step 5 Configure a VLAN interface. huawei(config)#port vlan 140 0/7 2 huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 2 vlan 140 huawei(config-if-scu-0/7)#quit
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
126
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Step 6 Enable the MPLS LDP. huawei(config)#mpls ldp huawei(config-mpls-ldp)#quit huawei(config)#interface vlanif 140 huawei(config-if-vlanif140)#mpls ldp huawei(config-if-vlanif140)#quit
Step 7 Create a remote peer. huawei(config)#mpls ldp remote-peer router huawei(config-mpls-ldp-remote-router)#remote-ip 10.1.3.2 huawei(config-mpls-ldp-remote-router)#quit
Step 8 Configure the MPLS LDP triggering mechanism. huawei(config)#mpls huawei(config-mpls)#lsp-trigger host huawei(config-mpls)#label advertise non-null huawei(config-mpls)#quit
Step 9 Enable the MPLS L2VPN. huawei(config)#mpls l2vpn
Step 10 Configure a service port. huawei(config)#service-port vlan aoe atm 0/5/0 vpi 1 vci 40 rx-cttr 6 upc off txcttr 6 upc off
Step 11 Create a PW template. huawei(config)#pw-template pwt huawei(config-pw-template-pwt)#peer-address 10.1.3.2 huawei(config-pw-template-pwt)#pw-type atm sdu huawei(config-pw-template-pwt)#quit
Step 12 Bind the PVC with the PW template. huawei(config)#pw-ac-binding pvc 0/5/0 vpi 1 vci 40 pw 106 pw-template pwt
----End
Result After the configuration, LDP remote session, LSP, and PW can be set up between the MA5600 and the router. The PW is in the up state.
Configuration Example of MPLS - Based on Binding the VLAN with the PW Template The topic describes how to set up the LDP remote session, LSP and PW between the MA5600 and the router.
Service Requirements l
The user accesses the Internet in the PPPoA mode.
l
A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l
MPLS is used to carry the L2 service to ensure that the packets can go through the MPLS domain and that users can be differentiated.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
127
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Networking Figure 2-14 shows an example network for configuring the MPLS based on binding the VLAN with the PW template. In this example network, the MA5600 is connected to the MPLS network in the upstream direction through the control board, and the MPLS L2VPN based on binding the VLAN with the PW template is set up between the MA5600 and the router in the MPLS network. Figure 2-14 Example network for configuring the MPLS based on binding the VLAN with the PW template LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24
LSR ID 3.3.3.3/32
10.1.3.1/24
LSR ID 2.2.2.2/32
MA5600_B
Data Plan Table 2-11 provides the data plan for configuring the MPLS based on binding the VLAN with the PW template. Table 2-11 Data plan for configuring the MPLS based on binding the VLAN with the PW template (MA5600_A) Item
Data
MPLS
lSR ID: 1.1.1.1/32 VLAN type: Standard VLAN VLAN ID: 140 IP address: 10.1.2.1/24 PW template name: pwt Remote loopback address: 10.1.3.2 Type: Ethernet Tagged
SCU
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140
ADSL
Port: 0/2/0 VPI/VCI: 1/100
Router name
Issue 09 (2015-02-28)
lSR ID: 10.1.2.1/24
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
128
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Procedure Step 1 Configure a route. PWE3 has no special requirements for the routing policy. Here, an OSPF route is considered as an example. huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 1.1.1.1 0.0.0.0 huawei(config-ospf-1-area-0.0.0.0)#network 10.1.2.0 0.0.255.255 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
Step 2 Configure a loopback port. huawei(config)#interface loopback 1 huawei(config-if-loopback1)#ip address 1.1.1.1 32 huawei(config-if-loopback1)#quit
Step 3 Configure the MPLS LSR ID. huawei(config)#mpls lsr-id 1.1.1.1
Step 4 Enable MPLS. huawei(config)#mpls huawei(config-mpls)#quit huawei(config)#vlan 140 standard huawei(config)#mpls vlan 140 huawei(config)#interface vlanif 140 huawei(config-if-vlanif140)#ip address 10.1.2.1 24 huawei(config-if-vlanif140)#mpls huawei(config-if-vlanif140)#quit
Step 5 Configure a VLAN interface. huawei(config)#port vlan 140 0/7 2 huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 2 vlan 140 huawei(config-if-scu-0/7)#quit
Step 6 Enable MPLS LDP. huawei(config)#mpls ldp huawei(config-mpls-ldp)#quit huawei(config)#interface vlanif 140 huawei(config-if-vlanif140)#mpls ldp huawei(config-if-vlanif140)#quit
Step 7 Configure a peer device. huawei(config)#mpls ldp remote-peer router huawei(config-mpls-ldp-remote-router)#remote-ip 10.1.3.2 huawei(config-mpls-ldp-remote-router)#quit
Step 8 Configure the MPLS LDP trigger mechanism. huawei(config)#mpls huawei(config-mpls)#lsp-trigger host huawei(config-mpls)#label advertise non-null huawei(config-mpls)#quit
Step 9 Enable MPLS L2VPN. huawei(config)#mpls l2vpn
Step 10 Create a VLAN. huawei(config)#vlan 100 standard
Step 11 Create a PW template. huawei(config)#pw-template pweth huawei(config-pw-template-pweth)#peer-address 10.1.3.2
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
129
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
huawei(config-pw-template-pweth)#pw-type ethernet tagged huawei(config-pw-template-pweth)#quit
Step 12 Bind the VLAN with the PW template. The ID of the PW bound with the PVC must be the same as the ID of the PW for the remote peer. huawei(config)#pw-ac-binding vlan 100 pw 107 pw-template pweth
----End
Result After the configuration, the MA5600 can set up the LDP remote session with the router. Run the display pw-ac-binding command and you can find that the PW state is up.
2.6.3 Configuring the MPLS RSVP-TE MPLS TE is a technology that integrates TE with MPLS. Through the MPLS TE technology, you can create an LSP tunnel to a specified path, to reserve resources and implement reoptimization. NOTE
For details of MPLS TE, refer to the Requirements for Traffic Engineering Over MPLS (RFC2702). l To provide the MPLS function, the MA5600 can function as only a PE device. l For the MA5600, to subtend slave shelves, l Only the master shelf supports MPLS function. l The master shelf supports the ETH PWE3 and the ATM PWE3 services, and the slave shelf supports only the ETH PWE3 service. (To support the ATM PWE3 service, a slave shelf must be separately configured with the AIUG board to function as an independent PE to provide MPLS upstream function.)
Configuration Example of Establishing an MPLS TE Tunnel by Using RSVP-TE This topic describes how to establish an MPLS TE tunnel by using RSVP-TE.
Prerequisite l
The network devices and lines must be in the normal state.
l
The IP address and subnet mask for each port must be configured according to the example network. After the configuration is complete, ensure that each LSR can ping the peer LSR ID successfully (the LSR ID is recommended to be consistent with the IP address of the loopback interface of the device).
l
The static routing protocol or the OSPF protocol must be configured on all the MA5600s and routers (the host route of each port must be successfully advertised).
Networking Figure 2-15 shows an example network for establishing an MPLS TE tunnel by using RSVPTE. Reachable routes exist between MA5600_A and MA5600_B and MPLS RSVP-TE is enabled on both devices. Establish an MPLS TE tunnel from MA5600_A to MA5600_B. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
130
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Figure 2-15 Example network for establishing an MPLS TE tunnel by using RSVP-TE
Router 10.1.1.2/24
10.1.2.1/24
LSR ID 2.2.2.2 /32
LSR ID 1.1.1.1 /32
10.1.1.1 /24
LSR ID 3.3.3.3 /32
10.1.2.2 /24
MA5600_A
MA5600_B
Data Plan Table 2-12 provides the data plan for establishing an MPLS TE tunnel by using RSVP-TE. Table 2-12 Data plan for establishing an MPLS TE tunnel by using RSVP-TE Item
Data
MA5600_A
LSR ID: 1.1.1.1/32 Port: 0/7/2 VLAN: 10 IP address of the L3 interface: 10.1.1.1/24
MA5600_B
LSR ID: 3.3.3.3/32 Port: 0/7/2 VLAN: 20 IP address of the L3 interface (interface connected to router): 10.1.2.2/24
Router
LSR ID: 2.2.2.2/32 IP address of the interface connected to MA5600_A: 10.1.1.2/24 IP address of the interface connected to MA5600_B: 10.1.2.1/24
Procedure Step 1 Configure the basic MPLS functions and enable MPLS TE. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
131
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1.
2 Protocol Configuration
Enable basic MPLS and MPLS TE globally. MA5600_A(config)#mpls lsr-id 1.1.1.1 MA5600_A(config)#mpls MA5600_A(config-mpls)#mpls te MA5600_A(config-mpls)#mpls rsvp-te MA5600_A(config-mpls)#mpls te cspf MA5600_A(config-mpls)#quit
2.
Enable basic MPLS and MPLS TE on the interface. MA5600_A(config)#vlan 10 standard MA5600_A(config)#mpls vlan 10 MA5600_A(config)#port vlan 10 0/7 2 MA5600_A(config)#interface scu 0/7 MA5600_A(config-if-scu-0/7)#native-vlan 2 vlan 10 MA5600_A(config-if-scu-0/7)#quit MA5600_A(config)#interface vlanif 10 MA5600_A(config-if-vlanif10)#ip address 10.1.1.1 24 MA5600_A(config-if-vlanif10)#mpls MA5600_A(config-if-vlanif10)#mpls te MA5600_A(config-if-vlanif10)#mpls rsvp-te NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A except the IP addresses of the VLAN interface and the MPLS VLAN interface. Therefore, the configuration on MA5600_B is not described here.
Step 2 Configure OSPF TE. MA5600_A(config)#ospf 100 MA5600_A(config-ospf-100)#opaque-capability enable MA5600_A(config-ospf-100)#area 0 MA5600_A(config-ospf-100-area-0.0.0.0)#mpls-te enable standard-complying MA5600_A(config-ospf-100-area-0.0.0.0)#quit MA5600_B(config-if-vlanif20)#quit NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A.
Step 3 Configure the MPLS TE attributes of the links on MA5600_A and MA5600_B respectively. MA5600_A(config)#interface vlanif MA5600_A(config-if-vlanif10)#mpls MA5600_A(config-if-vlanif10)#quit MA5600_B(config)#interface vlanif MA5600_B(config-if-vlanif20)#mpls MA5600_B(config-if-vlanif20)#quit
10 te max-reservable-bandwidth 1024 20 te max-reservable-bandwidth 1024
Step 4 Configure an MPLS TE tunnel from MA5600_A to MA5600_B. MA5600_A(config)#interface tunnel 10 MA5600_A(config-if-tunnel10)#tunnel-protocol mpls te MA5600_A(config-if-tunnel10)#destination 3.3.3.3 MA5600_A(config-if-tunnel10)#mpls te tunnel-id 10 MA5600_A(config-if-tunnel10)#mpls te signal-protocol rsvp-te MA5600_A(config-if-tunnel10)#mpls te bandwidth bc0 512 MA5600_A(config-if-tunnel10)#mpls te commit MA5600_A(config-if-tunnel10)#quit
Step 5 Save the data. MA5600_A(config)#save MA5600_B(config)#save
----End
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
132
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Result After the configuration is complete, run the following commands on MA5600_A to query the configuration: l
Run the display interface tunnel command to query the tunnel interface status. The tunnel interface needs to be in the UP state.
l
Run the display mpls te tunnel-interface tunnel command to query the detailed configuration of the tunnel.
Configuring a Static MPLS TE Tunnel This topic describes how to manually configure a static MPLS TE tunnel.
Prerequisites l
The network devices and lines must be in the normal state.
l
The IP address and subnet mask for each port must be configured according to the example network. After the configuration is complete, ensure that each LSR can ping the peer LSR ID successfully (the LSR ID is recommended to be consistent with the IP address of the loopback interface of the device).
l
The static routing protocol or the OSPF protocol must be configured on all the MA5600s and routers (the host route of each port must be successfully advertised).
Networking Figure 2-16 shows an example network for configuring the static MPLS TE tunnel. A reachable route must exist between MA5600_A and MA5600_B. Figure 2-16 Example network for configuring the static MPLS TE tunnel
Router 10.1.1.2/24
10.1.2.1/24 LSR ID 2.2.2.2 /32
LSR ID 1.1.1.1 /32
1.1.1.1 /24
10.1.2.2 /24
MA5600_A
LSR ID 3.3.3.3 /32 MA5600_B
Data Plan Table 2-13 provides the data plan for configuring the static MPLS TE tunnel. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
133
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Table 2-13 Data plan for configuring the static MPLS TE tunnel Item
Data
MA5600_A
LSR ID: 1.1.1.1/32 Port: 0/7/2 VLAN: VLAN 10 IP address of the L3 interface: 10.1.1.1/24
MA5600_B
LSR ID: 3.3.3.3/32 Port: 0/7/2 VLAN: VLAN 20 IP address of the L3 interface: 10.1.2.2/24 (connected to the router)
Router
LSR ID: 2.2.2.2/32 IP address of the port connected to MA5600_A: 10.1.1.2/24 IP address of the port connected to MA5600_B: 10.1.2.1/24
Procedure Step 1 Configure the basic MPLS functions and enable MPLS TE. 1.
Enable basic MPLS and MPLS TE globally. MA5600_A(config)#mpls lsr-id 1.1.1.1 MA5600_A(config)#mpls MA5600_A(config-mpls)#mpls te MA5600_A(config-mpls)#quit
2.
Enable basic MPLS and MPLS TE on the interface. MA5600_A(config)#vlan 10 standard MA5600_A(config)#mpls vlan 10 MA5600_A(config)#port vlan 10 0/7 2 MA5600_A(config)#interface vlanif 10 MA5600_A(config-if-vlanif10)#ip address 10.1.1.1 24 MA5600_A(config-if-vlanif10)#mpls MA5600_A(config-if-vlanif10)#mpls te NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 2 Configure OSPF TE. MA5600_A(config)#ospf 100 MA5600_A(config-ospf-100)#opaque-capability enable MA5600_A(config-ospf-100)#area 0 MA5600_A(config-ospf-100-area-0.0.0.0)#mpls-te enable standard-complying MA5600_A(config-ospf-100-area-0.0.0.0)#quit NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 3 Configure the MPLS TE attributes of the links on MA5600_A and MA5600_B respectively. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
134
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
MA5600_A(config)#static-lsp ingress staticlsp1 destination 3.3.3.3 24 nexthop 10.1.1.2 out-label 8200 MA5600_A(config)#static-lsp egress staticlsp2 incoming-interface vlanif 10 inlabel 8201 MA5600_A(config)#interface vlanif 10 MA5600_A(config-if-vlanif10)#mpls te max-reservable-bandwidth 1024 MA5600_A(config-if-vlanif10)#quit MA5600_B(config)#static-lsp ingress staticlsp1 destination 1.1.1.1 24 nexthop 10.1.2.1 out-label 8201 MA5600_B(config)#static-lsp egress staticlsp2 incoming-interface vlanif 20 inlabel 8200 MA5600_B(config)#interface vlanif 20 MA5600_B(config-if-vlanif20)#mpls te max-reservable-bandwidth 1024 MA5600_B(config-if-vlanif20)#quit
Step 4 Configure an MPLS TE tunnel from MA5600_A to MA5600_B. MA5600_A(config)#interface tunnel 10 MA5600_A(config-if-tunnel10)#tunnel-protocol mpls te MA5600_A(config-if-tunnel10)#destination 3.3.3.3 MA5600_A(config-if-tunnel10)#mpls te tunnel-id 10 MA5600_A(config-if-tunnel10)#mpls te signal-protocol rsvp-te MA5600_A(config-if-tunnel10)#mpls te bandwidth bc0 512 MA5600_A(config-if-tunnel10)#mpls te commit MA5600_A(config-if-tunnel10)#quit
Step 5 Save the data. MA5600_A(config)#save MA5600_B(config)#save
----End
Result After the configuration is complete, run the following commands on MA5600_A to query the configuration: l
Run the display interface tunnel command to query the tunnel interface status. The tunnel interface needs to be in the UP state.
l
Run the display mpls te tunnel-interface tunnel command to query the detailed configuration of the tunnel.
Configuring the Dynamic MPLS TE Tunnel This topic describes how to configure the dynamic MPLS TE tunnel manually.
Prerequisites l
The network devices and lines must be in the normal state.
l
The IP address and subnet mask for each port must be configured according to the example network. After the configuration is complete, ensure that each LSR can ping the peer LSR ID successfully (the LSR ID is recommended to be consistent with the IP address of the loopback interface of the device).
l
The dynamic routing protocol or the OSPF protocol must be configured on all the MA5600s and routers (the host route of each port must be successfully advertised).
Context The dynamic signaling protocol adjusts the path of an MPLS TE tunnel based on dynamic changes of the network and applies advanced features, such as backup and FR. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
135
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Networking Figure 2-17 shows an example network for configuring the dynamic MPLS TE tunnel. Reachable routes exist between MA5600_A and MA5600_B. Figure 2-17 Example network for configuring the dynamic MPLS TE tunnel
Router 10.1.1.2/24
10.1.2.1/24 LSR ID 2.2.2.2 /32
1.1.1.1 /24
LSR ID 1.1.1.1 /32
10.1.2.2 /24
MA5600_A
LSR ID 3.3.3.3 /32 MA5600_B
Data Plan Table 2-14 provides the data plan for configuring the dynamic MPLS TE tunnel. Table 2-14 Data plan for configuring the dynamic MPLS TE tunnel Item
Data
MA5600_A
LSR ID: 1.1.1.1/32 Port: 0/7/2 VLAN: 10 IP address of the L3 interface: 10.1.1.1/24
MA5600_B
LSR ID: 3.3.3.3/32 Port: 0/7/2 VLAN: 20 IP address of the L3 interface (interface connected to router): 10.1.2.2/24
Router
LSR ID: 2.2.2.2/32 IP address of the interface connected to MA5600_A: 10.1.1.2/24 IP address of the interface connected to MA5600_B: 10.1.2.1/24
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
136
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Procedure Step 1 Configure the basic MPLS functions and enable MPLS TE. 1.
Enable basic MPLS and MPLS TE globally. MA5600_A(config)#mpls lsr-id 1.1.1.1 MA5600_A(config)#mpls MA5600_A(config-mpls)#mpls te MA5600_A(config-mpls)#quit
2.
Enable basic MPLS and MPLS TE on the interface. MA5600_A(config)#vlan 10 standard MA5600_A(config)#mpls vlan 10 MA5600_A(config)#port vlan 10 0/7 2 MA5600_A(config)#interface vlanif 10 MA5600_A(config-if-vlanif10)#ip address 10.1.1.1 24 MA5600_A(config-if-vlanif10)#mpls MA5600_A(config-if-vlanif10)#mpls te NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 2 Configure OSPF TE. MA5600_A(config)#ospf 100 MA5600_A(config-ospf-100)#opaque-capability enable MA5600_A(config-ospf-100)#area 0 MA5600_A(config-ospf-100-area-0.0.0.0)#mpls-te enable standard-complying MA5600_A(config-ospf-100-area-0.0.0.0)#quit NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 3 Configure the MPLS TE attributes of the links on MA5600_A and MA5600_B respectively. MA5600_A(config)#interface vlanif MA5600_A(config-if-vlanif10)#mpls MA5600_A(config-if-vlanif10)#mpls MA5600_A(config-if-vlanif10)#quit MA5600_B(config)#interface vlanif MA5600_B(config-if-vlanif20)#mpls MA5600_B(config-if-vlanif20)#mpls MA5600_B(config-if-vlanif20)#quit
10 te max-link-bandwidth 2048 te max-reservable-bandwidth 1024 20 te max-link-bandwidth 2048 te max-reservable-bandwidth 1024
Step 4 Configure an MPLS TE tunnel from MA5600_A to MA5600_B. MA5600_A(config)#interface tunnel 10 MA5600_A(config-if-tunnel10)#tunnel-protocol mpls te MA5600_A(config-if-tunnel10)#destination 3.3.3.3 MA5600_A(config-if-tunnel10)#mpls te tunnel-id 10 MA5600_A(config-if-tunnel10)#mpls te signal-protocol rsvp-te MA5600_A(config-if-tunnel10)#mpls te bandwidth bc0 512 MA5600_A(config-if-tunnel10)#mpls te commit MA5600_A(config-if-tunnel10)#quit NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 5 Save the data. MA5600_A(config)#save MA5600_B(config)#save
----End Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
137
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Result After the configuration is complete, run the following commands on MA5600_A to query the configuration: l
Run the display interface tunnel command to query the tunnel interface status. The tunnel interface needs to be in the UP state.
l
Run the display mpls te tunnel-interface tunnel command to query the detailed configuration of the tunnel.
2.6.4 Configuring the MPLS OAM Operation Administration & Maintenance (OAM) is a key method to reduce the network maintenance cost. The MPLS OAM mechanism is designed for this purpose.
Context MPLS supports multiple layer 2 (L2) and layer 3 (L3) protocols. It provides the OAM mechanism independent of any upper or lower layer. By the MPLS OAM mechanism, the MA5600 detects and locates effectively the defects inside the network at the MPLS layer. Then, it reports and handles the defects. When the fault occurs, the system triggers the protection switchover.
Configuration Example of the MPLS OAM Detection for Static LSP Connectivity This topic describes how to configure the function of MPLS OAM to detect the static LSP connectivity.
Prerequisites Before the configuration, make sure that: l
The network devices and lines must be in the normal state.
l
The IP address and subnet mask for each port must be configured according to the example network. After the configuration is complete, ensure that each LSR can ping the peer LSR ID successfully.
l
The OSPF protocol must be configured on all the MA5600s and routers (the host route of each loopback port must be successfully advertised).
Networking Figure 2-18 shows an example network for configuring the MPLS OAM detection for static LSP connectivity.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
138
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Figure 2-18 Example network for configuring the MPLS OAM detection for static LSP connectivity Tunnel 10 Tunnel ID 10 LSR ID 4.4.4.4/32 10.1.1.2/24
10.1.4.1/24 Router B
Tunnel 20 Tunnel ID 20
10.1.1.1/24 LSR ID 1.1.1.1/32
10.1.4.2/24
Router A
10.1.2.1/24
10.1.2.2/24
MA5600_A
10.1.3.1/24
LSR ID 2.2.2.2/32
LSR ID 3.3.3.3/32 10.1.3.2/24 MA5600_B
Data Plan Table 2-15 provides the data plan for configuring the MPLS OAM detection for static LSP connectivity. Table 2-15 Data plan for configuring the MPLS OAM detection for static LSP connectivity Item
Data
MA5600_A
LSR ID: 1.1.1.1/32 Port: 0/7/2 VLAN: 10 IP address of the port connecting to router A: 10.1.2.1/24 Port: 0/7/3 VLAN: 11 IP address of the port connecting to router B: 10.1.1.1/24 The static LSP passes router A and targets MA5600_B.
MA5600_B
LSR ID: 3.3.3.3/32 Port: 0/7/2 VLAN: 30 IP address of the port connecting to router A: 10.1.3.2/24
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
139
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
2 Protocol Configuration
Data Port: 0/7/3 VLAN: 31 IP address of the port connecting to router B: 10.1.4.2/24 The static LSP passes router B and targets MA5600_A
Router A
LSR ID: 2.2.2.2/32 IP address of the port connecting to MA5600_A: 10.1.2.2/24 IP address of the port connecting to MA5600_B: 10.1.3.1/24
Router B
LSR ID: 4.4.4.4/32 IP address of the port connecting to MA5600_A: 10.1.1.2/24 IP address of the port connecting to MA5600_B: 10.1.4.1/24
Configuration Flowchart Figure 2-19 shows the flowchart for configuring the MPLS OAM detection for static LSP connectivity. Figure 2-19 Flowchart for configuring the MPLS OAM detection for static LSP connectivity Start
Enable the basic function of MPLS and MPLS TE function Configure the static LSP to be detected Configure the revertive tunnel static LSP Configure the MPLS OAM function of the ingress of the LSP Configure the MPLS OAM function of the egress of the LSP
Save the data
End
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
140
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Procedure Step 1 Enable basic MPLS and MPLS TE. 1.
Enable basic MPLS and MPLS TE globally. MA5600_A(config)#mpls lsr-id 1.1.1.1 MA5600_A(config)#mpls MA5600_A(config-mpls)#mpls te MA5600_A(config-mpls)#quit
2.
Enable basic MPLS and MPLS TE on the interface. MA5600_A(config)#vlan 10 standard MA5600_A(config)#mpls vlan 10 MA5600_A(config)#port vlan 10 0/7 2 MA5600_A(config)#interface vlanif 10 MA5600_A(config-if-vlanif10)#ip address 10.1.1.1 24 MA5600_A(config-if-vlanif10)#mpls MA5600_A(config-if-vlanif10)#mpls te MA5600_A(config-if-vlanif10)#quit MA5600_A(config)#vlan 11 standard MA5600_A(config)#mpls vlan 11 MA5600_A(config)#port vlan 11 0/7 3 MA5600_A(config)#interface vlanif 11 MA5600_A(config-if-vlanif11)#ip address 10.1.2.1 24 MA5600_A(config-if-vlanif11)#mpls MA5600_A(config-if-vlanif11)#mpls te MA5600_A(config-if-vlanif11)#quit NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 2 Configure a static LSP to be detected. To be specific, configure MA5600_A as the ingress, router A as the intermediate node, and MA5600_B as the egress of the LSP. 1.
On MA5600_A, configure an MPLS TE tunnel to MA5600_B by using the static LSP. MA5600_A(config)#interface tunnel 20 MA5600_A(config-if-tunnel20)#tunnel-protocol mpls te MA5600_A(config-if-tunnel20)#destination 3.3.3.3 MA5600_A(config-if-tunnel20)#mpls te tunnel-id 20 MA5600_A(config-if-tunnel20)#mpls te signal-protocol static MA5600_A(config-if-tunnel20)#mpls te commit MA5600_A(config-if-tunnel20)#quit
2.
Configure MA5600_A as the ingress of the static LSP. MA5600_A(config)#static-lsp ingress tunnel-interface tunnel 20 destination 3.3.3.3 nexthop 10.1.2.2 out-label 20
3.
Configure router A as the intermediate node of the static LSP. (Router-related configuration is not described here.)
4.
Configure MA5600_B as the egress of the static LSP. MA5600_B(config)#static-lsp egress 200 incoming-interface vlanif 30 in-label 8210
Step 3 Configure a backward static LSP. To be specific, configure MA5600_B as the ingress, router B as the intermediate node, and MA5600_A as the egress of the LSP. 1.
On MA5600_B, configure an MPLS TE tunnel to MA5600_A by using the static LSP. MA5600_B(config)#interface tunnel 10 MA5600_B(config-if-tunnel10)#tunnel-protocol mpls te MA5600_B(config-if-tunnel10)#destination 1.1.1.1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
141
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
MA5600_B(config-if-tunnel10)#mpls te tunnel-id 10 MA5600_B(config-if-tunnel10)#mpls te signal-protocol static MA5600_B(config-if-tunnel10)#mpls te commit MA5600_B(config-if-tunnel10)#quit
2.
Configure MA5600_B as the ingress of the static LSP. MA5600_B(config)#static-lsp ingress tunnel-interface tunnel 10 destination 1.1.1.1 nexthop 10.1.4.1 out-label 40
3.
Configure router B as the intermediate node of the static LSP. (Router-related configuration is not described here.)
4.
Configure MA5600_A as the egress of the static LSP. MA5600_A(config)#static-lsp egress 10 incoming-interface vlanif 10 in-label 8230
Step 4 Configure MPLS OAM on the ingress of the LSP to be detected. MA5600_A(config)#mpls MA5600_A(config-mpls)#mpls oam MA5600_A(config-mpls)#quit MA5600_A(config)#mpls oam ingress tunnel 20 type ffd frequency 100 backward-lsp lsr-id 3.3.3.3 tunnel-id 10 MA5600_A(config)#mpls oam ingress enable all
Step 5 Configure MPLS OAM on the egress of the LSP to be detected. MA5600_B(config)#mpls MA5600_B(config-mpls)#mpls oam MA5600_B(config-mpls)#quit MA5600_B(config)#mpls oam egress lsp-name 20 type ffd frequency 100 backward-lsp tunnel 10 private MA5600_A(config)#mpls oam egress enable all
Step 6 Save the data. MA5600_A(config)#save MA5600_B(config)#save
----End
Result After the configuration, run the shutdown command on Router A to disable the port connected to MA5600_B to simulate the link fault. Run the display mpls oam egress all command on MA5600_B and you can find that MA5600_B detects the fault.
Configuration Example of the MPLS OAM Protection Switching Function This topic describes how to configure MPLS OAM to implement the protection switching function.
Prerequisite l
The network devices and lines must be in the normal state.
l
The IP address and subnet mask for each port must be configured according to the example network. After the configuration is complete, ensure that each LSR can ping the peer LSR ID successfully.
l
The static routing protocol or the OSPF protocol must be configured on all the MA5600s and routers (the host route of each loopback port must be successfully advertised).
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
142
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Networking Figure 2-20 shows an example network for configuring the MPLS OAM protection switching function. Two LSP tunnels are configured between MA5600_A and MA5600_B, of which the active tunnel is from router A to MA5600_B and the standby tunnel from router B to MA5600_B. The MPLS OAM protection switching function is enabled for these two tunnels. Therefore, when the active tunnel is faulty, the traffic is switched to the standby tunnel. In addition, a backward tunnel from MA5600_B to MA5600_A through router B is configured, which is used to notify the ingress (MA5600_A) of a fault. Figure 2-20 Configuring the MPLS OAM protection switching function Tunnel 10 Tunnel ID10 LSR ID 4.4.4.4/32 10.1.1.2/24
10.1.4.1/24 Router B
Tunnel 10 Tunnel ID 10
10.1.1.1/24
10.1.4.2/24 Router A 10.1.3.2/24
10.1.2.1/24 MA5600_A
10.1.2.2/24
LSR ID 3.3.3.3/32
10.1.3.1/24 LSR ID 2.2.2.2/32
MA5600_B
Tunnel 20 Tunnel ID 20
Data Plan Table 2-16 provides the data plan for configuring the MPLS OAM protection switching function. Table 2-16 Data plan for configuring the MPLS OAM protection switching function
Issue 09 (2015-02-28)
Item
Data
MA5600_A
LSR ID: 1.1.1.1/32
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
143
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
2 Protocol Configuration
Data Port: 0/7/2 VLAN: 10 IP address of the port connecting to router A: 10.1.2.1/24 Port: 0/7/3 VLAN: 11 IP address of the port connecting to router B: 10.1.1.1/24 The active tunnel passes router A and targets MA5600_B The standby tunnel passes router B and targets MA5600_B
MA5600_B
LSR ID: 3.3.3.3/32 Port: 0/7/2 VLAN: 30 IP address of the port connecting to router A: 10.1.3.2/24 Port: 0/7/3 VLAN: 31 IP address of the port connecting to router B: 10.1.4.2/24 The backward tunnel passes router B and targets MA5600_A
Router A
LSR ID: 2.2.2.2/32 IP address of the port connecting to MA5600_A: 10.1.2.2/24 IP address of the port connecting to MA5600_B: 10.1.3.1/24
Router B
LSR ID: 4.4.4.4/32 IP address of the port connecting to MA5600_A: 10.1.1.2/24 IP address of the port connecting to MA5600_B: 10.1.4.1/24
Procedure Step 1 Configure the basic MPLS functions and enable MPLS TE. 1.
Enable basic MPLS and MPLS TE globally. MA5600_A(config)#mpls lsr-id 1.1.1.1 MA5600_A(config)#mpls MA5600_A(config-mpls)#mpls te MA5600_A(config-mpls)#mpls rsvp-te MA5600_A(config-mpls)#mpls te cspf MA5600_A(config-mpls)#quit
2.
Enable basic MPLS and MPLS TE on the interface. MA5600_A(config)#vlan 10 standard MA5600_A(config)#mpls vlan 10 MA5600_A(config)#port vlan 10 0/7 2 MA5600_A(config)#interface vlanif 10
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
144
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
MA5600_A(config-if-vlanif10)#ip address 10.1.1.1 24 MA5600_A(config-if-vlanif10)#mpls MA5600_A(config-if-vlanif10)#mpls te MA5600_A(config-if-vlanif10)#quit MA5600_A(config)#vlan 11 standard MA5600_A(config)#mpls vlan 11 MA5600_A(config)#port vlan 11 0/7 3 MA5600_A(config)#interface vlanif 11 MA5600_A(config-if-vlanif11)#ip address 10.1.2.1 24 MA5600_A(config-if-vlanif11)#mpls MA5600_A(config-if-vlanif11)#mpls te MA5600_A(config-if-vlanif11)#quit NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 2 Configure OSPF TE. MA5600_A(config)#ospf 100 MA5600_A(config-ospf-100)#opaque-capability enable MA5600_A(config-ospf-100)#area 0 MA5600_A(config-ospf-100-area-0.0.0.0)#mpls-te enable standard-complying MA5600_A(config-ospf-100-area-0.0.0.0)#quit NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 3 Configure the MPLS TE attribute of the link. MA5600_A(config)#interface vlanif 10 MA5600_A(config-if-vlanif10)#mpls te max-reservable-bandwidth 1024 MA5600_A(config-if-vlanif10)#quit MA5600_A(config)#interface vlanif 11 MA5600_A(config-if-vlanif11)#mpls te max-reservable-bandwidth 1024 MA5600_A(config-if-vlanif11)#quit NOTE
The configuration on MA5600_B is the same as the configuration on MA5600_A. Therefore, the configuration on MA5600_B is not described here.
Step 4 Configure the MPLS TE explicit path. 1.
On MA5600_A, configure an explicit path from MA5600_A to MA5600_B. MA5600_A(config)#explicit-path 1a2 enable MA5600_A(config-explicit-path-1a2)#next hop MA5600_A(config-explicit-path-1a2)#next hop MA5600_A(config-explicit-path-1a2)#quit MA5600_A(config)#explicit-path 1b2 enable MA5600_A(config-explicit-path-1b2)#next hop MA5600_A(config-explicit-path-1b2)#next hop MA5600_A(config-explicit-path-1b2)#quit
2.
10.1.2.2 include strict 10.1.3.2 include loose
10.1.1.2 include strict 10.1.4.2 include loose
On MA5600_B, configure an explicit path from MA5600_B to MA5600_A. MA5600_B(config)#explicit-path 1b2 enable MA5600_B(config-explicit-path-2b1)#next hop 10.1.4.1 include strict MA5600_B(config-explicit-path-2b1)#next hop 10.1.1.1 include loose MA5600_B(config-explicit-path-2b1)#quit
Step 5 Configure the MPLS TE tunnel. 1.
Configure the active tunnel from MA5600_A to MA5600_B. The intermediate node is router A. MA5600_A(config)#interface tunnel 20 MA5600_A(config-if-tunnel20)#tunnel-protocol mpls te
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
145
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
MA5600_A(config-if-tunnel20)#destination 3.3.3.3 MA5600_A(config-if-tunnel20)#mpls te tunnel-id 20 MA5600_A(config-if-tunnel2)#mpls te path explicit-path 1a2 MA5600_A(config-if-tunnel20)#mpls te signal-protocol rsvp-te MA5600_A(config-if-tunnel20)#mpls te bandwidth bc0 1500 MA5600_A(config-if-tunnel20)#mpls te commit MA5600_A(config-if-tunnel20)#quit
2.
Configure the standby tunnel from MA5600_A to MA5600_B. The intermediate node is router B. MA5600_A(config)#interface tunnel 10 MA5600_A(config-if-tunnel10)#tunnel-protocol mpls te MA5600_A(config-if-tunnel10)#destination 3.3.3.3 MA5600_A(config-if-tunnel10)#mpls te tunnel-id 10 MA5600_A(config-if-tunnel10)#mpls te path explicit-path 1b2 MA5600_A(config-if-tunnel10)#mpls te signal-protocol rsvp-te MA5600_A(config-if-tunnel10)#mpls te bandwidth bc0 1500 MA5600_A(config-if-tunnel10)#mpls te commit MA5600_A(config-if-tunnel10)#quit
3.
Configure the backward tunnel from MA5600_B to MA5600_A. The intermediate node is router B. MA5600_B(config)#interface tunnel 10 MA5600_B(config-if-tunnel10)#tunnel-protocol mpls te MA5600_B(config-if-tunnel10)#destination 1.1.1.1 MA5600_B(config-if-tunnel10)#mpls te tunnel-id 10 MA5600_B(config-if-tunnel10)#mpls te path explicit-path 2b1 MA5600_B(config-if-tunnel10)#mpls te signal-protocol rsvp-te MA5600_B(config-if-tunnel10)#mpls te bandwidth bc0 1500 MA5600_B(config-if-tunnel10)#mpls te commit MA5600_B(config-if-tunnel10)#quit
Step 6 Configure the tunnel protection group. MA5600_A(config)#interface tunnel 20 MA5600_A(config-if-tunnel20)#mpls te protection tunnel 10 mode revertive wtr 30 MA5600_A(config-if-tunnel20)#mpls te commit MA5600_A(config-if-tunnel20)#quit
Step 7 Configure the MPLS OAM function. 1.
On MA5600_A, configure the MPLS OAM function of the ingress. MA5600_A(config)#mpls MA5600_A(config-mpls)#mpls oam MA5600_A(config-mpls)#quit MA5600_A(config)#mpls oam ingress tunnel 20 type ffd frequency 100 backward-lsp lsr-id 3.3.3.3 tunnel-id 10 MA5600_A(config)#mpls oam ingress enable all
2.
On MA5600_B, configure the MPLS OAM function of the egress. MA5600_B(config)#mpls MA5600_B(config-mpls)#mpls oam MA5600_B(config-mpls)#mpls oam egress lsr-id 1.1.1.1 tunnel-id 20 type ffd frequency 100 backward-lsp tunnel 10 private MA5600_B(config-mpls)#mpls oam egress enable all MA5600_B(config-mpls)#quit
Step 8 Save the data. MA5600_A(config)#save MA5600_B(config)#save
----End
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
146
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Result After the configuration, run the shutdown command on router A to disable the port connected to MA5600_B to simulate the link fault. Run the display mpls oam egress all command on MA5600_B, and you can find that MA5600_B detects the fault and implements protection based on the configuration.
Configuring the Basic MPLS Detection Functions This topic describes how to configure the ingress MPLS OAM function and egress MPLS OAM function.
Prerequisites l
Basic MPLS functions must be configured.
l
Basic MPLS TE functions must be configured.
l
A tunnel must be created by running the interface tunnel command.
l
Before configuring the ingress/egress MPLS OAM function, the MPLS OAM function must be enabled globally. By default, the MPLS OAM function is disabled globally.
l
An MPLS OAM instance can be configure only when the MPLS OAM function is enabled globally.
l
On the same LSP, the configuration of the ingress MPLS OAM function must be consistent with the configuration of the egress MPLS OAM function.
l
After the MPLS OAM parameters are configured, the parameters must be enabled to take effect. The ingress OAM parameters must be enabled first; otherwise, the egress generates an alarm.
Context
Procedure Step 1 Run the mpls command to enter the MPLS mode. Step 2 In MPLS mode, run the mpls oam command to enable the MPLS OAM function globally. Step 3 In the global mode, run the mpls oam ingress command to configure the ingress MPLS OAM parameters. Step 4 In the global mode, run the mpls oam ingress enable command to enable the ingress MPLS OAM function. Step 5 In the global mode, run the mpls oam egress command to configure the egress MPLS OAM parameters. Step 6 In the global mode, run the mpls oam egress enable command to enable the egress MPLS OAM function. Step 7 In the global mode, run the display mpls oam ingress command to query the information about the ingress MPLS OAM instance of the LSP. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
147
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Step 8 In the global mode, run the display mpls oam egress command to query the information about the egress MPLS OAM instance of the LSP. ----End
Example To configure the MPLS OAM protection for LSP tunnel 10, detection type to fast failure detection (FFD), detection frequency to 100 ms, backward LSR ID to 80.80.80.80, and backward tunnel ID to 20, and then enable all the MPLS OAM ingresses of the system, do as follows: huawei(config)#mpls huawei(config-mpls)#mpls oam huawei(config-mpls)#quit huawei(config)#mpls oam ingress tunnel 10 type ffd frequency 100 backward-lsp lsrid 80.80.80.80 tunnel-id 20 huawei(config)#mpls oam ingress enable all huawei(config)#mpls oam egress lsr-id 80.80.80.80 tunnel-id 20 type ffd frequency 100 backward-lsp tunnel 10 private huawei(config)#mpls oam egress enable all huawei(config)#display mpls oam ingress all { |verbose }: Command: display mpls oam ingress all -------------------------------------------------------------------------------No. Tunnel-name Ttsi Type Frequency Status -------------------------------------------------------------------------------1 tunnel10 -FFD 100 ms Stop -------------------------------------------------------------------------------Total Oam Num: 1 Total Start Oam Num: 0 Total Defect Oam Num: 0 huawei(config)#display mpls oam egress all { |verbose }: Command: display mpls oam egress all -------------------------------------------------------------------------------No. Lsp-name Ttsi Type Frequency Status -------------------------------------------------------------------------------1 --FFD 100 ms Stop -------------------------------------------------------------------------------Total Oam Num: 1 Total Start Oam Num: 0 Total Defect Oam Num: 0
Configuring the MPLS OAM 1:1 Protection Switchover Function Implement the MPLS OAM 1:1 protection switchover function by configuring the tunnel protection group.
Prerequisites l
Basic MPLS functions must be configured.
l
Basic MPLS TE functions must be configured.
l
Tunnels must be configured.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
148
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2 Protocol Configuration
Context l
When a tunnel protection group is configured, if the parameters are not specified, the default settings are as follows: – The switching mode is revertive. – The wait to restore (WTR) time is 720s, and the WTR time range is 0–60 with a step of 30s.
l
Before a protection group is configured, the protocol of the tunnel interface must be configured as MPLS TE, and the tunnel ID and peer address must also be configured.
l
After a protection group is configured or deleted, it must be validated by running the mpls te commit command. NOTE
The switching mode of the protection group refers to the mode in which the traffic is switched back to the active tunnel from the standby tunnel. In the revertive mode, after the traffic is switched to the standby tunnel, the traffic is switched back to the active tunnel after the WTR expires if the active tunnel recovers to the normal state.
Procedure Step 1 Run the interface tunnel command to enter the tunnel interface mode. Step 2 Run the tunnel-protocol mpls te command to enable the encapsulation protocol of the tunnel interface. Step 3 Run the mpls te protection tunnel command to configure the tunnel protection group. Step 4 Run the mpls te commit command to commit the configuration of the tunnel interface. Step 5 In the global config mode, run the display mpls te protection tunnel command to query the status of the tunnel protection group. ----End
Example To configure a standby tunnel for tunnel 20 with the tunnel ID 10, switching mode revertive, and WTR time 900s (30 x 30s), do as follows: huawei(config)#interface tunnel 20 huawei(config-if-tunnel20)#tunnel-protocol mpls te huawei(config-if-tunnel20)#mpls te protection tunnel 10 mode revertive wtr 30 huawei(config-if-tunnel20)#mpls te commit huawei(config-if-tunnel20)#quit huawei(config)#display mpls te protection tunnel 20 { |verbose }:verbose Command: display mpls te protection tunnel all verbose ---------------------------------------------------------------Verbose information about the 1th proteciton-group ---------------------------------------------------------------Work-tunnel id : 20 Protect-tunnel id : 10 Work-tunnel name : tunnel1 Protect-tunnel name : tunnel2 switch result : work-tunnel work-tunnel defect state : in defect
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
149
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide protect-tunnel defect state HoldOff WTR Mode
Issue 09 (2015-02-28)
: : : :
2 Protocol Configuration in defect 0ms 900s revertive
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
150
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3
3 Configuring the xDSL Internet Access Service
Configuring the xDSL Internet Access Service
About This Chapter xDSL broadband Internet access is applicable in the scenario where the Internet service is provided through the ordinary twisted pairs. In this scenario, a user can access Internet in IPoE, PPPoE, IPoA, PPPoA, or 802.1X mode. This topic describes how to configure an xDSL Internet access service on the MA5600.
Prerequisite The xDSL profile for the Internet access service must be created. l
Configuring the ADSL2+ Profile
l
Configuring the SHDSL Profile
l
Configuring the VDSL2 Profile
For the PPPoE or PPPoA Internet access mode, the AAA function must be configured. l
If the AAA function is enabled on the device, see Configuring AAA.
l
If the AAA function is implemented by the BRAS, a connection to the BRAS must be established. The BRAS can identify the VLAN tag of the MA5600 in the upstream direction. For the identification purpose, the user name and password for dial-up Internet access must be configured on the BRAS.
Data Plan Before configuring an xDSL Internet access service, plan the data items as listed in Table 3-1. Table 3-1 Data plan for the xDSL Internet access service
Issue 09 (2015-02-28)
Item
Data
Remarks
MA5600
Access rate
Specify an access rate according to the user requirement.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
151
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
Upperlayer LAN switch
3 Configuring the xDSL Internet Access Service
Data
Remarks
Access port
Specify an access port according to the specific network planning.
VPI/VCI
The VPI/VCI is valid only for the ATM access and must be the same as the VPI/VCI of the interconnected device.
VLAN planning
The VLAN planning must ensure proper cooperation with the upperlayer device and thus the upstream VLAN must be consistent with the upstream VLAN of the upper-layer device.
QoS policy
According to the general QoS policy for the entire network, the priority of an ordinary Internet access service is lower than the priority of a voice or video service.
IP address
The IP address must be consistent with the IP address of the upper-layer route.
The LAN switch transparently transmits the service packets of the MA5600 on L2.
-
The VLAN ID must be consistent with the VLAN ID of the upstream service packets of the MA5600. BRAS
The BRAS performs the related configurations according to the authentication and accounting requirements for dial-up users. For example, the BRAS configures the access user domain (including the authentication plan, accounting plan, and authorization plan bound to the domain) and specifies the RADIUS server.
-
If the BRAS is used to authenticate users, you need to configure the user name and the password for each user on the BRAS. If the BRAS is used to allocate IP addresses, you must configure an IP address pool on the BRAS.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
152
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
Procedure 1.
3.1 Configuring a VLAN Configuring VLAN is a prerequisite for configuring a service. Hence, before configuring a service, make sure that the VLAN configuration based on planning is complete.
2.
3.2 Configuring an Upstream Port This topic describes how to add an upstream port for an Internet access service to a VLAN.
3.
3.3 Configuring an xDSL Port An xDSL can transmit services only when it is activated. This topic describes how to activate an xDSL port and bind the port with an xDSL profile.
4.
3.4 Creating an xDSL Service Port A service port is a service channel connecting the user side to the network side. To provide services, a service port must be created.
5.
3.5 (Optional) Configuring the xPoA-xPoE Protocol Conversion Configuring protocol conversion is required only when the encapsulation mode is IPoA or PPPoA, it is not required when the encapsulation mode is IPoE or PPPoE.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
153
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
3.1 Configuring a VLAN Configuring VLAN is a prerequisite for configuring a service. Hence, before configuring a service, make sure that the VLAN configuration based on planning is complete.
Prerequisites The VLAN to be added does not exist in the system.
Application Context VLAN application is specific to user types. For details on the VLAN application, see Table 3-2. Table 3-2 VLAN application and planning User Type
Application Scenario
VLAN Planning
l Household user
N:1 scenario, that is, the scenario of upstream transmission through a single VLAN, where the services of multiple subscribers are converged to the same VLAN.
VLAN type: smart
1:1 scenario, that is, the scenario of upstream transmission through double VLANs, where the outer VLAN tag identifies a service and the inner VLAN tag identifies a user. The service of each user is indicated by a unique S +C.
VLAN type: smart
Applicable only to the transparent transmission service of a commercial user.
VLAN type: smart
l Commercial user of the Internet access service
Commercial user of the transparent transmission service
VLAN attribute: common
Attribute: stacking
VLAN attribute: QinQ
Default Configuration Table 3-3 lists the default parameter settings of VLAN. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
154
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
Table 3-3 Default parameter settings of VLAN Parameter
Default Setting
Remarks
Default VLAN of the system
VLAN ID: 1 Type: MUX VLAN
You can run the defaultvlan modify command to modify the VLAN type but cannot delete the VLAN.
Reserved VLAN of the system
VLAN ID range: 4079-4093
You can run the vlan reserve command to modify the VLAN reserved by the system.
Default attribute of a new VLAN
Common
-
Procedure Step 1 Create a VLAN. Run the vlan to create a VLAN. VLANs of different types are applicable to different scenarios. Table 3-4 VLAN types and application scenarios
Issue 09 (2015-02-28)
VLAN Type
Configuration Command
VLAN Description
Application Scenario
Standard VLAN
To add a standard VLAN, run the vlan vlanid standard command.
Standard VLAN. Ethernet ports in a standard VLAN are interconnected with each other but Ethernet ports in different standard VLANs are isolated from each other.
Only available to Ethernet ports and specifically to network management and subtending.
Smart VLAN
To add a smart VLAN, run the vlan vlanid smart command.
One smart VLAN may contain multiple xDSL service ports. The traffic streams of the service ports are isolated from each other and the traffic streams in different VLANs are isolated from each other. One smart VLAN provides access for multiple users and thus saves VLAN resources.
Smart VLANs are applied in residential communities to provide xDSL access.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
155
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
VLAN Type
Configuration Command
VLAN Description
Application Scenario
MUX VLAN
To add a MUX VLAN, run the vlan vlanid mux command.
One MUX VLAN contains only one xDSL service port. The traffic streams in different VLANs are isolated from each other. One-to-one mapping can be set up between a MUX VLAN and an access user. Hence, a MUX VLAN can identify an access user.
MUX VLANs are applicable to xDSL service access. For example, MUX VLANs can be used to distinguish users.
Super VLAN
To add a super VLAN, run the vlan vlanid super command.
The super VLAN is based on layer 3. One super VLAN contains multiple sub-VLANs. Through an ARP proxy, the subVLANs in a super VLAN can be interconnected at layer 3.
Super VLANs can be used for the L3 intercommunication and are applicable to the scenario where saving IP addresses and improving the usage of IP addresses are required. For a super VLAN, subVLANs must be configured. You can run the supervlan command to add a sub-VLAN to a specified super VLAN. A sub-VLAN must be a smart VLAN or a MUX VLAN.
NOTE
l To add VLANs with consecutive IDs in batches, run the vlan vlanid to end-vlanid command. l To add VLANs with inconsecutive IDs in batches, run the vlan vlan-list command.
Step 2 (Optional) Configure the VLAN attribute. The default attribute for a new VLAN is "common". You can run the vlan attrib command to configure the attribute of the VLAN. Configure the attribute according to VLAN planning.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
156
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
Table 3-5 VLAN attributes and application scenarios
Issue 09 (2015-02-28)
VLA N Attri bute
Configuration Command
VLAN Type
VLAN Description
Application Scenario
Com mon
The default attribute for a new VLAN is "common".
The VLAN with this attribute can be a standard VLAN, smart VLAN, MUX VLAN, or super VLAN.
A VLAN with the common attribute can function as a common layer 2 VLAN or function for creating a layer 3 interface.
Applicable to the N:1 access scenario.
QinQ VLA N
To configure QinQ as the attribute of a VLAN, run the vlan attrib vlanid q-in-q command.
The VLAN with this attribute can only be a smart VLAN or MUX VLAN. The attribute of a sub VLAN, the VLAN with an L3 interface, and the default VLAN of the system cannot be set to QinQ VLAN.
The packets from a QinQ VLAN contain two VLAN tags, that is, inner VLAN tag from the private network and outer VLAN tag from the MA5600. Through the outer VLAN, an L2 VPN tunnel can be set up to transparently transmit the services between private networks.
Applicable to the enterprise private line scenario.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
157
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
VLA N Attri bute
Configuration Command
VLAN Type
VLAN Description
Application Scenario
VLA N Stacki ng
To configure stacking as the attribute of a VLAN, run the vlan attrib vlanid stacking command.
The VLAN with this attribute can only be a smart VLAN or MUX VLAN. The attribute of a sub VLAN, the VLAN with an L3 interface, and the default VLAN of the system cannot be set to VLAN Stacking.
The packets from a stacking VLAN contain two VLAN tags, that is, inner VLAN tag and outer VLAN tag from the MA5600. The upper-layer BRAS authenticates the access users according to the two VLAN tags. In this manner, the number of access users is increased. On the upper-layer network in the L2 working mode, a packet can be forwarded directly by the outer VLAN tag and MAC address mode to provide the wholesale service for ISPs.
Applicable to the 1:1 access scenario for the wholesale service or extension of VLAN IDs. In the case of a stacking VLAN, to configure the inner tag of the service port, run the stacking label command.
NOTE
l To configure attributes for the VLANs with consecutive IDs in batches, run the vlan attrib vlanid to endvlanid command. l To configure attributes for the VLANs with inconsecutive IDs in batches, run the vlan attrib vlan-list command.
Step 3 (Optional) Configure VLAN description. To configure VLAN description, run the vlan desc command. You can configure VLAN description to facilitate maintenance. The general VLAN description includes the usage and service information of the VLAN. ----End
Example Assume that a stacking VLAN with ID of 50 is to be configured for extension of the VLAN. A service port is added to VLAN 50. The outer VLAN tag 50 of the stacking VLAN identifies the Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
158
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
access device and the inner VLAN tag 10 identifies the user with access to the device. For the VLAN, description needs to be configured for easy maintenance. To configure such a VLAN, do as follows: huawei(config)#vlan 50 smart huawei(config)#vlan attrib 50 stacking huawei(config)#service-port vlan 50 adsl 0/2/0 vpi 0 vci 39 rx-cttr 2 tx-cttr 2 huawei(config)#stacking label vlan 50 baselabel 10 huawei(config)#vlan desc 50 description stackingvlan/label10
3.2 Configuring an Upstream Port This topic describes how to add an upstream port for an Internet access service to a VLAN.
Procedure Step 1 Configure an upstream port for the VLAN. Run port vlan command to add the upstream port to the VLAN. Step 2 Configure the attribute of the upstream port. If the default attribute of the upstream port does not meet the requirement for interconnection of the upstream port with the upper-layer device, you need to configure the attribute. For configuration details, see Configuring the Attributes of the Upstream Ethernet Port. Step 3 Configure redundancy backup for the uplink. To ensure reliability of the uplink, two upstream ports must be available. That is, redundancy backup of the upstream ports needs to be configured. For details, see Configuring the Uplink Redundancy Backup. ----End
Example Assume that the 0/7/0 and 0/7/1 upstream ports are to be added to VLAN 50. The 0/7/0 and 0/7/1 need to be configured into an aggregation group for double upstream accesses. For the two upstream ports, the working mode is full-duplex (full) and the port rate is 100 Mbit/s. To configure such upstream ports, do as follows: huawei(config)#port vlan 50 0/7 0 huawei(config)#port vlan 50 0/7 1 huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#duplex 0 full huawei(config-if-scu-0/7)#duplex 1 full huawei(config-if-scu-0/7)#speed 0 100 huawei(config-if-scu-0/7)#speed 1 100 huawei(config-if-scu-0/7)#quit huawei(config)#link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static
3.3 Configuring an xDSL Port An xDSL can transmit services only when it is activated. This topic describes how to activate an xDSL port and bind the port with an xDSL profile. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
159
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
Prerequisites The xDSL profile is already created. l
Configuring the ADSL2+ Profile
l
Configuring the SHDSL Profile
l
Configuring the VDSL2 Profile
Background Information l
Activating (or activation) refers to the training between the xTU-C and the xTU-R. During the training process, the system checks the line distance and conditions and performs a negotiation between the xTU-C and the xTU-R to determine whether the port can work under the conditions as preset in the line profile, such as upstream and downstream line rates and noise margin.
l
If the training is successful, the communication connection is set up between the xTU-C and the xTU-R, and the devices are ready for service transmission. This state is called the activated state of a port. That is, services can be transmitted between the xDSL port and the xTU-R.
l
If the xTU-R is online (powered on), the activating process is completed after the training is successful. If the xTU-R is offline (powered on), the communication connection that is set up during activation is terminated, and the xTU-C is in the listening state. When the xTU-R goes online again, the training process begins automatically. When the training is successful, the port is activated.
l
An xDSL port may be in the activating, activated, deactivated, or loopback state. Figure 3-1 shows the inter-conversion between xDSL port states. Figure 3-1 Inter-conversion between xDSL port states Supported by SHDSL only undo loopback loopback (local)
activate deactivated deactivate
loopback
Modem training is successful
loopback
activating Modem link interruption or modem power-off
loopback (remote)
activated
deactivate
undo loopback
NOTE
Ensure that the port is deactivated before binding a profile to the port.
Procedure l
ADSL access mode 1.
Run the interface adsl command to enter the ADSL mode.
2.
Run the activate command to activate an ADSL2+ port and bind the port with an ADSL2+ line profile. To activate a port, you must bind the port with a line profile. If you do not specify the index of the line profile, the system uses the template bound with the port last time to activate the port.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
160
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3. l
3 Configuring the xDSL Internet Access Service
Run the alarm-config command to bind an alarm profile to the port.
SHDSL access mode 1.
Run the interface shl command to enter the SHDSL mode.
2.
Run the activate command to activate an SHDSL port and bind the port with an SHDSL line profile. To activate a port, you must bind the port with a line profile. If you do not specify the index of the line profile, the system uses the profile bound with the port last time to activate the port.
3. l
Run the alarm-config command to bind an alarm profile to the port.
VDSL access mode 1.
Run the interface vdsl command to enter the VDSL mode.
2.
Activate a VDSL port and bind the port with a profile. – Run the activate portid template-index template-index command to activate a VDSL2 port and bind the port with a VDSL2 line template. NOTE
To activate a port, you must bind the port with a line template. If you do not specify the index of the line template, the system uses the template bound with the port last time to activate the port.
3.
Run the alarm-config command to bind an alarm template to the port.
----End
Example To activate ADSL2+ port 0/2/0 and bind line profile 2 and alarm profile 2 to it, do as follows: huawei(config)#interface adsl 0/2 huawei(config-if-adsl-0/2)#deactivate 0 huawei(config-if-adsl-0/2)#activate 0 profile-index 2 huawei(config-if-adsl-0/2)#alarm-config 0 2
To activate SHDSL port 0/5/0 and bind line profile 2 and alarm profile 2 to it, do as follows: huawei(config)#interface shl 0/5 huawei(config-if-shl-0/5)#deactivate 0 huawei(config-if-shl-0/5)#activate 0 2 huawei(config-if-shl-0/5)#alarm-config 0 2
In the common VDSL mode, to activate VDSL2 port 0/4/0 and bind line template 2 and alarm template 2 to it, do as follows: huawei(config)#interface vdsl 0/4 huawei(config-if-vdsl-0/4)#deactivate 0 huawei(config-if-vdsl-0/4)#activate 0 template-index 2 huawei(config-if-vdsl-0/4)#alarm-config 0 2
3.4 Creating an xDSL Service Port A service port is a service channel connecting the user side to the network side. To provide services, a service port must be created. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
161
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
Background Information A service port can carry a single service or multiple services. When a service port carries multiple services, the MA5600 supports the following modes of traffic classification: l
By user-side VLAN
l
By user-side service encapsulation mode
l
By VLAN+user-side packet priority
Table 3-6 lists the default settings of a service port. Table 3-6 Default settings of a service port Parameter
Default Setting
Traffic profile ID
0-6
Maximum number of learnable MAC addresses
255
Procedure Step 1 Add a traffic profile. Run the traffic table command to add a traffic profile. There are seven default traffic profiles in the system with the IDs of 0-6. Before creating a service port, run the display traffic table command to check whether the traffic profiles in the system meet the requirement. If no traffic profile in the system meets the requirement, add a traffic profile that meets the requirement. For details about the traffic profile, see Configuring the Traffic Management Based on the Traffic Profile. Step 2 Create a service port. You can choose to create a single service port or multiple service ports in batches according to requirements. l
Run the service-port command to create a single service port. Service ports are classified into single-service service ports and multi-service service ports. Multi-service service ports are generally applied to the triple play service scenario. – Single-service service ports: Select single-service or do not input multi-service to create a single-service service port. – Multi-service service port based on the user-side VLAN (only for the SHDSL and VDSL2 services in PTM mode): Select multi-service user-vlan { untagged | user-vlanid }. – untagged: When untagged is selected, user-side packets do not carry a tag. – user-vlanid: When user-vlanid is selected, user-side packets carry a tag and the value of user-vlanid must be the same as the tag carried in user-side packets. The userside VLAN is the C-VLAN.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
162
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
– By user-side service encapsulation mode Select multi-service user-encap user-encap. – By VLAN + user-side packet priority (802.1p) Select multi-service user-8021p user-8021p [ user-vlan user-vlanid ]. NOTE
l vlan indicates the S-VLAN. An S-VLAN can only be a MUX VLAN or smart VLAN. l The access mode can be ATM or PTM. In the ATM access mode, the VPI, VCI, and autosense must be input and must be the same as the configurations of the access terminal. l rx-cttr is the same as outbound in terms of meanings and functions. Either of them indicates the index of the traffic profile from the network side to the user side. tx-cttr is the same as inbound in terms of meanings and functions. Either of them indicates the index of the traffic profile from the user side to the network side. The traffic profile bound to the service port is created in Step 1.
l
Run the multi-service-port command to create service ports in batches.
Step 3 Configure the attributes of the service port. Configure the attributes of the service port according to requirements. l
Run the service-port desc command to configure the description of the service port. Configure description for a service port to facilitate maintenance. In general, configure the purpose and related service information as the description of a service port.
l
Run the mac-address max-mac-count service-port command to set the maximum number of MAC addresses learned by the service port to restrict the maximum number of PCs that can access the Internet by using the same account. By default, the maximum number of the MAC addresses that can be learned by a service port is 255.
----End
Example The MA5600 provides the Internet access service with the access rate 3072 kbit/s to the user and a maximum of 2 users can use the same account to access the Internet at the same time. The query result shows that the system does not have a proper traffic profile. Therefore, a new traffic profile needs to be created. To plan data for a household user who accesses the Internet in the ADSL2+ mode, do as follows: huawei(config)#display traffic table from-index 0 { |to-index }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/SHAPE
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
163
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on /off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt ----------------------------------------------------------------------------huawei(config)#traffic table ip car 3072 priority 4 priority-policy pvcSetting Create traffic descriptor record successfully ----------------------------------------------------------------------------TD Index : 7 Priority : 4 Priority policy : pvc-pri CAR : 3072 kbps TD Type : NoClpNoScr Service category : ubr Referenced Status: not used EnPPDISC : on EnEPDISC : on Clp01Pcr : 3072 kbps ----------------------------------------------------------------------------huawei(config)#service-port vlan 100 adsl 0/2/0 vpi 0 vci 35 rx-cttr 7 tx-cttr 7 huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35 2
A household user requests the Internet access service with the access rate 2048 kbit/s. To facilitate service expansion in the future, the MA5600 adopts the ADSL2+ mode to provide the Internet access service to the user and differentiates users by user-side VLAN (the S-VLAN is VLAN 50 and the C-VLAN is VLAN 10). Query result shows that the system has a proper traffic profile. Therefore, the system provisions the Internet access service to the user immediately. To facilitate maintenance, configure description for the service port. huawei(config)#display traffic table from-index 0 { |to-index }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/SHAPE Type Type kbps kbps kbps kbps cells 1/10us -----------------------------------------------------------------------------
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
164
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on /off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt ----------------------------------------------------------------------------huawei(config)#service-port vlan 50 shdsl mode ptm 0/2/0 multi-service user-vlan 10 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/2/0 description HW_adsl/VlanID:50/uservlan/10
A household user requests the Internet access service with the access rate 2048 kbit/s. To facilitate service expansion in the future, the MA5600 adopts the SHDSL mode to provide the Internet access service to the user. Query result shows that the system has a proper traffic profile. Therefore, the system provisions the Internet access service to the user immediately. To facilitate maintenance, configure description for the service port. huawei(config)#display traffic table from-index 0 { |to-index }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on /off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
165
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
huawei(config)#service-port vlan 50 shdsl mode ptm 0/5/0 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/5/0 description HW_shdsl/singleservice/VlanID:50
A commercial user requests the Internet access service with the access rate 8192 kbit/s. To facilitate service expansion in the future, the MA5600 adopts the VDSL mode to provide the Internet access service to the user and differentiates users by user-side VLAN (the S-VLAN is VLAN 50 and the C-VLAN is VLAN 10). Query result shows that the system does not have a proper traffic profile. The system needs to provide the Internet access service to the user immediately. To facilitate maintenance, configure description for the service port. huawei(config)#display traffic table from-index 0 { |to-index }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on /off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt ----------------------------------------------------------------------------huawei(config)#traffic table ip car 8192 priority 4 priority-policy pvcSetting Create traffic descriptor record successfully ----------------------------------------------------------------------------TD Index : 7 Priority : 4 Priority policy : pvc-pri CAR : 8192 kbps TD Type : NoClpNoScr Service category : ubr Referenced Status: not used EnPPDISC : on EnEPDISC : on Clp01Pcr : 8192 kbps ----------------------------------------------------------------------------huawei(config)#service-port vlan 50 vdsl mode ptm 0/4/0 multi-service user-vlan
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
166
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
10 rx-cttr 7 tx-cttr 7 huawei(config)#service-port desc 0/4/0 description HW_vdsl/VlanID:50/uservaln:10
3.5 (Optional) Configuring the xPoA-xPoE Protocol Conversion Configuring protocol conversion is required only when the encapsulation mode is IPoA or PPPoA, it is not required when the encapsulation mode is IPoE or PPPoE.
Background Information In the xPoA access mode, data cannot be directly transmitted in the IP network, and protocol conversion is required. IPoA data and PPPoA data can be transmitted in the IP network only after the IPoA-IPoE protocol conversion and the PPPoA-PPPoE protocol conversion are performed. The principles of the IPoA protocol are different from the principles of the PPPoA protocol. In the PPPoA mode, the BRAS automatically allocates a gateway address to the PPPoA user after the PPPoA user passes the authentication on the BRAS and dialup is successful. Therefore, the default gateway address need not be configured in the PPPoA mode. IPoA data is forwarded according to the route to the destination IP address and the next hop IP address needs to be configured. Therefore, the default gateway address needs to be configured in the IPoA mode. Figure 3-2 provides the configuration flow for the xPoA-xPoE protocol conversion. Figure 3-2 Flowchart for configuring the xPoA-xPoE protocol conversion IPoA-IPoE protocol conversion
PPPoA-PPPoE protocol conversion
Start
Start
Configure the MAC address pool
Configure the MAC address pool
Enable or disable the IPoAIPoE protocol conversion
Enable or disable the PPPoAPPPoE protocol conversion
Set the IP address of the IPoA到IPoE的协议转换 default gateway
Set the user packet encapsulation mode
Set the user packet encapsulation mode
(Optional) Enable or disable the PPPoA-PPPoE MRU negotiation
(Optional) Configure the aging time of the IPoA user forwarding entry
(Optional) Configure the user MAC address allocation mode
End
End
Table 3-7 lists the default settings of the xPoA-xPoE protocol conversion.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
167
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
Table 3-7 Default settings of the xPoA-xPoE protocol conversion Parameter
Default Setting
Maximum number of the MAC addresses in the MAC address pool
256
Status of the IPoA-IPoE protocol conversion
Disabled
Aging time of the IPoA user forwarding entry
1200s
Status of the PPPoA-PPPoE protocol conversion
Disabled
Status of the MRU negotiation function during the PPPoA-PPPoE protocol conversion
Disabled
User MAC address allocation mode for the PPPoAPPPoE protocol conversion
Multi-MAC mode
Procedure l
Configure the IPoA-IPoE protocol conversion. A user can access the Internet in the IPoA mode only after the IPoA-IPoE protocol conversion is enabled. 1.
In the global config mode, run the mac-pool command to configure the MAC address pool, which is used to allocate source MAC addresses to IPoA users. By default, the number of the MAC addresses in the MAC address pool is 256, which can be changed by setting parameter scope. The MAC address encapsulated into packets during the IPoA-IPoE protocol conversion is the MAC address allocated to the user from the MAC address pool.
2.
Run the ipoa enable command to enable the IPoA-IPoE protocol conversion. By default, the IPoA-IPoE protocol conversion is disabled.
3.
Run the encapsulation command to set the user packet encapsulation mode (select ipoa as the encapsulation mode). NOTE
l Configure either the ipoa default gateway command or the dstip parameter in the encapsulation command. If the MA5600 works in the L2 mode, set the IP address of the upper-layer router as the default gateway. If the MA5600 works in the L3 mode, set the IP address of the L3 interface corresponding to the MA5600 as the default gateway. l IPoA encapsulation is not supported in the single-PVC for multiple services application. l To switch the encapsulation mode from PPPoA to IPoA, you must change the encapsulation mode to llc bridge first and then perform switching.
4.
l
Run the ipoa expire-time command to set the aging time of the IPoA user forwarding entry. By default, the aging time of the IPoA user forwarding entry is 1200s. The default value is recommended.
Configure the PPPoA-PPPoE protocol conversion. A user can access the Internet through the PPPoA dialup only after the PPPoA-PPPoE protocol conversion is enabled.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
168
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1.
3 Configuring the xDSL Internet Access Service
In the global config mode, run the mac-pool command to configure the MAC address pool, which is used to allocate source MAC addresses to PPPoA users. By default, the number of the MAC addresses in the MAC address pool is 256, which can be changed by setting parameter scope. The MAC address encapsulated into packets during the PPPoA-PPPoE conversion is the MAC address allocated to the user from the MAC address pool.
2.
Run the pppoa enable command to enable the PPPoA-PPPoE protocol conversion. By default, the PPPoA-PPPoE protocol conversion is disabled.
3.
Run the encapsulation command to set the user packet encapsulation mode (select pppoa as the encapsulation mode). NOTE
l PPPoA encapsulation is not supported in the single-PVC for multiple service or QinQ VLAN application. l To switch the encapsulation mode from IPoA to PPPoA, you must change the encapsulation mode to llc bridge first and then perform switching.
4.
Run the pppoa mru command to enable PPPoA-PPPoE MRU negotiation. By default, the PPPoA-PPPoE MRU negotiation is disabled. Enable or disable the PPPoA-PPPoE MRU negotiation according to the packet processing conditions. – When the MRU negotiation is disabled, the PC initiates the PPPoE connection and negotiates according to the 1492-byte MRU. In this case, packets need to be segmented and reassembled. – When the MRU negotiation is enabled, the MA5600 identifies the PPPoA-PPPoE converted packets, adds a tag to the packets and then sends them to the upper-layer BRAS. Then, the BRAS negotiates with the CPE according to the 1500-byte MRU. In this manner, the MTU between the CPE and the BRAS is equal to the standard Ethernet MTU. In this case, the packets need not be segmented or reassembled.
5.
Run the pppoa mac-mode command to set the user MAC address allocation mode for the PPPoA-PPPoE protocol conversion. By default, the user MAC address allocation mode is the multi-mac mode. The single-mac mode can improve security. Select this mode according to the MAC address allocation mode of PPPoA users. – In the multi-MAC allocation mode (the multi-mac mode), PPPoE user are authenticated on the BRAS using their respective MAC address, and PPPoA users are allocated different MAC addresses and are authenticated on the BRAS using these MAC addresses as source MAC addresses. – In the single-MAC allocation mode (the single-mac mode), the system replaces the MAC address of each PPPoE user with the MAC address of the corresponding board, and allocates the same MAC address to all PPPoA users.
----End
Example The MA5600 works in the L2 mode, the default gateway is the same as the IP address of the upper-layer router, which is 10.1.1.1, and the IPoA service encapsulation mode is LLC. To enable the IPoA-IPoE conversion with the start MAC address 0000-0000-0001 in the MAC address pool that contains 200 MAC addresses, do as follows: huawei(config)#mac-pool 0000-0000-0001 200 huawei(config)#ipoa enable
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
169
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3 Configuring the xDSL Internet Access Service
huawei(config)#ipoa default gateway 10.1.1.1 huawei(config)#encapsulation 0/2/0 vpi 0 vci 35 type ipoa llc srcIP 10.1.1.20
The PPPoA service encapsulation mode is LLC, and, to improve security, the user MAC address allocation mode is the single-MAC mode. To enable the PPPoA-PPPoE protocol conversion with the start MAC address 0000-1010-1000 in the MAC address pool that contains 200 MAC addresses, do as follows: huawei(config)#mac-pool 0000-1010-1000 200 huawei(config)#pppoa enable huawei(config)#encapsulation 0/2/0 vpi 0 vci 35 type pppoa llc huawei(config)#pppoa mac-mode single-mac
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
170
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4
4 Configuring the Multicast Service in the MVLAN Mode
Configuring the Multicast Service in the MVLAN Mode
About This Chapter This topic describes how to configure the multicast service in the MVLAN mode on a standalone MA5600, and on the MA5600 in a subtending network or in an MSTP network. The multicast feature of the MA5600 is applied to the live TV and near-video on demand (NVOD) multicast video services. In terms of multicast processing mode, the MA5600 supports the IGMP proxy and IGMP snooping L2 multicast protocols. IGMP proxy and IGMP snooping both support multicast video data forwarding; however, the two modes have different processing mechanisms. l
In IGMP snooping, the related information for maintaining multicast forwarding entries is obtained by listening to the IGMP packets between the user and the multicast router.
l
IGMP proxy intercepts the IGMP packets between the user and the multicast router, processes the IGMP packets (the report packets can be sent only when the user requests for the program for the first time and the leave packets can be sent only when the last user leaves the group of a program), and then forwards the IGMP packets to the upper-layer multicast router. For the multicast user, the MA5600 is a multicast router that implements the router functions in the IGMP protocol; for the multicast router, the MA5600 is a multicast user.
In terms of multicast program configuration, the MA5600 supports statically configuring a multicast program library and dynamically generating a multicast program library. l
Statically configuring a multicast program library: Configure the program list before the users watch the video programs. In this mode, the rights profile can be used to implement controllable multicast. The program list and the rights profile, however, need to be maintained according to the change of the video service. The program host, program prejoin, and multicast bandwidth management functions are supported.
l
Dynamically generating a multicast program library: Dynamically generate the program list according to the programs requested by the users. In this mode, the program list need not be configured or maintained; however, the functions such as program management,
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
171
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
user multicast bandwidth management, program preview, and program prejoin are not supported. If the multicast modes configured for the MA5600s on a multicast cascading network are different, that is, multicast VLAN mode for some MA5600s and non-multicast VLAN mode for other MA5600s, users cannot watch multicast programs normally. Therefore, all the MA5600s on the same multicast cascading network must be configured with the same multicast mode. 4.1 Default Settings of the Multicast Service This topic describes the default settings of the multicast service in the system, including the configuration of multicast protocol, IGMP version, program configuration mode, bandwidth management, program preview, and log function. 4.2 Configuring the Multicast Service on a Single-NE Network This topic describes how to configure the multicast service for an xDSL user of a standalone MA5600. 4.3 Configuring the Multicast Service in a Subtending Network This topic describes how to configure the multicast service for an xDSL user of the MA5600 in a subtending network. 4.4 Configuring the Multicast Service in an MSTP Network This topic describes how to configure the multicast service for an xDSL user of the MA5600 in an MSTP network.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
172
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
4.1 Default Settings of the Multicast Service This topic describes the default settings of the multicast service in the system, including the configuration of multicast protocol, IGMP version, program configuration mode, bandwidth management, program preview, and log function. Table 4-1 lists the default settings of the multicast service of the MA5600. Table 4-1 Default settings of the multicast service Feature
Default Setting
Multicast protocol
Disabled
IGMP version
V3
Multicast program configuration mode
Static configuration mode
Multicast bandwidth management
Enabled
Multicast preview
Enabled
Multicast log function
Enabled
4.2 Configuring the Multicast Service on a Single-NE Network This topic describes how to configure the multicast service for an xDSL user of a standalone MA5600.
Application Context The multicast feature of the MA5600 is applied to the live TV and near-video on demand (NVOD) multicast video services. The MA5600 runs the IGMP proxy or IGMP snooping protocol, and the interconnected device can run the IGMP proxy, IGMP snooping, or multicast router protocol. Currently, the multicast application of the MA5600 is oriented to L2, and the MA5600 forwards data based on VLAN ID+multicast MAC address. A multicast program on the network is identified by VLAN ID + multicast IP address uniquely. The MA5600 differentiates multicast sources by VLAN ID. It allocates a unique VLAN ID to each multicast source, controls the multicast domain and the user right based on the multicast VLAN ID, and provides a platform for different ISPs to implement different multicast video services.
Prerequisites The license for the multicast program or the multicast user is already requested and installed. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
173
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Data Plan Before configuring the multicast video service, plan the data items as listed in Table 4-2. Table 4-2 Data plan for configuring the multicast service on a standalone MA5600
Issue 09 (2015-02-28)
Device
Data Item
Remarks
MA5600
Multicast VLAN
In general, plan different multicast VLANs for different ISPs.
L2 multicast protocol
IGMP proxy and IGMP snooping are supported.
IGMP version
IGMP V3 and IGMP V2 are supported, and IGMP V3 is compatible with IGMP V2.
Multicast program configuration mode
The static configuration mode and dynamic generation mode are supported.
Multicast general query and groupspecific query parameters
The default values are adopted.
Program list
-
User authentication policy
-
Program bandwidth, upstream port bandwidth, and user bandwidth
-
Multicast logging policy
Multicast logs can be reported to the log server in the syslog mode and the CDR mode.
Upper-layer multicast router
IGMP version
The IGMP version of the upper-layer multicast router must not be earlier than the IGMP version used by the MA5600.
Home gateway or modem
IGMP version
The IGMP version of the CPE must not be earlier than the IGMP version used by the MA5600.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
174
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Procedure ----End
4.2.1 Configuring Multicast Global Parameters The general parameters of L2 multicast protocols (including IGMP proxy and IGMP snooping) configured for a device are applicable to all the multicast VLANs on the device.
Context The multicast global parameters include general query, group-specific query, and the policy of processing multicast packets. The description of a general query is as follows: l
Purpose: A general query packet is periodically sent by the MA5600 to check whether there is any multicast user who leaves the multicast group without sending the leave packet. Based on the query result, the MA5600 periodically updates the multicast forwarding table and releases the bandwidth of the multicast user that has left the multicast group.
l
Principles: The MA5600 periodically sends the general query packet to all online IGMP users. If the MA5600 does not receive the response packet from a multicast user within a specified time (Robustness variable x General query interval + Maximum response time of a general query), it regards the user as having left the multicast group and deletes the user from the multicast group.
The description of a group-specific query is as follows: l
Purpose: A group-specific query packet is sent by the MA5600 after a multicast user that is not configured with the quick leave attribute sends the leave packet. The group-specific query packet is used to check whether the multicast user has left the multicast group.
l
Principles: When a multicast user leaves a multicast group, for example, switches to another channel, the user unsolicitedly sends a leave packet to the MA5600. If the multicast user is not configured with the quick leave attribute, the MA5600 sends a group-specific query packet to the multicast group. If the MA5600 does not receive the response packet from the multicast user within a specified duration (Robustness variable x Group-specific query interval + Maximum response time of a group-specific query), it deletes the multicast user from the multicast group.
Table 4-3 lists the default settings of the multicast global parameters. In the actual application, you can modify the values according to the data plan. Table 4-3 Default settings of the multicast global parameters Parameter
Default Value
General query parameter
Query interval: 125s Maximum response time: 10s
System robustness variable Issue 09 (2015-02-28)
Query times: 2
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
175
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Parameter
Default Value
Group-specific query parameter
Query interval: 1s Maximum response time: 0.8s. Robustness variable (query times): 2
Procedure Step 1 Configure the general query parameters. 1.
Run the igmp proxy router gen-query-interval command to set the general query interval. By default, the general query interval is 125s.
2.
Run the igmp proxy router gen-response-time command to set the maximum response time of the general query. By default, the maximum response time of the general query is 10s.
3.
Run the igmp proxy router robustness command to set the robustness variable (query times) of the general query. By default, the robustness variable (query times) is 2.
Step 2 Set the group-specific query parameters. 1.
Run the igmp proxy router sp-response-time command to set the group-specific query interval. By default, the group-specific query interval is 1s.
2.
Run the igmp proxy router sp-query-interval command to set the maximum response time of the group-specific query. By default, the maximum response time of the groupspecific query is 0.8s.
3.
Run the igmp proxy router sp-query-number command to set the robustness variable (query times) of the group-specific query. By default, the robustness variable (query times) is 2.
Step 3 Run the display igmp config global command to check whether the values of the multicast parameters are correct. ----End
Example To configure the multicast general query parameters by setting the query interval to 150s, maximum response time to 20s, and number of queries to 3, do as follows: huawei(config)#btv huawei(config-btv)#igmp proxy router gen-query-interval 150 huawei(config-btv)#igmp proxy router gen-response-time v3 200 huawei(config-btv)#igmp proxy router robustness 3
To configure the multicast group-specific query parameters by setting the query interval to 20s, maximum response time to 10s, and number of queries to 3, do as follows: huawei(config)#btv huawei(config-btv)#igmp proxy router sp-query-interval 200 huawei(config-btv)#igmp proxy router sp-response-time v3 100 huawei(config-btv)#igmp proxy router sp-query-number 3
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
176
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
4.2.2 Configuring the Multicast VLAN and the Multicast Program In the application of multicast service, multicast VLANs (MVLANs) are used to distinguish multicast ISPs. Generally, a multicast VLAN is allocated to each multicast ISP for the VLANbased management of multicast programs, multicast protocols, and IGMP versions, and the VLAN-based control of multicast domain and user right.
Context To create a multicast VLAN, a common VLAN must be created first. The multicast VLAN can be the same as the unicast VLAN. In this case, the two VLANs can share the same service stream channel. The multicast VLAN can be different from the unicast VLAN. In this case, the two VLANs use different service stream channels. One user port can be added to multiple multicast VLANs under the following restrictions: l
Among all the multicast VLANs of a user port, only one multicast VLAN is allowed to have dynamically generated programs.
l
The IGMP versions supported by all the multicast VLANs of the user port must be the same.
l
One user port is not allowed to belong to multiple multicast VLANs that are in the IGMP V3 snooping mode.
Table 4-4 lists the default settings of the multicast VLAN attributes, including the L2 multicast protocol, IGMP version, multicast program, and multicast upstream port. Table 4-4 Default settings of the multicast VLAN attributes Parameter
Default Value
Program matching mode
enable (static configuration mode)
Multicast upstream port mode
default
L2 multicast protocol
off (multicast function disabled)
IGMP version
v3
Priority of forwarding IGMP packets by the upstream port
6
Procedure Step 1 Create a multicast VLAN. 1.
Run the vlan command to create a VLAN, and set the VLAN type according to the actual application. For details on the VLAN configuration, see Configuring VLAN.
2.
Run the multicast-vlan command to set the created VLAN to a multicast VLAN.
Step 2 Configure multicast programs. The multicast VLAN can be configured statically or generated dynamically. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
177
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
l
Static configuration mode: Configure a program list for the multicast VLAN beforehand, and bind the program to a rights profile to implement program right management.
1.
Run the igmp match mode enable command to set the static configuration mode. By default, the system adopts the static configuration mode.
2.
Run the igmp program add [name name ] ip ip-addr [ sourceip ip-addr ] [ hostip ipaddr ] command to add a multicast program. NOTE
If the IGMP version of a multicast VLAN is V3, the program must be configured with a source IP address. If the IGMP version of a multicast VLAN is V2, the program must not be configured with a source IP address.
3.
Add a rights profile. In the BTV mode, run the igmp profile add command to add a rights profile.
4.
Bind the program to the rights profile. In the BTV mode, run the igmp profile command to bind the program to the rights profile, and set the right to watch. NOTE
When a user is bound to multiple rights profiles, and the rights profiles have different rights to a program, the right with the highest priority prevails. You can run the igmp right-priority command to adjust the priorities of the four rights: watch, preview, forbidden, and idle. By default, the priorities of the four rights are forbidden > preview > watch > idle.
l
Dynamic generation mode: A program list is dynamically generated according to the programs requested by users. In this mode, the program list need not be configured or maintained; however, the functions such as program management, user multicast bandwidth management, program preview, and program prejoin are not supported.
1.
Run the igmp match mode disable command to set the dynamic generation mode.
NOTICE The igmp match mode command can be executed only when the IGMP mode is disabled. 2.
Run the igmp match group command to configure the IP address range of the program group that can be dynamically generated. Users can request only the programs whose IP addresses are within the specified range.
Step 3 Configure the multicast upstream port. 1.
Run the igmp uplink-port command to configure the multicast upstream port. The packets of the multicast VLAN corresponding to the upstream port are forwarded and received by this upstream port.
2.
In the BTV mode, run the igmp uplink-port-mode command to change the mode of the multicast upstream port. By default, the port is in the default mode. In the MSTP network, the port adopts the MSTP mode. l Default mode: If the multicast VLAN contains only one upstream port, the multicast packets that go upstream can be sent only by this port. If the multicast VLAN contains multiple upstream ports, the multicast packets that go upstream are sent by all the upstream ports.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
178
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
l MSTP mode: This mode is adopted in the MSTP network. l protect mode: Each program is specified with a protection group. When one port is faulty, the other one starts working. Then protocol packets are sent to the working port to protect services. You can run the protect command to enter protect mode, and run the protect-group command to configure the protection group. Step 4 Select the multicast mode. Run the igmp mode { proxy | snooping } command to select the L2 multicast mode. By default, the multicast mode is disabled. In the IGMP snooping mode, proxy can be enabled for the report packet and the leave packet. When a multicast user joins or leaves a multicast program, the MA5600 can implement IGMP proxy. IGMP snooping and IGMP proxy are controlled separately. l Run the igmp report-proxy enable command to enable the proxy of the snooping report packet. When the first user requests to join a program, after authenticating the user, the MA5600 sends the user report packet to the network side and receives a corresponding multicast stream from the multicast router. The report packets of the users that follow the first user are not sent by the MA5600 to the network side. l Run the igmp leave-proxy enable command to enable the proxy of the snooping leave packet. When the last user requests to leave the program, the MA5600 sends the user leave packet to the network side to request the upper-layer device to stop sending multicast streams. The leave packets of the users that precede the last user are not sent by the MA5600 to the network side. Step 5 Set the IGMP version. Run the igmp version{ v2 | v3 } command to set the IGMP version. By default, IGMP V3 is enabled in the system. If the upper-layer and lower-layer devices oh0630n the network are IGMP V2 devices and cannot recognize the IGMP V3 packets, run this command to change the IGMP version. IGMP V3 is compatible with IGMP V2 in packet processing. If IGMP V3 is enabled on the MA5600 and the upper-layer multicast router switches to IGMP V2, the MA5600 automatically switches to IGMP V2 when receiving the IGMP V2 packets. If the MA5600 does not receive any more IGMP V2 packets within the preset IGMP V2 timeout time, it automatically switches back to IGMP V3. In the BTV mode, run the igmp proxy router timeout v2 command to set the IGMP V2 timeout time. By default, the timeout time is 400s. Step 6 Change the priority for forwarding IGMP packets. Run the igmp priority command to change the priority for forwarding the IGMP packets by the upstream port. By default, the priority is 6 and need not be changed. l In the IGMP proxy mode, the IGMP packets sent from the upstream port to the network side adopt the priority set through the preceding command in the multicast VLAN. l In the IGMP snooping mode, the IGMP packets forwarded to the network side adopt the priority of the user service stream. The priority of the service stream is set through the traffic profile. Step 7 Check whether the configuration is correct. l Run the display igmp config vlan command to query the attributes of the multicast VLAN. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
179
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
l Run the display igmp program vlan command to query the information about the program of the multicast VLAN. ----End
Example Assume the following configurations: Multicast VLAN 101 is created, the program is configured with the static attribute, the IP address of the program is 224.1.1.1, the upstream port of the multicast VLAN is 0/7/0, the IGMP proxy is used, and the IGMP version is IGMP V3. To perform these configurations, do as follows: huawei(config)#vlan 101 smart huawei(config)#multicast-vlan 101 huawei(config-mvlan101)#igmp match mode enable huawei(config-mvlan101)#igmp program add name movie ip 224.1.1.1 sourceip 10.10. 10.1 hostip 10.0.0.2 huawei(config-mvlan101)#igmp uplink-port 0/7/0 huawei(config-mvlan101)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-mvlan101)#igmp version v3
Assume the following configurations: Multicast VLAN 101 is created, the program is configured with the dynamic attribute, the upstream port of the multicast VLAN is 0/7/0, the IGMP proxy is used, and the IGMP version is IGMP V3. To perform these configurations, do as follows: huawei(config)#vlan 101 smart huawei(config)#multicast-vlan 101 huawei(config-mvlan101)#igmp match mode disable This operation will delete all the programs in current multicast vlan Are you sure to change current match mode? (y/n)[n]: y Command is being executed, please wait... Command has been executed successfully huawei(config-mvlan101)#igmp uplink-port 0/7/0 huawei(config-mvlan101)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-mvlan101)#igmp version v3
4.2.3 Configuring a Multicast User This topic describes how to configure a multicast user and the related user right for provisioning the multicast service.
Prerequisites Before configuring a multicast user, create a service channel. The procedure is as follows: 1.
Add a VLAN.
2.
Configure the upstream port.
3.
Configure the xDSL port.
4.
Create an xDSL service port.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
180
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
NOTE
l The multicast service supports the IPoE and PPPoE user access modes, but does not support the IPoA or PPPoA user access mode. l When the multicast user adopts the PPPoE access mode, and the L2 multicast protocol adopts the IGMP spoofing, run the igmp echo enable command to enable IGMP echo in the BTV mode. This is because, in the IGMP snooping mode, only the IGMP server can recognize the IGMP over PPP packet, which generally cannot be recognized by other IGMP sources. When the IGMP echo function is enabled, the IGMP over PPP and IGMP over IP packets can be sent to the upper-layer device at the same time. In this manner, the disadvantage that the IGMP source cannot recognize the IGMP over PPP packet is avoided.
Context Add a multicast user and bind the multicast user to the multicast VLAN to create a multicast member. Table 4-5 lists the default settings of the attributes related to the multicast user. Table 4-5 Default settings of the attributes related to the multicast user Parameter
Default Value
Limitation on the number of programs that can be watched by the multicast user
Number of programs that can be watched concurrently: 8
Quick leave mode of the multicast user
MAC-based
Maximum number of programs of different priorities that can be watched: no limit
Procedure Step 1 In the global config mode, run the btv command to enter the BTV mode. Step 2 Configure a multicast user and the multicast user attributes. 1.
Add a multicast user. Run the igmp user add command to add a multicast user.
2.
Configure the maximum number of programs that can be watched by the multicast user. l Run the igmp user add portframeid/slotid/portidindex max-program { maxprogram-num | no-limit } command to configure the maximum number of programs that can be watched by the multicast user concurrently. Up to eight programs can be watched by the multicast user concurrently. By default, the system supports eight programs. l Run the igmp user watch-limit portframeid/slotid/portid { hdtv | sdtv | streamingvideo } command to configure the maximum number of programs of different priorities that can be watched by the multicast user.
3.
Set the quick leave mode of the multicast user. Run the igmp user add portframeid/slotid/portidindex quickleave { immediate | disable | mac-based } command to configure the quick leave mode of the multicast user. By default, the quick leave mode is the MAC-based mode.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
181
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
l Immediate: After receiving the leave packet of the multicast user, the system immediately deletes the multicast user from the multicast group. l Disable: After receiving the leave packet of the multicast user, the system sends an ACK packet to confirm that the multicast user leaves, and then deletes the multicast user from the multicast group. l MAC-based: It is the quick leave mode based on the MAC address. The system checks the MAC address in the leave packet of the user. If it is the same as the MAC address in the report packet of the user, the system immediately deletes the multicast user from the multicast group. Otherwise, the system does not delete the multicast user. This mode is applied to the scenario with multiple terminals. Step 3 Configure multicast user authentication. To control the rights of a multicast user, you can enable the multicast user authentication function. 1.
Configure the multicast user authentication function. Run the igmp user add portframeid/slotid/portidindex { auth | no-auth } command to configure whether to authenticate a multicast user. NOTE
After configuring multicast user authentication, you need to enable the global authentication function to make the configuration take effect. By default, the global authentication function is enabled. You can run the igmp proxy authorization command to change the configuration.
2.
Bind the multicast user to the rights profile. This operation is to implement user authentication. Run the igmp user bind-profile command to bind the user to a rights profile. After the binding, the multicast user has the rights to the programs as configured in the profile.
Step 4 Bind the multicast user to a multicast VLAN. In the multicast VLAN mode, run the igmp multicast-vlan member command to bind the user to the multicast VLAN. Then, the multicast user becomes a multicast member of the multicast VLAN and can request the programs configured in the multicast VLAN. Step 5 Run the display igmp user command to check whether the related multicast user information is correctly configured. ----End
Example To add multicast user (port) 0/1/1 to multicast VLAN 101, enable user authentication, enable log report, set the maximum bandwidth to 10 Mbit/s, and bind the user to rights profile music, do as follows: huawei(config)#service-port vlan 101 adsl 0/1/1 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 huawei(config)#btv huawei(config-btv)#igmp user add port 0/1/1 auth log enable max-bandwidth 10240 huawei(config-btv)#igmp user bind-profile port 0/1/1 profile-name music huawei(config-btv)#quit huawei(config)#multicast-vlan 101 huawei(config-mvlan101)#igmp multicast-vlan member port 0/1/1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
182
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
4.2.4 (Optional) Configuring the Multicast Bandwidth To limit the multicast bandwidth of a user, you can enable multicast bandwidth management, that is, connection admission control (CAC), and then control the bandwidth of a multicast user by setting the program bandwidth and the user bandwidth.
Prerequisites The program matching mode of the multicast VLAN must be the static configuration mode.
Context If the CAC function is enabled and a user requests a multicast program, the system compares the remaining bandwidth of the user (bandwidth configured for the user – total bandwidth of the online programs of the user) with the bandwidth of the multicast program. If the remaining bandwidth of the user is sufficient, the system adds the user to the multicast group. If the bandwidth is insufficient, the system does not respond to the request of the user. If the CAC function is disabled, the system does not guarantee the bandwidth of the multicast program. When the bandwidth is not guaranteed, problems such as mosaic and delay occur in the multicast program. Table 4-6 lists the default settings of the CAC parameters. Table 4-6 Default settings of the CAC parameters Parameter
Default Value
Global CAC function
enable
Bandwidth of the multicast program
5000 kbit/s
Bandwidth of the multicast user
no-limit
Procedure Step 1 In the global config mode, run the btv command to enter the BTV mode. Step 2 Enable the global CAC function. By default, the global CAC function is already enabled. You can run the igmp bandwidthCAC { enable | disable } command to change the setting. Step 3 Configure the bandwidth of the multicast user. Run the igmp user add port frameid/slotid/portid { auth | no-auth } max-bandwidth command to allocate the maximum bandwidth of the multicast user. Step 4 Configure the bandwidth of the multicast program. Run the multicast-vlan command to enter MVLAN mode, and then run the igmp program add ip ip-addr bandwidth command to configure the bandwidth of a multicast program. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
183
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Step 5 Check whether the multicast bandwidth configuration is correct. l Run the display igmp config global command to check the status of the global CAC function. l Run the display igmp program command to query the bandwidth of the multicast program. l Run the display igmp user command to query the bandwidth of the multicast user. ----End
Example To enable bandwidth management for multicast users, set the user bandwidth to 10 Mbit/s when adding multicast user 0/1/1, and configure the program bandwidth to 1 Mbit/s when adding multicast program 224.1.1.1, do as follows: huawei(config)#btv huawei(config-btv)#igmp bandwidthcAC enable huawei(config-btv)#igmp user add port 0/1/1 adsl 0 35 auth max-bandwidth 10240 huawei(config-btv)#quit huawei(config)#multicast-vlan 101 huawei(config-mvlan101)#igmp program add ip 224.1.1.1 bandwidth 1024
4.2.5 (Optional) Configuring Multicast Preview Multicast preview is an advertising method provided by carriers for ISPs. The purpose is to allow users to have an overview of a program in a controlled way. In other words, the duration, interval, and count of the user previews are controlled.
Prerequisites The program matching mode of the multicast VLAN must be the static configuration mode.
Context The difference between program preview and normal program watching is that, after the user goes online, the duration of the preview is restricted. When the duration expires, the user goes offline. The user can request the program again only after the preview interval expires. The count by which the user can request the program within a day (the start time can be configured) is restricted by the preview count of the user. Multicast preview parameters are managed through the preview profile. One program can be bound to only one preview profile, but one preview profile can be referenced by multiple programs. Table 4-7 lists the default settings of the multicast preview parameters. Table 4-7 Default settings of the multicast preview parameters
Issue 09 (2015-02-28)
Parameter
Default Value
Global multicast preview function
enable
Preview profile
Preview profile with index 0
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
184
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Parameter
Default Value
Preview profile parameters
Maximum preview duration: 120s Maximum preview count: 8 Minimum interval between two previews: 120s
Time for resetting the preview record
4:00:00
Valid duration of multicast preview
30s
Procedure Step 1 In the global config mode, run the btv command to enter the BTV mode. Step 2 Enable the global multicast preview function. By default, the global multicast preview function is enabled. You can run the igmp preview{ enable | disable } command to change the setting. Step 3 Configure the preview profile. Run the igmp preview-profile add command to configure the preview profile, and set the parameters: maximum preview duration, maximum preview count, and minimum interval between two previews. The system has a default preview profile with index 0. Step 4 Bind the program to the preview profile. In the multicast VLAN mode, run the igmp program add ip ip-addr preview-profile index command to bind the program to be previewed to the preview profile so that the program has the preview attributes as defined in the preview profile. By default, the program is bound to the preview profile with index 0. Step 5 Change the time for resetting the preview record. Run the igmp preview auto-reset-time command to change the time for resetting the preview record. The preview record of the user remains valid within one day. On the second day, the preview record is reset. By default, the system resets the preview record at 4:00:00 a.m. Step 6 Modify the valid duration of multicast preview. Run the igmp proxy recognition-time command to modify the valid duration of multicast preview. If the actual preview duration of the user is shorter than the valid duration, the preview is not regarded as a valid one and is not added to the preview count. By default, the valid duration of multicast preview is 30s. Step 7 Run the display igmp config global command to check whether the values of the multicast preview parameters are correct. ----End
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
185
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Example To enable preview of multicast programs by using the system default preview profile, do as follows: huawei(config)#btv huawei(config-btv)#igmp preview enable
To enable preview of multicast programs, create preview profile 1, set the maximum preview time to 150s, the maximum preview count to 10, and apply this preview profile when adding program 224.1.1.1, do as follows: huawei(config)#btv huawei(config-btv)#igmp preview enable huawei(config-btv)#igmp preview-profile add index 1 duration 150 times 10 huawei(config-btv)#quit huawei(config)#multicast-vlan 101 huawei(config-mvlan101)#igmp program add ip 224.1.1.1 preview-profile 1
4.2.6 (Optional) Configuring Program Prejoin In program prejoin, the MA5600 receives in advance the multicast stream of a program from the upper-layer multicast router to the upstream port before a user sends a request to join a program, thus shortening the waiting time of the user for requesting the program.
Prerequisites The program matching mode of the multicast VLAN must be the static configuration mode.
Context Multicast program prejoin is the same as program request. The MA5600 plays the role of a user and sends the report packet for receiving in advance the multicast stream from the upper-layer multicast router to the upstream port. After the prejoin function is enabled, if the upper-layer multicast router does not support static multicast entry forwarding, the unsolicited report function needs to be enabled so that the user can request the program quickly. Generally, the upper-layer multicast router processes the user request by responding to the group-specific query and the general query. Table 4-8 lists the default settings of the prejoin parameters. Table 4-8 Default settings of the prejoin parameters Parameter
Default Value
Prejoin function
disable
Unsolicited report of IGMP packets
disable
Procedure Step 1 Enable the prejoin function. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
186
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Run the igmp program add ip ip-addr prejoin enable command to enable the prejoin function of a program. By default, the prejoin function is disabled. Step 2 After the prejoin function is enabled, if the upper-layer multicast router does not support static multicast entry forwarding, the unsolicited report function needs to be enabled for IGMP packets. l Run the igmp program add ip ip-addr unsolicited enable command to enable the unsolicited report function for IGMP packets. By default, the unsolicited report function is disabled. l Run the igmp unsolicited-report interval command to modify the interval for unsolicitedly reporting IGMP packets. By default, the interval is 10s. Step 3 Check whether the prejoin function is configured correctly. l Run the display igmp program command to query the status of the prejoin function and the unsolicited report function. l Run the display igmp config vlan command to query the interval for unsolicitedly reporting IGMP packets. ----End
Example To enable the prejoin function when adding program 224.1.1.1, do as follows: huawei(config-mvlan101)#igmp program add ip 224.1.1.1 prejoin enable
4.2.7 (Optional) Configuring the Multicast Logging Function Multicast logs serve as a criterion for carriers to evaluate the viewership of multicast programs.
Prerequisites If the syslog is used for reporting multicast logs, the syslog server must be properly configured.
Context Multicast logs have three control levels: multicast VLAN level, multicast user level, and multicast program level. The system generates logs only when the logging functions at the three levels are enabled. When the user stays online for longer than the valid time for generating logs, the system generates logs in any of the following conditions: l
The user goes offline naturally, by force, or abnormally.
l
The user is blocked or deleted.
l
The program is deleted.
l
The program priority is changed.
l
The upstream port to which the program is bound changes.
l
The VLAN of the upstream port to which the program is bound changes.
l
The right mode is switched.
l
The user preview times out.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
187
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
l
The IGMP mode is switched.
l
The bandwidth CAC is not passed.
The system supports up to 32K logs. When the user goes online, the system records only the online date and time. The system generates a complete log only when the user goes offline. The MA5600 can report the multicast log to the log server in the syslog mode and the call detailed record (CDR) mode. By default, the MA5600 reports the log in the syslog mode. l
Syslog mode: Logs are reported to the syslog server in the form of a single log.
l
CDR mode: Logs are reported to the log server in the form of a log file (.cvs). One log file contains multiple logs.
Table 4-9 lists the default settings of the multicast logging parameters. Table 4-9 Default settings of the multicast logging parameters Parameter
Default Value
Report mode of the multicast log
Syslog mode
Logging function at the multicast VLAN level
enable
Logging function at the multicast user level
enable
Logging function at the multicast program level
enable
Interval for automatically logging
2 hours
Minimum online duration for generating a valid log
30s
Parameters of the log report in the CDR mode
Report interval: 600s Maximum number of logs that can be reported each time: 200
Procedure l
Configure the parameters of the logging function of the multicast host. 1.
Enable the multicast logging functions. Multicast logs have three control levels: multicast VLAN level, multicast user level, and multicast program level. The system generates logs only when the logging functions at the three levels are enabled. By default, the three functions are enabled. – Run the igmp log { enable | disable } command to configure the logging function at the multicast VLAN level.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
188
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
– Run the igmp user add port frameid/slotid/portid { auth | no-auth } log { enable | disable } command to configure the logging function at the multicast user level. – Run the igmp program add ip ip-addr log { enable | disable } command to configure the logging function at the multicast program level. 2.
Modify the interval for automatically logging. Run the igmp proxy log-interval command to modify the interval for automatically logging. When the user stays online for a long time, the system generates logs at the preset interval. This is to prevent the problem that a log is not generated when the user leaves the multicast group without sending a leave packet, which can affect the accounting. By default, the interval is two hours.
3.
Modify the minimum online duration for generating a valid log. Run the igmp proxy recognition-time command to modify the minimum online duration for generating a valid log. If the user is in a multicast group (such as to preview a program) for shorter than the preset duration, the user operation is not regarded as a valid one and a log is not generated. A log is generated only when a user stays online for longer than the specified duration. By default, the minimum online duration is 30s.
l
Configure the function of CDR-mode log report. 1.
Enable the function of CDR-mode log report. Run the igmp cdr { enable | disable } command to configure the function of CDRmode log report. After the function is enabled, the MA5600 reports the local multicast logs to the multicast log server in the form of a file. After the function is disabled, the MA5600 reports each single log to the syslog server in the default syslog mode.
2.
Configure the multicast log server and the data transmission mode for the CDR-mode log report. Run the file-server auto-backup cdr command to configure the active and standby multicast log servers.
3.
Configure the parameters of the log report in the CDR mode. – Run the igmp cdr-interval command to set the report interval. By default, the interval is 600s. – Run the igmp cdr-number command to set the maximum number of logs that can be reported each time. When the number of the multicast logs in the CDR file reaches the preset value, the MA5600 reports the logs. By default, the maximum number is 200.
4.
Check whether the configuration is correct. – Run the display file-server command to query the configuration of the CDR multicast log server. – Run the display igmp config global command to query the status and other parameters of the function of CDR-mode log report.
----End
Example To configure the multicast log to be reported to log server 10.10.10.1 in the CDR mode and use the TFTP transmission mode, do as follows: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
189
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
huawei(config)#file-server auto-backup cdr primary 10.10.10.1 tftp huawei(config)#btv huawei(config-btv)#igmp cdr enable
4.2.8 (Optional) Configuring the PIM-SSM This topic describes how to configure the Protocol Independent Multicast-Source Specific Multicast (PIM-SSM) parameters on the MA5600, including enabling the PIM-SSM function, setting the DR priority of the PIM router, and setting the IP address range of the PIM-SSM multicast group.
Prerequisites l
The MA5600 does not support the PIM-SSM and IGMP upstream transmission at the same time.
l
The MA5600 does not support the specific multicast source as the upstream multicast source to serve the entire network.
l
The MA5600 does not support the receiving of PIM messages through an external subtending port, the receiving of PIM messages through the original BTV subtending port, or the processing of PIM messages received on the user-side port.
l
PIM-SSM of the MA5600 depends on the unicast routing information. Hence, modifying, deleting, or configuring the unicast routing information affects the availability of the PIMSSM function and the unicast routing performance affects the PIM-SSM performance.
l
The PIM-SSM function can be used on the MA5600 only after the multicast routing function is enabled.
Background Information The PIM-SSM model provides a solution to the specific multicast source. In this solution, the exchange of messages between an access device and a router can be maintained through the IGMP V3 protocol.
Procedure Step 1 Enable the PIM-SSM function. By default, the PIM-SSM function is disabled on the MA5600. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim sm command to enable the PIM-SSM function on the VLAN L3 interface.
Step 2 Set the DR priority of the PIM router. l The routers mutually send hello packets carrying the priority parameter for electing a DR. The router with the highest priority is elected as the DR. If the DR priority is the same, the router with the greatest IP address is elected as the DR. l The greater the DR priority value of the PIM router is, the higher the priority is. The DR priority value ranges from 0 to 4294967295. By default, it is 1. l The command used for configuring the priority of a router for DR election in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the DR priority set in the VLAN interface mode. When the DR Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
190
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
priority set in the VLAN interface mode does not exist, the system uses the DR priority set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the hello-option dr-priority command to set the DR priority of the PIM router in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim hello-option dr-priority command to set the DR priority of the PIM router on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 3 Set the interval for a PIM router to send hello packets. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. l The interval ranges from 1s to 2147483647s. By default, it is 30s. l The command used for setting the interval for the PIM router to send hello packets in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the interval for the PIM router to send hello packets set in the VLAN interface mode. When the interval for the PIM router to send hello packets set in the VLAN interface mode does not exist, the system uses the interval for the PIM router to send hello packets set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the timer hello command to set the interval for the PIM router to send hello packets in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim timer hello command to set the interval for a PIM router to send hello packets in PIM mode.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 4 Set the timeout time for a PIM router to wait for hello packets. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
191
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
l The timeout time ranges from 1s to 65535s. By default, it is 105s. l The command used for setting the timeout time for the PIM router to wait for hello packets in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the timeout time for the PIM router to wait for hello packets set in the VLAN interface mode. When the timeout time for the PIM router to wait for hello packets set in the VLAN interface mode does not exist, the system uses the timeout time for the PIM router to wait for hello packets set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the hello-option holdtime command to set the timeout time for the PIM router to wait for hello packets in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim hello-option holdtime command to set the timeout time for the PIM router to wait for hello packets on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 5 Set the longest delay for triggering the transmission of hello packets. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. l For example, if the longest delay is N seconds (s), the system randomly selects a value ranging from 0s to Ns as the delay and sends hello packets to the neighbor after this delay. l The longest delay ranges from 1s to 5s. By default, it is 5s. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim triggered-hello-delay command to set the longest delay for triggering the transmission of hello packets.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 6 Set the specification of Join/Prune packets. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. l The length of the Join/Prune packets ranges from 100 bytes to 1500 bytes. By default, it is 1400 bytes. l The number of (S, G) entries contained in the Join/Prune packets sent every second ranges from 1 to 4096. By default, it is 1020. l Set the length of the Join/Prune packets to be sent.
Issue 09 (2015-02-28)
1.
Run the pim command to enter PIM mode.
2.
Run the jp-pkt-size command to set the length of the Join/Prune packets to be sent. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
192
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
l Set the number of (S, G) entries contained in the packets sent every second. – Run the pim command to enter PIM mode. – Run the jp-queue-size command to set the length of the Join/Prune packets to be sent. Step 7 Set the interval for sending Join/Prune packets. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. l The interval ranges from 1s to 2147483647s. By default, it is 60s. l The command used for setting the interval for sending Join/Prune packets in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the interval for sending Join/Prune packets set in the VLAN interface mode. When the interval for sending Join/Prune packets set in the VLAN interface mode does not exist, the system uses the interval for sending Join/Prune packets set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the timer join-prune command to set the interval for sending Join/Prune packets in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim timer join-prune command to set the interval for sending Join/Prune packets on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 8 Set the delay for the PIM router to perform the pruning operation. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. l The delay ranges from 1 ms to 32767 ms. By default, it is 500 ms. l The command used for setting the delay for the PIM router to perform the pruning in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the delay for the PIM router to perform the pruning set in the VLAN interface mode. When the delay for the PIM router to perform the pruning set in the VLAN interface mode does not exist, the system uses the delay for the PIM router to perform the pruning set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the hello-option lan-delay command to set the delay for the PIM router to perform the pruning operation in PIM mode.
3.
Run the quit command to quit PIM mode.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
193
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4.
4 Configuring the Multicast Service in the MVLAN Mode
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim hello-option lan-delay command to set the delay for a PIM router to perform pruning on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 9 Set the interval for the PIM router to override the pruning. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. l When a router receives a prune message from the upstream interface, it indicates that other downstream routers exist in this LAN. If this router still needs to receive the multicast data, it must send the prune override message to the upstream router during the override interval. l The interval ranges from 1 ms to 65535 ms. By default, it is 2500 ms. l The command used for setting the interval for the PIM router to override the pruning in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the interval for the PIM router to override the pruning set in the VLAN interface mode. When the interval for the PIM router to override the pruning set in the VLAN interface mode does not exist, the system uses the interval for the PIM router to override the pruning set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the hello-option override-interval command to set the interval for the PIM router to override the pruning in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim hello-option override-interval command to set the interval for the PIM router to override the pruning on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 10 Set the holdtime for the PIM router to maintain the join status of the downstream interface. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. l The holdtime ranges from 1s to 65535s. By default, it is 210s. l The command used for setting the holdtime for the PIM router to maintain the join status of the downstream interface in PIM mode functions the same as the command used in the VLAN interface mode. The difference lies in that the system prefers the holdtime for the PIM router to maintain the join status of the downstream interface set in the VLAN interface mode. When the holdtime for the PIM router to maintain the join status of the downstream interface Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
194
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
set in the VLAN interface mode does not exist, the system uses the holdtime for the PIM router to maintain the join status of the downstream interface set in PIM mode. Configure parameters in PIM mode. 1.
Run the pim command to enter PIM mode.
2.
Run the holdtime join-prune command to set the holdtime for the PIM router to maintain the join status of the downstream interface in PIM mode.
3.
Run the quit command to quit PIM mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Configure parameters in the VLAN interface mode. 1.
Run the interface vlanif command to enter the VLAN interface mode.
2.
Run the pim holdtime join-prune command to set the holdtime for the PIM router to maintain the join status of the downstream interface on a specified interface.
3.
Run the quit command to quit the VLAN interface mode.
4.
Run the display pim interface command to query the PIM information of the interface.
Step 11 Set the IP address range of a PIM-SSM multicast group. l The multicast mode of the upstream port must be PIM-SSM. l The multicast routing function must be enabled. l This operation specifies the IP address range of a PIM-SSM multicast group. All the interfaces enabled with the PIM-SSM protocol consider that the multicast groups within the range adopt the PIM-SSM mode. l By default, the IP address range of a PIM-SSM multicast group is 232.0.0.0/8. 1.
Run the acl command to enter acl-basic mode. NOTE
The ACL must be a basic ACL, which ranges from 2000 to 2999.
2.
Run the rule permit source command to configure the ACL rule in acl-basic mode to define the IP address range of the PIM-SSM multicast group to be permitted source IP address.
3.
Run the quit command to quit acl-basic mode.
4.
Run the pim command to enter PIM mode.
5.
Run the ssm-policy command to apply the configured ACL rule to specify the IP address range of the PIM-SSM multicast group.
----End
Example Assume that the PIM-SSM function is enabled on VLAN interface 500 and the PIM-SSM parameters are as follows: l
Set the DR priority of a PIM router to 4 on VLAN interface 500.
l
Set the interval for a PIM router to send hello packets to 80s on VLAN interface 500.
l
Set the timeout time for a PIM router to wait for hello packet to 240s on VLAN interface 500.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
195
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
l
Set the longest delay for triggering hello packets to 4s on VLAN interface 500.
l
Set the length of the Join/Prune packets to be sent to 1100 bytes.
l
Set the interval for sending Join/Prune packets to 120s on VLAN interface 500.
l
Set the delay for a PIM router to perform pruning to 700 ms on VLAN interface 500.
l
Set the interval for a PIM router to override a pruning operation to 3000 ms on VLAN interface 500.
l
Set the holdtime for a PIM router to maintain the join status of the downstream interface to 215s on VLAN interface 500.
l
Set the IP address range of a PIM-SSM multicast group to 232.1.0.0/16.
To perform the configurations, do as follows: huawei(config)#multicast upstream-mode pim-ssm huawei(config)#multicast routing-enable huawei(config)#vlan 500 smart huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim sm huawei(config-if-vlanif500)#pim hello-option dr-priority 4 huawei(config-if-vlanif500)#pim timer hello 80 huawei(config-if-vlanif500)#pim hello-option holdtime 240 huawei(config-if-vlanif500)#pim triggered-hello-delay 4 huawei(config-if-vlanif500)#quit huawei(config)#pim huawei(config-pim)#jp-pkt-size 1100 huawei(config-pim)#jp-queue-size 1000 huawei(config-pim)#quit huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim timer join-prune 120 huawei(config-if-vlanif500)#pim hello-option lan-delay 700 huawei(config-if-vlanif500)#pim hello-option override-interval 3000 huawei(config-if-vlanif500)#pim holdtime join-prune 215 huawei(config-if-vlanif500)#quit huawei(config)#acl 2000 huawei(config-acl-basic-2000)#rule permit source 232.1.0.0 0.0.255.255 huawei(config-acl-basic-2000)#quit huawei(config)#pim huawei(config-pim)#ssm-policy 2000 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 4 PIM neighbor count: 0 PIM hello interval: 80 s PIM LAN delay (negotiated): 700 ms PIM LAN delay (configured): 700 ms PIM hello override interval (negotiated): 2800 ms PIM hello override interval (configured): 2800 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 240 s PIM hello assert interval: 454545 s PIM triggered hello delay: 4 s PIM J/P interval: 120 s PIM J/P hold interval: 215 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
196
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
4.3 Configuring the Multicast Service in a Subtending Network This topic describes how to configure the multicast service for an xDSL user of the MA5600 in a subtending network.
Application Context Figure 4-1 shows an example network of the multicast service in a subtending network. When a subtended device needs to provide the multicast service, the subtending port on the subtending device needs to be configured as a multicast subtending port. In this manner, the subtended device regards the subtending device as an IGMP user. Figure 4-1 Example network of the multicast service in a subtending network
Multicast Server Router CON ETH MON
GE0/7/0 GE0/7/1
A D G E
MA5600_ A
CON ETH MON
GE0/7/0 GE0/7/1
Modem
PC
MA5600_B
Modem
PC
Precautions l
Issue 09 (2015-02-28)
The multicast program of the subtending device must contain the multicast program of the subtended device. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
197
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
4 Configuring the Multicast Service in the MVLAN Mode
In this network, the MA5600 functions as a DSLAM, and the multicast VLANs of the subtending device and the subtended device must be the same.
Procedure The procedure for configuring the subtending device is the same as the procedure described in Configuring the Multicast Service on a Single-NE Network. The procedure of configuring the subtended device is as follows: 1.
For details on configuring the multicast service, see Configuring the Multicast Service on a Single-NE Network.
2.
Configure the multicast subtending port. Run the igmp cascade-port frameid/slotid/portid command to configure the subtending port as the multicast subtending port. The multicast upstream port cannot be configured as the multicast subtending port.
3.
Configure the mode for processing unknown multicast packets by the multicast subtending port. By default, the system transparently transmits the unknown multicast packets sent from the multicast subtending port to lower-layer devices. This applies to the situation that the lowerlayer devices may require the transparent transmission of unknown multicast packets. When multicast service is provided with preference, it is recommended that you run the igmp cascade-port frameid/slotid/portid mismatch { transparent | discard } command to enable the quick leave function on the multicast subtending port.
4.
When the quick leave function of the multicast user needs to be enabled on the subtending device, run the igmp cascade-port frameid/slotid/portid quickleave enable command to enable the quick leave function on the multicast subtending port.
NOTICE If the lower-layer device does not support the proxy of the IGMP leave packet, all the users requesting for the program may go offline when a user requesting for the same program goes offline. Therefore, when the quick leave function is enabled on the multicast subtending port, it is recommended that you use the IGMP proxy mode on the lower-layer device or enable the proxy of the IGMP leave packet in the IGMP snooping mode.
4.4 Configuring the Multicast Service in an MSTP Network This topic describes how to configure the multicast service for an xDSL user of the MA5600 in an MSTP network.
Application Context Figure 4-2 shows an example network of the multicast service in an MSTP network. When the multicast service is provided in an MSTP ring network, the multicast upstream port and the subtending port need to be added to the multicast VLAN. According to the running result of the MSTP protocol, the multicast request packets are sent from the root port or the default port (when the device is a root bridge), and the other ports in the VLAN serve as subtending ports. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
198
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
Figure 4-2 Example network of the multicast service in an MSTP network
Multicast Server
Router
0/2 0/3 A D G E
A D G E
0/7 0 1 2 3
SCU
0/2 0/3 A D G E
A D G E
MA5600_B
MA5600_A
0/2
0/7
A D G E
0 1 2
0/7 0 1 2 3
SCU
SCU 0/2 A D G E
MA5600_ C
0/7 0
SCU
MA5600_ D
Modem
PC
Procedure The procedures for configuring the devices that comprise the MSTP ring network are the same. 1.
For details on configuring the MSTP ring network, see Configuring the MSTP.
2.
For details on configuring the multicast service, see Configuring the Multicast Service on a Single-NE Network.
3.
Configure the MSTP multicast upstream port. When the multicast service is provided in an MSTP ring network, the multicast upstream port needs to be set in the MSTP mode, and the default upstream port of the multicast VLAN can be specified. After the configuration is complete, multicast packets are forwarded by the root port or default port in the multicast VLAN. l Run the igmp uplink-port-mode mstp command to set the upstream port in the MSTP mode. l Run the igmp default uplink-port command to specify the default upstream port of the multicast VLAN. When the upstream port is set in the MSTP mode and an MSTP
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
199
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4 Configuring the Multicast Service in the MVLAN Mode
root port is unavailable in the multicast VLAN, the multicast VLAN by default adopts the upstream port as the multicast upstream port. 4.
Configure the multicast subtending port. Run the igmp cascade-port command to configure the subtending port as the multicast subtending port.
5.
Configure multicast quick convergence in the case of an MSTP network topology change. Multicast quick convergence means that the device can quickly join the multicast group through a new upstream port when the MSTP network topology changes. The device can send the IGMP join packet for an online program to the new upstream port in an unsolicited manner so that the device joins all the multicast groups; or the device can send the IGMP global leave packet to the upstream port. Then, the upper-layer querier sends a query packet for generating a new multicast forwarding tree. Run the igmp send global-leave command to enable the function of sending the IGMP global leave packet. When this function is enabled, the device sends the IGMP global leave packet to the upper-layer multicast router. When this function is disabled, the device sends the IGMP join packet to the upper-layer multicast router. By default, the function of sending the IGMP global leave packet is enabled.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
200
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5
5 Configuring the Multicast Service in the Non-MVLAN Mode
Configuring the Multicast Service in the Non-MVLAN Mode
About This Chapter This topic describes how to configure the multicast service in the non-multicast VLAN (nonMVLAN) mode on a standalone MA5600, and on the MA5600 in a subtending network or in an MSTP network. The multicast service of the MA5600 is widely used in streaming media, distance learning, video conferencing, video multicasting, Web TV, online game, Internet data center (IDC), and other point-to-multipoint data transmission. In terms of multicast processing mode, the MA5600 supports the IGMP proxy and IGMP snooping L2 multicast protocols. IGMP proxy and IGMP snooping both support multicast video data forwarding; however, the two modes have different processing mechanisms. l
IGMP snooping obtains related information and maintains the multicast forwarding entries by listening to the IGMP packets in the communication between the user and the multicast router.
l
IGMP proxy intercepts the IGMP packets between the user and the multicast router, processes the IGMP packets, and then forwards the IGMP packets to the upper-layer multicast router. For the multicast user, the MA5600 is a multicast router that implements the router functions in the IGMP protocol; for the multicast router, the MA5600 is a multicast user.
If the multicast modes configured for the MA5600s on a multicast cascading network are different, that is, multicast VLAN mode for some MA5600s and non-multicast VLAN mode for other MA5600s, users cannot watch multicast programs normally. Therefore, all the MA5600s on the same multicast cascading network must be configured with the same multicast mode. 5.1 Default Settings of the Multicast Service This topic provides the default settings of the multicast service in the system, including the configuration of multicast protocol, IGMP version, program configuration mode, bandwidth management, program preview, and log function. 5.2 Configuring the Multicast Service on a Single-NE Network Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
201
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
This topic describes how to configure the multicast service for an xDSL user of a standalone MA5600. 5.3 Configuring the Multicast Service in a Subtending Network This topic describes how to configure the multicast service for an xDSL user of the MA5600 in a subtending network. 5.4 Configuring the Multicast Service in an MSTP Network This topic describes how to configure the multicast service for an xDSL user of the MA5600 in an MSTP network.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
202
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
5.1 Default Settings of the Multicast Service This topic provides the default settings of the multicast service in the system, including the configuration of multicast protocol, IGMP version, program configuration mode, bandwidth management, program preview, and log function. Table 5-1 lists the default settings of the multicast service of the MA5600. Table 5-1 Default settings of the multicast service of the MA5600 Feature
Default Setting
IGMP mode
Proxy
Authentication function
enable
Multicast bandwidth management
enable
Multicast preview
enable
Multicast log function
enable
5.2 Configuring the Multicast Service on a Single-NE Network This topic describes how to configure the multicast service for an xDSL user of a standalone MA5600.
Application Context The multicast service of the MA5600 is widely used in streaming media, distance learning, video conferencing, video multicasting (Web TV), online game, Internet data center (IDC), and other point-to-multipoint data transmission. Currently, the multicast application of the MA5600 is oriented to L2, and the MA5600 forwards data based on VLAN ID + multicast MAC address. A multicast program on the network is identified by VLAN ID + multicast IP address uniquely. The MA5600 differentiates multicast sources by VLAN ID. It allocates a unique VLAN ID to each multicast source, controls the multicast domain and the user rights based on the multicast VLAN ID, and provides a platform for different ISPs to implement different multicast video services.
Prerequisites The license for the multicast program or the multicast user must be applied for and installed.
Data Plan Before configuring the multicast video service, plan the data items as listed in Table 5-2. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
203
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Table 5-2 Data plan for configuring the multicast service on a standalone MA5600 Device
Item
Remarks
MA5600
User VLAN
-
L2 multicast protocol
IGMP proxy and IGMP snooping are supported.
IGMP version
IGMP V3 and IGMP V2 are supported and IGMP V3 is compatible with IGMP V2.
Configuration mode of the multicast program
-
Multicast general query and groupspecific query parameters
The default values are adopted. For the default settings, see Configuring Global Multicast Parameters.
Program list
-
User authentication policy
-
Program bandwidth, upstream port bandwidth, and user bandwidth
-
Multicast log policy
Multicast logs can be reported to the log server in the syslog mode or in the CDR mode.
Upper-layer multicast router
IGMP version
The IGMP version of the upperlayer multicast router cannot be earlier than the IGMP version used by the MA5600.
Home gateway or modem
IGMP version
The IGMP version of the CPE cannot be earlier than the IGMP version used by the MA5600.
Procedure ----End
5.2.1 Configuring Global Multicast Parameters The general parameters of L2 multicast protocols (including IGMP proxy and IGMP snooping) configured globally for a device are applicable to all the multicast VLANs of the device.
Context Table 5-3 lists the global multicast parameters. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
204
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Table 5-3 Default settings of global multicast parameters Parameter
Default Setting
Number of programs with license
1024
IGMP mode
Proxy
Authentication function
enable
System robustness factor
2
Interval of the general query (unit: second)
125
Maximum response time to the V2 general query (unit: 0.1s)
100
Maximum response time to the V3 general query (unit: 0.1s)
100
Interval of the group-specific query (unit: 0.1s)
10
Maximum response time to the V2 groupspecific query (unit: 0.1s)
8
Maximum response time to the V3 groupspecific query (unit: 0.1s)
8
Number of group-specific queries
2
Aging time of the V2 router (unit: second)
400
Interval of unsolicited report (unit: second)
10
Upstream port mode
Program binding mode
Proxy function of the report packet
disable (Configure this parameter in the listening mode.)
Proxy function of the leave packet
disable (Configure this parameter in the listening mode.)
Threshold of the duration for the CDR auto report (unit: second)
600
Threshold of the CDR auto report count
200
CDR function
disable
Permitted IGMP packet encapsulation format
all
IGMP echo function
disable
Forcible V2 function of the upstream port
disable
Default multicast source IP address
192.168.1.1
The purposes and principles of the general query and the group-specific query are as follows: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
205
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
For the general query: l
Purpose: A general query packet is periodically sent by the MA5600 to check whether there is any multicast user who leaves the multicast group without sending the leave packet. Based on the query result, the MA5600 periodically updates the multicast forwarding table and releases the bandwidth of the multicast user who has left the multicast group.
l
Principles: The MA5600 periodically sends the general query packet to all the online IGMP users. If the MA5600 does not receive the response packet from a multicast user within a specified time (robustness variable x interval of the general query + maximum response time of the general query), it regards the user as having left the multicast group and deletes the user from the multicast group.
For the group-specific query: l
Purpose: A group-specific query packet is sent by the MA5600 after a multicast user who is not configured with the quick leave attribute sends the leave packet. The group-specific query packet is used to check whether the multicast user has left the multicast group.
l
Principles: When a multicast user leaves a multicast group, for example, switches to another channel, the user sends a leave packet to the MA5600 in an unsolicited manner. If the multicast user is not configured with the quick leave attribute, the MA5600 sends a groupspecific query packet to the multicast group. If the MA5600 does not receive the response packet from the multicast user within a specified time (robustness variable x interval of the group-specific query + maximum response time of the group-specific query), it deletes the multicast user from the multicast group.
For the general query, the MA5600 queries the multicast packets of all the users. For the groupspecified query, the MA5600 queries the multicast packets of the user who watches the specified multicast program. Table 5-4 lists the default settings of global multicast parameters. In actual application, you can change the settings according to your data plan. Table 5-4 Default settings of general query and group-specific query parameters Parameter
Default Value
General query parameter
Query interval: 125s Maximum response time: 10s Robustness variable (query count): 2
Group-specific query parameter
Query interval: 1s Maximum response time: 0.8s Robustness variable (query count): 2
Procedure Step 1 Configure general query parameters. 1.
Issue 09 (2015-02-28)
Run the igmp proxy router gen-query-interval command to set the interval of the general query. By default, the interval is 125s. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
206
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
2.
Run the igmp proxy router gen-response-time command to set the maximum response time of the general query. By default, the time is 10s.
3.
Run the igmp proxy router robustness command to set the count of the general query. By default, the count is 2.
Step 2 Configure group-specific query parameters. 1.
Run the igmp proxy router sp-query-interval command to set the interval of the groupspecific query. By default, the interval is 1s.
2.
Run the igmp proxy router sp-response-time command to set the maximum response time to the group-specific query. By default, the time is 0.8s.
3.
Run the igmp proxy router sp-query-number command to set the count the groupspecific query. By default, the count is 2.
Step 3 Run the display igmp proxy command to check whether the parameters are configured correctly. ----End
Example To configure the multicast general query parameters by setting the query interval to 150s, maximum response time to 20s, and query count to 3, do as follows: huawei(config)#btv huawei(config-btv)#igmp proxy router gen-query-interval 150 huawei(config-btv)#igmp proxy router gen-response-time v3 200 huawei(config-btv)#igmp proxy router robustness 3
To configure the multicast group-specific query parameters by setting the query interval to 20s, maximum response time to 10s, and query count to 3, do as follows: huawei(config)#btv huawei(config-btv)#igmp proxy router sp-query-interval 200 huawei(config-btv)#igmp proxy router sp-response-time v3 100 huawei(config-btv)#igmp proxy router sp-query-number 3
5.2.2 Configuring the Multicast Program In the application of multicast services, multicast source IP addresses are used to identify multicast ISPs. Generally, a multicast source IP address is allocated to each multicast ISP for the management of multicast programs, multicast protocols, and IGMP versions, and for the control of multicast domain and user rights.
Context l
The source IP address of a multicast program is a unicast IP address and the source IP addresses of different multicast programs can be the same.
l
Table 5-5 lists the default settings of multicast parameters, such as the multicast upstream port mode, L2 multicast mode, and IGMP version.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
207
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Table 5-5 Default settings of multicast parameters Parameter
Default Setting
Multicast upstream port mode
program
L2 multicast mode
Proxy
IGMP version
v3
Procedure Step 1 Create a program VLAN. 1.
Run the vlan command to create a program VLAN and set the VLAN type according to application requirements. For details, see Configuring the VLAN.
2.
Run the port vlan command to add the upstream port to the VLAN.
Step 2 Configure the multicast program. l
Configure the program list for the multicast VLAN in advance and bind the rights profile to the program to manage the program.
1.
Run the igmp program add [name name ] ip ip-addr [ sourceip ip-addr ] vlanvlanid [ hostip ip-addr ] command to add a multicast program. NOTE
If the source IP address of a program is not configured, it is 192.168.1.1 by default.
2.
Bind the rights profile to the program. Run the igmp profile command to bind the rights profile to the program and set the rights to watch the program. NOTE
If a user is bound with multiple rights profiles but the rights to a program vary in these profiles, the user uses the rights with the highest priority. You can run the igmp right-priority command to adjust the priorities of the four rights: watch, preview, forbidden, and idle. By default, the priorities of the four rights are forbidden > preview > watch > idle.
Step 3 Configure the multicast upstream port. 1.
Run the igmp uplink-port command to specify the multicast upstream port and configure its bandwidth. The packets from the multicast VLAN corresponding to the upstream port are forwarded and received through this upstream port.
2.
Run the igmp uplink-port-mode command to configure the mode of the multicast upstream port. The default mode is program. For the MSTP networking, the MSTP mode is selected; for the broadcast networking, the broadcast mode is selected. l program: Indicates the program mode. The upstream port is bound when you add a program. The protocol packets are sent upstream through the upstream port. You can run the igmp program add [ namename ] ipip-addr [ sourceip ip-addr ] [ bind frameid/slotid/portid ] [ hostip ip-addr ] command to bind the upstream port when adding a program; or run the igmp program modify [ namename ] ip ip-addr [ sourceip ip-addr ] [ bind frameid/slotid/portid ] command to change the upstream port to which the program is bound.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
208
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
l mstp: Indicates the MSTP mode. The upstream port is determined by the upper-layer device running the MSTP protocol and the protocol packets are sent upstream through the root port. l broadcast: Indicates the broadcast mode. The upstream port is determined by the upperlayer device and protocol packets are sent to all the upstream ports in the VLAN that is bound to the program. Step 4 Select the multicast mode. Run the igmp mode { proxy | snooping | off } command to select the L2 multicast mode. By default, the IGMP proxy mode is used. In the IGMP snooping mode, proxy can be enabled for the report packet and the leave packet. When a multicast user joins or leaves a multicast program, the MA5600 can implement IGMP proxy. IGMP snooping and IGMP proxy are controlled separately. l Run the igmp report-proxy enable command to enable the proxy of the snooping report packet. When the first user requests for a program, after authenticating the user, the MA5600 sends the user report packet to the network side and obtains a corresponding multicast stream from the multicast router. The MA5600 does not send the report packets from the subsequent users for joining the same program to the network side any more. l Run the igmp leave-proxy enable command to enable the proxy of the snooping leave packet. When the last user requests for leaving a program, the MA5600 sends the user leave packet to the network side and notifies the upper-layer device of stopping sending multicast streams. The MA5600 does not send the leave packets from the users before the last user to the network side. If the offline user is not the last user, the upper-layer device keeps sending multicast streams. Step 5 Set the IGMP version of the upstream port. Run the igmp uplink-port force-to-v2 { enable | disable } command to set the IGMP version. By default, IGMP V3 is enabled in the system. If the upper-layer and lower-layer devices on the network are of the IGMP V2 version and cannot recognize the IGMP V3 packets, run this command to switch the IGMP version. IGMP V3 is compatible with IGMP V2 in packet processing. If IGMP V3 is enabled on the MA5600 and the upper-layer multicast router switches to IGMP V2, the MA5600 automatically switches to IGMP V2 when receiving the IGMP V2 packets. If the MA5600 does not receive any IGMP V2 packets within the preset IGMP V2 time to live (TTL) time, it automatically switches back to IGMP V3. In the BTV mode, run the igmp proxy router timeout v2 command to set the IGMP V2 TTL time. By default, the TTL time is 400s. Step 6 Change the priority for forwarding IGMP packets. l In the IGMP proxy mode, the priority of IGMP packets is a fixed value, which cannot be changed. l In the IGMP snooping mode, the IGMP packets forwarded to the network side use the priority of the user traffic stream. The priority of the traffic stream is set through the traffic profile. Step 7 Check whether the configuration is correct. l Run the display igmp proxy command to query the multicast attributes. l Run the display igmp program command to query the multicast program. ----End Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
209
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Example Assume that the VLAN ID is 101, the IP address of the program is 224.1.1.1, the program bandwidth is 5000 kbit/s, the multicast upstream port is 0/7/2, the IGMP proxy is enabled, and the IGMP version is IGMP V3. To configure a program with these attributes, do as follows: huawei(config)#vlan 101 smart huawei(config)#port vlan 101 0/7 2 huawei(config)#btv huawei(config-btv)#igmp program add name movie ip 224.1.1.1 sourceip 10.10.10.1 vlan 101 bind 0/7/2 bandwidth 5000 hostip 10.0.0.254 huawei(config-btv)#igmp uplink-port 0/7/2 huawei(config-btv)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-btv)#igmp uplink-port force-to-v2 disable
5.2.3 Configuring the Multicast User This topic describes how to configure the multicast user and the related user rights for providing the multicast service.
Prerequisites Before configuring the multicast user, you must create a service channel. The procedure is as follows: 1.
Run the vlan command to add a VLAN.
2.
(Optional) Run the port vlan command to configure the upstream port. NOTE
In the IGMP proxy mode, you need not add the upstream port to the user-side VLAN.
3.
Run the interface xDSL frameid/slotid command to enter the board mode to configure xDSL port. NOTE
In the interface xDSL frameid/slotid command, keyword xDSL can be adsl, shdsl, or vdsl.
4.
Run the service-port command to create an xDSL traffic stream. NOTE
l The multicast service supports the IPoE and PPPoE user access modes but does not support the IPoEoA or PPPoEoA user access mode. l In the PPPoE access mode, if the L2 multicast protocol is IGMP snooping, whether to enable the IGMP echo function by running the igmp echo enable command is determined according to whether the upper-layer device forwarding the IGMP packet supports the IGMP over PPP packet.
Context Add a multicast user and bind the multicast user with the multicast source IP address to create a multicast member. Bind the rights profile to the multicast user to implement multicast user authentication. Table 5-6 lists the default settings of the attributes related to the multicast user. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
210
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Table 5-6 Default settings of the attributes related to the multicast user Parameter
Default Setting
Limitation on the number of programs that can be watched by the multicast user
Maximum number of programs that can be watched concurrently: 8
Quick leave mode of the multicast user
immediate
Function of global multicast user authentication
enable
Procedure Step 1 In the global config mode, run the btv command to enter the BTV mode. Step 2 Configure the multicast user and the multicast user attributes. 1.
Add a multicast user. Run the igmp user add command to add a multicast user.
2.
Configure the maximum number of programs that can be watched by the multicast user. Run the igmp user add port frameId/slotId/portId { auth | no-auth } [ maxprogrammax-program-num ] command to set the maximum number of programs that can be watched by the multicast user concurrently. A maximum of eight programs can be watched by the multicast user concurrently. By default, the system supports eight programs.
3.
Set the quick leave mode of the multicast user. Run the igmp user add port frameId/slotId/portId { auth | no-auth } quickleave { disable | immediate | mac-based } command to set the leave mode of the multicast user. By default, the leave mode is the mac-based mode. l disable: After receiving the leave request packet of the multicast user, the system sends ACK packets to confirm that the multicast user leaves, and then deletes the multicast user from the multicast group. l immediate: After receiving the leave request packet of the multicast user, the system immediately deletes the multicast user from the multicast group. l mac-based: Indicates the quick leave mode based on the MAC address. The system detects the MAC address in the leave packet of the user. If it is the same as the MAC address in the report packet of the user and the user is the last one who watches the multicast program in the multicast group, the system immediately deletes the multicast user from the multicast group. Otherwise, the system does not delete the multicast user. In this mode, the application scenario with multiple terminals is supported.
Step 3 Configure the multicast user authentication. By default, the system does not authenticate the multicast user. To control the rights of a multicast user, you can enable the multicast user authentication function. 1.
Configure the multicast user authentication function. Run the igmp user add port frameId/slotId/portId { auth | no-auth } command to configure whether to authenticate a multicast user.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
211
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
NOTE
After configuring multicast user authentication, you need to enable the global authentication function to make the configuration take effect. By default, the global authentication function of multicast user is enabled. You can run the igmp proxy authorization command to change the configuration.
2.
Bind the rights profile to the multicast user. Binding the rights profile to the multicast user implements user authentication. Run the igmp user bind-profile command to bind the rights profile to the multicast user. After the binding, the multicast user has the rights to the programs as configured in the profile.
Step 4 Run the display igmp user command to check whether the related multicast user is configured correctly. ----End
Example Assume that multicast user (port) 0/11/1 is added to multicast VLAN 101, the user authentication and the log report are enabled, the maximum number of programs that can be watched is set to 6, rights profile music is bound to the user, and the leave mode of the user is mac-based. To perform the configurations, do as follows: huawei(config)#service-port vlan 101 adsl 0/11/1 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 huawei(config)#btv huawei(config-btv)#igmp user add port 0/11/0 auth max-program 6 quickleave macbased huawei(config-btv)#igmp user add smart-vlan 101 auth log enable huawei(config-btv)#igmp user bind-profile smart-vlan 101 profile-name music
5.2.4 (Optional) Configuring the Multicast Bandwidth To limit the multicast bandwidth of a user, you can enable multicast bandwidth management function, that is, control the bandwidth of a multicast user by setting the program bandwidth.
Context If the multicast bandwidth management function is enabled and a user requests a multicast program, the system compares the remaining bandwidth of the user (bandwidth configured for the user - total bandwidth of the online programs of the user) with the bandwidth of the multicast program. If the remaining bandwidth of the user is sufficient, the system adds the user to the multicast group. If the bandwidth is insufficient, the system does not respond to the request of the user. If the multicast bandwidth management function is disabled, the system does not guarantee the bandwidth of the multicast program. When the bandwidth is not guaranteed, problems such as mosaic and delay occur in the multicast program. Table 5-7 lists the default settings of the multicast bandwidth management parameters. Table 5-7 Default settings of the multicast bandwidth management parameters
Issue 09 (2015-02-28)
Parameter
Default Value
Global CAC function
enable
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
212
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Parameter
Default Value
Bandwidth of the multicast program
5000 kbit/s
Bandwidth of the multicast user
no-limit
Procedure Step 1 In the global config mode, run the btv command to enter the BTV mode. Step 2 Enable the global CAC function. By default, the global CAC function is already enabled. You can run the igmp bandwidthCAC { enable | disable } command to change the setting. Step 3 Configure the bandwidth of the multicast program. Run the igmp program add ip ip-addr bandwidth command to configure the bandwidth of a multicast program. Step 4 Check whether the multicast bandwidth configuration is correct. l Run the display igmp proxy command to check the status of the global CAC function. l Run the display igmp program command to query the bandwidth of the multicast program. ----End
Example To enable the bandwidth management function of the multicast user, add multicast user 0/11/1 with maximum number of programs that can be watched concurrently to 6, and set the bandwidth of program 224.1.1.1 to 1 Mbit/s, do as follows: huawei(config)#btv huawei(config-btv)#igmp bandwidthcAC enable huawei(config-btv)#igmp user add port 0/11/1 auth max-program 6 huawei(config-btv)#igmp program add ip 224.1.1.1 vlan 101 bandwidth 1024
5.2.5 (Optional) Configuring Multicast Preview Multicast preview is an advertising method provided by carriers for ISPs. The purpose is to allow users to have an overview of a program in a controlled way. In other words, the duration, interval, and count of the user previews are controlled.
Prerequisites The program matching mode of the user VLAN must be the static configuration mode.
Context The difference between program preview and normal program watching is that, after the user goes online, the duration of the preview is restricted. When the duration expires, the user goes offline. The user can request the program again only after the preview interval expires. The count Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
213
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
by which the user can request the program within a day (the start time can be configured) is restricted by the preview count of the user. Table 5-8 lists the default settings of the multicast preview parameters. Table 5-8 Default settings of the multicast preview parameters Parameter
Default Value
Global multicast preview function
enable
Preview profile
Preview profile with index 0
Preview profile parameters
Maximum preview duration: 120s Maximum preview count: 8 Minimum interval between two previews: 120s
Time for resetting the preview record
4:00:00
Valid duration of multicast preview
30s
Procedure Step 1 In the global config mode, run the btv command to enter the BTV mode. Step 2 Enable the global multicast preview function. By default, the global multicast preview function is enabled. You can run the igmp preview { enable | disable } command to change the setting. Step 3 Change the time for resetting the preview record. Run the igmp preview auto-reset-time command to change the time for resetting the preview record. The preview record of the user remains valid within one day. On the second day, the preview record is reset. By default, the system resets the preview record at 4:00:00 a.m. Step 4 Modify the valid duration of multicast preview. Run the igmp proxy recognition-time command to modify the valid duration of multicast preview. If the actual preview duration of the user is shorter than the valid duration, the preview is not regarded as a valid one and is not added to the preview count. By default, the valid duration of multicast preview is 30s. Step 5 Run the display igmp proxy command to check whether the values of the multicast preview parameters are correct. ----End
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
214
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Example To enable the multicast preview function, set the time for resetting the preview record to 5:00:00, and set the valid duration of multicast preview to 40s, do as follows: huawei(config)#btv huawei(config-btv)#igmp preview enable huawei(config-btv)#igmp preview auto-reset-time 5:00:00 huawei(config-btv)#igmp proxy recognition-time 40
5.2.6 (Optional) Configuring the Program Prejoin In program prejoin, the MA5600 receives in advance the multicast stream of a program from the upper-layer multicast router to the upstream port before a user sends a request to join a program, thus shortening the waiting time of the user for requesting for the program.
Prerequisites The multicast source must exist on the network and the IP address of the multicast source must be known.
Context Multicast program prejoin is the same as program request. The MA5600 plays the role of a user and sends the report packet for receiving in advance the multicast stream from the upper-layer multicast router to the upstream port. After the prejoin function is enabled, if the upper-layer multicast router does not support static multicast entry forwarding, the unsolicited report function needs to be enabled so that the user can request for the program quickly. Generally, the upper-layer multicast router processes the user request by responding to the group-specific query and the general query. Table 5-9 lists the default settings of program prejoin parameters. Table 5-9 Default settings of program prejoin parameters Parameter
Default Setting
Program prejoin function
disable
Unsolicited report of IGMP packets
disable
Procedure Step 1 Enable the program prejoin function. Run the igmp program add ip ip-addr [ sourceip ip-addr ] vlan vlanid [ bind frameid/slotid/ portid ] prejoin enable command to enable the program prejoin function. By default, this function is disabled. Step 2 After the program prejoin function is enabled, if the upper-layer multicast router does not support static multicast entry forwarding, the unsolicited report function of IGMP packets needs to be enabled. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
215
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
l Run the igmp program add ip ip-addr [ sourceip ip-addr ] vlan vlanid [ bind frameid/ slotid/portid ] unsolicited enable command to enable the unsolicited report function of IGMP packets. By default, this function is disabled. l Run the igmp proxy router report-interval command to change the interval of the unsolicited report of IGMP packets. By default, the interval is 10s. Step 3 Check whether the prejoin function is configured correctly. l Run the display igmp program command to query the status of the program prejoin function and the unsolicited report function. l Run the display igmp proxy command to query the interval of the unsolicited report. ----End
Example To enable the program prejoin function when adding a program whose IP address is 224.1.1.1, do as follows: huawei(config-btv)#igmp program add ip 224.1.1.1 sourceip 10.10.10.10 vlan 101 prejoin enable
5.2.7 (Optional) Configuring the Multicast Log The multicast log provides a criterion for carriers to evaluate the viewership of multicast programs.
Prerequisites If the multicast log is reported in the syslog mode, the syslog server must be configured properly.
Context The multicast log involves the multicast log of the multicast user and the multicast log of the multicast program. The system generates logs only when the log functions of both the multicast user and the multicast program are enabled. If the user stays online longer than the valid log generation time, the system generates logs in any of the following conditions: when the user goes offline naturally, forcibly, or abnormally; when the user is blocked or deleted; when the program is deleted; when the program priority is changed; when the upstream port to which the program is bound is changed; when the VLAN of the upstream port to which the program is bound is changed; when the user preview times out; when the IGMP mode is switched; when the rights mode is switched; when the bandwidth CAC fails. The system supports a maximum of 10240 logs. When the user goes online, the system records only the online date and time. The system generates a complete log only when the user goes offline. The MA5600 can report the multicast log to the log server in the syslog mode and the call detailed record (CDR) mode. By default, the MA5600 reports the log in the syslog mode. l Issue 09 (2015-02-28)
syslog mode: Logs are reported to the syslog server in the form of a single log. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
216
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
5 Configuring the Multicast Service in the Non-MVLAN Mode
CDR mode: Logs are reported to the log server in the form of a log file (.cvs). One log file contains multiple logs.
Table 5-10 lists the default settings of multicast log parameters. Table 5-10 Default settings of multicast log parameters Parameter
Default Setting
Report mode of the multicast log
syslog mode
Log function of the multicast user
enable
Log function of the multicast program
enable
Interval of automatic log generation
2 hours
Minimum online duration for generating a valid log
30s
Parameters of the log report in the CDR mode
Report interval: 600s Maximum number of logs that can be reported each time: 200
Procedure l
Configure the parameters of the log generation function of the multicast host. 1.
Enable the multicast log generation function. The multicast log involves the multicast log of the multicast user and the multicast log of the multicast program. The system generates logs only when the log functions of both the multicast user and the multicast program are enabled. By default, the log functions of both the multicast user and the multicast program are enabled. – Run the igmp user add port frameId/slotId/portId { auth | no-auth } log { enable | disable } command to enable the log function of the multicast user. – Run the igmp program add ip ip-addr [ sourceip ip-addr ] vlan vlanid log { enable | disable } command to enable the log function of the multicast program.
2.
Change the interval of automatic log generation. Run the igmp proxy log-interval command to change the interval of automatic log generation. When the user stays online for a long time, the system generates logs at preset intervals. This prevents the problem that a log is not generated when the user leaves the multicast group without sending the leave packet, which can affect the accounting. By default, the interval is two hours.
3.
Change the minimum online duration for generating a valid log. Run the igmp proxy recognition-time command to change the minimum online duration for generating a valid log. If the user is in a multicast group (such as to preview a program) for shorter than the preset duration, the user operation is not regarded as a valid one and a log is not generated. A log is generated only when a user stays online for longer than the specified duration. By default, the duration is 30s.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
217
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
5 Configuring the Multicast Service in the Non-MVLAN Mode
Configure the multicast log report function in the CDR mode. 1.
Enable the multicast log report function in the CDR mode. Run the igmp cdr { enable | disable } command to enable the multicast log report function in the CDR mode. After the function is enabled, the MA5600 reports local multicast logs to the multicast log server in the form of a file. After the function is disabled, the MA5600 reports each single log to the syslog server in the default syslog mode.
2.
Configure the multicast log server and the data transmission mode for the multicast log report in the CDR mode. Run the file-server auto-backup cdr command to configure the active and standby multicast log servers.
3.
Configure the parameters of the multicast log report in the CDR mode. – Run the igmp cdr-interval command to set the interval of the multicast log report in the CDR mode. By default, the interval is 600s. – Run the igmp cdr-number command to set the maximum number of logs that can be reported each time. When the number of multicast logs in the CDR file reaches the preset value, the MA5600 reports the logs. By default, the maximum number is 200.
4.
Check whether the configuration is correct. Run the display igmp proxy command to query the status and other parameters of the multicast log report in the CDR mode.
----End
Example To configure the multicast log to be reported to log server 10.10.10.1 in the CDR mode through the TFTP transmission, do as follows: huawei(config)#file-server auto-backup cdr primary 10.10.10.1 tftp huawei(config)#btv huawei(config-btv)#igmp cdr enable
5.3 Configuring the Multicast Service in a Subtending Network This topic describes how to configure the multicast service for an xDSL user of the MA5600 in a subtending network.
Application Context Figure 5-1 shows an example network of the multicast service in a subtending network. When a subtended device needs to provide the multicast service, the subtending port on the subtending device needs to be configured as a multicast subtending port. In this manner, the subtended device regards the subtending device as an IGMP user. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
218
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Figure 5-1 Example network of the multicast service in a subtending network
Multicast Server Router CON ETH MON
GE0/7/0 GE0/7/1
A D G E
MA5600_ A
CON ETH MON
GE0/7/0 GE0/7/1
Modem
PC
MA5600_B
Modem
PC
Precautions l
The multicast program of the subtending device must contain the multicast program of the subtended device.
l
In this network, the MA5600 functions as a subtending device, and the program VLANs of the subtending device and the subtended device must be the same.
Procedure The procedure for configuring the subtending device is the same as the procedure described in Configuring the Multicast Service on a Single-NE Network. The procedure of configuring the subtended device is as follows: 1.
For details on configuring the multicast service, see Configuring the Multicast Service on a Single-NE Network.
2.
Configure the multicast subtending port. Run the igmp cascade-port frameid/slotid/portid command to configure the subtending port as the multicast subtending port. The multicast upstream port cannot be configured as the multicast subtending port.
3.
Issue 09 (2015-02-28)
When the quick leave function of the multicast user needs to be enabled on the subtending device, run the igmp cascade-port frameid/slotid/portid quickleave enable command to enable the quick leave function on the multicast subtending port. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
219
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
NOTICE If the lower-layer device does not support the proxy of the IGMP leave packet, all the users requesting for the program may go offline when a user requesting for the same program goes offline. Therefore, when the quick leave function is enabled on the multicast subtending port, it is recommended that you use the IGMP proxy mode on the lower-layer device or enable the proxy of the IGMP leave packet in the IGMP snooping mode.
5.4 Configuring the Multicast Service in an MSTP Network This topic describes how to configure the multicast service for an xDSL user of the MA5600 in an MSTP network.
Application Context Figure 5-2 shows an example network of the multicast service in an MSTP network. When the multicast service is provided in an MSTP ring network, the multicast upstream port and the subtending port need to be added to the user VLAN. According to the running result of the MSTP protocol, the multicast request packets are sent from the root port or the default port (when the device is a root bridge), and the other ports in the VLAN serve as subtending ports.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
220
5 Configuring the Multicast Service in the Non-MVLAN Mode
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Figure 5-2 Example network of the multicast service in an MSTP network
Multicast Server
Router
0/2 0/3 A D G E
A D G E
0/7 0 1 2 3
SCU
0/2 0/3 A D G E
A D G E
MA5600_B
MA5600_A
0/2
0/7
A D G E
0 1 2
0/7 0 1 2 3
SCU
SCU 0/2 A D G E
MA5600_ C
0/7 0
SCU
MA5600_ D
Modem
PC
Procedure The procedures for configuring the devices that comprise the MSTP ring network are the same. 1.
For details on configuring the MSTP ring network, see Configuring the MSTP.
2.
For details on configuring the multicast service, see Configuring the Multicast Service on a Single-NE Network.
3.
Configure the MSTP multicast upstream port. When the multicast service is provided in an MSTP ring network, the multicast upstream port needs to be set in the MSTP mode, and the default upstream port of the multicast VLAN can be specified. After the configuration is complete, multicast packets are forwarded by the root port or default port in the multicast VLAN. Run the igmp uplink-port-mode mstp command to set the upstream port in the MSTP mode.
4. Issue 09 (2015-02-28)
Configure the multicast subtending port. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
221
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5 Configuring the Multicast Service in the Non-MVLAN Mode
Run the igmp cascade-port command to configure the subtending port as the multicast subtending port.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
222
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6
6 Configuration Examples of Services
Configuration Examples of Services
About This Chapter This topic describes typical services supported by the MA5600. 6.1 Configuration Example of the xDSL Internet Access Service 6.2 Configuration Examples of the Multicast Service in the MVLAN Mode This topic describes how to configure the multicast video service in the multicast VLAN (MVLAN) mode. 6.3 Configuration Example of the Multicast Video Service in the Non-MVLAN Mode This topic describes how to configure the multicast video service in the static configuration mode. 6.4 Configuring the VLAN Stacking Wholesale Service This topic describes how to configure the VLAN stacking wholesale service supported by the MA5600. 6.5 Configuration Example of the QinQ VLAN This topic describes how to configure the private line service based on the QinQ feature to provide security channel for data transmission between private networks of the enterprises. 6.6 Configuring the Triple Play This topic describes how to configure the Triple Play service on theMA5600.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
223
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
6.1 Configuration Example of the xDSL Internet Access Service 6.1.1 Configuration Example of the xDSL Internet Access Service Through PPPoE Dialup This topic describes how to configure a user so that the user can access the MA5600 in the xDSL mode through the PPPoE dialup and at a rate of 2048 kbit/s.
Service Requirements l
The user accesses the Internet through the PPPoE dialup.
l
PITP is enabled to protect the user account against theft and roaming.
l
A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l
To ensure reliability, dual GE ports are adopted for upstream transmission, and link aggregation is configured for the two upstream ports.
Figure 6-1 shows an example network for configuring the xDSL Internet access service through the PPPoA dialup. Figure 6-1 Example network for configuring the xDSL Internet access service through the PPPoA dialup
LSW
BRAS
A
CON ETH MON
D G E
GE0/7/0
PPPoE/IPoE
SCU
MA5600
Modem
PC
Prerequisite The number of xDSL ports is under the control of licenses. Make sure that sufficient licenses are already requested. l Issue 09 (2015-02-28)
If the AAA function is enabled on the device, see Configuring AAA. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
224
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
6 Configuration Examples of Services
If the AAA function is implemented by the BRAS, a connection to the BRAS must be established. The BRAS can identify the VLAN tag of the MA5600 in the upstream direction. For the identification purpose, the user name and password for dial-up Internet access must be configured on the BRAS.
Procedure Step 1 Configure a VLAN. Configure service VLAN 50 with the stacking attribute. The user packet goes upstream carrying two VLAN tags. The outer VLAN tag identifies the service and the inner VLAN tag identifies the user. The service of each user is identified by unique S-VLAN+C-VLAN, and the VLAN forwarding mode is the S-VLAN+C-VLAN mode. huawei(config)#vlan 50 smart huawei(config)#vlan attrib 50 stacking
Step 2 Configure upstream ports. Add upstream ports 0/7/0 and 0/7/1 to VLAN 50. Two ports are added for the purpose of port aggregation. huawei(config)#port vlan 50 0/7 0 huawei(config)#port vlan 50 0/7 1
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP static mode, do as follows: huawei(config)#link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static NOTE
The aggregated ports must meet the following requirements: l The ports must work in the full-duplex mode. l The port rates must be the same and the rate of an electrical port must not be of the auto-negotiation type. l The attributes of the ports, such as the default VLAN ID (PVID) and VLAN, must be the same. l One port can belong to only one aggregation group. l The port must not be a mirroring destination port. l The port must not be in the auto-negotiation mode. l The start port ID must be smaller than the end port ID.
Step 3 In the ADSL access mode, follow this procedure. 1.
Configure an ADSL2+ profile. For details, see 1.11.1 Configuring the ADSL2+ Profile. Here, the default ADSL2+ line profile (line profile 1) and the default ADSL2+ alarm profile (alarm profile 1) are used as an example.
2.
Activate the ADSL port, and bind the ADSL2+ templates. NOTE
By default, an ADSL port is in the activated state. Before binding a template to the port, you must deactivate the port.
In the ADSL access mode, bind the default ADSL2+ line profile 1 and ADSL2+ alarm profile 1 to ADSL port 0/2/0. huawei(config)#interface adsl 0/2 huawei(config-if-adsl-0/2)#deactivate 0 huawei(config-if-adsl-0/2)#activate 0 profile-index 1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
225
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config-if-adsl-0/2)#alarm-config 0 1 huawei(config-if-adsl-0/2)#quit
3.
Run the display traffic table command to query the existing traffic profiles in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirements. NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or an ADSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Issue 09 (2015-02-28)
Run the service-port command to create a service port, adopt traffic profile 5, and set the S-VLAN ID to 50. The VPI and VCI of the service port must be the same as the management Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
226
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
VPI and VCI of the peer modem. Assume that the management VPI and VCI of the modem are 1 and 39, and the access port ID is 0/2/0. To facilitate the maintenance of the service port, configure the service port description. huawei(config)#service-port vlan 50 adsl 0/2/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/2/0 vpi 1 vci 39 description Vlanid:50/adsl/ v pi:1vci:39/stacking
5.
Set the C-VLAN ID of the preset service port with VPI/VCI 1/39 to 10 for identifying the user. Configure the important user packet with a higher priority so that the user packet can be processed with precedence, and set the priority of the inner VLAN to 4. huawei(config)#stacking label 0/2/0 vpi 1 vci 39 10 huawei(config)#stacking inner-priority 0/2/0 vpi 1 vci 39 4
Step 4 In the SHDSL access mode, follow this procedure. 1.
Configure an SHDSL profile. For details, see 1.11.2 Configuring SHDSL Profiles. Add SHDSL line profile 3 of the PTM type, with the maximum line rate 2048 kbit/s. huawei(config)#shdsl line-profile quickadd 3 ptm rate 512 2048
2.
Activate SHDSL port 0/5/0, and bind the preset SHDSL line profile 3 and the default SHDSL alarm template (alarm template 1) to the port. NOTE
By default, an SHDSL port is in the activated state. Before binding a profile or template to the port, you must deactivate the port. huawei(config)#interface shl 0/5 huawei(config-if-shl-0/5)#deactivate 0 huawei(config-if-shl-0/5)#activate 0 3 huawei(config-if-shl-0/5)#alarm-config 0 1 huawei(config-if-shl-0/5)#quit
3.
Run the display traffic table command to query the existing traffic profiles in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us -----------------------------------------------------------------------------
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
227
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide 0 1 2 3 4 off 5 6
6 Configuration Examples of Services
cbr cbr ubr nrt-vbr rt-vbr
2 2 2 5 15
1024 2500 512 1200 128
------
---600 --
----64
---250 300
----10000000
off/off/-off/off/-on /on /-on /on /-on /on /
ubr ubr
2 1
2048 --
---
---
---
---
---
on /on /-off/off/--
----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirements. NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or an SHDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port, adopt traffic profile 5, and set the S-VLAN ID to 50. Set the SHDSL channel mode to PTM and the service port is 0/5/0. To facilitate the maintenance of the service port, configure the service port description. huawei(config)#service-port vlan 50 shdsl mode ptm 0/5/0 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/5/0 description Vlanid:50/shdsl/vpi:1vci: 39/stacking
5.
Set the C-VLAN ID of the preset service port 0/5/0 to 10 for identifying the user. Configure the important user packet with a higher priority so that the user packet can be processed with precedence, and set the priority of the inner VLAN to 4. huawei(config)#stacking label 0/5/0 10 huawei(config)#stacking inner-priority 0/5/0 4
Step 5 In the VDSL access mode, follow this procedure. 1.
Configure a VDSL profile. For details, see 1.11.3 Configuring VDSL2 Profiles. Assume that the VDSL profile ID is 3, the minimum reserved transmission rate in the downstream is 2048 kbit/s, channel mode is the interleave mode, maximum downstream interleave delay is 8 ms, maximum upstream interleave delay is 2 ms, SNR margin is 6 dB, minimum downstream INP is 4, and minimum upstream INP is 2. huawei(config)#vdsl huawei(config)#vdsl 8 2 inp 4 2 rate 128 10000 128 10000 huawei(config)#vdsl
2.
line-profile quickadd 3 snr 60 0 300 60 0 300 channel-profile quickadd 3 path-mode ptm interleaved-delay 2048 2048 line-template quickadd 3 line 3 channel1 3 100 100
Activate VDSL port 0/4/0, and bind the preset VDSL line template 3 and the default VDSL alarm template (alarm template 1) to the port. NOTE
By default, a VDSL port is in the activated state. Before binding a template to the port, you must deactivate the port.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
228
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#interface vdsl 0/4 huawei(config-if-vdsl-0/4)#deactivate 0 huawei(config-if-vdsl-0/4)#activate 0 profile-index 3 huawei(config-if-vdsl-0/4)#alarm-config 0 1 huawei(config-if-vdsl-0/4)#quit
3.
Run the display traffic table command to query the existing traffic profiles in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirements.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
229
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or a VDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port, adopt traffic profile 5, and set the S-VLAN ID to 50. Set the VDSL channel mode to PTM, and the service port is 0/4/0. To facilitate the maintenance of the service port, configure the service port description. huawei(config)#service-port vlan 50 vdsl mode ptm 0/4/0 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/4/0 description Vlanid:50/vdsl/vpi:1vci:39/ stacking
5.
Set the C-VLAN ID of the preset service port 0/4/0 to 10 for identifying the user. Configure the important user packet with a higher priority so that the user packet can be processed with precedence, and set the priority of the inner VLAN to 4. huawei(config)#stacking label 0/4/0 10 huawei(config)#stacking inner-priority 0/4/0 4
Step 6 Configure the user account security. The PITP P mode can be enabled to protect the user account against theft and roaming. The RAIO mode can be customized according to actual requirements. Here, the encoding format required by China Telecom is considered as an example. The encoding format required by China Telecom is a customized format, corresponding to the cntel option. huawei(config)#pitp enable pmode huawei(config)#raio-mode cntel pitp-pmode NOTE
For details about the PITP configuration for the user account security, see 1.13.1 Configuring Anti-Theft and Roaming of User Account Through PITP.
Step 7 Save the data. huawei(config)#save
----End
Verification l
Step 1: Configure the user name and password for the dialup on the modem (the user name and password must be the same as those configured on the BRAS).
l
Step 2: Dial up on the PC by using the PPPoE dialup software. After the dialup is successful, the user can access the Internet.
l
Step 3: When FTP is used to download files, after the dialup is performed on the PPPoE dialup software, the PPPoE dialup software displays a message indicating that the dialup is successful. Then, the PC can access the Internet in the PPPoE mode.
l
Step 4: When downloading files through FTP, you can open Task Manager in Windows and click Networking to check the link speed. Then, you can calculate the Internet access rate by the following formula: Attainable Internet access rate = Computer network adapter rate/48 x 53 x 8. The calculation result approximates to the planned 2048 kbit/s.
Configuration Script Configuration Script in the ADSL access mode: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
230
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
vlan 50 smart vlan attrib 50 stacking port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static interface adsl 0/2 deactivate 0 activate 0 profile-index 1 alarm-config 0 1 quit service-port vlan 50 adsl 0/2/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 service-port desc 0/2/0 vpi 1 vci 39 description Vlanid:50/adsl/vpi:1vci:39/ stacking stacking label 0/2/0 vpi 1 vci 39 10 stacking inner-priority 0/2/0 vpi 1 vci 39 4 pitp enable pmode raio-mode cntel pitp-pmode save
Configuration Script in the SHDSL access mode: vlan 50 smart vlan attrib 50 stacking port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static shdsl line-profile quickadd 3 ptm rate 512 2048 interface shl 0/5 activate 0 3 alarm-config 0 1 quit service-port vlan 50 shdsl mode ptm 0/5/0 rx-cttr 5 tx-cttr 5 service-port desc 0/5/0 description Vlanid:50/shdsl/vpi:1vci:39/stacking stacking label 0/5/0 10 stacking inner-priority 0/5/0 4 pitp enable pmode raio-mode cntel pitp-pmode save
Configuration Script in the VDSL access mode: vlan 50 smart vlan attrib 50 stacking port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static vdsl line-profile quickadd 3 snr 60 0 300 60 0 300 vdsl channel-profile quickadd 3 path-mode ptm interleaved-delay 8 2 inp 4 2 rate 128 10000 128 10000 2048 2048 vdsl channel-profile quickadd 3 path-mode ptm interleaved-delay 8 2 inp 4 2 rate 128 10000 128 10000 2048 2048 interface vdsl 0/4 deactivate 0 activate 0 template-index 3 alarm-config 0 1 quit service-port vlan 50 vdsl mode ptm 0/4/0 rx-cttr 5 tx-cttr 5 service-port desc 0/4/0 description Vlanid:50/vdsl/vpi:1vci:39/stacking stacking label 0/4/0 10 stacking inner-priority 0/4/0 4 pitp enable pmode raio-mode cntel pitp-pmode save
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
231
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
6.1.2 Configuration Example of the xDSL IPoE Internet Access Service This topic describes how to configure a user so that the user can access the MA5600 in the xDSL mode, and then access the Internet in the IPoE mode at a rate of 2048 kbit/s.
Service Requirements l
The user accesses the Internet in the IPoE mode. The account authentication is implemented through the DHCP option 82 field.
l
Double VLAN tags are added to user packets for upstream transmission, where the outer VLAN tag identifies the service and the inner VLAN tag identifies the user. The service of each user is identified by a unique S-VLAN+C-VLAN. This is called the 1:1 access.
l
A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l
Dual GE ports are adopted for upstream transmission to ensure reliability. Link aggregation is configured for the two upstream ports.
Figure 6-2 shows an example network for configuring the xDSL IPoE Internet access service. Figure 6-2 Example network for configuring the xDSL IPoE Internet access service
LSW
BRAS
A
CON ETH MON
D G E
GE0/7/0
SCU
PPPoE/IPoE
MA5600
Modem
PC
Prerequisite The number of xDSL ports is under the control of licenses. Make sure that sufficient licenses are already requested.
Procedure Step 1 Configure a VLAN. Configure service VLAN 50 with the stacking attribute. The user packet goes upstream carrying two VLAN tags. The outer VLAN tag identifies the service and the inner VLAN tag identifies Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
232
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
the user. The service of each user is identified by unique S-VLAN+C-VLAN, and the VLAN forwarding mode is the S-VLAN+C-VLAN mode. huawei(config)#vlan 50 smart huawei(config)#vlan attrib 50 stacking
Step 2 Configure upstream ports. Add upstream ports 0/7/0 and 0/7/1 to VLAN 50. Two ports are added for the purpose of port aggregation. huawei(config)#port vlan 50 0/7 0 huawei(config)#port vlan 50 0/7 1
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP static mode, do as follows: huawei(config)#link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static NOTE
The aggregated ports must meet the following requirements: l The ports must work in the full-duplex mode. l The port rates must be the same and the rate of an electrical port must not be of the auto-negotiation type. l The attributes of the ports, such as the default VLAN ID (PVID) and VLAN, must be the same. l One port can belong to only one aggregation group. l The port must not be a mirroring destination port. l The port must not be in the auto-negotiation mode. l The start port ID must be smaller than the end port ID.
Step 3 In the ADSL access mode, follow this procedure. 1.
Configure an ADSL2+ profile. For details, see 1.11.1 Configuring the ADSL2+ Profile. Here, the default ADSL2+ line profile (line profile 1) and the default ADSL2+ alarm profile (alarm profile 1) are used as an example.
2.
Activate the ADSL port, and bind the ADSL2+ templates. NOTE
By default, an ADSL port is in the activated state. Before binding a template to the port, you must deactivate the port.
In the ADSL access mode, bind the default ADSL2+ line profile 1 and ADSL2+ alarm profile 1 to ADSL port 0/2/0. huawei(config)#interface adsl 0/2 huawei(config-if-adsl-0/2)#deactivate 0 huawei(config-if-adsl-0/2)#activate 0 profile-index 1 huawei(config-if-adsl-0/2)#alarm-config 0 1 huawei(config-if-adsl-0/2)#quit
3.
Run the display traffic table command to query the existing traffic profiles in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
233
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirements. NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or an ADSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port, adopt traffic profile 5, and set the S-VLAN ID to 50. The VPI and VCI of the service port must be the same as the management VPI and VCI of the peer modem. Assume that the management VPI and VCI of the modem are 1 and 39, and the access port ID is 0/2/0. To facilitate the maintenance of the service port, configure the service port description. huawei(config)#service-port vlan 50 adsl 0/2/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/2/0 vpi 1 vci 39 description Vlanid:50/adsl/ v pi:1vci:39/stacking
5.
Issue 09 (2015-02-28)
Set the C-VLAN ID of the preset service port with VPI/VCI 1/39 to 10 for identifying the user. Configure the important user packet with a higher priority so that the user packet can be processed with precedence, and set the priority of the inner VLAN to 4. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
234
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#stacking label 0/2/0 vpi 1 vci 39 10 huawei(config)#stacking inner-priority 0/2/0 vpi 1 vci 39 4
Step 4 In the SHDSL access mode, follow this procedure. 1.
Configure an SHDSL profile. For details, see 1.11.2 Configuring SHDSL Profiles. Add SHDSL line profile 3 of the PTM type, with the maximum line rate 2048 kbit/s. huawei(config)#shdsl line-profile quickadd 3 ptm rate 512 2048
2.
Activate SHDSL port 0/5/0, and bind the preset SHDSL line profile 3 and the default SHDSL alarm template (alarm template 1) to the port. NOTE
By default, an SHDSL port is in the activated state. Before binding a profile or template to the port, you must deactivate the port. huawei(config)#interface shl 0/5 huawei(config-if-shl-0/5)#deactivate 0 huawei(config-if-shl-0/5)#activate 0 3 huawei(config-if-shl-0/5)#alarm-config 0 1 huawei(config-if-shl-0/5)#quit
3.
Run the display traffic table command to query the existing traffic profiles in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
235
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide 7:ClpTaggingScr 10:ClpTransparentScr 13:NoClpScrCdvt
6 Configuration Examples of Services
8:ClpNoTaggingMcr 11:NoClpTaggingNoScr 14:ClpNoTaggingScrCdvt
9:ClpTransparentNoScr 12:NoClpNoScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirements. NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or an SHDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port, adopt traffic profile 5, and set the S-VLAN ID to 50. Set the SHDSL channel mode to PTM and the service port is 0/5/0. To facilitate the maintenance of the service port, configure the service port description. huawei(config)#service-port vlan 50 shdsl mode ptm 0/5/0 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/5/0 description Vlanid:50/shdsl/vpi:1vci: 39/stacking
5.
Set the C-VLAN ID of the preset service port 0/5/0 to 10 for identifying the user. Configure the important user packet with a higher priority so that the user packet can be processed with precedence, and set the priority of the inner VLAN to 4. huawei(config)#stacking label 0/5/0 10 huawei(config)#stacking inner-priority 0/5/0 4
Step 5 In the VDSL access mode, follow this procedure. 1.
Configure a VDSL profile. For details, see 1.11.3 Configuring VDSL2 Profiles. Assume that the VDSL profile ID is 3, the minimum reserved transmission rate in the downstream is 2048 kbit/s, channel mode is the interleave mode, maximum downstream interleave delay is 8 ms, maximum upstream interleave delay is 2 ms, SNR margin is 6 dB, minimum downstream INP is 4, and minimum upstream INP is 2. huawei(config)#vdsl huawei(config)#vdsl 8 2 inp 4 2 rate 128 10000 128 10000 huawei(config)#vdsl
2.
line-profile quickadd 3 snr 60 0 300 60 0 300 channel-profile quickadd 3 path-mode ptm interleaved-delay 2048 2048 line-template quickadd 3 line 3 channel1 3 100 100
Activate VDSL port 0/4/0, and bind the preset VDSL line template 3 and the default VDSL alarm template (alarm template 1) to the port. NOTE
By default, a VDSL port is in the activated state. Before binding a template to the port, you must deactivate the port. huawei(config)#interface vdsl 0/4 huawei(config-if-vdsl-0/4)#deactivate 0 huawei(config-if-vdsl-0/4)#activate 0 profile-index 3 huawei(config-if-vdsl-0/4)#alarm-config 0 1 huawei(config-if-vdsl-0/4)#quit
3.
Run the display traffic table command to query the existing traffic profiles in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service:
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
236
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirements. NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or a VDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port, adopt traffic profile 5, and set the S-VLAN ID to 50. Set the VDSL channel mode to PTM, and the service port is 0/4/0. To facilitate the maintenance of the service port, configure the service port description. huawei(config)#service-port vlan 50 vdsl mode ptm 0/4/0 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/4/0 description Vlanid:50/vdsl/vpi:1vci:39/ stacking
5.
Issue 09 (2015-02-28)
Set the C-VLAN ID of the preset service port 0/4/0 to 10 for identifying the user. Configure the important user packet with a higher priority so that the user packet can be processed with precedence, and set the priority of the inner VLAN to 4. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
237
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#stacking label 0/4/0 10 huawei(config)#stacking inner-priority 0/4/0 4
Step 6 Configure the security of user accounts. NOTE
l In this example, the MA5600 works in the L2 DHCP mode. Therefore, the DHCP-related configurations are not required. If the MA5600 works in the L3 DHCP mode, the DHCP-related configurations on the MA5600 are required. For details, see Configuring DHCP. l For the details about the security of DHCP accounts, see Configuring Anti-Theft or Roaming of User Accounts Through DHCP.
Assume that the RAIO mode is the user-defined mode, the CID is the access node name frame/ slot/port:vlanid, the RID is the label of the service port where the user is connected. To enable the DHCP option 82 function with these parameters, do as follows: huawei(config)#dhcp option82 enable huawei(config)#raio-mode user-defined dhcp-option82 huawei(config)#raio-format dhcp-option82 cid anid frame/slot/port:vlanid huawei(config)#raio-format dhcp-option82 rid splabel
Step 7 Save the data. huawei(config)#save
----End
Verification l
Step 1: After the PC NIC automatically obtains an IP address and a connection to the Internet is set up, the user can access the Internet.
l
Step 2: To download a file through FTP, open Windows Task Manager and then click Networking to observe the link rate. Calculate the Internet access rate by the formula: attainable Internet access rate = computer NIC rate/48 x 53 x 8. The calculated result approximates to the planned 2048 kbit/s.
Configuration Script Configuration Script for the ADSL access mode: vlan 50 smart vlan attrib 50 stacking port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static interface adsl 0/2 deactivate 0 activate 0 profile-index 1 alarm-config 0 1 quit service-port vlan 50 adsl 0/2/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 service-port desc 0/2/0 vpi 1 vci 39 description Vlanid:50/adsl/vpi:1vci:39/ stacking stacking label 0/2/0 vpi 1 vci 39 10 stacking inner-priority 0/2/0 vpi 1 vci 39 4 dhcp option82 enable raio-mode user-defined dhcp-option82 raio-format dhcp-option82 cid anid frame/slot/port:vlanid raio-format dhcp-option82 rid splabel save
Configuration Script for the SHDSL access mode: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
238
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
vlan 50 smart vlan attrib 50 stacking port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static shdsl line-profile quickadd 3 ptm rate 512 2048 interface shl 0/5 interface shl 0/5 activate 0 3 alarm-config 0 1 quit service-port vlan 50 shdsl mode ptm 0/5/0 rx-cttr 5 tx-cttr 5 service-port desc 0/5/0 description Vlanid:50/shdsl/vpi:1vci:39/stacking stacking label 0/5/0 10 stacking inner-priority 0/5/0 4 dhcp option82 enable raio-mode user-defined dhcp-option82 raio-format dhcp-option82 cid anid frame/slot/port:vlanid raio-format dhcp-option82 rid splabel save
Configuration Script for the VDSL access mode: vlan 50 smart vlan attrib 50 stacking port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static vdsl line-profile quickadd 3 snr 60 0 300 60 0 300 vdsl channel-profile quickadd 3 path-mode ptm interleaved-delay 8 2 inp 4 2 rate 128 10000 128 10000 2048 2048 vdsl channel-profile quickadd 3 path-mode ptm interleaved-delay 8 2 inp 4 2 rate 128 10000 128 10000 2048 2048 interface vdsl 0/4 deactivate 0 activate 0 template-index 3 alarm-config 0 1 quit service-port vlan 50 vdsl mode ptm 0/4/0 rx-cttr 5 tx-cttr 5 service-port desc 0/4/0 description Vlanid:50/vdsl/vpi:1vci:39/stacking stacking label 0/4/0 10 stacking inner-priority 0/4/0 4 dhcp option82 enable raio-mode user-defined dhcp-option82 raio-format dhcp-option82 cid anid frame/slot/port:vlanid raio-format dhcp-option82 rid splabel save
6.1.3 Configuration Example of the xDSL IPoA Internet Access Service This topic describes how to configure a user so that the user can access the MA5600 in the xDSL mode, and then access the Internet in the IPoA mode at a rate of 2048 kbit/s.
Service Requirements l
The user accesses the Internet in the IPoA mode and obtains an IP address from the DHCP server. The MA5600 works in the DHCP L2 mode.
l
One VLAN tag is added to user packets for upstream transmission and the services of multiple users are aggregated into one VLAN.
l
DHCP option 82 is enabled to protect user accounts from theft and roaming.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
239
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
l
A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l
Dual GE ports are adopted for upstream transmission to ensure reliability. Link aggregation is configured for the two upstream ports.
Figure 6-3 shows an example network for configuring the xDSL IPoA Internet access service. Figure 6-3 Example network for configuring the xDSL IPoA Internet access service
LSW
BRAS
A
CON ETH MON
D G E
GE0/7/0 SVLAN:50 SCU
PPPoA/IPoA
MA5600
Modem
Modem
PC
PC
Prerequisite The number of xDSL ports is under the control of licenses. Make sure that sufficient licenses are already requested.
Procedure Step 1 Create a VLAN. Create smart VLAN 50. huawei(config)#vlan 50 smart
Step 2 Add two upstream ports to the VLAN. Add upstream ports 0/7/0 and 0/7/1 to VLAN 50. Two ports are added for the purpose of port aggregation. huawei(config)#port vlan 50 0/7 0 huawei(config)#port vlan 50 0/7 1
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP static mode. huawei(config)#link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
240
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
NOTE
The aggregated ports must meet the following requirements: The ports must work in the full-duplex mode; the port rates must be the same and the rate of an electrical port must not be of the auto-negotiation type; the attributes of the ports, such as the default VLAN ID (PVID) and VLAN, must be the same; one port can belong to only one aggregation group; the port must not be a mirroring destination port; the port must not be in the autonegotiation mode; the start port ID must be smaller than the end port ID.
Step 3 In the case of the ADSL access mode, follow this procedure. 1.
Configure an ADSL2+ profile. For details, see 1.11.1 Configuring the ADSL2+ Profile. The ID of the ADSL2+ line profile is 3, the downstream rate is 2048 kbit/s, the channel mode is the interleave mode, the maximum interleave delay is 10 ms, and the SNR margin is 6 dB. huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1 bitswap 1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048 1000 1100
2.
Activate the ADSL port. The port is port 0/2/0, and ADSL line profile 3 and the default alarm profile (alarm profile 1) are bound to the port. NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port. huawei(config)#interface adsl 0/2/0 huawei(config-if-adsl-0/2/0)#deactivate 0 huawei(config-if-adsl-0/2/0)#activate 0 profile-index 3 huawei(config-if-adsl-0/2/0)#alarm-config 0 1 huawei(config-if-adsl-0/2/0)#quit
3.
Run the display traffic table command to query the traffic profiles that exist in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /--
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
241
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide 4 off 5 6
6 Configuration Examples of Services
rt-vbr
15
128
--
--
64
300
10000000 on /on /
ubr ubr
2 1
2048 --
---
---
---
---
---
on /on /-off/off/--
----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirement. NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or an xDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port. The index of the new service port is 1, the access port is port 0/2/0, traffic profile 5 meets the service requirement, and the SVLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI of the peer modem. Assume that the management VPI and VCI of the modem are 1 and 39. To facilitate the maintenance of the service port, configure description for the service port. huawei(config)#service-port vlan 50 adsl 0/2/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/2/0 description MA5600HW/Vlanid:50/adsl/ smart
5.
Set the maximum number of MAC addresses that can be learned by the service port is 16. This parameter is to limit the maximum number of the MAC addresses that can be learned by one account, namely, the maximum number of the PCs that can access the Internet through one account. huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 1 vci 39 16
Step 4 In the case of the SHDSL access mode, follow this procedure. 1.
Configure an SHDSL profile. For details, see 1.11.2 Configuring SHDSL Profiles. The ID of the SHDSL line profile is 3, the line rate is 2048 kbit/s, and the profile is used to activate 4-wire ports. huawei(config)#shdsl line-profile quickadd 3 line four-wire rate 2048
2.
Activate the SHDSL port. The port is port 0/5/0, and SHDSL line profile 3 and the default alarm profile (alarm profile 1) are bound to the port. NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port. huawei(config)#interface shl 0/5 huawei(config-if-shl-0/5)#deactivate 0 huawei(config-if-shl-0/5)#activate 0 3 huawei(config-if-shl-0/5)#alarm-config 0 1 huawei(config-if-shl-0/5)#quit
3. Issue 09 (2015-02-28)
Run the display traffic table command to query the traffic profiles that exist in the system. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
242
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirement. NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or an SHDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Issue 09 (2015-02-28)
Run the service-port command to create a service port. The index of the new service port is 2, the access port is port 0/5/0, traffic profile 5 meets the service requirement, and the SVLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI of the peer modem. Assume that the management VPI and VCI of the modem are 1 and
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
243
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
39. To facilitate the maintenance of the service port, configure description for the service port. huawei(config)#service-port vlan 50 shdsl mode atm 0/5/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/5/0 description MA5600HW/Vlanid:50/shdsl/ smart
5.
Set the maximum number of MAC addresses that can be learned by the service port to 16. This parameter is to limit the maximum number of the MAC addresses that can be learned by one account, namely, the maximum number of the PCs that can access the Internet through one account. huawei(config)#mac-address max-mac-count shdsl 0/5/0 vpi 1 vci 39 16
Step 5 In the case of the VDSL access mode, follow this procedure. 1.
Configure a VDSL profile. For details, see Configuring the VDSL2 Profile. Configure the VDSL profile with the following parameters: Profile ID: 3; The minimum reserved transmission rate in the downstream: 2048 kbit/s; Channel mode: interleave mode; Downstream maximum interleave delay: 8 ms; Upstream maximum interleave delay: 2 ms; SNR margin: 6 dB; Downstream minimum INP: 4; Upstream minimum INP: 2. huawei(config)#vdsl huawei(config)#vdsl 8 2 inp 4 2 rate 128 10000 128 10000 huawei(config)#vdsl
2.
line-profile quickadd 3 snr 60 0 300 60 0 300 channel-profile quickadd 3 path-mode atm interleaved-delay 2048 2048 line-template quickadd 3 line 3 channel1 3 100 100
Activate VDSL port 0/4/0, and bind the preset VDSL line template 3 and the default VDSL alarm template (alarm template 1) to the port. NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port. huawei(config)#interface vdsl 0/4 huawei(config-if-vdsl-0/4)#deactivate 0 huawei(config-if-vdsl-0/4)#activate 0 profile-index 3 huawei(config-if-vdsl-0/4)#alarm-config 0 1 huawei(config-if-vdsl-0/4)#quit
3.
Run the display traffic table command to query the traffic profiles that exist in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: -----------------------------------------------------------------------------
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
244
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide TID SHAPE
6 Configuration Examples of Services
Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS Type
Type kbps
kbps
kbps
kbps
CDVT
PPD/EPD/
cells 1/10us
----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirement. NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or a VDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port. The index of the new service port is 3, the access port is port 0/4/0, traffic profile 5 meets the service requirement, and the SVLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI of the peer modem. Assume that the management VPI and VCI of the modem are 1 and 39. To facilitate the maintenance of the service port, configure description for the service port. huawei(config)#service-port vlan 50 vdsl mode atm 0/4/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/4/0 description MA5600HW/Vlanid:50/vdsl/ smart
5.
Set the maximum number of MAC addresses that can be learned by the service port to 16. This parameter is to limit the maximum number of the MAC addresses that can be learned by one account, namely, the maximum number of the PCs that can access the Internet through one account. huawei(config)#mac-address max-mac-count vdsl 0/4/0 vpi 1 vci 39 16
Step 6 Enable the IPoA-IPoE protocol conversion. This step is to configure the IPoA MAC address pool. The start MAC address in the MAC address pool is 0000–1111–1010, and the maximum number of the MAC addresses in the MAC address pool is 300. The IPoA-IPoE protocol conversion is enabled, the default gateway address is the same as the IP address (192.168.1.1) of the upper-layer router, and the service encapsulation mode is LLC-IPoA. huawei(config)#mac-pool 0 0000-1111-1010 300 huawei(config)#ipoa enable huawei(config)#ipoa default gateway 192.168.1.20
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
245
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#encapsulation 0/2/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1 huawei(config)#encapsulation 0/5/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1 huawei(config)#encapsulation 0/4/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1
Step 7 Save the data. huawei(config)#save
----End
Verification l
Step 1: Set the VPI/VCI of the modem to 1/39, encapsulation mode to llc-ipoa, and IP address to 192.168.1.1.
l
Step 2: After the settings on the modem are completed, the network connection is automatically set up and the user can access the Internet.
l
Step 3: To download a file through FTP, open Windows Task Manager, and then click Networking to observe the link rate. Calculate the Internet access rate by the formula: attainable Internet access rate = computer NIC rate/48 x 53 x 8. The calculated result approximates to the planned 2048 kbit/s.
Configuration Script Configuration Script for the ADSL access mode: vlan 50 smart port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static adsl line-profile quickadd basic-para full-rate trellis 1 bitswap 1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048 1000 1100 interface adsl 0/2 deactivate 0 activate 0 profile-index 3 alarm-config 0 1 quit service-port vlan 50 adsl 0/2/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 service-port desc 0/2/0 description MA5600HW/Vlanid:50/adsl/smart mac-address max-mac-count adsl 0/2/0 vpi 1 vci 39 16 mac-pool 0 0000-1111-1010 300 ipoa enable ipoa default gateway 192.168.1.20 encapsulation 0/2/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1 save
Configuration Script for the SHDSL access mode: vlan 50 smart port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static shdsl line-profile quickadd 3 line four-wire rate 2048 interface shl 0/5 deactivate 0 activate 0 3 alarm-config 0 1 quit service-port vlan 50 shdsl mode atm 0/5/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 service-port desc 0/5/0 description MA5600HW/Vlanid:50/shdsl/smart mac-address max-mac-count shdsl 0/5/0 vpi 1 vci 39 16 mac-pool 0 0000-1111-1010 300 ipoa enable
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
246
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
ipoa default gateway 192.168.1.20 encapsulation 0/5/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1 save
Configuration Script for the VDSL access mode: vlan 50 smart port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static vdsl line-profile quickadd 3 snr 60 0 300 60 0 300 vdsl channel-profile quickadd 3 path-mode atm interleaved-delay 8 2 inp 4 2 rate 128 10000 128 10000 2048 2048 interface vdsl 0/4 deactivate 0 activate 0 template-index 3 alarm-config 0 1 quit service-port vlan 50 vdsl mode atm 0/4/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 service-port desc 0/4/0 description MA5600HW/Vlanid:50/vdsl/smart mac-address max-mac-count vdsl 0/4/0 vpi 1 vci 39 16 mac-pool 0 0000-1111-1010 300 ipoa enable ipoa default gateway 192.168.1.20 encapsulation 0/4/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1 save
6.1.4 Configuration Example of the xDSL PPPoA Internet Access Service This topic describes how to configure a user so that the user can access the MA5600 in the xDSL mode, and then access the Internet in the PPPoA mode at a rate of 2048 kbit/s.
Service Requirements l
The user accesses the Internet in the PPPoA mode.
l
User packets, which carry a single VLAN tag, are transmitted in the upstream direction, and the services of multiple users are converged into one VLAN. This is called the N:1 access.
l
PITP is enabled to protect user accounts from theft and roaming.
l
A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l
Dual GE ports are adopted for upstream transmission to ensure reliability. Link aggregation is configured for the two upstream ports.
Figure 6-4 shows an example network for configuring the xDSL PPPoA Internet access service.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
247
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Figure 6-4 Example network for configuring the xDSL PPPoA Internet access service
LSW
BRAS
A
CON ETH MON
D G E
GE0/7/0 SVLAN:50 SCU
PPPoA/IPoA
MA5600
Modem
Modem
PC
PC
Prerequisite The number of xDSL ports is under the control of licenses. Make sure that sufficient licenses are already requested. l
If the AAA function is enabled on the device, see Configuring AAA.
l
If the AAA function is implemented by the BRAS, a connection to the BRAS must be established. The BRAS can identify the VLAN tag of the MA5600 in the upstream direction. For the identification purpose, the user name and password for dial-up Internet access must be configured on the BRAS.
Procedure Step 1 Create a VLAN. Create smart VLAN 50. huawei(config)#vlan 50 smart
Step 2 Configure upstream ports. Add upstream ports 0/7/0 and 0/7/1 to VLAN 50. Two ports are added for the purpose of port aggregation. huawei(config)#port vlan 50 0/7 0 huawei(config)#port vlan 50 0/7 1
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP static mode, do as follows: huawei(config)#link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
248
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
NOTE
The aggregated ports must meet the following requirements: l The ports must work in the full-duplex mode. l The port rates must be the same and the rate of an electrical port must not be of the auto-negotiation type. l The attributes of the ports, such as the default VLAN ID (PVID) and VLAN, must be the same. l One port can belong to only one aggregation group. l The port must not be a mirroring destination port. l The port must not be in the auto-negotiation mode. l The start port ID must be smaller than the end port ID.
Step 3 In the case of the ADSL access mode, follow this procedure. 1.
Configure an ADSL2+ profile. For details, see 1.11.1 Configuring the ADSL2+ Profile. The ID of the ADSL2+ line profile is 3, the downstream rate is 2048 kbit/s, the channel mode is the interleave mode, the maximum interleave delay is 10 ms, and the SNR margin is 6 dB. huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1 bitswap 1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048 1000 1100
2.
Activate the ADSL port. The port is port 0/2/0, and ADSL line profile 3 and the default alarm profile (alarm profile 1) are bound to the port. NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port. huawei(config)#interface adsl 0/2/0 huawei(config-if-adsl-0/2/0)#deactivate 0 huawei(config-if-adsl-0/2/0)#activate 0 profile-index 3 huawei(config-if-adsl-0/2/0)#alarm-config 0 1 huawei(config-if-adsl-0/2/0)#quit
3.
Run the display traffic table command to query the traffic profiles that exist in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
249
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirement. NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or an xDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port. The index of the new service port is 1, the access port is port 0/2/0, traffic profile 5 meets the service requirement, and the SVLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI of the peer modem. Assume that the management VPI and VCI of the modem are 1 and 39. To facilitate the maintenance of the service port, configure description for the service port. huawei(config)#service-port vlan 50 adsl 0/2/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/2/0 description MA5600HW/Vlanid:50/adsl/ smart
5.
Set the maximum number of MAC addresses that can be learned by the service port is 16. This parameter is to limit the maximum number of the MAC addresses that can be learned by one account, namely, the maximum number of the PCs that can access the Internet through one account. huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 1 vci 39 16
Step 4 In the case of the SHDSL access mode, follow this procedure. 1.
Configure an SHDSL profile. For details, see 1.11.2 Configuring SHDSL Profiles. The ID of the SHDSL line profile is 3, the line rate is 2048 kbit/s, and the profile is used to activate 4-wire ports. huawei(config)#shdsl line-profile quickadd 3 line four-wire rate 2048
2.
Activate the SHDSL port. The port is port 0/5/0, and SHDSL line profile 3 and the default alarm profile (alarm profile 1) are bound to the port. NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port. huawei(config)#interface shl 0/5 huawei(config-if-shl-0/5)#deactivate 0
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
250
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config-if-shl-0/5)#activate 0 3 huawei(config-if-shl-0/5)#alarm-config 0 1 huawei(config-if-shl-0/5)#quit
3.
Run the display traffic table command to query the traffic profiles that exist in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri ----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirement. NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or an SHDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
251
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4.
6 Configuration Examples of Services
Run the service-port command to create a service port. The index of the new service port is 2, the access port is port 0/5/0, traffic profile 5 meets the service requirement, and the SVLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI of the peer modem. Assume that the management VPI and VCI of the modem are 1 and 39. To facilitate the maintenance of the service port, configure description for the service port. huawei(config)#service-port vlan 50 shdsl mode atm 0/5/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/5/0 description MA5600HW/Vlanid:50/shdsl/ smart
5.
Set the maximum number of MAC addresses that can be learned by the service port to 16. This parameter is to limit the maximum number of the MAC addresses that can be learned by one account, namely, the maximum number of the PCs that can access the Internet through one account. huawei(config)#mac-address max-mac-count shdsl 0/5/0 vpi 1 vci 39 16
Step 5 In the case of the VDSL access mode, follow this procedure. 1.
Configure a VDSL profile. For details, see Configuring the VDSL2 Profile. Configure the VDSL profile with the following parameters: Profile ID: 3; The minimum reserved transmission rate in the downstream: 2048 kbit/s; Channel mode: interleave mode; Downstream maximum interleave delay: 8 ms; Upstream maximum interleave delay: 2 ms; SNR margin: 6 dB; Downstream minimum INP: 4; Upstream minimum INP: 2. huawei(config)#vdsl huawei(config)#vdsl 8 2 inp 4 2 rate 128 10000 128 10000 huawei(config)#vdsl
2.
line-profile quickadd 3 snr 60 0 300 60 0 300 channel-profile quickadd 3 path-mode atm interleaved-delay 2048 2048 line-template quickadd 3 line 3 channel1 3 100 100
Activate VDSL port 0/4/0, and bind the preset VDSL line template 3 and the default VDSL alarm template (alarm template 1) to the port. NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port. huawei(config)#interface vdsl 0/4 huawei(config-if-vdsl-0/4)#deactivate 0 huawei(config-if-vdsl-0/4)#activate 0 profile-index 3 huawei(config-if-vdsl-0/4)#alarm-config 0 1 huawei(config-if-vdsl-0/4)#quit
3.
Run the display traffic table command to query the traffic profiles that exist in the system. huawei(config)#display traffic table from-index 0 { |toindex }: Command: display traffic table from-index 0 Traffic parameters for IP service: ----------------------------------------------------------------------------TID CAR(kbps) Priority Pri-Policy ----------------------------------------------------------------------------0 1024 6 tag-pri 1 2496 6 tag-pri 2 512 0 tag-pri 3 576 2 tag-pri 4 64 4 tag-pri 5 2048 0 tag-pri 6 -0 tag-pri
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
252
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
----------------------------------------------------------------------------Traffic parameters for ATM service: ----------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/ SHAPE Type Type kbps kbps kbps kbps cells 1/10us ----------------------------------------------------------------------------0 cbr 2 1024 -----off/off/-1 cbr 2 2500 -----off/off/-2 ubr 2 512 -----on /on /-3 nrt-vbr 5 1200 -600 -250 -on /on /-4 rt-vbr 15 128 --64 300 10000000 on /on / off 5 ubr 2 2048 -----on /on /-6 ubr 1 ------off/off/-----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt -----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows that traffic profile 5 meets the requirement. NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to configure a new traffic profile. l On the MA5600, the user access rate can be limited by either a traffic profile or a VDSL line profile. When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4.
Run the service-port command to create a service port. The index of the new service port is 3, the access port is port 0/4/0, traffic profile 5 meets the service requirement, and the SVLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI of the peer modem. Assume that the management VPI and VCI of the modem are 1 and 39. To facilitate the maintenance of the service port, configure description for the service port. huawei(config)#service-port vlan 50 vdsl mode atm 0/4/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 huawei(config)#service-port desc 0/4/0 description MA5600HW/Vlanid:50/vdsl/ smart
5.
Set the maximum number of MAC addresses that can be learned by the service port to 16. This parameter is to limit the maximum number of the MAC addresses that can be learned by one account, namely, the maximum number of the PCs that can access the Internet through one account. huawei(config)#mac-address max-mac-count vdsl 0/4/0 vpi 1 vci 39 16
Step 6 Configure the PPPoA-PPPoE protocol conversion. This step is to configure the PPPoA MAC address pool. The start MAC address in the MAC address pool is 0000-1111-1010, and the maximum number of the MAC addresses in the MAC address pool is 300. The PPPoA-PPPoE protocol conversion is enabled and the service encapsulation mode is LLC. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
253
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide huawei(config)#mac-pool 0 0000-1111-1010 huawei(config)#pppoa enable huawei(config)#encapsulation 0/2/0 vpi 1 huawei(config)#encapsulation 0/5/0 vpi 1 huawei(config)#encapsulation 0/4/0 vpi 1
6 Configuration Examples of Services 300 vci 39 type pppoa llc vci 39 type pppoa llc vci 39 type pppoa llc
Step 7 Configure the user account security. The PITP P mode can be enabled to protect the user account against theft and roaming. The RAIO mode can be customized according to actual requirements. Here, the encoding format required by China Telecom is considered as an example. The encoding format required by China Telecom is a customized format, corresponding to the cntel option. huawei(config)#pitp enable pmode huawei(config)#raio-mode cntel pitp-pmode NOTE
For details about the PITP configuration for the user account security, see 1.13.1 Configuring Anti-Theft and Roaming of User Account Through PITP.
Step 8 Save the data. huawei(config)#save
----End
Verification l
Step 1: Set the VPI/VCI of the modem to 1/39 and encapsulation mode to llc-pppoa. Configure the user name and password used for dialing (the user name and password must be the same as those configured on the BRAS.)
l
Step 2: After the settings on the modem are completed, dialing is initialized, a network connection is automatically set up, and the user can access the Internet.
l
Step 3: To download a file through FTP, open Windows Task Manager and then click Networking to observe the link rate. Calculate the Internet access rate by the formula: attainable Internet access rate = computer NIC rate/48 x 53 x 8. The calculated result approximates to the planned 2048 kbit/s.
Configuration Script Configuration Script for the ADSL access mode: vlan 50 smart port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static adsl line-profile quickadd basic-para full-rate trellis 1 bitswap 1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048 1000 1100 interface adsl 0/2 deactivate 0 activate 0 profile-index 3 alarm-config 0 1 quit service-port vlan 50 adsl 0/2/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 service-port desc 0/2/0 description MA5600HW/Vlanid:50/adsl/smart mac-address max-mac-count adsl 0/2/0 vpi 1 vci 39 16 mac-pool 0 0000-1111-1010 300 pppoa enable encapsulation 0/2/0 vpi 1 vci 39 type pppoa llc pitp enable pmode raio-mode cntel pitp-pmode save
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
254
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Configuration Script for the SHDSL access mode: vlan 50 smart port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static shdsl line-profile quickadd 3 line four-wire rate 2048 interface shl 0/5 deactivate 0 activate 0 3 alarm-config 0 1 quit service-port vlan 50 shdsl mode atm 0/5/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 service-port desc 0/5/0 description MA5600HW/Vlanid:50/shdsl/smart mac-address max-mac-count shdsl 0/5/0 vpi 1 vci 39 16 mac-pool 0 0000-1111-1010 300 pppoa enable encapsulation 0/5/0 vpi 1 vci 39 type pppoa llc pitp enable pmode raio-mode cntel pitp-pmode save
Configuration Script for the VDSL access mode: vlan 50 smart port vlan 50 0/7 0 port vlan 50 0/7 1 link-aggregation 0/7 0 0/7 1 egress-ingress workmode lacp-static vdsl line-profile quickadd 3 snr 60 0 300 60 0 300 vdsl channel-profile quickadd 3 path-mode atm interleaved-delay 8 2 inp 4 2 rate 128 10000 128 10000 2048 2048 interface vdsl 0/4 deactivate 0 activate 0 template-index 3 alarm-config 0 1 quit service-port vlan 50 vdsl mode atm 0/4/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5 service-port desc 0/4/0 description MA5600HW/Vlanid:50/vdsl/smart mac-address max-mac-count vdsl 0/4/0 vpi 1 vci 39 16 mac-pool x0 0000-1111-1010 300 pppoa enable encapsulation 0/4/0 vpi 1 vci 39 type pppoa llc pitp enable pmode raio-mode cntel pitp-pmode save
6.2 Configuration Examples of the Multicast Service in the MVLAN Mode This topic describes how to configure the multicast video service in the multicast VLAN (MVLAN) mode.
6.2.1 Configuration Example of the Multicast Video Service in the Static Configuration Mode This topic describes how to configure the multicast video service in the static configuration mode.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
255
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Service Requirements l
The MA5600 adopts the IGMP proxy L2 snooping protocol.
l
Multicast programs are configured statically and multicast users are authenticated.
l
The multicast bandwidth control is required.
l
The users access the programs provided by ISP 1 and ISP 2 in the VDSL2 IPoE mode.
l
The H565VDEB2 board supports the VDSL2 fall back feature, namely, the VDSL2/ ADSL2+/ADSL mode auto-sensing. In this manner, the user terminal can be connected to the ADSL modem or the VDSL modem, and different services are provided according to the type of the configured modem.
Figure 6-5 shows an example network for configuring the multicast service. Figure 6-5 Example network for configuring the multicast service Program: 224.1.1.1 224.1.1.2
Program: 224.1.1.3 224.1.1.4
ISP 2
ISP 1 10.10.10.10
10.10.10.11
Router
0/7/1 V D E B
V D E B
CON ETH MON
GE
0/7/1
Port:0/1/0 MVLAN:10
VLAN:10 VLAN:20
Port:0/2/0 MVLAN:20
MA5600
VDSL modem
VDSL modem
STB
STB
TV
TV
Prerequisites The license for the multicast program or the multicast user is already requested and installed. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
256
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Procedure Step 1 Configure multicast VLANs. Configure smart VLAN 10 as the multicast domain of ISP 1, and smart VLAN 20 as the multicast domain of ISP 2. 1.
Configure the protocol, multicast upstream port, and program list of multicast VLAN 10. Multicast VLAN 10 adopts IGMP snooping, IGMP V3 (system default value), upstream port 0/7/1, and statically configured programs 224.1.1.1 and 224.1.1.2. huawei(config)#vlan 10 smart huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp mode snooping huawei(config-mvlan10)#igmp uplink-port 0/7/1 huawei(config-mvlan10)#igmp program add name program1 ip 224.1.1.1 sourceip 10.10.10.10 hostip 10.0.0.254 log enable huawei(config-mvlan10)#igmp program add name program2 ip 224.1.1.2 sourceip 10.10.10.10 hostip 10.0.0.254 log enable huawei(config-mvlan20)#quit
2.
Configure the protocol, multicast upstream port, and program list of multicast VLAN 20. Multicast VLAN 20 adopts IGMP snooping, IGMP V3 (system default value), upstream port 0/7/1, and statically configured programs 224.1.1.3 and 224.1.1.4. huawei(config)#vlan 20 smart huawei(config)#multicast-vlan 20 huawei(config-mvlan20)#igmp mode snooping huawei(config-mvlan20)#igmp uplink-port 0/7/1 huawei(config-mvlan20)#igmp program add name program3 ip 224.1.1.3 sourceip 10.10.10.11 hostip 10.0.0.254 log enable huawei(config-mvlan20)#igmp program add name program4 ip 224.1.1.4 sourceip 10.10.10.11 hostip 10.0.0.254 log enable
Step 2 Configure rights profiles named music and movie with the watch right, and bind the rights profiles to the programs. huawei(config)#btv huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#quit
profile profile profile profile profile profile
add profile-name music profile-name music program-name profile-name music program-name profile-name music program-name add profile-name movie profile-name movie program-name
program1 watch program2 watch program3 watch program4 watch
Step 3 Configure multicast users. 1.
Create the service channels of the multicast users. NOTE
For the ATM and PTM traffic streams configured on the same service port, the parameters of the ATM traffic stream must be the same as the parameters of the PTM traffic stream. huawei(config)#port vlan 10 huawei(config)#port vlan 20 huawei(config)#service-port tx-cttr 2 huawei(config)#service-port tx-cttr 2 huawei(config)#service-port huawei(config)#service-port
2.
0/7 1 0/7 1 vlan 10 vdsl mode atm 0/1/0 vpi 0 vci 35 rx-cttr 2 vlan 20 vdsl mode atm 0/2/0 vpi 0 vci 35 rx-cttr 2 vlan 10 vdsl mode ptm 0/1/0 rx-cttr 2 tx-cttr 2 vlan 20 vdsl mode ptm 0/2/0 rx-cttr 2 tx-cttr 2
Configure the attributes of the multicast users. Configure multicast user 0/1/0 as the authentication type, with log reporting enabled, and with the maximum bandwidth 10 Mbit/s. Configure multicast user 0/2/0 as the
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
257
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
authentication type, with log reporting enabled, and with the maximum bandwidth 5 Mbit/ s. huawei(config)#btv huawei(config-btv)#igmp user add m ax-bandwidth 10240 max-program 8 huawei(config-btv)#igmp user add bandwidth 10240 max-program 8 huawei(config-btv)#igmp user add m ax-bandwidth 5120 max-program 8 huawei(config-btv)#igmp user add bandwidth 5120 max-program 8
3.
port 0/1/0 vdsl mode atm 0 35 auth log enable
port 0/1/0 vdsl mode ptm auth log enable maxport 0/2/0 vdsl mode atm 0 35 auth log enable
port 0/2/0 vdsl mode ptm auth log enable max-
Bind the multicast users to the rights profiles. Bind VDSL user 0/1/0 to rights profile music, and VDSL user 0/2/0 to rights profile movie. huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#quit
4.
user user user user
bind-profile bind-profile bind-profile bind-profile
port port port port
0/1/0 0/1/0 0/2/0 0/2/0
stream profile-name music 0 35 profile-name music stream profile-name movie 0 35 profile-name movie
Add the ADSL users to the multicast VLANs so that the ADSL users are multicast members. huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp multicast-vlan member port 0/1/0 huawei(config-mvlan10)#quit huawei(config-btv)#multicast-vlan 20 huawei(config-mvlan20)#igmp multicast-vlan member port 0/2/0 huawei(config-mvlan20)#quit
5.
Activate the ADSL ports, and bind the ports to the line template and alarm profile. Bind VDSL port 0/1/0 and VDSL port 0/2/0 to the default line template (line template 1) and the default alarm profile (alarm profile 1). huawei(config)#interface vdsl 0/1 huawei(config-if-vdsl-0/1)#deactivate 0 huawei(config-if-vdsl-0/1)#activate 0 template-index 1 huawei(config-if-vdsl-0/1)#alarm-config 0 1 huawei(config-if-vdsl-0/1)#quit huawei(config)#interface vdsl 0/2 huawei(config-if-vdsl-0/2)#deactivate 0 huawei(config-if-vdsl-0/2)#activate 0 template-index 1 huawei(config-if-vdsl-0/2)#alarm-config 0 1 huawei(config-if-vdsl-0/2)#quit
Step 4 Save the configuration. huawei(config)#save
----End
Result The cases are as follows regardless of whether the data channel type of the modem to which the user is connected is ATM or PTM: l
Issue 09 (2015-02-28)
Through multicast VLAN 10, ADSL user 0/1/0 can watch the programs with IP addresses 224.1.1.1 and 224.1.1.2 that are provided by ISP 1 and that are bound to rights profile music, but ADSL user 0/1/0 cannot watch the program with IP address 224.1.1.3. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
258
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
6 Configuration Examples of Services
Through multicast VLAN 20, ADSL user 0/2/0 can watch the program with IP address 224.1.1.4 that is provided by ISP 2 and that is bound to rights profile movie.
Configuration Script # [config] vlan 10 smart multicast-vlan 10 igmp mode snooping igmp uplink-port 0/7/1 igmp program add name program1 ip 224.1.1.1 sourceip 10.10.10.10 hostip 10.0.0.254 log enable igmp program add name program2 ip 224.1.1.2 sourceip 10.10.10.10 hostip 10.0.0.254 log enable quit vlan 20 smart multicast-vlan 20 igmp mode snooping igmp uplink-port 0/7/1 igmp program add name program3 ip 224.1.1.3 sourceip 10.10.10.11 hostip 10.0.0.254 log enable igmp program add name program4 ip 224.1.1.4 sourceip 10.10.10.11 hostip 10.0.0.254 log enable btv igmp profile add profile-name music igmp profile profile-name music program-name program1 watch igmp profile profile-name music program-name program2 watch igmp profile profile-name music program-name program3 watch igmp profile add profile-name movie igmp profile profile-name movie program-name program4 watch quit port vlan 10 0/7 1 port vlan 20 0/7 1 service-port vlan 10 vdsl mode atm 0/1/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 service-port vlan 20 vdsl mode atm 0/2/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 service-port vlan 10 vdsl mode ptm 0/1/0 rx-cttr 2 tx-cttr 2 service-port vlan 20 vdsl mode ptm 0/2/0 rx-cttr 2 tx-cttr 2 btv igmp user add port 0/1/0 vdsl mode atm 0 35 auth log enable max-bandwidth 10240 maxprogram 8 igmp user add port 0/1/0 vdsl mode ptm auth log enable max-bandwidth 10240 maxprogram 8 igmp user add port 0/2/0 vdsl mode atm 0 35 auth log enable max-bandwidth 5120 maxprogram 8 igmp user add port 0/2/0 vdsl mode ptm auth log enable max-bandwidth 5120 maxprogram 8 igmp user bind-profile port 0/1/0 stream profile-name music igmp user bind-profile port 0/1/0 0 35 profile-name music igmp user bind-profile port 0/2/0 stream profile-name movie igmp user bind-profile port 0/2/0 0 35 profile-name movie quit multicast-vlan 10 igmp multicast-vlan member port 0/1/0 quit multicast-vlan 20 igmp multicast-vlan member port 0/2/0 quit interface vdsl 0/1 deactivate 0 activate 0 template-index 1 alarm-config 0 1 quit interface vdsl 0/2 deactivate 0 activate 0 template-index 1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
259
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
alarm-config 0 1 quit save
6.2.2 Configuration Example of the Multicast Video Service in the Dynamic Generation Mode This topic describes how to configure the multicast video service in the dynamic generation mode.
Service Requirements l
The MA5600 adopts the L2 multicast protocol IGMP proxy.
l
Multicast programs are generated in the dynamic mode.
l
The users access the programs provided by ISP 1 and ISP 2 in the VDSL2 IPoE mode.
l
The H565VDEB2 board supports the VDSL2 fall back feature, namely, the VDSL2/ ADSL2+/ADSL mode auto-sensing. In this manner, the user terminal can be connected to the ADSL modem or the VDSL modem, and different services are provided according to the type of the configured modem.
Figure 6-6 shows an example network for configuring the multicast service. Figure 6-6 Example network for configuring the multicast service Program: 224.1.1.1 224.1.1.2
Program: 224.1.1.3 224.1.1.4
ISP 2
ISP 1 10.10.10.10
10.10.10.11
Router
0/7/1 V D E B
V D E B
CON ETH MON
GE
0/7/1
Port:0/1/0 MVLAN:10
Port:0/2/0 MVLAN:20
MA5600
VDSL modem
VDSL modem
STB
STB
TV
Issue 09 (2015-02-28)
VLAN:10 VLAN:20
TV
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
260
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Prerequisites The license for the multicast program or the multicast user is already requested and installed.
Procedure Step 1 Configure multicast VLANs. Configure smart VLAN 10 as the multicast domain of ISP 1, and smart VLAN 20 as the multicast domain of ISP 2. 1.
Configure the protocol, multicast upstream port, and program list of multicast VLAN 10. Configure multicast VLAN 10 with the dynamic program generation mode, and specify the range of the IP addresses of the programs that can be requested by the users in multicast VLAN 10 as 224.1.1.1 to 224.1.1.100. Multicast VLAN 10 adopts IGMP proxy, IGMP V3 (system default value), and multicast upstream port 0/9/1.
NOTICE Changing the IGMP match mode causes the user to go offline. Therefore, the IGMP match mode must be configured beforehand. It can be changed only when the IGMP mode is off. huawei(config)#vlan 10 smart huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp match mode disable huawei(config-mvlan10)#igmp match group ip 224.1.1.1 to-ip 224.1.1.100 huawei(config-mvlan10)#igmp uplink-port 0/7/1 huawei(config-mvlan10)#igmp mode proxy huawei(config-mvlan10)#quit
2.
Configure the protocol, multicast upstream port, and program list of multicast VLAN 20. Configure multicast VLAN 20 with the dynamic program generation mode, and specify the range of the IP addresses of the programs that can be requested by the users in multicast VLAN 10 as 224.1.1.1 to 224.1.1.100. Multicast VLAN 20 adopts IGMP proxy, IGMP V3 (system default value), and multicast upstream port 0/7/1. huawei(config)#vlan 20 smart huawei(config)#multicast-vlan 20 huawei(config-mvlan20)#igmp match mode disable huawei(config-mvlan20)#igmp match group ip 224.1.1.1 to-ip 224.1.1.100 huawei(config-mvlan20)#igmp uplink-port 0/7/1 huawei(config-mvlan20)#igmp mode proxy huawei(config-mvlan20)#quit
Step 2 Configure multicast users. 1.
Create the service channels of the multicast users. NOTE
For the ATM and PTM traffic streams configured on the same service port, the parameters of the ATM traffic stream must be the same as the parameters of the PTM traffic stream. huawei(config)#port vlan 10 0/7 1 huawei(config)#port vlan 20 0/7 1 huawei(config)#service-port vlan 10 vdsl mode atm 0/1/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
261
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#service-port vlan 20 vdsl mode atm 0/2/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 huawei(config)#service-port vlan 10 vdsl mode ptm 0/1/0 rx-cttr 2 tx-cttr 2 huawei(config)#service-port vlan 20 vdsl mode ptm 0/2/0 rx-cttr 2 tx-cttr 2
2.
Configure the attributes of the multicast users. Enable the log reporting for multicast users 0/1/0 and 0/2/0. The authentication status and multicast bandwidth of the multicast users need not be configured. huawei(config)#btv huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#quit
3.
user user user user
add add add add
port port port port
0/1/0 0/1/0 0/2/0 0/2/0
mode mode mode mode
atm ptm atm ptm
0 35 auth 0 35 auth
auth log enable log enable auth log enable log enable
Add the ADSL users to the multicast VLANs so that the ADSL users are multicast members. huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp multicast-vlan huawei(config-mvlan10)#igmp multicast-vlan huawei(config-mvlan10)#multicast-vlan 20 huawei(config-mvlan20)#igmp multicast-vlan huawei(config-mvlan20)#igmp multicast-vlan huawei(config-mvlan20)#quit
4.
vdsl vdsl vdsl vdsl
member port 0/1/0 stream member port 0/1/0 0 35 member port 0/2/0 stream member port 0/2/0 0 35
Activate the ADSL ports, and bind the ports to the line template and alarm profile. Bind VDSL port 0/1/0 and VDSL port 0/2/0 to the default line template (line template 1) and the default alarm profile (alarm profile 1). huawei(config)#interface vdsl 0/1 huawei(config-if-vdsl-0/1)#deactivate 0 huawei(config-if-vdsl-0/1)#activate 0 template-index 1 huawei(config-if-vdsl-0/1)#alarm-config 0 1 huawei(config-if-vdsl-0/1)#quit huawei(config)#interface vdsl 0/2 huawei(config-if-vdsl-0/2)#deactivate 0 huawei(config-if-vdsl-0/2)#activate 0 template-index 1 huawei(config-if-vdsl-0/2)#alarm-config 0 1 huawei(config-if-vdsl-0/2)#quit
Step 3 Save the configuration. huawei(config)#save
----End
Result The cases are as follows regardless of whether the data channel type of the modem to which the user is connected is ATM or PTM: l
Through multicast VLAN 10, ADSL user 0/1/0 can watch the programs with IP addresses 224.1.1.1 and 224.1.1.2 that are provided by ISP 1.
l
Through multicast VLAN 20, ADSL user 0/1/0 can watch the programs with IP addresses 224.1.1.3 and 224.1.1.4 that are provided by ISP 2.
Configuration Script # [config] vlan 10 smart
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
262
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
multicast-vlan 10 igmp match mode disable igmp match group ip 224.1.1.1 to-ip 224.1.1.100 igmp uplink-port 0/7/1 igmp mode proxy quit vlan 20 smart multicast-vlan 20 igmp match mode disable igmp match group ip 224.1.1.1 to-ip 224.1.1.100 igmp uplink-port 0/7/1 igmp mode proxy quit port vlan 10 0/7 1 port vlan 20 0/7 1 service-port vlan 10 vdsl mode atm 0/1/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 service-port vlan 20 vdsl mode atm 0/2/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 service-port vlan 10 vdsl mode ptm 0/1/0 rx-cttr 2 tx-cttr 2 service-port vlan 20 vdsl mode ptm 0/2/0 rx-cttr 2 tx-cttr 2 btv igmp user add port 0/1/0 vdsl mode atm 0 35 auth log enable igmp user add port 0/1/0 vdsl mode ptm auth log enable igmp user add port 0/2/0 vdsl mode atm 0 35 auth log enable igmp user add port 0/2/0 vdsl mode ptm auth log enable quit multicast-vlan 10 igmp multicast-vlan member port 0/1/0 stream igmp multicast-vlan member port 0/1/0 0 35 multicast-vlan 20 igmp multicast-vlan member port 0/2/0 stream igmp multicast-vlan member port 0/2/0 0 35 quit interface vdsl 0/1 deactivate 0 activate 0 template-index 1 alarm-config 0 1 quit interface vdsl 0/2 deactivate 0 activate 0 template-index 1 alarm-config 0 1 quit save
6.3 Configuration Example of the Multicast Video Service in the Non-MVLAN Mode This topic describes how to configure the multicast video service in the static configuration mode.
Service Requirements l
The MA5600 adopts the IGMP proxy L2 multicast protocol.
l
Multicast programs are configured statically and multicast users are authenticated.
l
The multicast bandwidth control is required.
l
The users access the programs provided by ISP 1 and ISP 2 in the ADSL2+ IPoE mode.
Figure 6-7 shows an example network for configuring the multicast service.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
263
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Figure 6-7 Example network for configuring the multicast service Program: 224.1.1.1 224.1.1.2
Program: 224.1.1.3 224.1.1.4
ISP 2
ISP 1 10.10.10.10
10.10.10.11
Router
0/7/1 V D E B
V D E B
CON ETH MON
GE
0/7/1
Port:0/1/0
VLAN:10
Port:0/2/0
MA5600
VDSL modem
VDSL modem
STB
STB
TV
TV
Prerequisites The license for the multicast program or the multicast user is already requested and installed.
Procedure Step 1 Configure the multicast program and multicast source. Configure the multicast source IP address of ISP1 to 10.10.10.10 and configure the multicast source IP address of ISP2 to 10.10.10.11. 1.
Configure the multicast protocol, multicast upstream port, and program list for ISP1 on the MA5600. Multicast adopts IGMP proxy, IGMP V3 (system default value), and upstream port 0/7/1. Add the upstream port to VLAN 10. Statically configure programs 224.1.1.1 and 224.1.1.2. Program bandwidth is 6000 kbit/s. huawei(config)#vlan 10 smart huawei(config)#port vlan 10 0/7 1 huawei(config)#btv huawei(config-btv)#igmp mode proxy
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
264
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config-btv)#igmp uplink-port 0/7/1 100 huawei(config-btv)#igmp program add name program1 ip 10.10.10.10 vlan 10 bind 0/7/1 bandwidth 6000 hostip huawei(config-btv)#igmp program add name program2 ip 10.10.10.10 vlan 10 bind 0/7/1 bandwidth 6000 hostip
2.
224.1.1.1 sourceip 10.0.0.254 log enable 224.1.1.2 sourceip 10.0.0.254 log enable
Configure the program list for ISP2 on the MA5600. Statically configure programs 224.1.1.3 and 224.1.1.4. The program bandwidth is 5000 kbit/s. huawei(config-btv)#igmp program add name 10.10.10.11 vlan 10 bind 0/7/1 bandwidth huawei(config-btv)#igmp program add name 10.10.10.11 vlan 10 bind 0/7/1 bandwidth huawei(config-btv)#quit
program3 ip 5000 hostip program4 ip 5000 hostip
224.1.1.3 sourceip 10.0.0.254 log enable 224.1.1.4 sourceip 10.0.0.254 log enable
Step 2 Configure rights profiles named music and movie with the watch rights, and bind the rights profiles to the programs. huawei(config)#btv huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#quit
profile profile profile profile profile profile
rename profile1 music profile-name music program-name profile-name music program-name profile-name music program-name rename profile2 movie profile-name movie program-name
program1 watch program2 watch program3 watch program4 watch
Step 3 Configure multicast users. 1.
Create the service channels of the multicast users. Create service channels that belong to VLAN 10 on ADSL2+ ports 0/1/0 and 0/2/0 and use traffic profile 2. huawei(config)#service-port vlan 10 adsl 0/1/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 huawei(config)#service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2
2.
Configure the attributes of the multicast users. Configure multicast user 0/1/0 as the authentication type and with log reporting enabled. Configure multicast user 0/2/0 as the authentication type and with log reporting enabled. huawei(config)#btv huawei(config-btv)#igmp user add port 0/1/0 adsl 0 35 auth log enable huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 auth log enable
3.
Bind the multicast users to the rights profiles. Bind multicast user 0/1/0 to rights profile music, and multicast user 0/2/0 to rights profile movie. huawei(config-btv)#igmp user bind-profile port 0/1/0 profile-name music huawei(config-btv)#igmp user bind-profile port 0/2/0 profile-name movie huawei(config-btv)#quit
4.
Activate the ports, and bind the ports to the line profile and alarm profile. Bind ADSL2+ port 0/1/0 and port 0/2/0 to the default line profile (line profile 1) and the default alarm profile (alarm profile 1). huawei(config)#interface adsl 0/1 huawei(config-if-adsl-0/1)#deactivate 0 huawei(config-if-adsl-0/1)#activate 0 profile-index 1 huawei(config-if-adsl-0/1)#alarm-config 0 1 huawei(config-if-adsl-0/1)#quit
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
265
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#interface adsl 0/2 huawei(config-if-adsl-0/2)#deactivate 0 huawei(config-if-adsl-0/2)#activate 0 profile-index 1 huawei(config-if-adsl-0/2)#alarm-config 0 1 huawei(config-if-adsl-0/2)#quit
Step 4 Save the configuration. huawei(config)#save
----End
Result l
Through IP addresses of multicast source ISP1, user 1 can watch the programs with IP addresses 224.1.1.1 and 224.1.1.2 that are provided by ISP1 and that are bound to rights profile music, but user 1 cannot watch the program with IP address 224.1.1.3.
l
Through IP addresses of multicast source ISP2, user 2 can watch the program with IP address 224.1.1.4 that is provided by ISP2 and that is bound to rights profile movie.
Configuration Script (config)# vlan 10 smart btv igmp mode proxy y igmp uplink-port 0/7/1 100 igmp program add name program1 ip 224.1.1.1 sourceip 10.10.10.10 vlan 10 bind 0/7/1 bandwidth 6000 hostip 10.0.0.254 log enable igmp program add name program2 ip 224.1.1.2 sourceip 10.10.10.10 vlan 10 bind 0/7/1 bandwidth 6000 hostip 10.0.0.254 log enable igmp program add name program3 ip 224.1.1.20 sourceip 10.10.10.11 vlan 10 bind 0/7/1 bandwidth 5000 hostip 10.0.0.254 log enable igmp program add name program4 ip 224.1.1.21 sourceip 10.10.10.11 vlan 10 bind 0/7/1 bandwidth 5000 hostip 10.0.0.254 log enable igmp profile rename profile1 music igmp profile profile-name music program-name program1 watch igmp profile profile-name music program-name program2 watch igmp profile profile-name music program-name program3 watch igmp profile rename profile2 movie igmp profile profile-name movie program-name program4 watch quit service-port vlan 10 adsl 0/1/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 rx-cttr 2 tx-cttr 2 btv igmp user add port 0/1/0 adsl 0 35 auth log enable igmp user add port 0/2/0 adsl 0 35 auth log enable igmp user bind-profile port 0/1/0 profile-name music igmp user bind-profile port 0/2/0 profile-name movie quit interface adsl 0/1 deactivate 0 activate 0 profile-index 1 alarm-config 0 1 quit interface adsl 0/2 deactivate 0 activate 0 profile-index 1 alarm-config 0 1 quit save
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
266
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
6.4 Configuring the VLAN Stacking Wholesale Service This topic describes how to configure the VLAN stacking wholesale service supported by the MA5600.
6.4.1 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access This topic describes how to configure the VLAN stacking multi-ISP wholesale access so that the services provisioned by the ISP can be delivered to the specified user groups.
Prerequisites The upper-layer network must work in the L2 mode, and must forward packets according to the VLAN and the MAC address.
Service Requirements l
The user accesses the Internet in the PPPoE dialing mode.
l
The user bandwidth is 2 Mbit/s.
l
User packets carry two VLAN tags, of which the outer VLAN tag identifies the ISP and the inner VLAN tag identifies the user.
Networking Figure 6-8 shows an example network for configuring the VLAN stacking multi-ISP wholesale access. Users 1 and 2 belong to one ISP, and users 3 and 4 belong to another ISP. Based on the VLAN stacking feature, the MA5600 adds the outer VLAN tag to differentiate ISPs and inner VLAN tag to differentiate users and forwards the user packet to the L2 network. Then the L2 LAN switch forwards the user packets to the specified ISP BRAS based on the outer VLAN tag. The ISP BRASs remove the outer VLAN tag and identify the users based on the inner VLAN tag. After passing the authentication, the users can obtain various services provided by the ISP.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
267
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Figure 6-8 Example network for configuring the VLAN stacking multi-ISP wholesale access
VLAN ID:60
ISP1
LSW
ISP2
VLAN ID:61 BRAS
BRAS
MA5600
Modem
User 1
User 2
User 3 User 4
Procedure Step 1 Create VLANs. The outer VLAN IDs are 60 and 61, and the VLANs are smart VLANs. huawei(config)#vlan 60-61 smart It will take several minutes, and console may be timeout, please use command idle-timeout to set time limit Are you sure to add VLANs? (y/n)[n]:y
Step 2 Set the VLAN attribute to stacking. huawei(config)#vlan attrib 60-61 stacking It will take several minutes, and console may be timeout, please use command idle-timeout to set time limit Are you sure to continue? (y/n)[n]:y
Step 3 Add an upstream port to the VLANs. Add upstream port 0/7/0 to VLANs 60 and 61. huawei(config)#port vlan 60-61 0/7 0 It will take several minutes, and console may be timeout, please use command idle-timeout to set time limit Are you sure to add standard port(s)? (y/n)[n]:y
Step 4 Add a traffic profile. The profile ID is 10, the CIR is 2 Mbit/s, and packets are scheduled according to the priority specified in the traffic profile. huawei(config)#traffic table index 10 ip car 2048 priority user-cos priority-policy tag-In-Package
Step 5 Add service ports to the VLANs. Add service ports to the VLANs, and use traffic profile 10 that meets the service requirements. The VPI and the VCI are 0 and 35 respectively, the same as those on the peer modem. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
268
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide huawei(config)#service-port huawei(config)#service-port huawei(config)#service-port huawei(config)#service-port
vlan vlan vlan vlan
6 Configuration Examples of Services 60 60 61 61
adsl adsl adsl adsl
0/2/0 0/2/1 0/3/0 0/3/1
vpi vpi vpi vpi
0 0 0 0
vci vci vci vci
35 35 35 35
rx-cttr rx-cttr rx-cttr rx-cttr
10 10 10 10
tx-cttr tx-cttr tx-cttr tx-cttr
10 10 10 10
Step 6 Set the inner VLAN tags. The inner VLAN tag identifies the user. Note that the inner VLAN tag must be unique in one ISP domain, and the inner VLAN tags can be the same in different ISP domains. huawei(config)#stacking huawei(config)#stacking huawei(config)#stacking huawei(config)#stacking
label label label label
0/2/0 0/2/1 0/3/0 0/3/1
11 12 11 12
Step 7 Save the data. huawei(config)#save
----End
Result After passing the authentication by the ISP1 BRAS, user 1 and user 2 can obtain the service provided by ISP1. After passing the authentication by the ISP2 BRAS, user 3 and user 4 can obtain the service provided by ISP2.
Configuration Script [global-config] vlan 60-61 smart y vlan attrib 60-61 stacking y port vlan 60-61 0/7 0 y traffic table index 10 ip car 2048 priority user-cos Package service-port vlan 60 adsl 0/2/0 vpi 0 vci 35 rx-cttr service-port vlan 60 adsl 0/2/1 vpi 0 vci 35 rx-cttr service-port vlan 61 adsl 0/3/0 vpi 0 vci 35 rx-cttr service-port vlan 61 adsl 0/3/1 vpi 0 vci 35 rx-cttr stacking label 0/2/0 11 stacking label 0/2/1 12 stacking label 0/3/0 11 stacking label 0/3/1 12 save
priority-policy tag-In10 10 10 10
tx-cttr tx-cttr tx-cttr tx-cttr
10 10 10 10
6.4.2 Configuration Example of VLAN ID Extension This topic describes how to configure the VLAN ID extension for increasing the number of users that can be identified by the VLAN ID by the BRAS.
Networking Figure 6-9 shows an example network for configuring the VLAN ID extension. Broadband users that access the WAN through multiple MA5600s are authenticated on the BRAS to obtain the broadband service provided by the operator. The BRAS supports the user Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
269
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
identification through L2 VLAN. The outer VLAN tag identifies the MA5600 that is accessed with users, and the inner VLAN tag identifies the users of the device. Figure 6-9 Example network for configuring the VLAN ID extension
BRAS
VLAN ID:60
VLAN ID:61
MA5600_A
MA5600_B
Modem
Modem
User 1
User 2
User 3
User 4
Procedure l
Configure MA5600_A. 1.
Create a VLAN. The VLAN ID is 60, and the VLAN is a smart VLAN. huawei(config)#vlan 60 smart
2.
Set the VLAN attribute as stacking. huawei(config)#vlan attrib 60 stacking
3.
Add an upstream port to the VLAN. Add upstream port 0/7/0 to VLAN 60. huawei(config)#port vlan 60 0/7 0
4.
Add service ports to the VLAN. Add a service port to the VLAN. The VPI and the VCI are 0 and 35 respectively, the same as those on the peer modem. huawei(config)#service-port vlan 60 adsl 0/2/0 vpi 0 vci 35 rx-cttr 0 txcttr 0 huawei(config)#service-port vlan 60 adsl 0/2/1 vpi 0 vci 35 rx-cttr 0 txcttr 0
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
270
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
5.
6 Configuration Examples of Services
Set the inner VLAN tag. The inner VLAN tag identifies the user. Note that the inner VLAN tag must be unique in one ISP domain, and the inner VLAN tags can be the same in different ISP domains. huawei(config)#stacking label 0/2/0 11 huawei(config)#stacking label 0/2/1 12
6.
Save the data. huawei(config)#save
l
Configure MA5600_B. The configuration of MA5600_B is the same as the configuration of MA5600_A, and it is not described here.
----End
Result After passing the authentication by the BRAS, the users on MA5600_A and MA5600_B can access the Internet.
6.5 Configuration Example of the QinQ VLAN This topic describes how to configure the private line service based on the QinQ feature to provide security channel for data transmission between private networks of the enterprises.
Prerequisites The upper-layer network must work in the L2 mode, and must forward packets according to the VLAN and the MAC address.
Service Requirements The private networks of enterprise A distributed in two places can communicate with each other in the normal state.
Networking shows an example network for configuring the private line service. The two branches of enterprise A are connected to the MAN through the MA5600. On the MA5600, the attribute of the upstream VLAN of user packets is configured as QinQ private line service. In this manner, services and BPDU packets from the private network of the enterprise can be transparently transmitted to the peer private network.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
271
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Figure 6-10 Example network for configuring the private line service
MAN L2/L3
L2/L3
CON ETH ESC
S H E B
GE 0/7/0
SCU
CON ETH ESC
S H E B
GE 0/7/0
SCU
MA5600_A
Modem
Modem
LSW
LSW
corporation A
MA5600_B
corporation B
The configuration on MA5600_A is the same as the configuration on MA5600_B. The following uses the configuration on MA5600_A as an example to describe how to configure the private line service implemented through a QinQ VLAN.
Procedure Step 1 Create a VLAN. The VLAN ID is 50, and the VLAN is a smart VLAN. huawei(config)#vlan 50 smart
Step 2 Set the VLAN attribute to QinQ. huawei(config)#vlan attrib 50 q-in-q
Step 3 Enable the transparent transmission of BPDUs. Enable the transparent transmission of BPDUs so that the L2 protocol packets of a private network can be transparently transmitted through the public network. By default, the transparent transmission of BPDUs is disabled. huawei(config)#bpdu tunnel enable
Step 4 Add an upstream port to the VLAN. Add upstream port 0/7/0 to VLAN 50. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
272
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#port vlan 50 0/7 0
Step 5 Add a traffic profile. The profile ID is 10, the CIR is 2 Mbit/s, and packets are scheduled according to the priority specified in the traffic profile. huawei(config)#traffic table index 10 ip car 2048 priority user-cos priority-policy tag-In-Package
Step 6 Add a service port to the VLAN. Add a service port to the VLAN, and use traffic profile 10 that meets the service requirements. The VPI and the VCI are 0 and 35 respectively, the same as those on the peer modem. The user port is 0/5/0. huawei(config)#service-port vlan 50 shdsl mode atm 0/5/0 vpi 0 vci 35 rx-cttr 10 txcttr 10
Step 7 Save the data. huawei(config)#save
----End
Result After the configuration, the two branches of enterprise A can communicate with each other, and various services between private networks are implemented.
6.6 Configuring the Triple Play This topic describes how to configure the Triple Play service on theMA5600. Triple play is a service provisioning mode in which integrated services can be provided to a user. Currently, the prevailing integrated services include the high-speed Internet access service, voice over IP (VoIP) service, and IPTV service. The early broadband access provides only the high-speed Internet access service. As the Internet is rapidly developing, it can offer much richer services, such as video (IPTV) services. The development of multiple access modes such as ADSL2+ and VDSL2 access, and the improvement of broadband access also lay a solid foundation for provisioning the video service. The early voice signals are transmitted over the narrowband public switched telephone network (PSTN). Because the PSTN is no longer developed, the services over the PSTN are shifting to the IP network. Providing the VoIP service over broadband lines can also reduce the equipment maintenance cost. For the xDSL access, the MA5600 supports the following triple play modes: l
Single-PVC for multiple services: Single-PVC for multiple services is a triple play mode in which a single PVC is adopted for carrying multiple services from the access device to each DSL user terminal. The different services are differentiated by the Ethernet encapsulation mode (IPoE/PPPoE), VLAN IDs carried in the packets from the DSL user terminal and so on.
l
Multi-PVC for multiple services: Multi-PVC for multiple services is a triple play mode in which multiple PVCs are adopted for carrying multiple services from the access device to each DSL user terminal. The Internet access service, VoIP, and IPTV services are carried by a single PVC to the user. That is, each xDSL port is configured with at least three PVCs.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
273
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
On the network side, three VLANs are created for the upstream interface to carry different types of services. The different services have different request on the bandwidth and priority. l
The bandwidth and delay of the VoIP service are low. High delay may cause problems such echo, which affects the voice quality. Therefore, the priority of the VoIP service is the highest among the triple play services.
l
The bandwidth occupied by the IPTV service is relatively high, and the bit error ratio/packet loss ratio is relatively low. If the bit error ratio/packet loss ratio is high, the video frame is lost so that mosaic images occur or even erratic display occurs, which affects the user experience. Therefore, the priority of the IPTV service is lower than that of the VoIP service, but is higher than that of the Internet access service.
l
The common Internet access service, such as web browsing, has low requirements on realtime performance and lower requirements on packet loss ratio than the IPTV service because the reliability of the transmission is ensured through the retransmission mechanism. Therefore, the priority of the high-speed Internet access service is the lowest among the triple play services.
6.6.1 Configuration Example of the Triple Play Application (MultiPVC for Multiple Services) This topic describes how to configure the triple play application in the multi-PVC for multiple services mode. The user home gateway is connected to multiple terminals to implement the access of multiple services such as Internet service, VoIP service, and IPTV service.
Service Requirements l
ADSL user 1 and ADSL user 2 are connected to the MA5600 to implement the triple play application.
l
The Internet service is provided in the PPPoE mode.
l
The VoIP service and the IPTV service are provided in the DHCP mode, obtaining IP addresses from the DHCP server in the standard DHCP mode.
l
After receiving different traffic streams, the MA5600 provides different QoS guarantees to the traffic streams according to the traffic priorities in the PVC.
Figure 6-11 shows an example network for configuring the triple play application in the multiPVC for multiple services mode.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
274
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Figure 6-11 Example network for configuring the triple play application in the multi-PVC for multiple services mode Program1:224.1.1.1 Program2:224.1.1.2 Muticast source OSS & RADIUS Server/RADIUS Proxy BMS GW
Router
BRAS
IPTV DHCP Server
IP1:20.2.2.2 IP2:20.2.2.3
VoIP DHCP Server
IP1:20.1.1.2 IP2:20.1.1.3
LSW
MA5600
Home Gateway 2 Home Gateway 1 DHCP PPPoE
DHCP
DHCP
PPPoE
DHCP
VPI/VCI:0/36 VPI/VCI:0/37 VPI/VCI:0/35 VLAN:3 VLAN:4 VLAN:2
STB
STB
Ephone
PC
TV
Ephone
User 1
PC User 2
TV
Procedure l
Configure the Internet service. 1.
Create a VLAN and add an upstream port to the VLAN. huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/7 0
2.
Add a traffic profile. NOTE
Because the VoIP, IPTV, and Internet services are provided through the same port, you must set the 802.1p priority of each service. Generally, the priorities are in a descending order for the VoIP service, IPTV service, and Internet service.
Add traffic profile 7, set the committed information rate (CIR) to 2 Mbit/s, and set the 802.1p priority of the Internet service to 1. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
275
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#traffic table index 7 ip car 2048 priority 1 prioritypolicy tag-In-Package
3.
Add a service port to the VLAN. Add a service port to the VLAN and use the traffic profile added in the preceding step. huawei(config)#service-port vlan 2 adsl 0/2/0 vpi 0 vci 37 rx-cttr 7 txcttr 7 huawei(config)#service-port vlan 2 adsl 0/3/0 vpi 0 vci 37 rx-cttr 7 txcttr 7
4.
Save the data. huawei(config)#save
l
Configure the VoIP service. 1.
Create a VLAN and add an upstream port to the VLAN. huawei(config)#vlan 3 smart huawei(config)#port vlan 3 0/7 0
2.
Add a traffic profile. Add traffic profile 8, set the CIR to 1 Mbit/s, and set the 802.1p priority of the voice service to 6. huawei(config)#traffic table index 8 ip car 1024 priority 6 prioritypolicy tag-In-Package
3.
Add a service port to the VLAN. Add a service port to the VLAN 3 and use the traffic profile 8 added in the preceding step. huawei(config)#service-port vlan 3 adsl 0/2/0 vpi 0 vci 36 rx-cttr 8 txcttr 8 huawei(config)#service-port vlan 3 adsl 0/3/0 vpi 0 vci 36 rx-cttr 8 txcttr 8
4.
Configure the DHCP relay. Configure the first IP address of DHCP server 1 to 20.1.1.2, and the second IP address to 20.1.1.3. Configure the IP address of the VLAN L3 interface to 10.1.1.1 and subnet mask to 255.255.255.0, and bind the VLAN L3 interface to DHCP server 1. huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1.3 huawei(config)#interface vlanif 3 huawei(config-if-vlanif3)#ip address 10.1.1.1 24 huawei(config-if-vlanif3)#dhcp-server 1 huawei(config-if-vlanif3)#quit
5.
Save the data. huawei(config)#save
l
Configure the IPTV service. 1.
Create a VLAN and add an upstream port to the VLAN. huawei(config)#vlan 4 smart huawei(config)#port vlan 4 0/7 0
2.
Add a traffic profile. Add traffic profile 9 without limiting the rate of the packet, and set the 802.1p priority of the IPTV service to 5. huawei(config)#traffic table index 9 ip car off priority 5 priority-policy Tag-In-Package
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
276
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3.
6 Configuration Examples of Services
Add a service port to the VLAN.
NOTICE On the MA5600, if the PVC is configured with a priority, the priority of the multicast packets carried by the PVC does not take effect. Add a service port to VLAN 4 and use traffic profile 9. huawei(config)#service-port vlan 4 adsl 0/2/0 vpi 0 vci 35 rx-cttr 9 txcttr 9 huawei(config)#service-port vlan 4 adsl 0/3/0 vpi 0 vci 35 rx-cttr 9 txcttr 9
4.
Configure the DHCP relay. Configure the first IP address of DHCP server 2 to 20.2.2.2, and the second IP address to 20.2.2.3. Configure the IP address of the VLAN L3 interface to 10.2.2.1 and subnet mask to 255.255.255.0, and bind the VLAN L3 interface to DHCP server 2. huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3 huawei(config)#interface vlanif 4 huawei(config-if-vlanif4)#ip address 10.2.2.1 24 huawei(config-if-vlanif4)#dhcp-server 2
5.
Configure the multicast data. – Multicast mode: IGMP proxy – Rights profile profile0 of multicast user 1: watch program BTV-1 only – Multicast upstream port: 0/7/0 – Multicast program BTV-1: IP address 224.1.1.1 and source IP address 10.10.10.10 – Multicast program BTV-2: IP address 224.1.1.2 and source IP address 10.10.10.10 – Multicast user 1 and multicast user 2: added to multicast VLAN 4 huawei(config-if-vlanif4)#quit huawei(config)#multicast-vlan 4 huawei(config-mvlan4)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-mvlan4)#igmp uplink-port 0/7/0 huawei(config)#btv huawei(config-btv)#igmp uplink-port-mode default Are you sure to change the uplink port mode?(y/n)[n]:y huawei(config)#multicast-vlan 4 huawei(config-mvlan4)#igmp program add name BTV-1 ip 224.1.1.1 sourceip 10.10.10.10 huawei(config-mvlan4)#igmp program add name BTV-2 ip 224.1.1.2 sourceip 10.10.10.10 huawei(config)#btv huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1 watch huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 no-auth huawei(config-btv)#igmp user add port 0/3/0 adsl 0 35 auth huawei(config-btv)#igmp user bind-profile port 0/3/0 profile-name profile0 huawei(config)#multicast-vlan 4 huawei(config-mvlan4)#igmp multicast-vlan member port 0/2/0 huawei(config-mvlan4)#igmp multicast-vlan member port 0/3/0
6.
Save the data. huawei(config-mvlan4)#quit
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
277
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#save
----End
Result After the related upstream device and downstream device are configured, the triple play application (Internet, VoIP, and IPTV services) is available. l
The Internet user can access the Internet through PPPoE dialup.
l
VoIP users can call each other.
l
The IPTV user connected to port 0/2/0 can watch all the programs, and the IPTV user connected to port 0/3/0 can watch only program BTV-1.
Configuration Script Internet: vlan 2 smart port vlan 2 0/7 0 traffic table index 7 ip car 2048 priority 1 priority-policy tag-In-Package service-port vlan 2 adsl 0/2/0 vpi 0 vci 37 rx-cttr 7 tx-cttr 7 service-port vlan 2 adsl 0/3/0 vpi 0 vci 37 rx-cttr 7 tx-cttr 7 dhcp mode layer-3 standard dhcp-server 1 ip 20.1.1.2 20.1.1.3 save
VoIP: vlan 3 smart port vlan 3 0/7 0 traffic table index 8 ip car 1024 priority 6 priority-policy tag-In-Package service-port vlan 3 adsl 0/2/0 vpi 0 vci 36 rx-cttr 8 tx-cttr 8 service-port vlan 3 adsl 0/3/0 vpi 0 vci 36 rx-cttr 8 tx-cttr 8 dhcp mode layer-3 standard dhcp-server 1 ip 20.1.1.2 20.1.1.3 interface vlanif 3 ip address 10.1.1.1 24 dhcp-server 1 quit save
IPTV: vlan 4 smart port vlan 4 0/7 0 traffic table index 9 ip car off priority 5 priority-policy tag-In-Package service-port vlan 4 adsl 0/2/0 vpi 0 vci 35 rx-cttr 9 tx-cttr 9 service-port vlan 4 adsl 0/3/0 vpi 0 vci 35 rx-cttr 9 tx-cttr 9 dhcp mode layer-3 standard dhcp-server 2 ip 20.2.2.2 20.2.2.3 interface vlanif 4 ip address 10.2.2.1 24 dhcp-server 2 quit multicast-vlan 4 igmp mode proxy igmp uplink-port 0/7/0 btv igmp uplink-port-mode default multicast-vlan 4 igmp program add name BTV-1 ip 224.1.1.1 sourceip 10.10.10.10 igmp program add name BTV-2 ip 224.1.1.2 sourceip 10.10.10.10
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
278
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
btv igmp profile profile-name profile0 program-name BTV-1 watch igmp user add port 0/2/0 adsl 0 35 no-auth igmp user add port 0/3/0 adsl 0 35 auth igmp user bind-profile port 0/3/0 profile-name profile0 multicast-vlan 4 igmp multicast-vlan member port 0/2/0 igmp multicast-vlan member port 0/3/0 quit save
6.6.2 Configuration Example of the Triple Play Application (SinglePVC for Multiple Services) This topic describes how to configure the triple play application in the single-PVC for multiple services mode. The user home gateway is connected to multiple terminals to implement the access of multiple services such as Internet service, VoIP service, and IPTV service.
Prerequisite The service board and the upstream board must be added properly.
Service Requirements l
ADSL user 1 and ADSL user 2 are connected to the MA5600 to implement the triple play application.
l
The Internet service is accessed in the PPPoE mode.
l
The VoIP service and the IPTV service are provided in the DHCP mode, obtaining IP addresses from the DHCP server in the standard DHCP mode.
l
After receiving different traffic streams through the same PVC, the MA5600 provides different QoS guarantees to the traffic streams according to the user-side VLANs. NOTE
The MA5600 can differentiate services by the following means: l Ethernet type (IPoE/PPPoE) l User-side VLAN ID l User-side 802.1p value
Figure 6-12 shows an example network for configuring the triple play application in the singlePVC for multiple services mode.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
279
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
Figure 6-12 Example network for configuring the triple play application in the single-PVC for multiple services mode Program1:224.1.1.1 Program2:224.1.1.2 Muticast source OSS & RADIUS Server/RADIUS Proxy BMS GW
Router
BRAS
IPTV DHCP Server
IP1:20.2.2.2 IP2:20.2.2.3
VoIP DHCP Server
IP1:20.1.1.2 IP2:20.1.1.3
LSW
MA5600
Home Gateway 2
DHCP
PPPoE
Ephone
DHCP DHCP PPPoE Home Gateway 1 VPI/VCI:0/35 VPI/VCI:0/35 VPI/VCI:0/35 DHCP SVLAN:3 SVLAN:2 SVLAN:4 CVLAN:30 CVLAN20 CVLAN:40 STB STB
PC
TV
Ephone
User 1
PC User 2
TV
Procedure l
Configure the Internet service. 1.
Create a VLAN and add an upstream port to the VLAN. huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/7 0
2.
Add a traffic profile. NOTE
Because the VoIP, IPTV, and Internet services are provided through the same port, you must set the 802.1p priority of each service. Generally, the priorities are in a descending order for the VoIP service, IPTV service, and Internet service.
Add traffic profile 7, set the committed information rate (CIR) to 2 Mbit/s, and set the 802.1p priority of the Internet service to 1. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
280
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#traffic table index 7 ip car 2048 priority 1 prioritypolicy tag-In-Package
3.
Add a service port to the VLAN. Add a service port to VLAN 2 and use the traffic profile added in the preceding step. huawei(config)#service-port vlan 2 adsl 0/2/0 vpi 0 vci 35 multi-service user-vlan 20 rx-cttr 7 tx-cttr 7 huawei(config)#service-port vlan 2 adsl 0/3/0 vpi 0 vci 35 multi-service user-vlan 20 rx-cttr 7 tx-cttr 7
4.
Save the data. huawei(config)#save
l
Configure the VoIP service. 1.
Create a VLAN and add an upstream port to the VLAN. huawei(config)#vlan 3 smart huawei(config)#port vlan 3 0/7 0
2.
Add a traffic profile. Add traffic profile 8, set the CIR to 1 Mbit/s, and set the 802.1p priority of the voice service to 6. huawei(config)#traffic table index 8 ip car 1024 priority 6 prioritypolicy tag-In-Package
3.
Add a service port to the VLAN. Add a service port to the VLAN 3 and use the traffic profile 8 added in the preceding step. huawei(config)#service-port vlan 3 adsl 0/2/0 vpi 0 vci 35 multi-service user-vlan 30 rx-cttr 8 tx-cttr 8 huawei(config)#service-port vlan 3 adsl 0/3/0 vpi 0 vci 35 multi-service user-vlan 30 rx-cttr 8 tx-cttr 8
4.
Configure the DHCP relay. Configure the first IP address of DHCP server 1 to 20.1.1.2, and the second IP address to 20.1.1.3. Configure the IP address of the VLAN L3 interface to 10.1.1.1 and subnet mask to 255.255.255.0, and bind the VLAN L3 interface to DHCP server 1. huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1.3 huawei(config)#interface vlanif 3 huawei(config-if-vlanif3)#ip address 10.1.1.1 24 huawei(config-if-vlanif3)#dhcp-server 1 huawei(config-if-vlanif3)#quit
5.
Save the data. huawei(config)#save
l
Configure the IPTV service. 1.
Create a VLAN and add an upstream port to the VLAN. huawei(config)#vlan 4 smart huawei(config)#port vlan 4 0/7 0
2.
Add a traffic profile. Add traffic profile 9 without limiting the rate of the packet, and set the 802.1p priority of the IPTV service to 5. huawei(config)#traffic table index 9 ip car off priority 5 priority-policy Tag-In-Package
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
281
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
3.
6 Configuration Examples of Services
Add a service port to the VLAN.
NOTICE On the MA5600, if the PVC is configured with a priority, the priority of the multicast packets carried by the PVC does not take effect. Add a service port to VLAN 4 and use traffic profile 9. huawei(config)#service-port vlan 4 adsl 0/2/0 vpi 0 vci 35 multi-service user-vlan 40 rx-cttr 9 tx-cttr 9 huawei(config)#service-port vlan 4 adsl 0/3/0 vpi 0 vci 35 multi-service user-vlan 40 rx-cttr 9 tx-cttr 9
4.
Configure the DHCP relay. Configure the first IP address of DHCP server 2 to 20.2.2.2, and the second IP address to 20.2.2.3. Configure the IP address of the VLAN L3 interface to 10.2.2.1 and subnet mask to 255.255.255.0, and bind the VLAN L3 interface to DHCP server 2. huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3 huawei(config)#interface vlanif 4 huawei(config-if-vlanif4)#ip address 10.2.2.1 24 huawei(config-if-vlanif4)#dhcp-server 2
5.
Configure the multicast data. – Multicast mode: IGMP proxy – Rights profile profile0 of multicast user 1: watch program BTV-1 only – Multicast upstream port: 0/7/0 – Multicast program BTV-1: IP address 224.1.1.1 and source IP address 10.10.10.10 – Multicast program BTV-2: IP address 224.1.1.2 and source IP address 10.10.10.10 – Multicast user 1 and multicast user 2: added to multicast VLAN 4 huawei(config-if-vlanif4)#quit huawei(config)#multicast-vlan 4 huawei(config-mvlan4)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-mvlan4)#igmp uplink-port 0/7/0 huawei(config-mvlan4)#btv huawei(config-btv)#igmp uplink-port-mode default Are you sure to change the uplink port mode?(y/n)[n]:y huawei(config-btv)#multicast-vlan 4 huawei(config-mvlan4)#igmp program add name BTV-1 ip 224.1.1.1 sourceip 10.10.10.10 huawei(config-mvlan4)#igmp program add name BTV-2 ip 224.1.1.2 sourceip 10.10.10.10 huawei(config-mvlan4)#btv huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1 watch huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 no-auth huawei(config-btv)#igmp user add port 0/3/0 adsl 0 35 auth huawei(config-btv)#igmp user bind-profile port 0/3/0 profile-name profile0 huawei(config-btv)#multicast-vlan 4 huawei(config-mvlan4)#igmp multicast-vlan member port 0/2/0 huawei(config-mvlan4)#igmp multicast-vlan member port 0/3/0
6.
Save the data. huawei(config-mvlan4)#quit
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
282
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
huawei(config)#save
----End
Result After the related upstream device and downstream device are configured, the triple play application (Internet, VoIP, and IPTV services) is available. l
The Internet user can access the Internet through PPPoE dialup.
l
VoIP users can call each other.
l
The IPTV user connected to port 0/2/0 can watch all the programs, and the IPTV user connected to port 0/3/0 can watch only program BTV-1.
Configuration Script Internet: vlan 2 smart port vlan 2 0/7 0 traffic table index 7 ip car 2048 priority 1 priority-policy tag-In-Package service-port vlan 2 adsl 0/2/0 vpi 0 vci 35 multi-service user-vlan 20 rx-cttr 7 txcttr 7 service-port vlan 2 adsl 0/3/0 vpi 0 vci 35 multi-service user-vlan 20 rx-cttr 7 txcttr 7 dhcp mode layer-3 standard dhcp-server 1 ip 20.1.1.2 20.1.1.3 save
VoIP: vlan 3 smart port vlan 3 0/7 0 traffic table index 8 ip car 1024 priority 6 priority-policy tag-In-Package service-port vlan 3 adsl 0/2/0 vpi 0 vci 35 multi-service user-vlan 30 rx-cttr 8 txcttr 8 service-port vlan 3 adsl 0/3/0 vpi 0 vci 35 multi-service user-vlan 30 rx-cttr 8 txcttr 8 dhcp mode layer-3 standard dhcp-server 1 ip 20.1.1.2 20.1.1.3 interface vlanif 3 ip address 10.1.1.1 24 dhcp-server 1 quit save
IPTV: vlan 4 smart port vlan 4 0/7 0 traffic table index 9 ip car off priority 5 priority-policy Tag-In-Package service-port vlan 4 adsl 0/2/0 vpi 0 vci 35 multi-service user-vlan 40 rx-cttr 9 txcttr 9 service-port vlan 4 adsl 0/3/0 vpi 0 vci 35 multi-service user-vlan 40 rx-cttr 9 txcttr 9 dhcp mode layer-3 standard dhcp-server 2 ip 20.2.2.2 20.2.2.3 interface vlanif 4 ip address 10.2.2.1 24 dhcp-server 2 quit multicast-vlan 4 igmp mode proxy
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
283
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
6 Configuration Examples of Services
igmp uplink-port 0/7/0 btv igmp uplink-port-mode default multicast-vlan 4 igmp program add name BTV-1 ip 224.1.1.1 sourceip 10.10.10.10 igmp program add name BTV-2 ip 224.1.1.2 sourceip 10.10.10.10 btv igmp profile profile-name profile0 program-name BTV-1 watch igmp user add port 0/2/0 adsl 0 35 no-auth igmp user add port 0/3/0 adsl 0 35 auth igmp user bind-profile port 0/3/0 profile-name profile0 multicast-vlan 4 igmp multicast-vlan member port 0/2/0 igmp multicast-vlan member port 0/3/0 quit save
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
284
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
7
7 Configuring the Uplink Redundancy Backup
Configuring the Uplink Redundancy Backup
The MA5600 provides powerful redundancy backup mechanism. Redundancy or backup implements the high reliability and self-healing capability of the system, which maximally preserves the services provided by carriers and minimizes the loss in case of an accident.
Background Information Uplink Redundancy backup includes the following information: l
Uplink aggregation group: Aggregate multiple Ethernet ports as an aggregation group to expand the bandwidth and balance the input and output load among member ports. In addition, the ports in an aggregation group back up each other, which enhances the link security. NOTE
1. The ETH and SCU boards support the configuration of the aggregation group. 2. Inter-board aggregation is supported between two SCU boards. The ETH board, however, does not support inter-board aggregation. 3. Link Aggregation Control Protocol (LACP) detection mode: In this mode, the MA5600 detects port faults and triggers the switchover through the LACP protocol.
l
Issue 09 (2015-02-28)
Upstream port protection group: An upstream port protection group contains a working port and a protection port. In the normal state, the working port carries services. When the link of the working port fails, the system automatically switches the service on the working port to the protection port to ensure normal service transmission, thus protecting the uplink.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
285
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
7 Configuring the Uplink Redundancy Backup
NOTE
A protection group works in either of the following modes: 1. Port status detection mode l Two ports of the protection group or the transmit ports on two boards are enabled. You can determine whether to perform a switchover according to the port status. l When the number of ports that are in the up state on the standby board is greater than the number of ports that are in the up state on the active board, a switchover is triggered. 2. Delay detection mode l Only one transmit port of the protection group is enabled and the other is disabled. l When the enabled transmit port is in the down state, disable the transmit port and enable the other transmit port. l If the second port is in the up state, a switchover is performed. Otherwise, the detection continues. 3. Enhanced delay detection mode l Only one transmit port of the protection group is enabled and the other is disabled. l If the port on the active board is in the down state, directly enable the port on the standby board without disabling the port on the active board. l Check whether to perform the switchover according to the weight.
The relation between the modes is as follows: l
In the delay detection mode and the enhanced delay detection mode, the protection group supports only the optical port and the system supports the configuration of the duration for enabling the port on the standby board during detection.
l
In the delay detection mode and the enhanced delay detection mode, the system supports the configuration of the detection delay and frequency for the protection group.
l
In the delay detection mode and the enhanced delay detection mode, the system supports the configuration of the weight for the protection group. If multiple protection groups exist on the control board, the active/standby switchover can be performed only when the sum of weights of the protection groups in which the port on the active board is faulty and the port on the standby board is normal is greater than the sum of weights of the protection groups in which the port on the active board is normal and the port on the standby board is faulty.
l
The protection group in the delay detection mode is compatible with the protection group in the enhanced delay detection mode on the control board. The protection group in the delay detection mode, however, is incompatible with the protection group in the port status detection mode.
l
Configure the uplink redundancy backup by configuring an aggregation group.
Procedure 1.
Create an Ethernet port aggregation group. Run the link-aggregation command to add multiple upstream Ethernet ports to the same aggregation group to implement protection and load balancing between ports. The GIU slot supports the inter-board port aggregation. When you run the linkaggregation command, if frameid/slotid is entered twice, inter-board aggregation is configured; if frameid/slotid is entered only once, intra-board aggregation is configured.
2. Issue 09 (2015-02-28)
Query the information about the aggregation group. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
286
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
7 Configuring the Uplink Redundancy Backup
Run the display link-aggregation command to query the types, number, and working modes of aggregated Ethernet ports. l
Configure the uplink redundancy backup by configuring an upstream port protection group. 1.
Create an upstream port protection group. In the protect mode, run the protect-group command to create an upstream port protection group. After the protection group is configured successfully, the system switches the service to the standby port to protect the uplink if the connection between the active port and the upper-layer device is broken. When you run the protect-group command to create a protection group, if frameid/ slotid/portid is entered, a port-level protection group is created; if frameid/slotid is entered, a board-level protection group is created.
2.
Query the information about the protection group. Run the display protect-group command to query the information about the protection group and all the members in the protection group.
----End
Example Assume the following configurations: The MA5600 transmits services upstream through the control board, upstream ports 0/7/0 and 0/8/0 on two control boards are configured as an interboard aggregation group, packets are distributed to the member ports of the aggregation group according to the source MAC address, and the working mode is the LACP static aggregation mode. To perform these configurations, do as follows: huawei(config)#link-aggregation 0/7 0 0/8 0 egress-ingress workmode lacp-static
Assume the following configurations: The MA5600 transmits services upstream through the SCU board, the ports on the active and standby SCU boards are configured as a board-level protection group, the port in slot 0/7 functions as the active port, the port in slot 0/8 functions as the protection port, and the working mode is the port status detection mode. To perform these configurations, do as follows: huawei(config)#protect huawei(config-protect)#protect-group first 0/7 second 0/8 eth workmode portstate
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
287
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8
8 Configuring the Device Subtending
Configuring the Device Subtending
About This Chapter Multiple MA5600s (NEs) can be connected to each other through the FE or GE port. This topic also describes the ATM DSLAM access service. Subtending saves the upstream optical fibers and simplifies networking and service configuration. 8.1 Configuring the NE Subtending Through the FE or GE Port The MA5600s (NEs) can be directly connected to each other though the FE or GE port. Subtending saves the upstream optical fibers and simplifies networking and service configuration. 8.2 Configuring the ATM-DSLAM Access Service ATM-DSLAM access means that the MA5600 provides the ATM interface (for example, STM-1) for the subtending of earlier ATM-DSLAMs.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
288
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
8.1 Configuring the NE Subtending Through the FE or GE Port The MA5600s (NEs) can be directly connected to each other though the FE or GE port. Subtending saves the upstream optical fibers and simplifies networking and service configuration.
Background Information The two ports to be subtended must be the same in the port type, port rate, and port duplex mode.
Procedure Step 1 Configure the VLAN of the master NE. The VLAN type is smart, and the VLAN attribute is common. For details about the configuration, see Configuring the VLAN. Step 2 Add an upstream port to the VLAN of the master NE. Run the port vlan command to add an upstream port to the VLAN. Step 3 Add a subtending port to the VLAN of the master NE. Run the port vlan command to add a subtending port to the VLAN. Step 4 Configure the VLAN of the slave NE. The VLAN of the slave NE is the same as the VLAN of the master VLAN. The VLAN type is smart and the VLAN attribute is common. For details about the configuration, see Configuring the VLAN. Step 5 Add an upstream port to the VLAN of the slave NE. Run the port vlan command to add an upstream port to the VLAN. Step 6 Isolate the upstream port of the slave NE. Run the isolate command to isolate the upstream port. NOTE
l When you subtend slave shelves through the upstream Ethernet port, run this command to isolate the upstream Ethernet port used for subtending from service boards, subtending boards, and subtending ports to enable the isolation of all the access services at layer 2. l When you subtend slave shelves through the ETH subtending board, run this command to isolate the ETH subtending board used for subtending from service boards, subtending boards, and subtending ports to enable the isolation of all the access services at layer 2.
----End
Example Assume that master NE huawei_A and slave NE huawei_B are subtended through the SCU board. To add upstream port 0/7/0 and subtending port 0/7/1 of huawei_A to VLAN 100, and add upstream port 0/7/0 of huawei_B to VLAN 100, do as follows: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
289
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
huawei_A(config)#vlan 100 smart huawei_A(config)#port vlan 100 0/7 0 huawei_A(config)#port vlan 100 0/7 1 huawei_B(config)#vlan 100 smart huawei_B(config)#port vlan 100 0/7 0 huawei_B(config)#isolate port 0/7/0 It will take several minutes, and console may be timeout, please use command idle-timeout to set time limit Are you sure to continue? (y/n)[n]:y
Assume that master NE huawei_A and slave NE huawei_B are subtended through the ETHA board. To add upstream port 0/7/0 and subtending port 0/6/0 of huawei_A to VLAN 100, and add upstream port 0/7/0 of huawei_B to VLAN 100, do as follows: huawei_A(config)#vlan 100 smart huawei_A(config)#port vlan 100 0/7 0 huawei_A(config)#port vlan 100 0/6 0 huawei_B(config)#vlan 100 smart huawei_B(config)#port vlan 100 0/7 0 huawei_B(config)#isolate port 0/7/0 It will take several minutes, and console may be timeout, please use command idle-timeout to set time limit Are you sure to continue? (y/n)[n]:y
8.2 Configuring the ATM-DSLAM Access Service ATM-DSLAM access means that the MA5600 provides the ATM interface (for example, STM-1) for the subtending of earlier ATM-DSLAMs.
Background Information In the evolution from ATM networks to IP networks, carriers will replace their ATM-DSLAM network devices in the access layer with IP network devices. In this evolution, a large number of ATM network devices still exist on the network for a long time. To protect the investment of carriers and the network stability, the MA5600 provides ATM ports for ATM network devices to access the network. The MA5600 provides four ATM optical ports (STM-1) through the AIUG board for connecting to the ATM-DSLAM, and also provides the common Ethernet upstream or MPLS upstream service, as shown in Figure 8-1. Figure 8-1 ATM-DSLAM access
MPLS module
ETH switch module
GE BUS ATM access module Service stream A Service stream B
Issue 09 (2015-02-28)
ATM-DSLAM device
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
290
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
The MA5600 can provide two upstream transmission modes: direct Ethernet upstream transmission mode and MPLS upstream transmission mode. l
Directly Ethernet upstream transmission mode: Traffic stream B of the ATM-DSLAM is directly transmitted upstream to the upper-layer IP network through the Ethernet switching module of the SCU board. This mode is applicable to the common Internet access service.
l
MPLS upstream transmission mode: The MA5600 functions as a provider edge (PE), transmitting the services of the subtended ATM-DSLAM through the upstream port to the MPLS network. This mode is applicable to the private line service. According to actual requirements, the data on the upstream port can be encapsulated in the ATM PWE3 mode or the ETH PWE3 mode. – ATM PWE3: The MA5600 creates a transparent transmission channel for private line users. After encapsulated in the ATM PWE3 mode, the data is transmitted upstream to the MPLS core network. After reaching the peer device, the data is decapsulated, and the ATM cells are transmitted downstream to peer users. This encapsulation mode is applicable to the scenario where the ATM-DSLAM needs to communicate with the peer ATM-DSLAM or peer ATM BRAS over the MPLS network. – ETH PWE3: The MA5600 creates a transparent transmission channel for users. After encapsulated in the ETH PWE3 mode, the data is transmitted upstream to the MPLS core network. After reaching the peer device, the data is decapsulated. This encapsulation mode is applicable to the scenario where xPoA private line users perform authentication and packet forwarding over the MPLS network. NOTE
For xPoA users, the xPoA to xPoE protocol conversion needs to be configured.
8.2.1 Configuring the Attributes of an ATM Port The MA5600 provides the STM-1 optical port through the optical daughter board of the AIUG board. Before configuring the ATM-DSLAM access, you need to configure the attributes of the STM-1 port.
Background Information The attributes of an ATM port include clock type, interface type, maximum available VPIs of a VC, and port loopback. The system provides default settings of the attributes. You can change the attributes of an ATM port according to actual requirements.
Procedure Step 1 Run the interface aiu command to enter the AIU interface configuration mode. Step 2 Run the sub-interface optic command to enter the optical sub-interface mode. You should complete the STM-1 optical port related configurations in the optical sub-interface mode. Step 3 Run the tx clock command to configure the type of the transmit clock of the port. The clock includes two types: system clock and line clock. By default, the system clock is used. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
291
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
l System clock: Indicates that the transmit clock of the port is the same as the system clock. The clock precision is higher when the system clock is adopted. l Line clock: Indicates that the transmit clock of the port is the same as the line clock. That is, restore the clock from the received data and use this clock to transmit data. The transmit clock can synchronize well with the peer clock when the line clock is used. Step 4 Run the uni-nni-set command to set the interface type of an ATM port. NOTE
The latest configuration takes effect after the board is reset.
l The interface type can be UNI or NNI. l The default interface type is UNI. l The interface type can be set without referring to the network location, but it must be the same as that of the peer port. l When the port is of the UNI type, the VPI value ranges from 0 to 255. l When the port is of the NNI type, the VPI value ranges from 0 to 4095. Step 5 Run the vpi-num-for-vcc command to set maximum number of available VPIs of the VC. Proportion of VPIs and VCIs: VCIs x Maximum available VPIs of the VC = 16K. The more VPIs, the less the matching VCIs. Step 6 Run the loopback command to configure the loopback type of a specified port. When a PVC is not available, you can locate the fault from segment to segment through loopback. l Loopback is classified into local loopback and remote loopback. l Local loopback is performed from the port side towards inside. In the local loopback, the cells sent from a board to a port are sent back to the board when they arrive at the port, instead of being sent out. Local loopback can be used to detect the internal forwarding fault. l Remote loopback is performed from the port side towards outside. In remote loopback, the cells sent from the line are sent directly from the port instead of being processed by the board. Remote loopback can be used to detect the line fault. l After setting the loopback type, you can run the bip-insert and event-insert commands to insert specified error codec event or alarm to the line, thus checking the line condition. Step 7 Run the display resource command display resource to query the configured resources of the specified ATM port. ----End
Example To configure the clock type of ATM port 0/5/0 to line clock, the interface type to UNI, and the loopback type to remote loopback, do as follows: huawei(config)#interface aiu 0/5 huawei(config-if-aiu-0/5)#sub-interface optic huawei(config-if-aiu-0/5.optic)#tx clock 0 line huawei(config-if-aiu-0/5.optic)#uni-nni-set 0 uni Note: The new configuration will take effect after the board is reset huawei(config-if-aiu-0/5.optic)#loopback 0 remote huawei(config-if-aiu-0/5.optic)#display resource 0 The total VPIs supported by the port is 256 The number of available VPIs of VC connection supported by the port is 16 Max VP connection support on this port is 240 Max VC connection support on this port is 15872
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
292
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
Available VPI scope is {0,255} Available VCI scope is {32,1023} The port is configured as UNI Port speed 155Mbps Port of 155M does not support SD alarm huawei(config-if-aiu-0/5.optic)#
8.2.2 Configuring an ATM Service Port An ATM service port is a service channel connecting the user side to the network side. To provide the ATM service, an ATM service port must be configured.
Prerequisites l
The VLAN must be configured: 1.10 Configuring a VLAN.
l
The IP traffic profile must be configured: Configuring Traffic Management Based on Traffic Profile.
Background Information The MA5600 supports three different upstream transmission modes: l
Directly ETH upstream transmission
l
Upstream transmission after the ETH PWE3 encapsulation
l
Upstream transmission after the ATM PWE3 encapsulation
In the first two upstream transmission modes, you need to create an ETH service port based on the ATM port. After reaching the AIUG board, ATM cells are terminated, segmented, and reorganized into ETH packets. The difference is that, in the upstream transmission after the ETH PWE3 encapsulation, the ETH packets need to be forwarded to the MPLS service board for processing to complete the mapping of VLAN and PW. In the upstream transmission after the ATM PWE3 encapsulation, you need to create an ATM over Ethernet (AOE) service port based on the ATM port. After reaching the AIUG board, ATM cells are not fragmented or re-organized, but directly encapsulated into Ethernet frames. Each cell corresponds to an Ethernet frame, reserving the ATM PVC information. Then, the Ethernet frames are forwarded to the MPLS service board for process to complete the mapping of PVC and PW. NOTE
In different application scenarios, the parameters for creating a service port vary greatly. You can select the parameters according to actual requirements.
Procedure Step 1 Create an ATM service port. Run the service-port command to configure an ATM service port according to actual requirements. l To create an ETH service port based on the ATM port, run the following command: service-port vlan vlanid shdsl mode atmframeid/slotid/portid autosense rx-cttr rxindex tx-cttr tx-index service-port vlan vlanid shdsl mode atm frameid/slotid/portid vpi vpi vci vci multiservice { user-vlan user-vlanid | user-encap user-encap }rx-cttr rx-index tx-cttr tx-index Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
293
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
service-port vlan vlanid atm frameid/slotid/portid [ vpi vpi [ vci vci single-service ] ] rxcttr rx-index upc upc tx-cttr tx-index upc upc l To create an AOE service port based on the ATM port, run the following command: service-port vlan aoe shdsl mode atm frameid/slotid/portid [ vpi vpi [ vci vci [ singleservice ] ] ] rx-cttr rx-index tx-cttr tx-index service-port vlan aoe atm frameid/slotid/portid [ vpi vpi [ vci vci ] ] rx-cttr rx-index upc upc tx-cttr tx-index upc upc service-port vlan aoe vdsl mode atm frameid/slotid/portid [vpi vpi [vci vci singleservice] ] rx-cttr rx-index tx-cttr tx-index Step 2 (Optional) Configure the description of the service port. To facilitate maintenance, you can run the service-port desc command to configure the electronic label of a service port. After the description of a service port is configured successfully, the description is available. Step 3 Run the display service-port command to query the configuration of the service port. Step 4 Run the display service-port desc command to query the description of the service port. ----End
Example To create service port based on ATM port 0/5/0, add it to S-VLAN 10, set the service type to single-PVC for single service, set the VPI/VCI to 0/35, bind traffic profile 6 to the port, and configure the description of the service port to facilitate maintenance, do as follows: huawei(config)#service-port vlan 10 atm 0/5/0 vpi 0 vci 35 single-service rx-cttr 6 upc on tx-cttr 6 upc on huawei(config)#service-port desc 0/5/0 vpi 0 vci 35 description "atm_0/5/0_vlan10_0/35_single_rx6/tx6"
To create AOE service port based on ATM port 0/5/0, set the service type to single-PVC for single service, set the VPI/VCI to 0/35, bind traffic profile 6 to the port, and configure the description of the service port to facilitate maintenance, do as follows: huawei(config)#service-port vlan aoe atm 0/5/0 vpi 0 vci 35 single-service rx-cttr 6 upc on tx-cttr 6 upc on huawei(config)#service-port desc 0/5/0 vpi 0 vci 35 description "atm_0/5/0_aoe_0/35_single_rx6/tx6"
8.2.3 Configuring the xPoA-xPoE Protocol Conversion Configuring protocol conversion is required only when the encapsulation mode is IPoA or PPPoA, except the IPoE or PPPoE encapsulation mode.
Prerequisites The service port whose encapsulation mode is configured must exist.
Background Information In the xPoA access mode, data cannot be directly transmitted in the IP network, and protocol conversion is required. IPoA data and PPPoA data can be transmitted in the IP network only Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
294
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
after the IPoA-IPoE protocol conversion and the PPPoA-PPPoE protocol conversion are performed. The principles of the IPoA protocol are different from the principles of the PPPoA protocol. In the PPPoA mode, the BRAS automatically allocates a gateway address to the PPPoA user after the PPPoA user passes the authentication on the BRAS and the dialup is successful. Therefore, the default gateway address need not be configured in the PPPoA mode. In IPoA mode, the data is forwarded according to the route to the destination IP address and the next hop IP address needs to be configured. Therefore, the default gateway address needs to be configured in the IPoA mode. Figure 8-2 shows the flowchart for configuring the xPoA-xPoE protocol conversion. Figure 8-2 Flowchart for configuring the xPoA-xPoE protocol conversion IPoA-IPoE protocol conversion
PPPoA-PPPoE protocol conversion
Start
Start
Configure the MAC address pool
Configure the MAC address pool
Enable or disable the IPoAIPoE protocol conversion
Enable or disable the PPPoAPPPoE protocol conversion
Set the IP address of the IPoA到IPoE的协议转换 default gateway
Set the user packet encapsulation mode
Set the user packet encapsulation mode
(Optional) Enable or disable the PPPoA-PPPoE MRU negotiation
(Optional) Configure the aging time of the IPoA user forwarding entry
(Optional) Configure the user MAC address allocation mode
End
End
Table 8-1 lists the default settings of the xPoA-xPoE protocol conversion. Table 8-1 Default settings of the xPoA-xPoE protocol conversion
Issue 09 (2015-02-28)
Parameter
Default
Maximum number of the MAC addresses in the MAC address pool
256
Status of the IPoA-IPoE protocol conversion
Disabled
Aging time of the IPoA user forwarding entry
1200s
Status of the PPPoA-PPPoE protocol conversion
Disabled
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
295
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
Parameter
Default
Status of the MRU negotiation function during the PPPoA-PPPoE protocol conversion
Disabled
User MAC address allocation mode for the PPPoA-PPPoE protocol conversion
Multi-MAC mode
Procedure l
Enable the IPoA-IPoE protocol conversion. A user can access the Internet in the IPoA mode only after the IPoA-IPoE protocol conversion is enabled. 1.
In the global config mode, run the mac-pool command to configure the MAC address pool, which is used to allocate source MAC addresses to IPoA users. By default, the number of MAC addresses in the MAC address pool is 256, which can be changed by setting parameter scope. The MAC address encapsulated into packets during the IPoA-IPoE conversion is the MAC address allocated to the user from the MAC address pool.
2.
Run the ipoa enable command to enable the IPoA-IPoE protocol conversion. By default, the IPoA-IPoE protocol conversion is disabled.
3.
Run the encapsulation command to set the user packet encapsulation mode (select ipoa as the encapsulation mode). NOTE
l You only need to configure parameter dstip in either the ipoa default gateway or encapsulation command. If the MA5600 works in the L2 mode, set the IP address of the upper-layer router as the default gateway. If the MA5600 works in the L3 mode, set the IP address of the L3 interface corresponding to the MA5600 as the default gateway. l IPoA encapsulation is not supported in the single-PVC for multiple services application. l To convert the encapsulation mode from PPPoA to IPoA, you must change the encapsulation mode to llc bridge and then perform conversion.
4.
l
Run the ipoa expire-time command to set the aging time of the IPoA user forwarding entry. By default, the aging time of the IPoA user forwarding entry is 1200s. The default value is recommended.
Configure the PPPoA-PPPoE protocol conversion. A user can access the Internet in the PPPoA mode only after the PPPoA-PPPoE protocol conversion is enabled. 1.
In the global config mode, run the mac-pool command to configure the MAC address pool, which is used to allocate source MAC addresses to PPPoA users. By default, the number of MAC addresses in the MAC address pool is 256, which can be changed by setting parameter scope. The MAC address encapsulated into packets during the PPPoA-PPPoE conversion is the MAC address allocated to the user from the MAC address pool.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
296
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
2.
Run the pppoa enable command to enable the PPPoA-PPPoE protocol conversion. By default, the PPPoA-PPPoE protocol conversion is disabled.
3.
Run the encapsulation command to set the user packet encapsulation mode (select pppoa as the encapsulation mode). NOTE
l PPPoA encapsulation is not supported in the single-PVC for multiple services or QinQ VLAN application. l To convert the encapsulation mode from IPoA to PPPoA, you must change the encapsulation mode to llc bridge and then perform conversion.
4.
Run the pppoa mru command to enable PPPoA-PPPoE MRU negotiation. By default, the PPPoA-PPPoE MRU negotiation is disabled. Enable or disable the PPPoA-PPPoE MRU negotiation according to the packet processing conditions. – When the MRU negotiation is disabled, the PC initiates the PPPoE connection and performs the negotiation according to the MRU of 1492 bytes. In this case, packets need to be segmented and reassembled. – When the MRU negotiation is enabled, the MA5600 identifies the PPPoA-PPPoE packets, adds a tag to the packets, and then sends them to the BRAS. Then, the BRAS negotiates with the CPE according to the MRU of 1500 bytes. In this manner, the MTU between the CPE and the BRAS is equal to the standard Ethernet MTU. In this case, the packets need not be segmented or reassembled.
5.
Run the pppoa mac-mode command to set the user MAC address allocation mode for the PPPoA-PPPoE protocol conversion. By default, the user MAC address allocation mode is multi-mac. The single-mac mode can improve security. Select the mode according to the MAC address allocation mode of PPPoA users. – In the multi-MAC allocation mode (the multi-mac mode), PPPoE users are authenticated on the BRAS using their respective MAC address, and PPPoA users are allocated with different MAC addresses and are authenticated on the BRAS using these MAC addresses as source MAC addresses. – In the single-MAC allocation mode (the single-mac mode), the system replaces the MAC address of each PPPoE user with the MAC address of the corresponding board and allocates the same MAC address to all the PPPoA users.
----End
Example Assume that the MA5600 works in the L2 mode, the default gateway is the same as the IP address of the upper-layer router, which is 10.1.1.1, and the IPoA service encapsulation mode is LLC. To enable the IPoA-IPoE conversion with start MAC address 0000-0000-0001 in the MAC address pool that contains 200 MAC addresses, do as follows: huawei(config)#mac-pool 0 0000-0000-0001 200 huawei(config)#ipoa enable huawei(config)#ipoa default gateway 10.1.1.1 huawei(config)#encapsulation 0/2/0 vpi 0 vci 35 type ipoa llc srcIP 10.1.1.20
Assume that the PPPoA service encapsulation mode is LLC, and, to improve security, the user MAC address allocation mode is the single-MAC mode. To enable the PPPoA-PPPoE conversion with start MAC address 0000-1010-1000 in the MAC address pool that contains 200 MAC addresses, do as follows: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
297
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
huawei(config)#mac-pool 0 0000-1010-1000 200 huawei(config)#pppoa enable huawei(config)#encapsulation 0/2/0 vpi 0 vci 35 type pppoa llc huawei(config)#pppoa mac-mode single-mac
8.2.4 (Optional) Configuring the MPLS VPN Pseudo-wire emulation edge to edge (PWE3) is a type of L2 service bearer technology, used to emulate the essential behavior and characteristics of the services such as the ATM, frame relay, Ethernet, low-rate time division multiplexing (TDM) circuit, and synchronous optical network (SONET)/synchronous digital hierarchy (SDH) as faithfully as possible in a packet switched network (PSN). The PWE3 adopts LDP as the signaling protocol and simulates various L2 service through tunnels (such as the LSP tunnel). In this manner, the L2 data is transparently transmitted.
Configuring ETH PWE3 This topic describes how to configure the ETH PWE3 so that the ETH PWE3 can provide the Ethernet emulation function and the emulation private line solution in an IP network.
Prerequisites l
An LDP LSP must exist. For details about the configuration of the LDP LSP, see Configuring the LDP LSP.
l
An upstream port must exist. The VLAN to which the upstream port belongs must be a standard VLAN. For details about how to add an upstream port to a VLAN, see 3.2 Configuring an Upstream Port.
l
A route to the peer end must exist. PW has no special requirement for the routing policy. For details about the configuration of the route, see 2.2 Configuring the Route.
Background Information l
A VPN can be created between the local VLAN and the peer VLAN through binding the PW and the VLAN together. That is, by switching the labels, packets can transverse the MPLS network, thus implementing the communication at L2 between the local end and the remote end.
l
Only the standard VLAN supports ETH PWE3.
Networking Figure 8-3 shows an example network for configuring the ETH PWE3. Figure 8-3 Example network for configuring the ETH PWE3 LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24 10.1.3.1/24
LSR ID 2.2.2.2/32
Issue 09 (2015-02-28)
LSR ID 3.3.3.3/32
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
MA5600_B
298
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
Data Plan Table 8-2 provides the data plan for configuring the ETH PWE3. Table 8-2 Data plan for configuring the ETH PWE3 Item
Data
MA5600_A
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 1.1.1.1/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.2.1/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
MA5600_B
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 3.3.3.3/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.3.2/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
Router name
LSR ID: 2.2.2.2/32
Procedure Step 1 Run the mpls l2vpn command to enable MPLS L2VPN. Step 2 Run the service-port command to create an ETH service port. Step 3 Create a PW template. 1. Issue 09 (2015-02-28)
Run the pw-template command to create a PW template. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
299
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
2.
8 Configuring the Device Subtending
Run the peer-address command to configure the IP address of the peer device in the PW template. The configuration of the IP address is mandatory. If the IP address is not configured, a PW template cannot be directly referenced when the PW template is bound to a PVC.
3.
Run the pw-type command to configure the PW template type. The MA5600 supports only the PW template of the tagged type. In the tagged type, after receiving the PW packets, the peer PE can change, remove, or remain the tag of the PW packets according to the configuration.
4.
Run the quit command to quit the PW-template mode.
Step 4 Run the pw-ac-binding vlan command to bind the PW template to the PVC to create the ETH PW service. l The ID of the PW bound to the TDM must be the same as the PW ID of the remote peer. l A PW template can be bound dynamically or statically. To bind a PW template dynamically, enable MPLS LDP first. ----End
Example Assume that the PW template to be bound is of the Ethernet tagged type, the IP address of the peer device is 10.1.3.2, the outgoing label of the PW is 100, and the incoming label of the PW is 8500. To bind the PW to the VLAN of MA5600_A, and create the ETH PW service, do as follows: huawei(config)#mpls l2vpn huawei(config)#service-port vlan 10 adsl 0/1/0 rx-cttr 10 tx-cttr 10 huawei(config)#pw-template pwprofile huawei(config-pw-template-pwprofile)#peer-address 10.1.3.2 huawei(config-pw-template-pwprofile)#pw-type ethernet tagged huawei(config-pw-template-pwprofile)#quit huawei(config)#pw-ac-binding vlan 10 pw 1 pw-template pwprofile static transmitlabel 100 receive-label 8500
Configuring ATM PWE3 This topic describes how to configure the ATM PWE3 so that the ATM PWE3 can provide the ATM emulation function and the emulation private line solution in an IP network.
Prerequisites l
An LDP LSP must exist. For details about the configuration of the LDP LSP, see Configuring the LDP LSP.
l
An upstream port must exist. The VLAN to which the upstream port belongs must be a standard VLAN. For details about the configuration of the upstream port, see 3.2 Configuring an Upstream Port.
l
A route to the peer end must exist. PW has no special requirement for the routing policy. For details about the configuration of the upstream port, see 2.2 Configuring the Route.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
300
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
Background Information l
A VPN can be created between the local VLAN and the peer VLAN through binding the PW template and the VLAN together. That is, by switching the labels, packets can traverse the MPLS network, thus implementing the communication at L2 between the local end and the remote end.
l
Only the standard VLAN supports ATM PWE3.
Networking Figure 8-4 shows an example network for configuring the ATM PWE3. Figure 8-4 Example network for configuring the ATM PWE3 LSR ID 1.1.1.10/32
Router 10.1.2.1/24 10.1.2.2/24 MA5600_A
10.1.3.2/24
LSR ID 3.3.3.3/32
10.1.3.1/24
LSR ID 2.2.2.2/32
MA5600_B
Data Plan Table 8-3 provides the data plan for configuring the ATM PWE3. Table 8-3 Data plan for configuring the ATM PWE3 Item
Data
MA5600_A
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140 LSR ID: 1.1.1.1/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.2.1/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
MA5600_B
Upstream port: 0/7/2 VLAN ID of the upstream port: 140 Native VLAN ID of the upstream port: 140
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
301
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Item
8 Configuring the Device Subtending
Data LSR ID: 3.3.3.3/32 PW ID: 106 VLAN type: Standard VLAN VLAN ID: 140 IP address of the L3 interface: 10.1.3.2/24 PW template name: pwt Remote address: 3.3.3.8 Type: ATM SDU
Router name
LSR ID: 2.2.2.2/32
Procedure Step 1 Run the mpls l2vpn command to enable MPLS L2VPN. Step 2 Run the service-port command to create an ATM service port. Step 3 Create a PW template. 1.
Run the pw-template command to create a PW template.
2.
Run the peer-address command to configure the IP address of the peer device in the PW template. The configuration of the IP address is mandatory. If the IP address is not configured, a PW template cannot be directly referenced when the PW template is bound to the PVC.
3.
Run the pw-type command to set the PW template type. If the PW template is of the sdu type, the VPI and the VCI on the local end must be the same as those on the peer end. If the PW template is of the nto1 type, there is no requirement for the VPI and the VCI.
4.
Run the quit command to quit the PW-template mode.
Step 4 Run the pw-ac-binding pvc command to bind the PW template to the PVC to create the ATM PW service. l The ID of the PW bound to the TDM must be the same as the PW ID of the remote peer. l A PW template can be bound dynamically or statically. To bind a PW template dynamically, enable MPLS LDP first. ----End
Example Assume that the PW template to be bound is of the ATM sdu type and the IP address of the peer device is 10.1.3.2. To bind the PW to the PVC of MA5600_A, and create the ATM PW service, do as follows: huawei(config)#mpls l2vpn huawei(config)#service-port vlan 10 atm 0/6/0 vpi 0 vci 35 rx-cttr 10 upc off tx
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
302
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
8 Configuring the Device Subtending
-cttr 10 upc off huawei(config)#pw-template pwprofile huawei(config-pw-template-pwprofile)#peer-address 10.1.3.2 huawei(config-pw-template-pwprofile)#pw-type atm sdu huawei(config-pw-template-pwprofile)#quit huawei(config)#pw-ac-binding pvc 0/6/0 vpi 0 vci 35 pw 1 pw-template pwprofile
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
303
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
9
Configuration Example of the Integrated MSTP Network
About This Chapter This topic describes how to configure the integrated services on the MA5600s in the MSTP ring network. 9.1 Networking This topic describes the typical networking in the MSTP mode. 9.2 Data Plan This topic provides the data plan for the integrated MSTP network. 9.3 Configuring MA5600-1 This topic describes how to configure MA5600-1. The services to be configured include the ADSL2+ Internet access service, SHDSL Internet access service, QinQ private line service (MA5600-1 is interconnected with MA5600-5 through the private line), and multicast service. 9.4 Configuring MA5600-2 This topic describes how to configure MA5600-2. The services to be configured include the ADSL2+ Internet access service, SHDSL Internet access service, stacking wholesale service, and triple play service in the multi-PVC for multiple services mode. 9.5 Configuring MA5600-3 This topic describes how to configure MA5600-3. The services to be configured include the ADSL2+ Internet access service, SHDSL Internet access service, and multiple service. 9.6 Configuring MA5600-4 This topic describes how to configure MA5600-4. The services to be configured include the ADSL2+ Internet access service, SHDSL Internet access service, and multicast service. 9.7 Configuring MA5600-5 This topic describes how to configure MA5600-5. The service to be configured is the QinQ private line service (MA5600-1 is interconnected with MA5600-5 through the private line). 9.8 Verification
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
304
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide 9 Configuration Example of the Integrated MSTP Network
All the services configured on all the DSLAMs run in the normal state.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
305
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide 9 Configuration Example of the Integrated MSTP Network
9.1 Networking This topic describes the typical networking in the MSTP mode. Three MA5600s (MA5600-1, MA5600-2, and MA5600-3) form an MSTP ring network. l
MA5600-1 is connected to the IP network.
l
MA5600-3, through whose GE port, is subtended with MA5600-4.
l
MA5600-1 works with MA5600-5 to provide the QinQ service through the IP network.
Figure 9-1 shows an example MSTP network of the MA5600. Figure 9-1 Example MSTP network of the MA5600
Multicast Server
SoftSwitch
DHCP Server
ISP1 ISP2 ISP3
iManager N2000
LAN Switch BRAS
7
7
0
0
1
1
2
2
SCU
2
7
A D G E
0
3
A D G E
1 2
SCU
SCU
MA5600-1
7
S H E B
MA5600-2
STB
Ephone
TV
0 1 2
SCU MA5600-3 3
Home Gateway
MA5600-5
7
A D G E
0 1 2
SCU ADSL2 + Modem
PC
MA5600-4
PC
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
306
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide 9 Configuration Example of the Integrated MSTP Network NOTE
This network is for reference only. The actual network is determined according to the scenario.
9.2 Data Plan This topic provides the data plan for the integrated MSTP network. Table 9-1 provides the service and the data plan for the MA5600 in Figure 9-1. Table 9-1 Data plan for the integrated MSTP network Item
MA5600-1
MA5600-2
MA5600-3
MA5600-4
MA5600-5
Service
l ADSL2+ service
l ADSL2+ service
l ADSL2+ service
l ADSL2+ service
l SHDSL service
l SHDSL service
l SHDSL service
l SHDSL service
l QinQ private line service (intercom municated with MA5600 -5 through the private line)
l Stacking wholesale service
l Multicas t service
l Multicast service
QinQ private line service (intercommu nicated with MA5600-1 through the private line)
l Triple play service (multiple PVCs for multiple services)
l Multicast service Inband NMS address
GE port on the SCU board
10.10.1.2
10.10.1.3
10.10.1.4
10.10.1.5
10.10.1.6
255.255.255.0
255.255.255.0
Gateway:
Gateway:
255.255.255 .0
255.255.255. 0
255.255.255. 0
10.10.1.1/24
10.10.1.1/24
Gateway:
Gateway:
Gateway:
10.10.1.1/24
10.10.1.1/24
10.10.1.1/24
Upstream: 0/7/0
Upstream: 0/7/0
Upstream: 0/7/0
Upstream: 0/7/0-0/7/1
Upstream: 0/7/0-0/7/1
Subtending: 0/7/1-0/7/2
MSTP instance: 1
MSTP instance: 1
MSTP instance: 1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
307
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide 9 Configuration Example of the Integrated MSTP Network
Item
MA5600-1
MA5600-2
MA5600-3
MA5600-4
MA5600-5
VLAN
NMS: 10
NMS: 10
NMS: 10
NMS: 10
NMS: 10
QinQ: 50
Stacking: 60-62 (inner stacking: 111-113)
Multicast: 100
Multicast: 100
QinQ: 50
ADSL2+: 1000-1031 (uses the VLAN authenticati on)
ADSL2+: 1000 (uses the PPPoE authenticatio n)
Multicast: 100 ADSL2+: 1000-1031 (uses the VLAN authentication )
Slot plannin g
Triple play: 100-102 ADSL2+: 1000 (uses the PPPoE authentication)
SHDSL: 1300-1331 (uses the VLAN authentication )
SHDSL: 1300 (uses the PPPoE authentication)
SHDSL: 1300-1331 (uses the VLAN authenticati on)
ADSL2+: 0/3
ADSL2+: 0/3
SHDSL: 0/5
SHDSL: 0/5
ADSL2+: 0/3
ADSL2+: 0/3
QinQ: 0/5/31
Stacking:
SHDSL: 0/5
SHDSL: 0/5
Multicast: 0/2/2 and 0/2/3
0/2/0-10 (corresponding to VLAN 60, ISP1)
l The user on port 0/2/2 needs to be authenticat ed, who can watch two programs and preview one program.
0/2/11-20 (corresponding to VLAN 61, ISP2) 0/2/21-30 (corresponding to VLAN 62, ISP3) Triple play: 0/2/31
l The user on port 0/2/3 need not be authenticat ed.
Issue 09 (2015-02-28)
SHDSL: 1300 (uses the PPPoE authenticatio n)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
SHDSL: 0/5 QinQ: 0/5/31
Multicast: 0/2/2 and 0/2/3 l The user on port 0/2/2 needs to be authentic ated, who can watch two programs and preview one program. l The user on port 0/2/3 need not be authentic ated.
308
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
Item
MA5600-1
MA5600-2
MA5600-3
MA5600-4
MA5600-5
User PVC
PVC VPI/VCI of all the users: 0/35
VPI/VCI of the triple play service:
PVC VPI/ VCI of all the users: 0/35
PVC VPI/ VCI of all the users: 0/35
Line profile ID: 10
l Video service: 0/35
PVC VPI/ VCI of all the users: 0/35
Alarm profile ID: 10
l Internet service: 0/36
Traffic profile ID: 6
l Voice service: 0/37
Alarm profile ID: 10
Line profile ID: 10
Traffic profile ID: 6
Line profile ID: 10
Alarm profile ID: 10 Traffic profile ID: 6 NMS host
2.2.2.2 and 2.2.2.3
Log host
3.3.3.3 and 3.3.4.3
Multica st progra m
l Program name: program1; IP address: 224.1.1.1; VLAN ID: 100
Time server
4.4.4.4 and 4.4.4.5
EMU
AC PS4845 power monitoring and fan monitoring
DHCP server
DHCP server1: 10.1.1.2 (active) and 10.1.1.3 (standby)
l Program name: program2; IP address: 224.1.1.2; VLAN ID: 100 l Program name: program3; IP address: 224.1.1.3; VLAN ID: 100
Gateway: 10.1.1.1/24 DHCP server2: 10.4.4.2 (active) and 10.4.4.3 (standby) Gateway: 10.4.4.1/24
Upperlayer device
The upper-layer device supports the DHCP option82 function. The BRAS supports the PITP, stacking VLAN, and QinQ VLAN function. The BRAS supports inner and outer VLAN tags. The VLAN ID of the traffic flow sent from the IP network to the DSLAM is 100. The upper-layer device classifies the downstream traffic. Different service carries different 802.1p labels. The VLAN corresponding to the DSLAM is configured in the upper-layer IP network.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
309
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide NOTE
l In this networking, MA5600-1 can be replaced with a GE switch or a BRAS. l The upstream port of MA5600 supports the port aggregation function. In the actual network planning, you can aggregate multiple ports for use. l In this networking, the five MA5600s support the ADSL2+, SHDSL, and VDSL2 services. You can plan the services according to your actual network conditions.
9.3 Configuring MA5600-1 This topic describes how to configure MA5600-1. The services to be configured include the ADSL2+ Internet access service, SHDSL Internet access service, QinQ private line service (MA5600-1 is interconnected with MA5600-5 through the private line), and multicast service.
Procedure Step 1 Confirm the board. huawei>enable huawei#config huawei(config)#board confirm 0
Step 2 Configure the NMS. 1.
Configure the IP address of the inband NMS interface. l Create the NMS VLAN. huawei(config)#vlan 10 standard
l Add the upstream port. huawei(config)#port vlan 10 0/7 0-2
l Enter the NMS VLAN interface mode. huawei(config)#interface vlanif 10
l Configure the IP address of the NMS VLAN interface. huawei(config-if-vlanif10)#ip address 10.10.1.2 255.255.255.0
2.
Add the route. l Configure the route destined to the NMS (trap destination host). huawei(config)#ip route-static 2.2.2.2 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 2.2.2.3 255.255.255.255 10.10.1.1 preference 1
l Configure the route destined to the time server. huawei(config)#ip route-static 4.4.4.0 255.255.255.0 10.10.1.1 preference 1
l Configure the route destined to the log host. huawei(config)#ip route-static 3.3.3.0 255.255.255.0 10.10.1.1 preference 1 huawei(config)#ip route-static 3.3.4.0 255.255.255.0 10.10.1.1 preference 1
3.
Add the ACL rule to implement the traffic classification. huawei(config)#acl 3050 huawei(config-acl-adv-3050)#rule huawei(config-acl-adv-3050)#rule 0.0.0.0 huawei(config-acl-adv-3050)#rule destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule destination 10.10.1.2 0.0.0.0
Issue 09 (2015-02-28)
permit ip source any destination any deny ip source any destination 10.10.1.2 permit ip source 2.2.2.2 0.0.0.0 permit ip source 2.2.2.3 0.0.0.0
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
310
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.4 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.5 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.3.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.4.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#quit huawei(config)#packet-filter inbound ip-group 3050 port 0/7/1 huawei(config)#packet-filter inbound ip-group 3050 port 0/7/2
4.
Configure the SNMP parameters. l Configure the community name and the access rights. huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l Configure the administrator ID and contact information. huawei(config)#snmp-agent sys-info contact HW-075528780808
l Configure the device location information. huawei(config)#snmp-agent sys-info location Shenzhen China
l Configure the SNMP version. huawei(config)#snmp-agent sys-info version v2c NOTE
Here, the SNMP version must be the same as the SNMP version of the NMS. In this example, the NMS SNMP version is set to SNMP V2C.
5.
Enable the trap sending. huawei(config)#snmp-agent trap enable standard
6.
Set the trap destination address. huawei(config)#snmp-agent public huawei(config)#snmp-agent paramsname p1 huawei(config)#snmp-agent public huawei(config)#snmp-agent paramsname p2
7.
target-host trap-paramsname p1 v2c securityname target-host trap-hostname aaa address 2.2.2.2 traptarget-host trap-paramsname p2 v2c securityname target-host trap-hostname bbb address 2.2.2.3 trap-
Set the trap source address. huawei(config)#snmp-agent trap source vlanif 10
Step 3 Configure the time server. huawei(config)#ntp-service unicast-server 4.4.4.4 source-interface vlanif 10 huawei(config)#ntp-service unicast-server 4.4.4.5 source-interface vlanif 10
Step 4 Configure the log host. huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost
add 3.3.3.3 activate ip add 3.3.4.3 activate ip
syslog-1 3.3.3.3 syslog-2 3.3.4.3
Step 5 Configure the EMU. This topic uses the fan and PS4845 power supply as an example to describe how to configure the environment monitoring unit (EMU). When configuring the fan monitoring and power monitoring, note that the default master-slave node address of the fan monitoring is 0. In this example, the master-slave node address of the fan monitoring is assumed to be 1. Therefore, set the node address DIP switch on the fan monitoring board to 1. The master-slave node address of the power monitoring is 0. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
311
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#emu add 0 power4845 0 0 fore huawei(config)#emu add 1 fan 0 1 back huawei(config)#interface emu 0 huawei(config-if-power4845-0)#power module-num 2 1 2 huawei(config-if-power4845-0)#quit
Step 6 Configure SCU subtending MA5600-1 is subtended with MA5600-2 and MA5600-3. Therefore, subtending needs to be configured. huawei(config)#vlan huawei(config)#port huawei(config)#vlan huawei(config)#port
60 to 62 standard vlan 60 to 62 0/7 0-2 101 to 102 standard vlan 101 to 102 0/7 0-2
Step 7 Configure MSTP. 1.
Enable the MSTP function. huawei(config)#stp enable Change global stp state may active region configuration,it may take several minutes,are you sure to change global stp state? [Y/N][N]y
2.
Set the MSTP region name. huawei(config)#stp region-configuration huawei(stp-region-configuration)#region-name hwrg
3.
Configure MSTP instance 1. huawei(stp-region-configuration)#instance 1 vlan 1 to 4094
4.
Activate the configuration of the MSTP region manually. huawei(stp-region-configuration)#active region-configuration STP actives region configuration, it may take several minutes,are you sure to active region configuration? [Y/N][N]y
5.
Set the priority of MA5600_1 in the instance. huawei(stp-region-configuration)#quit huawei(config)#stp instance 0 priority 0 huawei(config)#stp instance 1 priority 0
Step 8 Configure ADSL2+ service. The MA5600 supports the ADSL2+ service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the ADSL2+ service. 1.
Configure the ADSL2+ line profile. You can configure the ADSL2+ line profile based on your requirements. huawei(config)#adsl line-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected >Do you want to name the profile (y/n) [n]:n > Please choose default value type 0-adsl 1-adsl2+ (0~1) [0]:1 > Will you set basic configuration for modem? (y/n)[n]:n > Please select channel mode 0-interleaved 1-fast (0~1) [0]: > Will you set interleaved delay? (y/n)[n]:n >Please select form of transmit rate adaptation in downstream: > 0-fixed 1-adaptAtStartup 2-adaptAtRuntime (0~2) [1]: > Will you set SNR margin for modem? (y/n)[n]:n > Will you set parameters for rate? (y/n)[n]:y > Minimum transmit rate in downstream (32~32000 Kbps) [32]: > Maximum transmit rate in downstream (32~32000 Kbps) [24544]:8000 > Minimum transmit rate in upstream (32~3000 Kbps) [32]:
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
312
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide > Maximum transmit rate in upstream (32~3000 Kbps) [1024]: Add profile 10 successfully
2.
Configure the ADSL2+ alarm profile. You can configure the ADSL2+ alarm profile based on your requirements. huawei(config)#adsl alarm-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Link Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0] > Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1 > The number of failed fast retrain seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of positive difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of positive difference between the current rate in interleaved mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in interleaved mode (0~2968kbps) [0]: Add profile 10 successfully
3.
and the past transmit and the past transmit and the past transmit and the past transmit
Configure the ADSL2+ traffic profile. You can configure the ADSL2+ traffic profile by running the traffic table command based on your requirements. In this example, the default profile (profile 6) is used.
4.
Activate the ADSL2+ port. huawei(config)#interface adsl 0/3 huawei(config-if-adsl-0/3)#deactivate all huawei(config-if-adsl-0/3)#alarm-config all 10 huawei(config-if-adsl-0/3)#activate all profile-index 10 huawei(config-if-adsl-0/3)#quit
5.
Configure the upstream port. l Configure the SCU board. The configuration of the upstream port of the SCU board needs to be the same as that of the peer device.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
313
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
Run the auto-neg command to set the port to work in the auto-negotiation mode. If the port does not work in the auto-negotiation mode, change to the SCU config mode and run the speed command to change the port rate, and run the duplex command to change the port duplex mode. l Configure the VLAN. The ADSL2+ users of MA5600-1 use the VLAN authentication. In this case, the MUX VLAN is used to identify the users. huawei(config)#vlan 1000 to 1031 mux huawei(config)#port vlan 1000 to 1031 0/7 0-2
6.
Add the service port. All ports in slot 0/3 provide the ADSL2+ service. To add service ports in batches, run the multi-service-port command. huawei(config)#multi-service-port from-vlan 1000 port 0/3 0-31 vpi 0 vci 35 rxcttr 6 tx-cttr 6
Step 9 Configure the SHDSL service. The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic takes the PPPoE mode as an example to describe how to configure the SHDSL service. 1.
Configure the SHDSL line profile. To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile quickadd command. huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr 10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
2.
Configure the SHDSL alarm profile. To configure the SHDSL alarm profile, run the shdsl alarm-profile add command. In this example, the default profile (profile 1) is used.
3.
Activate the SHDSL port. huawei(config)#interface shdsl 0/5 huawei(config-if-shdsl-0/5)#deactivate all huawei(config-if-shdsl-0/5)#alarm-config all 1 huawei(config-if-shdsl-0/5)#activate all profile-index 10 huawei(config-if-shdsl-0/5)#quit
4.
Configure the upstream port. The SHDSL users of MA5600-1 adopt the VLAN authentication. In this case, the MUX VLAN is used to identify the users. huawei(config)#vlan 1300 to 1331 mux huawei(config)#port vlan 1300 to 1331 0/7 0-2
5.
Add the service port. Ports 0-30 in slot 0/5 provide the SHDSL service. To activate the ports in batches, run the multi-service-port command. huawei(config)#multi-service-port from-vlan 1300 port 0/5 0-30 vpi 0 vci 35 rxcttr 6 tx-cttr 6
Step 10 Configure the QinQ private line service. MA5600-1 and MA5600-5 belong to two representative offices of the same enterprise and they can communicate with each other normally through the QinQ private line. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
314
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
1.
Create VLAN 50. huawei(config)#vlan 50 mux
2.
Set VLAN 50 as QinQ VLAN. huawei(config)#vlan attrib 50 q-in-q
3.
Add the upstream port. huawei(config)#port vlan 50 0/7 0-2
4.
Add the service port. To add the service port, run the service-port command. Note that the VPI and VCI values set during the execution of the service-port command must be the same as those on the modem. The QinQ VLAN supports only the PVC-priority scheduling policy. In this case, select the profile that supports PVC-priority policy. huawei(config)#traffic table index 7 ip car off priority 0 priority-policy pvcSetting huawei(config)#service-port vlan 50 shdsl mode ptm 0/5/31 vpi 0 vci 35 rx-cttr 7 tx-cttr 7
Step 11 Configure the multicast service. After the configuration, the following results need to be achieved: l The user on port 0/2/2 needs to be authenticated, who can watch two programs and preview one program. l The user on port 0/2/3 need not be authenticated. 1.
Configure the line profile. In this example, the ADSL port adopts the default line profile (profile 1002). Therefore, you need not configure the line profile.
2.
Configure the VLAN. l Create a VLAN. huawei(config)#vlan 100 smart
l Add the upstream port to the VLAN. huawei(config)#port vlan 100 0/7 0-2
l Configure the native VLAN. huawei(config)#interface scu 0/7 huawei(config-if-giu-0/7)#native-vlan 0 vlan 100 huawei(config-if-giu-0/7)#native-vlan 1 vlan 100 huawei(config-if-giu-0/7)#native-vlan 2 vlan 100
l Create the traffic profile. huawei(config)#traffic table index 8 ip car off priority 5 priority-policy pvc-Setting
l Add ADSL2+ port 0/2/2 and 0/2/3 to VLAN 100. huawei(config)#service-port vlan 100 adsl 0/2/2 vpi 0 vci 35 rx-cttr 8 tx-cttr 8 huawei(config)#service-port vlan 100 adsl 0/2/3 vpi 0 vci 35 rx-cttr 8 tx-cttr 8
3.
Configure the multicast service. l Enable the multicast proxy. huawei(config)#btv huawei(config-btv)#igmp mode proxy
l Add the upstream port. huawei(config-btv)#igmp uplink-port 0/7/0 100
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
315
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
l Configure the program mode for the upstream port. huawei(config-btv)#igmp uplink-port-mode program
l Configure the program library. huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 100 bind 0/7/0 huawei(config-btv)#igmp program add name program2 ip 224.1.1.2 vlan 100 bind 0/7/0 huawei(config-btv)#igmp program add name program3 ip 224.1.1.3 vlan 100 bind 0/7/0
l Configure the rights profile. huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program2 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program3 preview
l Configure preview parameters. Configure preview parameters according to the requirements. In this example, set the preview duration for program 3 to 150s, the preview counts to 6, and the preview interval to 60s. huawei(config-btv)#igmp preview program name program3 preview-duration 150 huawei(config-btv)#igmp preview program name program3 preview-times 6 huawei(config-btv)#igmp preview program name program3 preview-interval 60
You can run the igmp preview auto-reset-time command to set the time for automatically clearing the preview counts. In this example, the system clears the preview counts of all the subscribers at 00:00:00 every day. huawei(config-btv)#igmp preview auto-reset-time 00:00:00
l Configure the user. huawei(config-btv)#igmp user add port 0/2/3 adsl 0 35 no-auth huawei(config-btv)#igmp user add port 0/2/2 adsl 0 35 auth huawei(config-btv)#igmp user bind-profile port 0/2/2 profile-name profile0
Step 12 Configure the subtending multicast service. In the MSTP ring network, MA5600-1 is subtended with MA5600-3, and MA5600-3 is subtended with MA5600-4. According to the data plan, MA5600-4 provides the multicast service. In this manner, it is necessary to configure the multicast subtending on MA5600-1 first. 1.
Add the upstream port. The upstream port is already added in Step 11.3. It is unnecessary to configure it again.
2.
Configure the IGMP proxy. The IGMP proxy is already configured in Step 11.3. It is unnecessary to configure it again.
3.
Configure the program library. The program library is already configured in Step 11.3. It is unnecessary to configure it again.
4.
Configure the multicast for the subtending port. l Specify a subtending port. huawei(config-btv)#igmp cascade-port 0/7/1 huawei(config-btv)#igmp cascade-port 0/7/2
l Modify the subtending port. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
316
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config-btv)#igmp cascade-port modify 0/7/1 static enable huawei(config-btv)#igmp cascade-port modify 0/7/2 static enable
l Add programs to the static subtending port. huawei(config-btv)#igmp static-join sourceip 192 .168.1.2 huawei(config-btv)#igmp static-join sourceip 192 .168.1.2 huawei(config-btv)#igmp static-join sourceip sourceip 192.168.1.2 huawei(config-btv)#igmp static-join sourceip sourceip 192.168.1.2 huawei(config-btv)#igmp static-join sourceip 192.168.1.2 huawei(config-btv)#igmp static-join sourceip 192.168.1.2
cascade-port 0/7/1 ip 224.1.1.1
cascade-port 0/7/1 ip 224.1.1.2
cascade-port 0/7/1 ip 224.1.1.3 cascade-port 0/7/2 ip 224.1.1.1 cascade-port 0/7/2 ip 224.1.1.2 cascade-port 0/7/2 ip 224.1.1.3
Step 13 Save the data. huawei(config-btv)#quit huawei(config)#save
----End
9.4 Configuring MA5600-2 This topic describes how to configure MA5600-2. The services to be configured include the ADSL2+ Internet access service, SHDSL Internet access service, stacking wholesale service, and triple play service in the multi-PVC for multiple services mode.
Procedure Step 1 Confirm the board. huawei>enable huawei#config huawei(config)#board confirm 0
Step 2 Configure the NMS. 1.
Configure the IP address of the inband NMS interface. l Create the NMS VLAN. huawei(config)#vlan 10 standard
l Add the upstream port. huawei(config)#port vlan 10 0/7 0-1
l Configure the IP address of the NMS VLAN interface. huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.10.1.3 255.255.255.0
2.
Add the route. l Configure the route destined to the NMS (Trap destination host). huawei(config)#ip route-static 2.2.2.0 255.255.255.0 10.10.1.1 preference 1
l Configure the route destined to the time server. huawei(config)#ip route-static 4.4.4.0 255.255.255.0 10.10.1.1 preference 1
l Configure the route destined to the log host. huawei(config)#ip route-static 3.3.3.0 255.255.255.0 10.10.1.1 preference 1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
317
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#ip route-static 3.3.4.0 255.255.255.0 10.10.1.1 preference 1
3.
Add the ACL rule. huawei(config)#acl 3050 huawei(config-acl-adv-3050)#rule permit ip source any destination any huawei(config-acl-adv-3050)#rule deny ip source any destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.2 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.4 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.5 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.3.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.4.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#quit huawei(config)#packet-filter inbound ip-group 3050 port 0/7/0 huawei(config)#packet-filter inbound ip-group 3050 port 0/7/1
4.
Configure SNMP. l Configure the community name and access rights. huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l Configure the administrator ID and contact information. huawei(config)#snmp-agent sys-info contact HW-075512345678
l Configure the device location information. huawei(config)#snmp-agent sys-info location Shenzhen China
l Configure the SNMP version. Here, the SNMP version must be the same as that of NMS. In this example, the NMS SNMP version is set to SNMP V2C. huawei(config)#snmp-agent sys-info version v2c
5.
Enable trap sending. huawei(config)#snmp-agent trap enable standard
6.
Set the trap destination address. huawei(config)#snmp-agent public huawei(config)#snmp-agent paramsname p1 huawei(config)#snmp-agent public huawei(config)#snmp-agent paramsname p2
7.
target-host trap-paramsname p1 v2c securityname target-host trap-hostname aaa address 2.2.2.2 traptarget-host trap-paramsname p2 v2c securityname target-host trap-hostname bbb address 2.2.2.3 trap-
Set the trap source address. huawei(config)#snmp-agent trap source vlanif 10
Step 3 Configure the time server. huawei(config)#ntp-service unicast-server 4.4.4.4 source-interface vlanif 10 huawei(config)#ntp-service unicast-server 4.4.4.5 source-interface vlanif 10
Step 4 Configure the log host. huawei(config)#loghost add 3.3.3.3 syslog-1 huawei(config)#loghost activate ip 3.3.3.3
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
318
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#loghost add 3.3.4.3 syslog-2 huawei(config)#loghost activate ip 3.3.4.3
Step 5 Configure the EMU. This topic uses the fan and the PS4845 power supply as an example to describe how to configure the EMU. When configuring the fan monitoring, note that the default master-slave node address of the fan monitoring is 0. In this example, the master-slave node address of the fan monitoring is assumed to be 1. Therefore, set the node address DIP switch on the fan monitoring board to 1. huawei(config)#emu add 0 power4845 0 0 fore huawei(config)#emu add 1 fan 0 1 back huawei(config)#interface emu 0 huawei(config-if-power4845-0)#power module-num 2 1 2 huawei(config-if-power4845-0)#quit
Step 6 Configure SCU subtending. MA5600-1 is subtended with MA5600-2, MA5600-3, and MA5600-4. Therefore, the subtending needs to be configured. huawei(config)#vlan huawei(config)#port huawei(config)#vlan huawei(config)#port
1001 vlan 1301 vlan
to 1031 standard 1001 to 1031 0/7 0-1 to 1031 standard 1031 0/7 0-1
Step 7 Configure MSTP. 1.
Enable the MSTP function. huawei(config)#stp enable Change global stp state may active region configuration,it may take several minutes,are you sure to change global stp state? [Y/N][N]y
2.
Set the MSTP region name. huawei(config)#stp region-configuration huawei(stp-region-configuration)#region-name hwrg
3.
Configure MSTP instance 1. huawei(stp-region-configuration)#instance 1 vlan 1 to 4094
4.
Activate the configuration of the MSTP region. huawei(stp-region-configuration)#active region-configuration STP actives region configuration, it may take several minutes,are you sure to active region configuration? [Y/N][N]y
Step 8 Enable PITP. huawei(config)#pitp enable pmode
Step 9 Configure ADSL2+ service. The MA5600 supports the ADSL2+ Internet access service in multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the ADSL2+ service. 1.
Configure the ADSL2+ line profile. You can configure the ADSL2+ line profile based on your requirements. huawei(config)#adsl line-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected >Do you want to name the profile (y/n) [n]:n
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
319
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide > Please choose default value type 0-adsl 1-adsl2+ (0~1) [0]:1 > Will you set basic configuration for modem? (y/n)[n]:n > Please select channel mode 0-interleaved 1-fast (0~1) [0]: > Will you set interleaved delay? (y/n)[n]:n >Please select form of transmit rate adaptation in downstream: > 0-fixed 1-adaptAtStartup 2-adaptAtRuntime (0~2) [1]: > Will you set SNR margin for modem? (y/n)[n]:n > Will you set parameters for rate? (y/n)[n]:y > Minimum transmit rate in downstream (32~32000 Kbps) [32]: > Maximum transmit rate in downstream (32~32000 Kbps) [24544]:8000 > Minimum transmit rate in upstream (32~3000 Kbps) [32]: > Maximum transmit rate in upstream (32~3000 Kbps) [1024]: Add profile 10 successfully
2.
Configure the ADSL2+ traffic profile. You can configure the ADSL2+ traffic profile by running the traffic table command based on your requirements. In this example, the default profile (profile 6) is used.
3.
Activate the ADSL2+ port. huawei(config)#interface adsl 0/3 huawei(config-if-adsl-0/3)#deactivate all huawei(config-if-adsl-0/3)#alarm-config all 10 huawei(config-if-adsl-0/3)#activate all profile-index 10 huawei(config-if-adsl-0/3)#quit
4.
Configure the upstream port. l Configure the SCU board. The configuration of the upstream port of the SCU board needs to be the same as the configuration of the peer device. Run the auto-neg command to set the port to work in the auto-negotiation mode. If the port does not work in the auto-negotiation mode, change to the SCU config mode and run the speed command to change the port rate, and run the duplex command to change the port duplex mode. l Configure the VLAN. The ADSL2+ users of MA5600-2 use the PPPoE authentication. In this case, the smart VLAN is used to identify the users. huawei(config)#vlan 1000 smart huawei(config)#port vlan 1000 0/7 0-1
5.
Add the service port. All ports in slot 0/3 provide the ADSL2+ services. To add service ports in batches, run the multi-service-port command. huawei(config)#multi-service-port vlan 1000 port 0/3 0-31 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 10 Configure the SHDSL service. The MA5600 supports the SHDSL Internet access service in multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the SHDSL service. 1.
Configure the SHDSL line profile. To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile quickadd command.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
320
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr 10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
2.
Configure the SHDSL alarm profile. To configure the SHDSL alarm profile, run the shdsl alarm-profile add command. In this example, the default profile (profile 1) is used.
3.
Configure the SHDSL traffic profile. To configure the SHDSL traffic profile, run the traffic table command. In this example, the default profile (profile 1) is used.
4.
Activate the SHDSL port. huawei(config)#interface shdsl 0/5 huawei(config-if-shdsl-0/5)#deactivate all huawei(config-if-shdsl-0/5)#alarm-config all 1 huawei(config-if-shdsl-0/5)#activate all profile-index 10 huawei(config-if-shdsl-0/5)#quit
5.
Configure the upstream port. The SHDSL users of MA5600-2 use the PPPoE authentication. In this case, the smart VLAN is used to identify the users. huawei(config)#vlan 1300 smart huawei(config)#port vlan 1300 0/7 0-1
6.
Add the service port. Ports 0-30 of the SHDSL board in slot 0/5 provide the SHDSL services. To add service ports in batches, run the multi-service-port command. huawei(config)#multi-service-port vlan 1300 port 0/5 0-31 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 11 Configure the stacking wholesale service. ISP1 provides users of ports 0-10 on the board in slot 0/2 with the stacking wholesale service. ISP2 provides users of ports 11-20 to with the stacking wholesale service. ISP3 provides users of port 21-30 with the stacking wholesale service. 1.
Create a VLAN and set the attribute as stacking. huawei(config)#vlan 60 to 62 smart huawei(config)#vlan attrib 60 to 62 stacking
2.
Add the upstream port. huawei(config)#port vlan 60 to 62 0/7 0-1
3.
Add the service port. huawei(config)#multi-service-port vlan 60 port 0/2 0-10 vpi 0 vci 35 rx-cttr 6 tx-cttr 6 huawei(config)#multi-service-port vlan 61 port 0/2 11-20 vpi 0 vci 35 rx-cttr 6 tx-cttr 6 huawei(config)#multi-service-port vlan 62 port 0/2 21-30 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
4.
Configure the inner label. huawei(config)#stacking label vlan 60 baselabel 111 huawei(config)#stacking label vlan 61 baselabel 112 huawei(config)#stacking label vlan 62 baselabel 113
Step 12 Configure the triple play service. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
321
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
After the configuration, the following results need to be achieved: The user of port 0/2/31 can watch the programs with IP addresses 224.1.1.1 and 224.1.1.2 and can only preview the program with IP address 224.1.1.3. 1.
Configure upstream ports and VLANs. huawei(config)#vlan 100 smart huawei(config)#port vlan 100 0/7 0-1 //Configure the VLAN and the upstream ports for the video service. huawei(config)#vlan 101 mux huawei(config)#port vlan 101 0/7 0-1 //Configure the VLAN and the upstream ports for the Internet access service. huawei(config)#vlan 102 smart huawei(config)#port vlan 102 0/7 0-1 //Configure the VLAN and the upstream ports for the voice service.
2.
Configure the traffic table. The voice service has the highest priority, and the Internet access service has the lowest priority. Assume that the Internet access service uses traffic table 6, with the priority of 0. The following shows how to create the traffic tables for the voice service and the video service respectively. huawei(config)#traffic table index 7 ip car 1024 priority 7 priority-policy Pvc-Setting huawei(config)#traffic table index 8 ip car off priority 5 priority-policy PvcSetting
3.
Configure service ports. huawei(config)#service-port vlan 100 adsl 0/2/31 vpi 0 vci 35 rx-cttr 8 tx-cttr 8 huawei(config)#service-port vlan 101 adsl 0/2/31 vpi 0 vci 36 rx-cttr 6 tx-cttr 6 huawei(config)#service-port vlan 102 adsl 0/2/31 vpi 0 vci 37 rx-cttr 7 tx-cttr 7
4.
Configure the DHCP relay mode for the video service. l Configure the DHCP mode. huawei(config)#dhcp mode layer-3 option-60
l Configure the DHCP server. huawei(config)#dhcp-server 1 ip 10.1.1.2 10.1.1.3 huawei(config)#dhcp domain video //It is configured according to the actual domain name of the STB. huawei(config-dhcp-domain-video)#dhcp-server 1
l Configure the gateway mapped to the DHCP domain. huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#ip address 10.1.1.1 24 huawei(config-if-vlanif100)#dhcp domain video gateway 10.1.1.1
l Enable the DHCP option82 function. huawei(config)#dhcp option82 enable huawei(config)#raio-mode xdsl-port-rate
5.
Configure the DHCP relay mode for the voice service. l Configure the DHCP server. huawei(config)#dhcp-server 2 ip 10.4.4.2 10.4.4.3 huawei(config)#dhcp domain voice //It is configured according to the actual domain name of the IAD. huawei(config-dhcp-domain-voice)#dhcp-server 2
l Configure the gateway mapped to the DHCP domain.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
322
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#interface vlanif 102 huawei(config-if-vlanif102)#ip address 10.4.4.1 24 huawei(config-if-vlanif102)#dhcp domain voice gateway 10.4.4.1
6.
Configure the multicast service. huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 0 vlan 1 huawei(config-if-scu-0/7)#native-vlan 1 vlan 1 huawei(config-if-scu-0/7)#quit huawei(config)#btv huawei(config-btv)#igmp mode proxy huawei(config-btv)#igmp uplink-port 0/7/0 100 huawei(config-btv)#igmp uplink-port 0/7/1 100 huawei(config-btv)#igmp uplink-port-mode mstp huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 100 huawei(config-btv)#igmp program add name program2 ip 224.1.1.2 vlan 100 huawei(config-btv)#igmp program add name program3 ip 224.1.1.3 vlan 100 huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program2 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program3 preview huawei(config-btv)#igmp user add port 0/2/30 adsl 0 35 auth huawei(config-btv)#igmp user bind-profile port 0/2/31 profile-name profile0
Step 13 Configure the subtending multicast service. In the MSTP ring network, MA5600-1 is subtended with MA5600-3, and MA5600-3 is subtended with MA5600-4. According to the data plan, MA5600-4 provides the multicast service. In this manner, it is necessary to configure the multicast subtending on MA5600-2 first. 1.
Configure the upstream port. The upstream port is already added in Step 12.6. It is unnecessary to configure it again.
2.
Configure the IGMP proxy. The IGMP proxy is already configured in Step 12.6. It is unnecessary to configure it again.
3.
Configure the program library. The program library is already configured in Step 12.6. It is unnecessary to configure it again.
4.
Configure the multicast for the subtending port. l Specify the subtending port. huawei(config-btv)#igmp cascade-port 0/7/0 huawei(config-btv)#igmp cascade-port 0/7/1
l Modify the attribute of subtending port. huawei(config-btv)#igmp cascade-port modify 0/7/0 static enable huawei(config-btv)#igmp cascade-port modify 0/7/1 static enable
l Add programs to the static subtending port. huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2
Issue 09 (2015-02-28)
static-join cascade-port 0/7/0 ip 224.1.1.1 static-join cascade-port 0/7/0 ip 224.1.1.2 static-join cascade-port 0/7/0 ip 224.1.1.3 static-join cascade-port 0/7/1 ip 224.1.1.1 static-join cascade-port 0/7/1 ip 224.1.1.2
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
323
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.3 sourceip 192.168.1.2
Step 14 Save the data. huawei(config-btv)#quit huawei(config)#save
----End
9.5 Configuring MA5600-3 This topic describes how to configure MA5600-3. The services to be configured include the ADSL2+ Internet access service, SHDSL Internet access service, and multiple service.
Procedure Step 1 Confirm the board. huawei>enable huawei#config huawei(config)#board confirm 0
Step 2 Configure the NMS. 1.
Configure the IP address of the inband NMS interface. l Create the NMS VLAN. huawei(config)#vlan 10 standard
l Add the upstream port. huawei(config)#port vlan 10 0/7 0-2
l Configure the IP address of the NMS VLAN interface. huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.10.1.4 255.255.255.0
2.
Add the route. l Configure the route destined to the NMS (Trap destination host). huawei(config)#ip route-static 2.2.2.0 255.255.255.0 10.10.1.1 preference 1
l Configure the route destined to the time server. huawei(config)#ip route-static 4.4.4.0 255.255.255.0 10.10.1.1 preference 1
l Configure the route destined to the log host. huawei(config)#ip route-static 3.3.3.0 255.255.255.0 10.10.1.1 preference 1 huawei(config)#ip route-static 3.3.4.0 255.255.255.0 10.10.1.1 preference 1
3.
Add the ACL rule to implement the traffic classification. huawei(config)#acl 3050 huawei(config-acl-adv-3050)#rule huawei(config-acl-adv-3050)#rule 0.0.0.0 huawei(config-acl-adv-3050)#rule destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule
Issue 09 (2015-02-28)
permit ip source any destination any deny ip source any destination 10.10.1.2 permit ip source 2.2.2.2 0.0.0.0 permit ip source 2.2.2.3 0.0.0.0 permit ip source 4.4.4.4 0.0.0.0 permit ip source 4.4.4.5 0.0.0.0 permit ip source 3.3.3.3 0.0.0.0
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
324
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.4.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#quit huawei(config)#packet-filter inbound ip-group 3050 port 0/7/0 huawei(config)#packet-filter inbound ip-group 3050 port 0/7/1
4.
Configure SNMP. l Configure the community name and access rights. huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l Configure the administrator ID and contact information. huawei(config)#snmp-agent sys-info contact HW-075512345678
l Configure the device location information. huawei(config)#snmp-agent sys-info location Shenzhen China
l Configure the SNMP version. Here, the SNMP version must be the same as the SNMP version of the NMS. In this example, the NMS SNMP version is set to SNMP V2C. huawei(config)#snmp-agent sys-info version v2c
5.
Enable trap sending. huawei(config)#snmp-agent trap enable standard
6.
Set the trap destination address. huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p1 huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p2
7.
target-host trap-paramsname p1 v2c securityname target-host trap-hostname aaa address 2.2.2.2 tr target-host trap-paramsname p2 v2c securityname target-host trap-hostname bbb address 2.2.2.3 tr
Set the trap source address. huawei(config)#snmp-agent trap source vlanif 10
Step 3 Configure the time server. huawei(config)#ntp-service unicast-server 4.4.4.4 source-interface vlanif 10 huawei(config)#ntp-service unicast-server 4.4.4.5 source-interface vlanif 10
Step 4 Configure the log host. huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost
add 3.3.3.3 activate ip add 3.3.4.3 activate ip
syslog-1 3.3.3.3 syslog-2 3.3.4.3
Step 5 Configure the EMU. This topic uses the fan and the PS4845 power supply as examples to describe how to configure the EMU. When configuring the fan monitoring, note that the default master-slave node address of the fan monitoring is 0. In this example, the master-slave node address of the fan monitoring is assumed to be 1. Therefore, set the node address DIP switch on the fan monitoring board to 1. huawei(config)#emu add 0 power4845 0 0 fore huawei(config)#emu add 1 fan 0 1 back huawei(config)#interface emu 0
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
325
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config-if-power4845-0)#power module-num 2 1 2 huawei(config-if-power4845-0)#quit
Step 6 Configure SCU subtending. MA5600-1 is subtended with MA5600-2, MA5600-3 and MA5600-4. Therefore, the subtending needs to be configured. huawei(config)#vlan huawei(config)#port huawei(config)#vlan huawei(config)#port huawei(config)#vlan huawei(config)#port
60 to 62 standard vlan 60 to 62 0/7 0-1 101 to 102 standard vlan 101 to 102 0/7 0-1 100 standard vlan 100 0/7 0-2
Step 7 Configure MSTP. 1.
Enable the MSTP function. huawei(config)#stp enable Change global stp state may active region configuration,it may take several minutes,are you sure to change global stp state? [Y/N][N]y
2.
Set the MSTP region name. huawei(config)#stp region-configuration huawei(stp-region-configuration)#region-name hwrg
3.
Configure MSTP instance 1. huawei(stp-region-configuration)#instance 1 vlan 1 to 4094
4.
Activate the configuration of the MSTP region. huawei(stp-region-configuration)#active region-configuration STP actives region configuration, it may take several minutes,are you sure to active region configuration? [Y/N][N]y
Step 8 Configure the ADSL2+ service. The MA5600 supports the ADSL2+ Internet access service in multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the ADSL2+ service. 1.
Configure the ADSL2+ line profile. You can configure the ADSL2+ line profile based on your requirements. huawei(config)#adsl line-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected >Do you want to name the profile (y/n) [n]:n > Please choose default value type 0-adsl 1-adsl2+ (0~1) [0]:1 > Will you set basic configuration for modem? (y/n)[n]:n > Please select channel mode 0-interleaved 1-fast (0~1) [0]: > Will you set interleaved delay? (y/n)[n]:n >Please select form of transmit rate adaptation in downstream: > 0-fixed 1-adaptAtStartup 2-adaptAtRuntime (0~2) [1]: > Will you set SNR margin for modem? (y/n)[n]:n > Will you set parameters for rate? (y/n)[n]:y > Minimum transmit rate in downstream (32~32000 Kbps) [32]: > Maximum transmit rate in downstream (32~32000 Kbps) [24544]:8000 > Minimum transmit rate in upstream (32~3000 Kbps) [32]: > Maximum transmit rate in upstream (32~3000 Kbps) [1024]: Add profile 10 successfully
2.
Configure the ADSL2+ alarm profile. You can configure the ADSL2+ alarm profile based on your requirements.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
326
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#adsl alarm-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Link Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0] > Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1 > The number of failed fast retrain seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of positive difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of positive difference between the current rate in interleaved mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in interleaved mode (0~2968kbps) [0]: Add profile 10 successfully
3.
and the past transmit and the past transmit and the past transmit and the past transmit
Configure the ADSL2+ traffic profile. You can configure the ADSL2+ traffic profile by running the traffic table command based on your requirements. In this example, the default profile (profile 6) is used.
4.
Activate the ADSL2+ port. huawei(config)#interface adsl 0/3 huawei(config-if-adsl-0/3)#deactivate all huawei(config-if-adsl-0/3)#alarm-config all 10 huawei(config-if-adsl-0/3)#activate all profile-index 10 huawei(config-if-adsl-0/3)#quit
5.
Configure the upstream port. l Configure the SCU board. The configuration of the upstream port of the SCU board needs to be the same as that of the peer device. Run the auto-neg command to set the port to work in the auto-negotiation mode. If the port does not work in the auto-negotiation mode, change to the SCU config mode and run the speed command to change the port rate, and run the duplex command to change the port duplex mode.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
327
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
l Configure the VLAN. The ADSL2+ users of MA5600-3 use the VLAN authentication. In this case, the MUX VLAN is used to identify the users. huawei(config)#vlan 1000 to 1031 mux huawei(config)#port vlan 1000 to 1031 0/7 0-1
6.
Add the service port. All ports in slot 0/3 provide the ADSL2+ service. To add service ports in batches, run the multi-service-port command. huawei(config)#multi-service-port from-vlan 1000 port 0/3 0-31 vpi 0 vci 35 rxcttr 6 tx-cttr 6
Step 9 Configure the SHDSL service. The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the SHDSL service. 1.
Configure the SHDSL line profile. To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile quickadd command. huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr 10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
2.
Configure the SHDSL alarm profile. To configure the SHDSL alarm profile, run the shdsl alarm-profile add command. In this example, the default profile (profile 1) is used.
3.
Configure the SHDSL traffic profile. To configure the SHDSL traffic profile, run the traffic table command. In this example, the default profile (profile 1) is used.
4.
Activate the SHDSL port. huawei(config)#interface shdsl 0/5 huawei(config-if-shdsl-0/5)#deactivate all huawei(config-if-shdsl-0/5)#alarm-config all 1 huawei(config-if-shdsl-0/5)#activate all profile-index 10 huawei(config-if-shdsl-0/5)#quit
5.
Configure the upstream port. The SHDSL users of MA5600-3 use the VLAN authentication. In this case, the MUX VLAN is used to identify the users. huawei(config)#vlan 1300 to 1331 mux huawei(config)#port vlan 1300 to 1331 0/7 0-1
6.
Add the service port. Ports 0-31 in slots 0/5 provide the SHDSL service. To add service ports in batches, run the multi-service-port command. huawei(config)#multi-service-port from-vlan 1300 port 0/5 0-31 vpi 0 vci 35 rxcttr 6 tx-cttr 6
Step 10 Configure the subtending multicast service. 1.
Configure the multicast service. l Configure the native VLAN.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
328
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 0 vlan 100 huawei(config-if-scu-0/7)#native-vlan 1 vlan 100
l Enable the multicast proxy. huawei(config)#btv huawei(config-btv)#igmp mode proxy
l Configure the upstream ports. huawei(config-btv)#igmp uplink-port 0/7/0 100 huawei(config-btv)#igmp uplink-port 0/7/1 100 huawei(config-btv)#igmp uplink-port-mode mstp
l Configure the program library. huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 100 huawei(config-btv)#igmp program add name program2 ip 224.1.1.2 vlan 100 huawei(config-btv)#igmp program add name program3 ip 224.1.1.3 vlan 100
2.
Configure the subtending multicast. l Specify the subtending ports. huawei(config-btv)#igmp cascade-port 0/7/0 huawei(config-btv)#igmp cascade-port 0/7/1 huawei(config-btv)#igmp cascade-port 0/7/2
l Modify the subtending ports. huawei(config-btv)#igmp cascade-port modify 0/7/0 static enable huawei(config-btv)#igmp cascade-port modify 0/7/1 static enable huawei(config-btv)#igmp cascade-port modify 0/7/2 static enable
l Add programs to the static subtending port. huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2 huawei(config-btv)#igmp sourceip 192.168.1.2
static-join cascade-port 0/7/0 ip 224.1.1.1 static-join cascade-port 0/7/0 ip 224.1.1.2 static-join cascade-port 0/7/0 ip 224.1.1.3 static-join cascade-port 0/7/1 ip 224.1.1.1 static-join cascade-port 0/7/1 ip 224.1.1.2 static-join cascade-port 0/7/1 ip 224.1.1.3 static-join cascade-port 0/7/2 ip 224.1.1.1 static-join cascade-port 0/7/2 ip 224.1.1.2 static-join cascade-port 0/7/2 ip 224.1.1.3
Step 11 Save the data. huawei(config-btv)#quit huawei(config)#save
----End
9.6 Configuring MA5600-4 This topic describes how to configure MA5600-4. The services to be configured include the ADSL2+ Internet access service, SHDSL Internet access service, and multicast service.
Procedure Step 1 Confirm the board. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
329
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei>enable huawei#config huawei(config)#board confirm 0
Step 2 Configure the NMS. 1.
Configure the IP address of the inband NMS interface. l Create the NMS VLAN. huawei(config)#vlan 10 standard
l Add the upstream port. huawei(config)#port vlan 10 0/7 0
l Configure the IP address of the NMS VLAN interface. huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.10.1.5 255.255.255.0
2.
Add the route. l Configure the route destined to the NMS (Trap destination host). huawei(config)#ip route-static 2.2.2.0 255.255.255.0 10.10.1.1 preference 1
l Configure the route destined to the time server. huawei(config)#ip route-static 4.4.4.0 255.255.255.0 10.10.1.1 preference 1
l Configure the route destined to the log host. huawei(config)#ip route-static 3.3.3.0 255.255.255.0 10.10.1.1 preference 1 huawei(config)#ip route-static 3.3.4.0 255.255.255.0 10.10.1.1 preference 1
3.
Add the ACL rule to implement the traffic classification. huawei(config)#acl 3050 huawei(config-acl-adv-3050)#rule permit ip source any destination any huawei(config-acl-adv-3050)#rule deny ip source any destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.2 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.4 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.5 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.3.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.4.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#quit huawei(config)#packet-filter inbound ip-group 3050 port 0/7/0 huawei(config)#packet-filter inbound ip-group 3050 port 0/7/1
4.
Configure the SNMP. l Configure the community name and access rights. huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l Configure the administrator ID and contact information. huawei(config)#snmp-agent sys-info contact HW-075512345678
l Configure the device location information. huawei(config)#snmp-agent sys-info location Shenzhen China
l Configure the SNMP version.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
330
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
Here, the SNMP version must be the same as that of NMS. In this example, the NMS SNMP version is set to SNMP V2C. huawei(config)#snmp-agent sys-info version v2c
5.
Enable trap sending. huawei(config)#snmp-agent trap enable standard
6.
Set the trap destination address. huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p1 huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p2
7.
target-host trap-paramsname p1 v2c securityname target-host trap-hostname aaa address 2.2.2.2 tr target-host trap-paramsname p2 v2c securityname target-host trap-hostname bbb address 2.2.2.3 tr
Set the trap source address. huawei(config)#snmp-agent trap source vlanif 10
Step 3 Configure the time server. huawei(config)#ntp-service unicast-server 4.4.4.4 source-interface vlanif 10 huawei(config)#ntp-service unicast-server 4.4.4.5 source-interface vlanif 10
Step 4 Configure the log host. huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost
add 3.3.3.3 activate ip add 3.3.4.3 activate ip
syslog-1 3.3.3.3 syslog-2 3.3.4.3
Step 5 Configure the EMU. This topic uses the fan and the PS4845 power supply as examples to describe how to configure the EMU. When configuring the fan monitoring, note that the default master-slave node address of the fan monitoring is 0. In this example, the master-slave node address of the fan monitoring is assumed to be 1. Therefore, set the node address DIP switch on the fan monitoring board to 1. huawei(config)#emu add 0 power4845 0 0 fore huawei(config)#emu add 1 fan 0 1 back huawei(config)#interface emu 0 huawei(config-if-power4845-0)#power module-num 2 1 2 huawei(config-if-power4845-0)#quit
Step 6 Enable PITP. huawei(config)#pitp enable pmode
Step 7 Configure the ADSL2+ service. The MA5600 supports the ADSL2+ service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the ADSL2+ service. 1.
Configure the ADSL2+ line profile. You can configure the ADSL2+ line profile based on your requirements. huawei(config)#adsl line-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected >Do you want to name the profile (y/n) [n]:n > Please choose default value type 0-adsl 1-adsl2+ (0~1) [0]:1 > Will you set basic configuration for modem? (y/n)[n]:n
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
331
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide > Please select channel mode 0-interleaved 1-fast (0~1) [0]: > Will you set interleaved delay? (y/n)[n]:n >Please select form of transmit rate adaptation in downstream: > 0-fixed 1-adaptAtStartup 2-adaptAtRuntime (0~2) [1]: > Will you set SNR margin for modem? (y/n)[n]:n > Will you set parameters for rate? (y/n)[n]:y > Minimum transmit rate in downstream (32~32000 Kbps) [32]: > Maximum transmit rate in downstream (32~32000 Kbps) [24544]:8000 > Minimum transmit rate in upstream (32~3000 Kbps) [32]: > Maximum transmit rate in upstream (32~3000 Kbps) [1024]: Add profile 10 successfully
2.
Configure the ADSL2+ alarm profile. You can configure the ADSL2+ alarm profile based on your requirements. huawei(config)#adsl alarm-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Link Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0] > Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1 > The number of failed fast retrain seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of positive difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of positive difference between the current rate in interleaved mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in interleaved mode (0~2968kbps) [0]: Add profile 10 successfully
3.
and the past transmit and the past transmit and the past transmit and the past transmit
Configure the ADSL2+ traffic profile. You can configure the ADSL2+ traffic profile by running the traffic table command based on your requirements. In this example, the default profile (profile 6) is used.
4.
Activate the ADSL2+ port. huawei(config)#interface adsl 0/3 huawei(config-if-adsl-0/3)#deactivate all huawei(config-if-adsl-0/3)#alarm-config all 10
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
332
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config-if-adsl-0/3)#activate all profile-index 10 huawei(config-if-adsl-0/3)#quit
5.
Configure the upstream port. l Configure the SCU board. The configuration of the upstream port of the SCU board needs to be the same as the configuration of the peer device. Run the auto-neg command to set the port to work in the auto-negotiation mode. If the port does not work in the auto-negotiation mode, change to the SCU config mode and run the speed command to change the port rate, and run the duplex command to change the port duplex mode. l Configure the VLAN. The ADSL2+ users of MA5600-4 use the PPPoE authentication. In this case, the smart VLAN is used to identify the users. huawei(config)#vlan 1000 smart huawei(config)#port vlan 1000 0/7 0
6.
Add the service port. All ports in slot 0/3 provide the ADSL2+ service. To add service ports in batches, run the multi-service-port command. huawei(config)#multi-service-port vlan 1000 port 0/3 0-31 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 8 Configure the SHDSL service. The MA5600 supports the SHDSL Internet access service in multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the SHDSL service. 1.
Configure the SHDSL line profile. To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile quickadd command. huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr 10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
2.
Configure the SHDSL alarm profile. To configure the SHDSL alarm profile, run the shdsl alarm-profile add command. In this example, the default profile (profile 1) is used.
3.
Configure the SHDSL traffic profile. To configure the SHDSL traffic profile, run the traffic table command. In this example, the default profile (profile 1) is used.
4.
Activate the SHDSL port. huawei(config)#interface shdsl 0/5 huawei(config-if-shdsl-0/5)#deactivate all huawei(config-if-shdsl-0/5)#alarm-config all 1 huawei(config-if-shdsl-0/5)#activate all profile-index 10 huawei(config-if-shdsl-0/5)#quit
5.
Configure the upstream port. The SHDSL users of MA5600-4 use the PPPoE authentication. In this case, the smart VLAN is used to identify the users.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
333
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#vlan 1300 smart huawei(config)#port vlan 1300 0/7 0
6.
Add the service port. Ports 0-30 in slot 0/5 provide the SHDSL service. To add service ports in batches, run the multi-service-port command. huawei(config)#multi-service-port vlan 1300 port 0/5 0-31 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 9 Configure the multicast service. After the configuration, the following results need to be achieved: l The user on port 0/2/2 needs to be authenticated, who can watch two programs and preview one program. l The user on port 0/2/3 need not be authenticated. 1.
Configure the line profile. In this example, the ADSL port adopts the default line profile (profile 1002). Therefore, you need not configure the line profile.
2.
Configure the VLAN. l Create a smart VLAN. huawei(config)#vlan 100 smart
l Set the VLAN upstream port. huawei(config)#port vlan 100 0/7 0
l Configure the native VLAN. huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 0 vlan 1
l Create a traffic profile. huawei(config)#traffic table index 8 ip car off priority 5 priority-policy Pvc-Setting
l Add ADSL2+ ports 0/2/2 and 0/2/3 to VLAN 100. huawei(config)#service-port vlan 100 adsl 0/2/2 vpi 0 vci 35 rx-cttr 8 tx-cttr 8 huawei(config)#service-port vlan 100 adsl 0/2/3 vpi 0 vci 35 rx-cttr 8 tx-cttr 8
3.
Configure the multicast service. l Enable the multicast proxy function. huawei(config)#btv huawei(config-btv)#igmp mode proxy
l Add the upstream port. huawei(config-btv)#igmp uplink-port 0/7/0 100
l Configure the program mode for the upstream port. huawei(config-btv)#igmp uplink-port-mode program
l Configure the program library. huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 100 bind 0/7/0 huawei(config-btv)#igmp program add name program2 ip 224.1.1.2 vlan 100 bind 0/7/0 huawei(config-btv)#igmp program add name program3 ip 224.1.1.3 vlan 100 bind 0/7/0
l Configure the rights profile. huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program2 watch
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
334
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config-btv)#igmp profile profile-name profile0 program-name program3 preview
l Configure preview parameters. Configure preview parameters according to the requirements. In this example, set the preview duration for program 3 to 150s, the preview counts to 6, and the preview interval to 60s. huawei(config-btv)#igmp preview program name program3 preview-duration 150 huawei(config-btv)#igmp preview program name program3 preview-times 6 huawei(config-btv)#igmp preview program name program3 preview-interval 60
You can run the igmp preview auto-reset-time command to set the time for automatically clearing the preview counts. In this example, the system clears the preview counts of all the subscribers at 00:00:00 every day. huawei(config-btv)#igmp preview auto-reset-time 00:00:00
l Configure the user. huawei(config-btv)#igmp user add port 0/2/3 adsl 0 35 no-auth huawei(config-btv)#igmp user add port 0/2/2 adsl 0 35 auth huawei(config-btv)#igmp user bind-profile port 0/2/2 profile-name profile0
Step 10 Save the data. huawei(config)#save
----End
9.7 Configuring MA5600-5 This topic describes how to configure MA5600-5. The service to be configured is the QinQ private line service (MA5600-1 is interconnected with MA5600-5 through the private line).
Procedure Step 1 Confirm the board. huawei>enable huawei#config huawei(config)#board confirm 0
Step 2 Configure the NMS. 1.
Configure the IP address of the inband NMS interface. l Create the NMS VLAN. huawei(config)#vlan 10 standard
l Add the upstream port. huawei(config)#port vlan 10 0/7 0
l Configure the IP address of the NMS VLAN interface. huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.10.1.6 255.255.255.0
2.
Add the route. l Configure the route destined to the NMS (trap destination host). huawei(config)#ip route-static 2.2.2.2 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 2.2.2.3 255.255.255.255 10.10.1.1 preference 1
l Configure the route destined to the time server. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
335
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide huawei(config)#ip route-static 4.4.4.0 255.255.255.0 10.10.1.1 preference 1
l Configure the route destined to the log host. huawei(config)#ip route-static 3.3.3.3 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 3.3.4.3 255.255.255.255 10.10.1.1 preference 1
3.
Add the ACL rule to implement the traffic classification. huawei(config)#acl 3050 huawei(config-acl-adv-3050)#rule permit ip source any destination any huawei(config-acl-adv-3050)#rule deny ip source any destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.2 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.4 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.5 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.3.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.4.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#quit huawei(config)#packet-filter inbound ip-group 3050 port 0/7/0 huawei(config)#packet-filter inbound ip-group 3050 port 0/7/1
4.
Configure SNMP. l Configure the community name and access rights. huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l Configure the administrator ID and contact information. huawei(config)#snmp-agent sys-info contact HW-075512345678
l Configure the device location information. huawei(config)#snmp-agent sys-info location Shenzhen China
l Configure the SNMP version. Here, the SNMP version must be the same as the SNMP version of the NMS. In this example, the NMS SNMP version is set to SNMP V2C. huawei(config)#snmp-agent sys-info version v2c
5.
Enable the trap sending. huawei(config)#snmp-agent trap enable standard
6.
Set the trap destination address. huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p1 huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p2
7.
target-host trap-paramsname p1 v2c securityname target-host trap-hostname aaa address 2.2.2.2 tr target-host trap-paramsname p2 v2c securityname target-host trap-hostname bbb address 2.2.2.3 tr
Set the trap source address. huawei(config)#snmp-agent trap source vlanif 10
Step 3 Configure the time server. huawei(config)#ntp-service unicast-server 4.4.4.4 source-interface vlanif 10 huawei(config)#ntp-service unicast-server 4.4.4.5 source-interface vlanif 10
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
336
SmartAX MA5600/MA5603 Multi-service Access Module 9 Configuration Example of the Integrated MSTP Network Configuration Guide
Step 4 Configure the log host. huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost
add 3.3.3.3 activate ip add 3.3.4.3 activate ip
syslog-1 3.3.3.3 syslog-2 3.3.4.3
Step 5 Configure the EMU. This topic uses the fan and the PS4845 power supply as an example to describe how to configure the EMU. When configuring the fan monitoring, note that the default master-slave node address of the fan monitoring is 0. In this example, the master-slave node address of the fan monitoring is assumed to be 1. Therefore, set the node address DIP switch on the fan monitoring board to 1. huawei(config)#emu add 0 power4845 0 0 fore huawei(config)#emu add 1 fan 0 1 back huawei(config)#interface emu 0 huawei(config-if-powe4845-0)#power module-num 2 1 2 huawei(config-if-power4845-0)#quit
Step 6 Configure the QinQ private line service. MA5600-1 and MA5600-5 belong to two representative offices of the same enterprise and they can communicate with each other normally through the QinQ private line. 1.
Create VLAN 50. huawei(config)#vlan 50 mux
2.
Set VLAN50 as QinQ VLAN. huawei(config)#vlan attrib 50 q-in-q
3.
Add the upstream port. huawei(config)#port vlan 50 0/7 0
4.
Add the service port. To add the service port, run the service-port command. Note that the VPI and VCI values set during the execution of the service-port command must be the same as those on the modem. The QinQ VLAN supports the PVC-priority scheduling policy only. In this case, select the profile that supports PVC-priority policy. huawei(config)#traffic table index 7 ip car off priority 0 priority-policy pvcSetting huawei(config)#service-port vlan 50 shdsl mode ptm 0/5/31 vpi 0 vci 35 rx-cttr 7 tx-cttr 7
Step 7 Save the data. huawei(config)#save
----End
9.8 Verification All the services configured on all the DSLAMs run in the normal state. MA5600-1: l
All the users of the ADSL2 port on the board in slot 0/3 can access the Internet normally.
l
All the users of the SHDSL port on the board in slot 0/5 can access the Internet normally.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
337
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide 9 Configuration Example of the Integrated MSTP Network
l
Multicast users on port 0/2/2 and 0/2/3 can watch program1 and program2 and preview program3.
l
The multicast user on port 0/2/2 needs to be authenticated. The multicast user on port 0/2/3 need not be authenticated.
MA5600-2: l
All the users of the ADSL2 port on the board in slot 0/3 can access the Internet normally.
l
All the users of the SHDSL port on the board in slot 0/5 can access the Internet normally.
l
ISP1 provides users of ports 0-10 on the board in slot 0/2 with the stacking wholesale service. ISP2 provides users of ports 11-20 to with the stacking wholesale service. ISP3 provides users of port 21-30 with the stacking wholesale service.
l
The multicast user on port 0/2/31 can watch programs with IP addresses 224.1.1.1 and 224.1.1.2 and preview the program with IP address 224.1.1.3.
MA5600-3: l
All the users of the ADSL2 port on the board in slot 0/3 can access the Internet normally.
l
All the users of the SHDSL port on the board in slot 0/5 can access the Internet normally.
MA5600-4: l
All the users of the ADSL2 port on the board in slot 0/3 can access the Internet normally.
l
All the users of the SHDSL port on the board in slot 0/5 can access the Internet normally.
l
Multicast users on port 0/2/2 and 0/2/3 can watch program1 and program2 and preview program3.
l
The multicast user on port 0/2/2 needs to be authenticated. The multicast user on port 0/2/3 need not be authenticated.
The user on port 0/5/31 of MA5600-1 and the user on port 0/5/31 of MA5600-5 belong to two representative offices of the same enterprise and they can communicate with each other normally through the QinQ private line.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
338
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10
10 Configuration Example of the Integrated Subtending Network
Configuration Example of the Integrated Subtending Network
About This Chapter This topic describes how to configure the integrated services on the MA5600s in the multi-tier subtending network. 10.1 Networking This topic describes an example of the subtending network. 10.2 Data Plan for Integrated Subtending Network This topic provides the data plan for the integrated subtending network. 10.3 Configuring MA5600-1 This topic describes how to configure MA5600-1. 10.4 Configuring MA5600-2 This topic describes how to configure MA5600-2. 10.5 Configuring MA5600-3 This topic describes how to configure MA5600-3. 10.6 Verification All the services configured on all the DSLAMs run in the normal state.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
339
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
10.1 Networking This topic describes an example of the subtending network. As shown in Figure 10-1, MA5600-1 is subtended with MA5600-2 through the GE port on the SCU board. Figure 10-1 shows an example subtending network of the MA5600. Figure 10-1 Example subtending network of the MA5600
SoftSwitch
ISP1
Multicast Server
ISP2
DHCP Server
ISP3
iManager N2000
LAN Switch BRAS
2
3
5
6
A D G E
A D G E
S H E A
A I U G
7
5
0
0 S H E A
1
SCU
7
SCU
MA5600-1
2
3
5
A D G E
A D G E
S H E A
0 1
7
7 0 1
SCU
ATM - DSLAM
MA5600-3
MA5600-2
ADSL2+ Modem
Home Gateway STB
E phone
Issue 09 (2015-02-28)
TV
PC
PC
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
340
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
10.2 Data Plan for Integrated Subtending Network This topic provides the data plan for the integrated subtending network. Table 10-1 provides the service and the data plan for the MA5600 in Figure 10-1. Table 10-1 Data plan for the integrated subtending network Item
MA5600-1
MA5600-2
MA5600-3
ATM-DSLAM
Service
l ADSL2+ service
l ADSL2+ service
ADSL
l SHDSL service
l SHDSL service
l VDSL service
l Stacking wholesale service
l QinQ private line service (intercommun icated with MA5600-1 through the private line)
l QinQ private line service (intercommun icated with MA5600-3 through the private line)
l Triple play service l Multicast service
l Multicast service Inband NMS address
GE port on the SCU board
Issue 09 (2015-02-28)
10.10.1.2
10.10.1.3
10.10.1.5
10.10.1.6
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
Gateway:
Gateway:
Gateway:
Gateway:
10.10.1.1/24
10.10.1.1/24
10.10.1.1/24
10.10.1.1/24
Upstream: 0/7/0
Upstream: 0/7/0
Upstream: 0/7/0
-
Subtending: 0/7/1
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
341
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
Item
MA5600-1
MA5600-2
MA5600-3
ATM-DSLAM
VLAN
NMS: 10
NMS: 10
NMS: 10
-
QinQ: 50
Multicast: 100
QinQ: 50
Multicast: 100
Stacking: 60-62 (inner stacking: 111-113)
ADSL2+: 1000-1031 (uses the VLAN authentication)
Slot planning
Triple play: 100-102
SHDSL: 1300-1330 (uses the VLAN authentication)
ADSL2+: 1000 (uses the PPPoE authentication)
ADSL2+: 0/2 and 0/3
ADSL2+: 0/3
SHDSL: 0/5
Stacking:
ATM subtending: 0/6
0/2/0-10 (corresponding to VLAN 60, ISP1)
QinQ: 0/5/31 Multicast: 0/2/2 and 0/2/3
SHDSL: 1300 (uses the PPPoE authentication) QinQ: 0/5/31
ADSL: 0/14
SHDSL: 0/5
0/2/11-20 (corresponding to VLAN 61, ISP2) 0/2/21-30 (corresponding to VLAN 62, ISP3) Triple play: 0/2/31 Multicast: 0/2/2 and 0/2/3
NMS host
2.2.2.2 and 2.2.2.3
Log host
3.3.3.3 and 3.3.4.3
Time server
4.4.4.4 and 4.4.4.5
EMU
DC power distribution unit (PDU) monitoring and fan monitoring
DHCP server
DHCP server1: 10.1.1.2 (active) and 10.1.1.3 (standby) Gateway: 10.1.1.1/24 DHCP server2: 10.4.4.2 (active) and 10.4.4.3 (standby) Gateway: 10.4.4.1/24
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
342
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
Item
MA5600-1
MA5600-2
MA5600-3
ATM-DSLAM
Upperlayer device
The upper-layer device supports the DHCP option82 function. The BRAS supports the PITP, stacking VLAN, and QinQ VLAN function. The BRAS supports inner and outer VLAN tags. The VLAN ID of the traffic flow sent from the IP network to the DSLAM is 100. The upper-layer device classifies the downstream traffic. Different service carries different 802.1p labels. The VLAN corresponding to the DSLAM is configured in the upper-layer IP network.
NOTE
l In this networking, MA5600-1 can be replaced with a GE switch or a BRAS. l The upstream port of MA5600 supports the port aggregation function. In the actual network planning, you can aggregate multiple ports for use.
10.3 Configuring MA5600-1 This topic describes how to configure MA5600-1.
Procedure Step 1 Confirm the board. huawei>enable huawei#config huawei(config)#board confirm 0
Step 2 Configure the NMS. 1.
Configure the IP address of the inband NMS interface. l Create the NMS VLAN. huawei(config)#vlan 10 standard
l Add the upstream port. huawei(config)#port vlan 10 0/7 0-1
l Enter the NMS VLAN interface mode. huawei(config)#interface vlanif 10
l Configure the IP address of the NMS VLAN interface. huawei(config-if-vlanif10)#ip address 10.10.1.2 255.255.255.0 huawei(config-if-vlanif10)#quit
2.
Add the route. l Configure the route destined to the NMS (trap destination host). huawei(config)#ip route-static 2.2.2.2 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 2.2.2.3 255.255.255.255 10.10.1.1 preference 1
l Configure the route destined to the time server. huawei(config)#ip route-static 4.4.4.4 255.255.255.255 10.10.1.1 preference 1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
343
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
huawei(config)#ip route-static 4.4.4.5 255.255.255.255 10.10.1.1 preference 1
l Configure the route destined to the log host. huawei(config)#ip route-static 3.3.3.3 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 3.3.4.3 255.255.255.255 10.10.1.1 preference 1
3.
Add the ACL rule. huawei(config)#acl 3050 huawei(config-acl-adv-3050)#rule permit ip source any destination any huawei(config-acl-adv-3050)#rule deny ip source any destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.2 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.4 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.5 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.3.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.4.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#quit huawei(config)#packet-filter inbound ip-group 3050 port 0/7/0 huawei(config)#packet-filter inbound ip-group 3050 port 0/7/1
4.
Configure the SNMP parameters. l Configure the community name and the access rights. huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l Configure the administrator ID and contact information. huawei(config)#snmp-agent sys-info contact HW-075512345678
l Configure the device location information. huawei(config)#snmp-agent sys-info location Shenzhen China
l Configure the SNMP version. Here, the SNMP version must be the same as the SNMP version of the NMS. In this example, the NMS SNMP version is set to SNMP V2C. huawei(config)#snmp-agent sys-info version v2c
5.
Enable the trap sending. huawei(config)#snmp-agent trap enable standard
6.
Set the trap destination address. huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p1 huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p2
7.
target-host trap-paramsname p1 v2c securityname target-host trap-hostname aaa address 2.2.2.2 tr target-host trap-paramsname p2 v2c securityname target-host trap-hostname bbb address 2.2.2.3 tr
Set the trap source address. huawei(config)#snmp-agent trap source vlanif 10
Step 3 Configure the time server. huawei(config)#ntp-service unicast-server 4.4.4.4 source-interface vlanif 10 huawei(config)#ntp-service unicast-server 4.4.4.5 source-interface vlanif 10
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
344
10 Configuration Example of the Integrated Subtending Network
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Step 4 Configure the log host. huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost
add 3.3.3.3 activate ip add 3.3.4.3 activate ip
syslog-1 3.3.3.3 syslog-2 3.3.4.3
Step 5 Configure the EMU. This topic uses the fan as an example to describe how to configure the environment monitoring unit (EMU). When configuring the fan monitoring, note that the default master-slave node address of the fan monitoring is 0. In this example, the master-slave node address of the fan monitoring is assumed to be 1. Therefore, set the node address DIP switch on the fan monitoring board to 1. huawei(config)#emu add 1 fan 0 1 back
Step 6 Configure SCU subtending MA5600-1 is subtended with MA5600-2. Therefore, subtending needs to be configured. huawei(config)#vlan huawei(config)#port huawei(config)#vlan huawei(config)#port
60 to 62 standard vlan 60 to 62 0/7 0-1 101 to 102 standard vlan 101 to 102 0/7 0-1
Step 7 Configure ADSL2+ service. The MA5600 supports the ADSL2+ service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the ADSL2+ service. 1.
Configure the ADSL2+ line profile. You can configure the ADSL2+ line profile based on your requirements. huawei(config)#adsl line-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected >Do you want to name the profile (y/n) [n]:n > Please choose default value type 0-adsl 1-adsl2+ (0~1) [0]:1 > Will you set basic configuration for modem? (y/n)[n]:n > Please select channel mode 0-interleaved 1-fast (0~1) [0]: > Will you set interleaved delay? (y/n)[n]:n >Please select form of transmit rate adaptation in downstream: > 0-fixed 1-adaptAtStartup 2-adaptAtRuntime (0~2) [1]: > Will you set SNR margin for modem? (y/n)[n]:n > Will you set parameters for rate? (y/n)[n]:y > Minimum transmit rate in downstream (32~32000 Kbps) [32]: > Maximum transmit rate in downstream (32~32000 Kbps) [24544]:8000 > Minimum transmit rate in upstream (32~3000 Kbps) [32]: > Maximum transmit rate in upstream (32~3000 Kbps) [1024]: Add profile 10 successfully
2.
Configure the ADSL2+ alarm profile. You can configure the ADSL2+ alarm profile based on your requirements. huawei(config)#adsl alarm-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Link Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0]
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
345
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
> Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1 > The number of failed fast retrain seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of positive difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of positive difference between the current rate in interleaved mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in interleaved mode (0~2968kbps) [0]: Add profile 10 successfully
3.
and the past transmit and the past transmit and the past transmit and the past transmit
Configure the ADSL2+ traffic profile. You can configure the ADSL2+ traffic profile by running the traffic table command based on your requirements. In this example, the default profile (profile 6) is used.
4.
Activate the ADSL2+ port. huawei(config)#interface adsl 0/3 huawei(config-if-adsl-0/3)#deactivate all huawei(config-if-adsl-0/3)#alarm-config all 10 huawei(config-if-adsl-0/3)#activate all profile-index 10 huawei(config-if-adsl-0/3)#quit huawei(config-if-adsl-0/3)#quit
5.
Configure the upstream port. l Configure the SCU board. Generally, the GE optical port uses the default GE full duplex mode. In the SCU config mode, to change the port rate, run the speed command; to change the port duplex mode, run the duplex command. The configuration of the SCU board needs to be the same as that of the peer device. l Configure the VLAN. The ADSL2+ users of MA5600-1 use the VLAN authentication. In this case, the MUX VLAN is used to identify the users. huawei(config)#vlan 1000 to 1031 mux huawei(config)#port vlan 1000 0/7 0-1 huawei(config)#port vlan 1001 to 1031 0/7 0
6.
Add the service port. All ports in slot 0/3 provide the ADSL2+ service. To add service ports in batches, run the multi-service-port command.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
346
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
huawei(config)#multi-service-port from-vlan 1000 port 0/3 0-31 vpi 0 vci 35 rxcttr 6 tx-cttr 6
Step 8 Configure the SHDSL service. The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic takes the PPPoE mode as an example to describe how to configure the SHDSL service. 1.
Configure the SHDSL line profile. To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile add command. huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr 10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
2.
Configure the SHDSL alarm profile. To configure the SHDSL alarm profile, run the shdsl alarm-profile add command. In this example, the default profile (profile 1) is used.
3.
Configure the SHDSL traffic profile. You can configure the SHDSL traffic profile by running the traffic table command based on your requirements. In this example, the default profile (profile 6) is used.
4.
Activate the SHDSL port. huawei(config)#interface shl 0/5 huawei(config-if-shdsl-0/5)#deactivate all huawei(config-if-shdsl-0/5)#alarm-config all 1 huawei(config-if-shdsl-0/5)#activate all 10 huawei(config-if-shdsl-0/5)#quit
5.
Configure the upstream port. The SHDSL users of MA5600-1 adopt the VLAN authentication. In this case, the MUX VLAN is used to identify the users. huawei(config)#vlan 1300 to 1330 mux huawei(config)#port vlan 1300 0/7 0-1 huawei(config)#port vlan 1301 to 1330 0/7 0
6.
Add the service port. Ports 0-30 in slot 0/5 provide the SHDSL service. To activate the ports in batches, run the multi-service-port command. huawei(config)#multi-service-port from-vlan 1300 port 0/5 0-30 vpi 0 vci 35 rxcttr 6 tx-cttr 6
Step 9 Configure the QinQ private line service. MA5600-1 and MA5600-3 belong to two representative offices of the same enterprise and they can communicate with each other normally through the QinQ private line. 1.
Create VLAN 50. huawei(config)#vlan 50 mux
2.
Set VLAN 50 as QinQ VLAN. huawei(config)#vlan attrib 50 q-in-q
3.
Add the upstream port. huawei(config)#port vlan 50 0/7 0
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
347
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
4.
10 Configuration Example of the Integrated Subtending Network
Add the service port. To add the service port, run the service-port command. Note that the VPI and VCI values set during the execution of the service-port command must be the same as those on the modem. The QinQ VLAN supports only the PVC-priority scheduling policy. In this case, select the profile that supports PVC-priority policy. huawei(config)#traffic table index 7 ip car off priority 0 priority-policy pvcSetting huawei(config)#service-port vlan 50 shdsl mode atm 0/5/31 vpi 0 vci 35 rx-cttr 7 tx-cttr 7
Step 10 Configure the multicast service. After the configuration, the following results need to be achieved: l The user on port 0/2/2 needs to be authenticated, who can watch two programs and preview one program. l The user on port 0/2/3 need not be authenticated. 1.
Configure the line profile. In this example, the ADSL port adopts the default line profile (profile 1002). Therefore, you need not configure the line profile.
2.
Configure the VLAN. l Create a VLAN. huawei(config)#vlan 100 smart
l Add the upstream port to the VLAN. huawei(config)#port vlan 100 0/7 0-1
l Configure the native VLAN. NOTE
When the VLAN ID of a tagged packet is the same as the native VLAN ID of the egress, the port removes the tag from the packet. This means that the packet is an untagged packet (an untagged packet does not carry a VLAN ID) when it is sent from this port. huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 0 vlan 100 huawei(config-if-scu-0/7)#native-vlan 1 vlan 100 huawei(config-if-scu-0/7)#quit
l Create the traffic profile. huawei(config)#traffic table index 8 ip car off priority 5 priority-policy Pvc-Setting
l Add ADSL2+ port 0/2/2 and 0/2/3 to VLAN 100. huawei(config)#service-port vlan 100 adsl 0/2/2 vpi 0 vci 35 rx-cttr 8 txcttr 8 huawei(config)#service-port vlan 100 adsl 0/2/3 vpi 0 vci 35 rx-cttr 8 txcttr 8
3.
Configure the multicast service. l Enable the multicast proxy. huawei(config)#btv huawei(config-btv)#igmp mode proxy
l Add the upstream port. huawei(config-btv)#igmp uplink-port 0/7/0 100
l Configure the program mode for the upstream port. huawei(config-btv)#igmp uplink-port-mode program
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
348
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
l Configure the program library. huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 100 bind 0/7/0 huawei(config-btv)#igmp program add name program2 ip 224.1.1.2 vlan 100 bind 0/7/0 huawei(config-btv)#igmp program add name program3 ip 224.1.1.3 vlan 100 bind 0/7/0
l Configure the rights profile. huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program2 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program3 preview
l Configure preview parameters. Configure preview parameters according to the requirements. In this example, set the preview duration for program 3 to 150s, the preview counts to 6, and the preview interval to 60s. huawei(config-btv)#igmp preview program name program3 preview-duration 150 huawei(config-btv)#igmp preview program name program3 preview-times 6 huawei(config-btv)#igmp preview program name program3 preview-interval 60
You can run the igmp preview auto-reset-time command to set the time for automatically clearing the preview counts. In this example, the system clears the preview counts of all the subscribers at 00:00:00 every day. huawei(config-btv)#igmp preview auto-reset-time 00:00:00
l Configure the multicast user. huawei(config-btv)#igmp user add port 0/2/3 no-auth huawei(config-btv)#igmp user add port 0/2/2 auth huawei(config-btv)#igmp user bind-profile port 0/2/2 profile-name profile0
Step 11 Configure the subtending multicast service. 1.
Add the upstream port. The upstream port is already added in Step 10.3. It is unnecessary to configure it again.
2.
Configure the IGMP proxy. The IGMP proxy is already configured in Step 10.3. It is unnecessary to configure it again.
3.
Configure the program library. The program library is already configured in Step 10.3. It is unnecessary to configure it again.
4.
Configure the multicast for the subtending port. l Specify a subtending port. huawei(config-btv)#igmp cascade-port 0/7/1
l Modify the subtending port. huawei(config-btv)#igmp cascade-port modify 0/7/1 static enable
l Add programs to the static subtending port. huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.1 sourceip 192 .168.1.2 huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.2 sourceip 192 .168.1.2 huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.3 sourceip 192 .168.1.2
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
349
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
Step 12 Configuration the ATM-DSLAM access. The IMA access mode is used. 1.
Set the command mode. huawei(config)#interface aiu 0/6 huawei(config-if-aiu-0/6)#sub-interface ima huawei(config-if-aiu-0/6.ima)#
2.
Add an IMA group. huawei(config-if-aiu-0/6.ima)#ima group add 0 version1.0 1 1 ctc 0 128 2 2 1
3.
Add IMA links. huawei(config-if-aiu-0/6.ima)#ima IMA link add successfully huawei(config-if-aiu-0/6.ima)#ima IMA link add successfully huawei(config-if-aiu-0/6.ima)#ima IMA link add successfully huawei(config-if-aiu-0/6.ima)#ima IMA link add successfully
4.
link add 0 0 link add 0 1 link add 0 2 link add 0 3
Configure the clock mode. huawei(config-if-aiu-0/6.ima)#ima group mode clockmode 0 system Set IMA group transmit clock successfully
5.
Create a VLAN. huawei(config-if-aiu-0/6.ima)#quit huawei(config-if-aiu-0/6)#quit huawei(config)#vlan 11 mux
6.
Add an upstream port to the VLAN. huawei(config)#port vlan 11 0/7 0
7.
Add a service port to the VLAN. huawei(config)#service-port vlan 11 atm 0/6/0 vpi 1 vci 40 rx-cttr 2 upc off tx-cttr 2 upc off
Step 13 Save the data. huawei(config-btv)#quit huawei(config)#save
----End
10.4 Configuring MA5600-2 This topic describes how to configure MA5600-2.
Procedure Step 1 Confirm the board. huawei>enable huawei#config huawei(config)#board confirm 0
Step 2 Configure the NMS. 1.
Configure the IP address of the inband NMS interface. l Create the NMS VLAN. huawei(config)#vlan 10 standard
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
350
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
l Add the upstream port. huawei(config)#port vlan 10 0/7 0-1
l Enter the NMS VLAN interface mode. huawei(config)#interface vlanif 10
l Configure the IP address of the NMS VLAN interface. huawei(config-if-vlanif10)#ip address 10.10.1.3 255.255.255.0
2.
Add the route. l Configure the route destined to the NMS (trap destination host). huawei(config)#ip route-static 2.2.2.2 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 2.2.2.3 255.255.255.255 10.10.1.1 preference 1
l Configure the route destined to the time server. huawei(config)#ip route-static 4.4.4.4 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 4.4.4.5 255.255.255.255 10.10.1.1 preference 1
l Configure the route destined to the log host. huawei(config)#ip route-static 3.3.3.3 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 3.3.4.3 255.255.255.255 10.10.1.1 preference 1
3.
Add the ACL rule. huawei(config)#acl 3050 huawei(config-acl-adv-3050)#rule permit ip source any destination any huawei(config-acl-adv-3050)#rule deny ip source any destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.2 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.4 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.5 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.3.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.4.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#quit huawei(config)#packet-filter inbound ip-group 3050 port 0/7/0 huawei(config)#packet-filter inbound ip-group 3050 port 0/7/1
4.
Configure the SNMP parameters. l Configure the community name and the access rights. huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l Configure the administrator ID and contact information. huawei(config)#snmp-agent sys-info contact HW-075512345678
l Configure the device location information. huawei(config)#snmp-agent sys-info location Shenzhen China
l Configure the SNMP version. Here, the SNMP version must be the same as the SNMP version of the NMS. In this example, the NMS SNMP version is set to SNMP V2C. huawei(config)#snmp-agent sys-info version v2c
5. Issue 09 (2015-02-28)
Enable the trap sending. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
351
10 Configuration Example of the Integrated Subtending Network
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
huawei(config)#snmp-agent trap enable standard
6.
Set the trap destination address. huawei(config)#snmp-agent public huawei(config)#snmp-agent paramsname p1 huawei(config)#snmp-agent public huawei(config)#snmp-agent paramsname p2
7.
target-host trap-paramsname p1 v2c securityname target-host trap-hostname aaa address 2.2.2.2 traptarget-host trap-paramsname p2 v2c securityname target-host trap-hostname bbb address 2.2.2.3 trap-
Set the trap source address. huawei(config)#snmp-agent trap source vlanif 10
Step 3 Configure the time server. huawei(config)#ntp-service unicast-server 4.4.4.4 source-interface vlanif 10 huawei(config)#ntp-service unicast-server 4.4.4.5 source-interface vlanif 10
Step 4 Configure the log host. huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost
add 3.3.3.3 activate ip add 3.3.4.3 activate ip
syslog-1 3.3.3.3 syslog-2 3.3.4.3
Step 5 Configure the EMU. This topic uses the fan as an example to describe how to configure the environment monitoring unit (EMU). When configuring the fan monitoring, note that the default master-slave node address of the fan monitoring is 0. In this example, the master-slave node address of the fan monitoring is assumed to be 1. Therefore, set the node address DIP switch on the fan monitoring board to 1. huawei(config)#emu add 1 fan 0 1 back
Step 6 Configure ADSL2+ service. The MA5600 supports the ADSL2+ service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the ADSL2+ service. 1.
Configure the ADSL2+ line profile. You can configure the ADSL2+ line profile based on your requirements. huawei(config)#adsl line-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected >Do you want to name the profile (y/n) [n]:n > Please choose default value type 0-adsl 1-adsl2+ (0~1) [0]:1 > Will you set basic configuration for modem? (y/n)[n]:n > Please select channel mode 0-interleaved 1-fast (0~1) [0]: > Will you set interleaved delay? (y/n)[n]:n >Please select form of transmit rate adaptation in downstream: > 0-fixed 1-adaptAtStartup 2-adaptAtRuntime (0~2) [1]: > Will you set SNR margin for modem? (y/n)[n]:n > Will you set parameters for rate? (y/n)[n]:y > Minimum transmit rate in downstream (32~32000 Kbps) [32]: > Maximum transmit rate in downstream (32~32000 Kbps) [24544]:8000 > Minimum transmit rate in upstream (32~3000 Kbps) [32]: > Maximum transmit rate in upstream (32~3000 Kbps) [1024]: Add profile 10 successfully
2.
Configure the ADSL2+ alarm profile. You can configure the ADSL2+ alarm profile based on your requirements.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
352
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
huawei(config)#adsl alarm-profile add 10 Start adding profile Press 'Q' to quit the current configuration and new configuration will be neglected > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Link Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0] > Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1 > The number of failed fast retrain seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of positive difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in fast mode (0~31968kbps) [0]: > Threshold of negative difference between the current and the past transmit rate in interleaved mode (0~31968kbps) [0]: > The number of Loss of Frame Seconds (0~900) [0]: > The number of Loss of Signal Seconds (0~900) [0]: > The number of Loss of Power Seconds (0~900) [0]: > The number of Errored Seconds (0~900) [0]: > The number of severely errored seconds (0~900) [0]: > The number of unavailable seconds (0~900) [0]: > Threshold of positive difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of positive difference between the current rate in interleaved mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in fast mode (0~2968kbps) [0]: > Threshold of negative difference between the current rate in interleaved mode (0~2968kbps) [0]: Add profile 10 successfully
3.
and the past transmit and the past transmit and the past transmit and the past transmit
Configure the ADSL2+ traffic profile. You can configure the ADSL2+ traffic profile by running the traffic table command based on your requirements. In this example, the default profile (profile 6) is used.
4.
Activate the ADSL2+ port. huawei(config)#interface adsl 0/3 huawei(config-if-adsl-0/3)#deactivate all huawei(config-if-adsl-0/3)#alarm-config all 10 huawei(config-if-adsl-0/3)#activate all profile-index 10 huawei(config-if-adsl-0/3)#quit
5.
Configure the upstream port. l Configure the SCU board. Generally, the GE optical port uses the default GE full duplex mode. In the SCU config mode, to change the port rate, run the speed command; to change the port duplex mode, run the duplex command. The configuration of the SCU board needs to be the same as that of the peer device. l Configure the VLAN.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
353
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
The ADSL2+ users of MA5600-2 use the PPPoE authentication. In this case, the smart VLAN is used to identify the users. huawei(config)#vlan 1000 smart huawei(config)#port vlan 1000 0/7 0-1
6.
Add the service port. All ports in slot 0/3 provide the ADSL2+ service. To add service ports in batches, run the multi-service-port command. huawei(config)#multi-service-port vlan 1000 port 0/3 0-31 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 7 Configure the SHDSL service. The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic takes the PPPoE mode as an example to describe how to configure the SHDSL service. 1.
Configure the SHDSL line profile. To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile add command. huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr 10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
2.
Configure the SHDSL alarm profile. To configure the SHDSL alarm profile, run the shdsl alarm-profile add command. In this example, the default profile (profile 1) is used.
3.
Configure the SHDSL traffic profile. You can configure the SHDSL traffic profile by running the traffic table command based on your requirements. In this example, the default profile (profile 6) is used.
4.
Activate the SHDSL port. huawei(config)#interface shl 0/5 huawei(config-if-shdsl-0/5)#deactivate all huawei(config-if-shdsl-0/5)#alarm-config all 1 huawei(config-if-shdsl-0/5)#activate all 10 huawei(config-if-shdsl-0/5)#quit
5.
Configure the upstream port. The SHDSL users of MA5600-2 adopt the PPPoE authentication. In this case, the smart VLAN is used to identify the users. huawei(config)#vlan 1300 smart huawei(config)#port vlan 1300 0/7 0-1
6.
Add the service port. Ports 0-31 in slot 0/5 provide the SHDSL service. To activate the ports in batches, run the multi-service-port command. huawei(config)#multi-service-port vlan 1300 port 0/5 0-31 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 8 Configure the stacking wholesale service. ISP1 provides users of ports 0-10 on the board in slot 0/2 with the stacking wholesale service. ISP2 provides users of ports 11-20 to with the stacking wholesale service. ISP3 provides users of port 21-30 with the stacking wholesale service. Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
354
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
1.
10 Configuration Example of the Integrated Subtending Network
Create VLANs and set the VLAN attribute to stacking. huawei(config)#vlan 60 to 62 smart huawei(config)#vlan attrib 60 to 62 stacking huawei(config)#stacking outer-ethertype 0x8000
2.
Add an upstream port. huawei(config)#port vlan 60 to 62 0/7 0
3.
Add service ports. huawei(config)#multi-service-port vlan 60 port 0/2 0-10 vpi 0 vci 35 rx-cttr 6 tx-cttr 6 huawei(config)#multi-service-port vlan 61 port 0/2 11-20 vpi 0 vci 35 rx-cttr 6 tx-cttr 6 huawei(config)#multi-service-port vlan 62 port 0/2 21-30 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
4.
Configure the inner VLAN tag. huawei(config)#stacking label vlan 60 baselabel 111 huawei(config)#stacking label vlan 61 baselabel 112 huawei(config)#stacking label vlan 62 baselabel 113
Step 9 Configure the triple play service. After the configuration, the following results need to be achieved: The user of port 0/2/31 can watch the programs with IP addresses 224.1.1.1 and 224.1.1.2 and can only preview the program with IP address 224.1.1.3. 1.
Configure upstream ports and VLANs. huawei(config)#vlan 100 smart huawei(config)#port vlan 100 0/7 0-1 //Configure the VLAN and the upstream ports for the video service. huawei(config)#vlan 101 mux huawei(config)#port vlan 101 0/7 0 //Configure the VLAN and the upstream port for the Internet access service. huawei(config)#vlan 102 smart huawei(config)#port vlan 102 0/7 0 //Configure the VLAN and the upstream port for the voice service.
2.
Configure the traffic table. The voice service has the highest priority, and the Internet access service has the lowest priority. Assume that the Internet access service uses traffic table 6, with the priority of 0. The following shows how to create the traffic tables for the voice service and the video service respectively. huawei(config)#traffic table index 7 ip car 1024 priority 7 priority-policy Pvc-Setting huawei(config)#traffic table index 8 ip car off priority 5 priority-policy PvcSetting
3.
Configure service ports. huawei(config)#service-port vlan 100 adsl 0/2/31 vpi 0 vci 35 rx-cttr 8 tx-cttr 8 huawei(config)#service-port vlan 101 adsl 0/2/31 vpi 0 vci 36 rx-cttr 6 tx-cttr 6 huawei(config)#service-port vlan 102 adsl 0/2/31 vpi 0 vci 37 rx-cttr 7 tx-cttr 7
4.
Configure the DHCP relay mode for the video service. l Configure the DHCP mode. huawei(config)#dhcp mode layer-3 option-60
l Configure the DHCP server. huawei(config)#dhcp-server 1 ip 10.1.1.2 10.1.1.3 huawei(config)#dhcp domain video //It is configured according
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
355
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
to the actual domain name of the STB. huawei(config-dhcp-domain-video)#dhcp-server 1 huawei(config-dhcp-domain-video)#quit
l Configure the gateway mapped to the DHCP domain. huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#ip address 10.1.1.1 24 huawei(config-if-vlanif100)#dhcp domain video gateway 10.1.1.1 huawei(config-if-vlanif100)#quit
l Enable the DHCP option82 function. huawei(config)#dhcp option82 enable
5.
Configure the DHCP relay mode for the voice service. l Configure the DHCP server. huawei(config)#dhcp-server 2 ip 10.4.4.2 10.4.4.3 huawei(config)#dhcp domain voice //It is configured according to the actual domain name of the IAD. huawei(config-dhcp-domain-voice)#dhcp-server 2 huawei(config-dhcp-domain-voice)#quit
l Configure the gateway mapped to the DHCP domain. huawei(config)#interface vlanif 102 huawei(config-if-vlanif102)#ip address 10.4.4.1 24 huawei(config-if-vlanif102)#dhcp domain voice gateway 10.4.4.1 huawei(config-if-vlanif102)#quit
l Enable the DHCP option82 function. huawei(config)#dhcp option82 enable
6.
Configure the multicast service. huawei(config)#interface scu 0/7 huawei(config-if-scu-0/7)#native-vlan 0 vlan 100 huawei(config-if-scu-0/7)#quit huawei(config)#btv huawei(config-btv)#igmp mode proxy huawei(config-btv)#igmp uplink-port 0/7/0 100 huawei(config-btv)#igmp uplink-port-mode program huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 100 bind 0/7/0 huawei(config-btv)#igmp program add name program2 ip 224.1.1.2 vlan 100 bind 0/7/0 huawei(config-btv)#igmp program add name program3 ip 224.1.1.3 vlan 100 bind 0/7/0 huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program2 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program3 preview huawei(config-btv)#igmp user add port 0/2/31 auth huawei(config-btv)#igmp user bind-profile port 0/2/31 profile-name profile0
Step 10 Configure the subtending multicast service. 1.
Configure the upstream port. The upstream port is already added in Step 9.6. It is unnecessary to configure it again.
2.
Configure the IGMP proxy. The IGMP proxy is already configured in Step 9.6. It is unnecessary to configure it again.
3.
Issue 09 (2015-02-28)
Configure the program library.
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
356
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
The program library is already configured in Step 9.6. It is unnecessary to configure it again. 4.
Configure the multicast for the subtending port. l Specify the subtending port. huawei(config-btv)#igmp cascade-port 0/7/1
l Modify the attribute of the subtending port. huawei(config-btv)#igmp cascade-port modify 0/7/1 static enable
l Add programs to the static subtending port. huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.1 sourceip 192 .168.1.2 huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.2 sourceip 192 .168.1.2 huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.3 sourceip 192 .168.1.2
Step 11 Save the data. huawei(config-btv)#quit huawei(config)#save
----End
10.5 Configuring MA5600-3 This topic describes how to configure MA5600-3.
Procedure Step 1 Confirm the board. huawei>enable huawei#config huawei(config)#board confirm 0
Step 2 Configure the NMS. 1.
Configure the IP address of the inband NMS interface. l Create the NMS VLAN. huawei(config)#vlan 10 standard
l Add the upstream port. huawei(config)#port vlan 10 0/7 0
l Enter the NMS VLAN interface mode. huawei(config)#interface vlanif 10
l Configure the IP address of the NMS VLAN interface. huawei(config-if-vlanif10)#ip address 10.10.1.5 255.255.255.0
2.
Add the route. l Configure the route destined to the NMS (trap destination host). huawei(config)#ip route-static 2.2.2.2 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 2.2.2.3 255.255.255.255 10.10.1.1 preference 1
l Configure the route destined to the time server. huawei(config)#ip route-static 4.4.4.4 255.255.255.255 10.10.1.1 preference 1
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
357
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
10 Configuration Example of the Integrated Subtending Network
huawei(config)#ip route-static 4.4.4.5 255.255.255.255 10.10.1.1 preference 1
l Configure the route destined to the log host. huawei(config)#ip route-static 3.3.3.3 255.255.255.255 10.10.1.1 preference 1 huawei(config)#ip route-static 3.3.4.3 255.255.255.255 10.10.1.1 preference 1
3.
Add the ACL rule. huawei(config)#acl 3050 huawei(config-acl-adv-3050)#rule permit ip source any destination any huawei(config-acl-adv-3050)#rule deny ip source any destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.2 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 2.2.2.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.4 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 4.4.4.5 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.3.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#rule permit ip source 3.3.4.3 0.0.0.0 destination 10.10.1.2 0.0.0.0 huawei(config-acl-adv-3050)#quit huawei(config)#packet-filter inbound ip-group 3050 port 0/7/0 huawei(config)#packet-filter inbound ip-group 3050 port 0/7/1
4.
Configure SNMP. l Configure the community name and access rights. huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l Configure the administrator ID and contact information. huawei(config)#snmp-agent sys-info contact HW-075512345678
l Configure the device location information. huawei(config)#snmp-agent sys-info location Shenzhen China
l Configure the SNMP version. Here, the SNMP version must be the same as the SNMP version of the NMS. In this example, the NMS SNMP version is set to SNMP V2C. huawei(config)#snmp-agent sys-info version v2c
5.
Enable the trap sending. huawei(config)#snmp-agent trap enable standard
6.
Set the trap destination address. huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p1 huawei(config)#snmp-agent public huawei(config)#snmp-agent ap-paramsname p2
7.
target-host trap-paramsname p1 v2c securityname target-host trap-hostname aaa address 2.2.2.2 tr target-host trap-paramsname p2 v2c securityname target-host trap-hostname bbb address 2.2.2.3 tr
Set the trap source address. huawei(config)#snmp-agent trap source vlanif 10
Step 3 Configure the time server. huawei(config)#ntp-service unicast-server 4.4.4.4 source-interface vlanif 10 huawei(config)#ntp-service unicast-server 4.4.4.5 source-interface vlanif 10
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
358
10 Configuration Example of the Integrated Subtending Network
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
Step 4 Configure the log host. huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost huawei(config)#loghost
add 3.3.3.3 activate ip add 3.3.4.3 activate ip
syslog-1 3.3.3.3 syslog-2 3.3.4.3
Step 5 Configure the EMU. This topic uses the fan as an example to describe how to configure the EMU. When configuring the fan monitoring, note that the default master-slave node address of the fan monitoring is 0. In this example, the master-slave node address of the fan monitoring is assumed to be 1. Therefore, set the node address DIP switch on the fan monitoring board to 1. huawei(config)#emu add 1 fan 0 1 back
Step 6 Configure the QinQ private line service. MA5600-1 and MA5600-3 belong to two representative offices of the same enterprise and they can communicate with each other normally through the QinQ private line. 1.
Create VLAN 50. huawei(config)#vlan 50 mux
2.
Set VLAN50 as QinQ VLAN. huawei(config)#vlan attrib 50 q-in-q
3.
Add the upstream port. huawei(config)#port vlan 50 0/7 0
4.
Add the service port. To add the service port, run the service-port command. Note that the VPI and VCI values set during the execution of the service-port command must be the same as those on the modem. The QinQ VLAN supports the PVC-priority scheduling policy only. In this case, select the profile that supports PVC-priority policy. huawei(config)#traffic table index 7 ip car off priority 0 priority-policy pvcSetting huawei(config)#service-port vlan 50 shdsl mode ptm 0/5/31 vpi 0 vci 35 rx-cttr 7 tx-cttr 7
Step 7 Save the data. huawei(config)#save
----End
10.6 Verification All the services configured on all the DSLAMs run in the normal state. MA5600-1: l
All the users of the ADSL2 port on the board in slot 0/3 can access the Internet normally.
l
All the users of the SHDSL port on the board in slot 0/5 can access the Internet normally.
l
Multicast users on port 0/2/2 and 0/2/3 can watch program1 and program2 and preview program3.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
359
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
10 Configuration Example of the Integrated Subtending Network
The multicast user on port 0/2/2 needs to be authenticated. The multicast user on port 0/2/3 need not be authenticated.
MA5600-2: l
All the users of the ADSL2 port on the board in slot 0/3 can access the Internet normally.
l
All the users of the SHDSL port on the board in slot 0/5 can access the Internet normally.
l
ISP1 provides users of ports 0-10 on the board in slot 0/2 with the stacking wholesale service. ISP2 provides users of ports 11-20 to with the stacking wholesale service. ISP3 provides users of port 21-30 with the stacking wholesale service.
l
The multicast user on port 0/2/31 can watch programs with IP addresses 224.1.1.1 and 224.1.1.2 and preview the program with IP address 224.1.1.3.
The user on port 0/5/31 of MA5600-1 and the user on port 0/5/31 of MA5600-3 belong to two representative offices of the same enterprise and they can communicate with each other normally through the QinQ private line.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
360
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
A FAQ
A
FAQ
This topic describes the FAQs and the corresponding solutions during the service configuration on the MA5600. A.1 How to Query MAC Addresses of Online Users and Query the Ports that Provide the Access for the Users According to the MAC Addresses A.2 What Are the Prerequisites for the Link and Protocol Status of the L3 Interface to Be Up A.3 How to Prevent System Breakdown or Service Interruption of the MA5600 Caused by Network Attacks Through the Proper Configuration A.4 How to Change the NMS VLAN A.5 How to Change the VLAN Type A.6 How to Change the Service VLAN to Which the xDSL Port Belongs A.7 How to Change the Line Profile of an xDSL Port A.8 How to Add a Board on the MA5600 A.9 How to Enable Two xDSL Ports of the MA5600 to Communicate with Each Other A.10 What Are the Differences Between the firewall packet-filter Command and the packetfilter Command
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
361
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
A FAQ
A.1 How to Query MAC Addresses of Online Users and Query the Ports that Provide the Access for the Users According to the MAC Addresses Question How to query MAC addresses of online users and query the ports that provide the access for the users according to the MAC addresses?
Answer Run the display mac-address all command to query the MAC addresses of all the online users, and then run the display location command to query the ports that provide the access for the users according to the specified MAC addresses.
A.2 What Are the Prerequisites for the Link and Protocol Status of the L3 Interface to Be Up Question What are the prerequisites for the link and protocol status of the L3 interface to be Up?
Answer The link status depends on the status of the port in the VLAN corresponding to the L3 interface. If the status of an Ethernet port in the VLAN corresponding to the L3 interface is up, the link status of the L3 interface is up. Three prerequisites determine whether the protocol status of an L3 interface is up, which are the link status, IP address of the L3 interface, and management status of the L3 interface. The protocol status of an L3 interface is up only when the L3 interface is configured with an IP address, the link status is up, and the management status of the L3 interface is up.
A.3 How to Prevent System Breakdown or Service Interruption of the MA5600 Caused by Network Attacks Through the Proper Configuration Question How to prevent system breakdown or service interruption of the MA5600 caused by network attacks through the proper configuration?
Answer The common improper configurations that affect the system security are as follows: Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
362
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
l
A FAQ
The ring network detection function and the anti-MAC address-spoofing function or antiIP address-spoofing function are disabled. When the anti-MAC address-spoofing function or the anti-IP address-spoofing function is disabled, the illegal user sends the PPPoE and DHCP control packets by forging the MAC address or IP address of a legal user. In this case, the security of the system is affected. Run the ring check command to enable the ring network detection function on the user side. Run the security anti-macspoofing enable command to enable the anti-MAC addressspoofing function. Run the security anti-ipspoofing enable command to enable the anti-IP address-spoofing function.
l
The devices are managed by IP addresses of the public network and the access rights are not limited strictly when the ACL rule is configured. In this case, the network is attacked. To ensure the security of devices, manage the devices by using the IP addresses of the private network. When configuring the ACL rule, you must comply with the principle of the minimum authorization to configure the accessible address segment. The accessible address segment can contain only the mandatory IP addresses of the management network segment. Other IP addresses cannot access the device management interface. Run the acl command to create a basic ACL and enter the ACL mode. The number of a basic ACL can only be in the range of 2000-2999. – In the basic ACL mode, run the rule command to create a basic ACL rule. The parameters are as follows: – rule-id: Indicates the ACL rule ID. To create an ACL rule with a specified ID, use this parameter. – permit: Indicates the keyword for allowing the data packets that meet the related conditions to pass. – deny: Indicates the keyword for discarding the data packets that meet the related conditions. – time-range: Indicates the keyword of the time range during which the ACL rule is effective.
l
The packets that access the device management interface are not controlled so that the device is attacked by the packets. In this case, the system is caused to be busy and the services are affected. Run the firewall packet-filter command to apply the packet filtering rules of the firewall to the interface to filter the packets that access the interface. In this case, the packet attack is prevented.
A.4 How to Change the NMS VLAN Question When the VLAN to which the NMS belongs is changed, how to change the NMS VLAN on the MA5600?
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
363
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
A FAQ
Answer Step 1 Delete the L3 interface and the upstream port of the original NMS VLAN and delete the original NMS VLAN. l Run the undo interface vlanif command to delete the L3 interface of the original NMS VLAN. l Run the undo port vlan command to delete the upstream port of the original NMS VLAN. l Run the undo vlan command to delete the original NMS VLAN. Step 2 Create an NMS VLAN, upstream port, L3 interface of the NMS VLAN, and management IP address. 1.
Run the vlan command to create an NMS VLAN.
2.
Run the port vlan command to add an upstream port to the VLAN.
3.
Run the interface vlanif command to enable the L3 interface of the VLAN.
4.
Run the ip address command to configure the management IP address.
Step 3 Run the save command to save the data, and then exit. ----End
A.5 How to Change the VLAN Type Question How to change the VLAN type?
Answer Delete the original VLAN, and then run the vlan command to configure a new VLAN. NOTE
The prerequisites for deleting a VLAN are as follows: l Before deleting a VLAN, you must delete the L3 interface, upstream port, and service ports of the VLAN.If the MPLS function of the VLAN is enabled, you must disable the MPLS function before deleting the VLAN. l Run the undo port vlan command to delete the upstream port. l Run the undo service-port vlan command to delete the service ports. l Run the undo interface vlanif command to delete the L3 interface. l Run the undo mpls command to disable the MPLS function. l The system supports a maximum of 4000 VLANs. The ID of the default VLAN is 1, and the default VLAN cannot be deleted but can be modified.
A.6 How to Change the Service VLAN to Which the xDSL Port Belongs Question How to change the service VLAN to which the xDSL port belongs? Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
364
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
A FAQ
Answer Changing the service VLAN to which an xDSL port belongs means changing the service port configuration, namely, the PVC configuration, of an xDSL port. To change the service VLAN, run the undo service-port command to delete the service ports (PVCs), and then configure a new VLAN for the xDSL port. NOTE
The prerequisites for deleting a service port are as follows: l When you specify parameters, all the matched service ports will be deleted. l A service port cannot be deleted in the following conditions: l The port is encapsulated as PPPoA, IPoA, or Auto. l The port contains the BTV user. l The port is bound with an IP address or a MAC address. l The port is configured with a static MAC address.
A.7 How to Change the Line Profile of an xDSL Port Question How to change the line profile of an xDSL port?
Answer l
For the ADSL port, run the deactivate command to deactivate the ADSL port, and then run the activate command to activate the ADSL port by using a new line profile.
l
For the VDSL port, create a line template that contains the new line profile, run the deactivate command to deactivate the VDSL port, and then run the activate command to activate the VDSL port by using the created line template.
l
For the SHDSL port, run the deactivate command to deactivate the SHDSL port, and then run the activate command to activate the SHDSL port by using a new line profile.
NOTICE Exercise caution when deactivating a port because it interrupts the service on the port. The operations of changing other profiles of an xDSL port are the same as the operations of changing the line profile of the xDSL port.
A.8 How to Add a Board on the MA5600 Question How to Add a Board on the MA5600? Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
365
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
A FAQ
Answer You can add a board in the following two ways: l
Adding a board offline: Run the board add command to add a board to an vacant slot (in this case, the system generates the "Board Fault" alarm). Then, insert a board to the slot (in this case, if the type of the inserted board is the same as the type of the board added offline, the system generates the "Board Recovery" alarm; if the type of the inserted board is different from the type of the board added offline, the system generates the "Type Mismatch" alarm).
l
Automatically discovering a board: Insert a board to an vacant slot (in this case, the system displays a message indicating that a board is automatically discovered, and the board is in the auto-find state). Then, run the board confirm command to confirm the board that is automatically discovered.
A.9 How to Enable Two xDSL Ports of the MA5600 to Communicate with Each Other Question How to enable two xDSL ports of the MA5600 to communicate with each other?
Answer Two xDSL ports of the MA5600 communicate with each other through service ports. l
If the two xDSL ports are on different boards, establish a standard VLAN, create one service port for each xDSL port, and then add the created two service ports to the established standard VLAN.
NOTICE The service ports can be added to the standard VLAN only when the attribute of the VLAN is QinQ. l
If the two xDSL ports are on the same board, establish a super VLAN, create one service port for each xDSL port, and then add the created two service ports to the sub VLAN of the established super VLAN.
A.10 What Are the Differences Between the firewall packetfilter Command and the packet-filter Command Question What are the differences between the firewall packet-filter command and the packet-filter command? Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
366
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
A FAQ
Answer The similarity is that both the firewall packet-filter and packet-filter commands can be used only when the ACL function is enabled. The differences are as follows: l
The packet-filter command is used to filter the packets of the LSW port by using an LSW hardware-based ACL. The matching mode for this command is searching all the ACLs and adopting the latest one, that is, if a packet matches multiple ACL rules, the last rule takes effect.
l
The firewall packet-filter command is used to filter the packets received on the CPU by using a software-based ACL. The matching mode for this command is searching for and adopting the first ACL, that is, when the first rule is matched, this rule takes effect regardless of the subsequent rules.
Issue 09 (2015-02-28)
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
367
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
B
B Acronyms and Abbreviations
Acronyms and Abbreviations
This topic lists the acronyms and abbreviations used in this document. A AAA
Authentication, Authorization and Accounting
ABR
Area Border Router
ACL
Access Control List
B BDR
Backup Designated Router
BMS
HUAWEI iManager N2000 broadband integrated network management system
BPDU
Bridge Protocol Data Unit
BRAS
Broadband Remote Access Server
BRAS
Broadband Remote Access Server
BRAS
Broadband Remote Access Server
BTV
Broadband TV
C
Issue 09 (2015-02-28)
CAR
Committed Access Rate
CC
Connection Confirm
CFM
Connectivity Fault Management
CIDR
Classless Inter-Domain Routing
CLI
Command Line Interface
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
368
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
COS
Class of Service
CPE
Customer Premises Equipment
CRC
Cyclic Redundancy Code
B Acronyms and Abbreviations
D DHCP
Dynamic Host Configuration Protocol
DHCP option82
DHCP relay agent option 82
DLM
Signaling-Data-Link-Connection-Order Message
DoD
Downstream on Demand
DoS
Denial of Service
DR
Designated Router
DSLAM
Digital Subscriber Line Access Multiplexer
DSM
Digital Storage Media
DU
Downstream Unsolicited
D-V
Distance Vector Routing Algorithm
E EMU
Environment Monitoring Unit
F FE
Fast Ethernet
FEC
Forward Error Correction
FTP
File Transfer Protocol
FIFO
First In First Out
G GE
Gigabit Ethernet
I
Issue 09 (2015-02-28)
ICMP
Internet Control Message ProtocolLabel Distribution Protocol
IGMP
Internet Group Management Protocol
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
369
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
IGP
Interior Gateway Protocol
IMA
Inverse Multiplexing for ATM
IP
Internet Protocol
IPoA
Internet Protocol Over ATM
IPoE
IP over Ethernet
ISP
Internet Service Provider
B Acronyms and Abbreviations
L LACP
Link Aggregation Control Protocol
LAN
Local Area Network
LDP
Label Distribution Protocol
LSA
Link State Advertisement
LSDB
Link State DataBase
LSP
Label Switched Path
M MA
Maintenance Association
MAC
Medium Access Control
MBS
Maximum Burst Size
MD
Maintenance Domain
MDU
Multi-dwelling Unit
MEP
Maintenance association End Point
MIB
Management Information Base
MIP
Maintenance association Interspace Point
MRU
Maximum Receive Unit
MSTP
Multiple Spanning Tree Protocol
MTU
Maximum Transmission Unit
N
Issue 09 (2015-02-28)
NBMA
Non Broadcast MultiAccess
NHLFE
Next Hop Label Forwarding Entry
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
370
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
NIC
Network Information Center
NMS
Network Management System
B Acronyms and Abbreviations
O OSPF
Open Shortest Path First
P PITP
Policy Information Transfer Protocol
PPPoA
Point-to-Point Protocol Over ATM
PPPoE
Point-to-Point Protocol Over Ethernet
PQ
Priority Queuing
PPP
Peer-Peer Protocol
PSN
Packet Switched Network
PSTN
Public Switched Telephone Network
RSVP-TE
Resource Reservation Setup Protocol with Traffic-Engineering Extensions
Q QoS
Quality of Service
R RADIUS
Remote Authentication Dial in User Service
RARP
Reverse Address Resolution Protocol
RFC
Remote Feature Control
RIP
Routing Information Protocol
RMON
Remote Network Monitoring
S
Issue 09 (2015-02-28)
SNMP
Simple Network Management Protocol
SSH
Secure Shell
STB
Set Top Box
STP
Spanning Tree Protocol
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
371
SmartAX MA5600/MA5603 Multi-service Access Module Configuration Guide
B Acronyms and Abbreviations
T TCP/IP
Transmission Control Protocol/Internet Protocol
TFTP
Trivial File Transfer Protocol
TOS
Type of Service
TTL
Time To Live
U UDP
User Datagram Protocol
V VLAN
Virtual LAN
VOD
Video On Demand
VT
Virtual Terminal
VTP
VLAN Trunk Protocol
VTY
Virtual Type Terminal
W WRR
Weighted Round Robin
X xDSL
Issue 09 (2015-02-28)
x Digital Subscriber Line
Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
372